krb5 commit [krb5-1.11]: Fix import_sec_context with interposers
Tom Yu
tlyu at MIT.EDU
Wed Apr 3 19:47:13 EDT 2013
https://github.com/krb5/krb5/commit/db203a153fbe2b776210e966bf198c40f796d535
commit db203a153fbe2b776210e966bf198c40f796d535
Author: Simo Sorce <simo at redhat.com>
Date: Sat Mar 16 15:23:03 2013 -0400
Fix import_sec_context with interposers
The code was correctly selecting the mechanism to execute, but it was
improperly setting the mechanism type of the internal context when the
selected mechanism was that of an interposer and vice versa.
When an interposer is involved the internal context is that of the
interposer, so the mechanism type of the context needs to be the
interposer oid. Conversely, when an interposer re-enters gssapi and
presents a token with a special oid, the mechanism called is the real
mechanism, and the context returned is a real mechanism context. In
this case the mechanism type of the context needs to be that of the
real mechanism.
(cherry picked from commit 36c76aa3c625afc9291b9e1df071db51ccf37dab)
ticket: 7592
version_fixed: 1.11.2
status: resolved
src/lib/gssapi/mechglue/g_imp_sec_context.c | 35 ++++++++++----------------
1 files changed, 14 insertions(+), 21 deletions(-)
diff --git a/src/lib/gssapi/mechglue/g_imp_sec_context.c b/src/lib/gssapi/mechglue/g_imp_sec_context.c
index 53310dd..a0e2d71 100644
--- a/src/lib/gssapi/mechglue/g_imp_sec_context.c
+++ b/src/lib/gssapi/mechglue/g_imp_sec_context.c
@@ -84,6 +84,7 @@ gss_ctx_id_t * context_handle;
gss_union_ctx_id_t ctx;
gss_ctx_id_t mctx;
gss_buffer_desc token;
+ gss_OID_desc token_mech;
gss_OID selected_mech = GSS_C_NO_OID;
gss_OID public_mech;
gss_mechanism mech;
@@ -100,12 +101,6 @@ gss_ctx_id_t * context_handle;
if (!ctx)
return (GSS_S_FAILURE);
- ctx->mech_type = (gss_OID) malloc(sizeof(gss_OID_desc));
- if (!ctx->mech_type) {
- free(ctx);
- return (GSS_S_FAILURE);
- }
-
if (interprocess_token->length >= sizeof (OM_uint32)) {
p = interprocess_token->value;
length = (OM_uint32)*p++;
@@ -120,12 +115,9 @@ gss_ctx_id_t * context_handle;
return (GSS_S_CALL_BAD_STRUCTURE | GSS_S_DEFECTIVE_TOKEN);
}
- ctx->mech_type->length = length;
- ctx->mech_type->elements = malloc(length);
- if (!ctx->mech_type->elements) {
- goto error_out;
- }
- memcpy(ctx->mech_type->elements, p, length);
+ token_mech.length = length;
+ token_mech.elements = p;
+
p += length;
token.length = interprocess_token->length - sizeof (OM_uint32) - length;
@@ -136,7 +128,7 @@ gss_ctx_id_t * context_handle;
* call it.
*/
- status = gssint_select_mech_type(minor_status, ctx->mech_type,
+ status = gssint_select_mech_type(minor_status, &token_mech,
&selected_mech);
if (status != GSS_S_COMPLETE)
goto error_out;
@@ -152,6 +144,12 @@ gss_ctx_id_t * context_handle;
goto error_out;
}
+ if (generic_gss_copy_oid(minor_status, selected_mech,
+ &ctx->mech_type) != GSS_S_COMPLETE) {
+ status = GSS_S_FAILURE;
+ goto error_out;
+ }
+
if (mech->gssspi_import_sec_context_by_mech) {
public_mech = gssint_get_public_oid(selected_mech);
status = mech->gssspi_import_sec_context_by_mech(minor_status,
@@ -167,16 +165,11 @@ gss_ctx_id_t * context_handle;
return (GSS_S_COMPLETE);
}
map_error(minor_status, mech);
+ free(ctx->mech_type->elements);
+ free(ctx->mech_type);
error_out:
- if (ctx) {
- if (ctx->mech_type) {
- if (ctx->mech_type->elements)
- free(ctx->mech_type->elements);
- free(ctx->mech_type);
- }
- free(ctx);
- }
+ free(ctx);
return status;
}
#endif /* LEAN_CLIENT */
More information about the cvs-krb5
mailing list