[krbdev.mit.edu #4063] gss mech glue implementation should validate opaque pointer types

[Alexandra Ellwood via RT]

In releases prior to krb5-1.5, gss_name_t, gss_ctx_id_t and gss_cred_id_t were validated by 
krb5's pointer validation support.  This resulted in it being possible to write the following 
code without getting a crash:

if (name) { gss_release_name (&minor_status, name); }

Even though the second argument to gss_release_name() is supposed to be "&name", the 
pointer validation code would detect the invalid pointer and return an error.  In practice 
callers don't check the return values of our release functions so unless they used leak 
checkers to find the leak, bugs like this would go unnoticed.

In krb5-1.5 the gss mech glue code does not perform pointer validation and thus code with 
errors like the one above now crash.  In order to prevent existing applications from breaking 
with new releases of krb5, we should implement some form of pointer validation to 
reproduce the previous behavior.


Note: the reason the above code doesn't generate a warning at compile time is that 
gss_name_t, gss_cred_id_t and gss_ctx_id_t are all defined as void* in released version of 
krb5.  See bug #4057 for more information.