rewrite gss_krb5_ccache_name

Jeffrey Hutzelman jhutz at
Sat Nov 22 00:13:21 EST 2008

--On Friday, November 21, 2008 11:57:54 PM -0500 Jeffrey Altman 
<jaltman at> wrote:

> Note that there is a second problem with this api.  When a non-NULL
> 'old_name' parameter is provided, it must be freed using the same
> free() as is linked to the gssapi32.dll library.  Unfortunately,
> there is no gss_krb5_free_ccname() function in the API available
> to make sure that this is possible.  As a result, passing anything
> other than NULL as the 'old_name' parameter is dangerous on Windows.

This is indeed a bug in the API.  The old_name parameter should never have 
been a char **; it should have been a gss_buffer_t, which would have 
allowed it to be released using gss_release_buffer().

-- Jeff

More information about the krbdev mailing list