[krbdev.mit.edu #5442] SVN Commit

Tom Yu via RT rt-comment at krbdev.mit.edu
Fri Jul 25 16:33:11 EDT 2008


pull up r20559 from trunk

 r20559 at cathode-dark-space:  jaltman | 2008-07-21 16:47:35 -0400
 ticket: 5442
 tags: pullup
 
 This patch addresses the issues raised in this ticket and ticket 5936.
 
 (a) In the case where 'cred_handle' != 'verifier_cred_handle'[1]
 krb5_gss_accept_sec_context() leaks the 'cred_handle' in the success
 case and the failure cases that result in returning from the function
 prior to reaching the end of the function.
 
 (b) The meaningful 'minor_status' return value is destroyed during the
 cleanup operations.
 
 The approach taken is to add a new 'exit:' label prior to the end of the
 function through which all function returns after reaching the 'fail:'
 label will goto.  After 'exit:', the 'cred_handle' will be released and
 if there is a krb5_context 'context' to be freed, the error info will be
 saved and krb5_free_context() will be called.
 
 In the success case, the krb5_context is saved in the gss context and we
 now set 'context' to NULL to prevent it from being freed.
 
 In order to preserve the minor_status return code, a 'tmp_minor_status'
 variable is added that is used after the 'fail:' label in calls to
 krb5_gss_delete_sec_context() and krb5_gss_release_cred().
 
 
 [1] If 'verifier_cred_handle' is non-NULL, then 'cred_handle' is set to
 the value of 'verifier_cred_handle'.
 
 
 
 


Commit By: tlyu



Revision: 20581
Changed Files:
_U  branches/krb5-1-6/
U   branches/krb5-1-6/src/lib/gssapi/krb5/accept_sec_context.c




More information about the krb5-bugs mailing list