svn rev #24499: branches/krb5-1-9/src/lib/gssapi/krb5/
tlyu@MIT.EDU
tlyu at MIT.EDU
Mon Nov 1 16:36:38 EDT 2010
http://src.mit.edu/fisheye/changelog/krb5/?cs=24499
Commit By: tlyu
Log Message:
ticket: 6796
version_fixed: 1.9
status: resolved
pull up r24481 from trunk
------------------------------------------------------------------------
r24481 | ghudson | 2010-10-25 16:17:54 -0400 (Mon, 25 Oct 2010) | 7 lines
ticket: 6796
target_version: 1.9
tags: pullup
Use safer output parameter handling in
krb5_gss_acquire_cred_impersonate_name and its subsidiary helpers.
Changed Files:
U branches/krb5-1-9/src/lib/gssapi/krb5/s4u_gss_glue.c
Modified: branches/krb5-1-9/src/lib/gssapi/krb5/s4u_gss_glue.c
===================================================================
--- branches/krb5-1-9/src/lib/gssapi/krb5/s4u_gss_glue.c 2010-11-01 20:36:33 UTC (rev 24498)
+++ branches/krb5-1-9/src/lib/gssapi/krb5/s4u_gss_glue.c 2010-11-01 20:36:37 UTC (rev 24499)
@@ -50,8 +50,8 @@
krb5_error_code code;
krb5_creds in_creds, *out_creds = NULL;
+ *output_cred = NULL;
memset(&in_creds, 0, sizeof(in_creds));
- memset(&out_creds, 0, sizeof(out_creds));
in_creds.client = user->princ;
in_creds.server = impersonator_cred->name->princ;
@@ -161,7 +161,8 @@
time_rec,
context);
- *output_cred_handle = (gss_cred_id_t)cred;
+ if (!GSS_ERROR(major_status))
+ *output_cred_handle = (gss_cred_id_t)cred;
k5_mutex_unlock(&((krb5_gss_cred_id_t)impersonator_cred_handle)->lock);
krb5_free_context(context);
@@ -183,6 +184,7 @@
krb5_error_code code;
krb5_gss_cred_id_t cred = NULL;
+ *output_cred = NULL;
k5_mutex_assert_locked(&impersonator_cred->lock);
if (!kg_is_initiator_cred(impersonator_cred) ||
More information about the cvs-krb5
mailing list