jhutz at cmu.edu
Sat Nov 22 00:13:21 EST 2008
--On Friday, November 21, 2008 11:57:54 PM -0500 Jeffrey Altman
<jaltman at secure-endpoints.com> wrote:
> Note that there is a second problem with this api. When a non-NULL
> 'old_name' parameter is provided, it must be freed using the same
> free() as is linked to the gssapi32.dll library. Unfortunately,
> there is no gss_krb5_free_ccname() function in the API available
> to make sure that this is possible. As a result, passing anything
> other than NULL as the 'old_name' parameter is dangerous on Windows.
This is indeed a bug in the API. The old_name parameter should never have
been a char **; it should have been a gss_buffer_t, which would have
allowed it to be released using gss_release_buffer().
More information about the krbdev