diff options
| author | Kevin Wasserman <kevin.wasserman@painless-security.com> | 2012-08-01 18:30:02 -0400 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2012-08-03 14:52:12 -0400 |
| commit | bd8f713b254daa4f24f6fb9b8ea15f1eaff3f17d (patch) | |
| tree | 823e1c82b4df0fdd959dd2487e7a60f56df26895 | |
| parent | dee054247300c1ae955dfadf237f4073817d98d6 (diff) | |
| download | krb5-bd8f713b254daa4f24f6fb9b8ea15f1eaff3f17d.zip krb5-bd8f713b254daa4f24f6fb9b8ea15f1eaff3f17d.tar.gz krb5-bd8f713b254daa4f24f6fb9b8ea15f1eaff3f17d.tar.bz2 | |
Fix oid set construction in gss_inquire_cred()
Use gssapi calls to construct the oid sets. It is not safe on windows
to use malloc to hand-construct the set and then call gss_release_oid_set()
to clean it up.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 4cfdf8da69f52c778af4faaea663981a67634bb6)
ticket: 7227
version_fixed: 1.10.3
status: resolved
| -rw-r--r-- | src/lib/gssapi/mechglue/g_inq_cred.c | 32 |
1 files changed, 10 insertions, 22 deletions
diff --git a/src/lib/gssapi/mechglue/g_inq_cred.c b/src/lib/gssapi/mechglue/g_inq_cred.c index 3c09d61..7dab781 100644 --- a/src/lib/gssapi/mechglue/g_inq_cred.c +++ b/src/lib/gssapi/mechglue/g_inq_cred.c @@ -123,29 +123,23 @@ gss_OID_set * mechanisms; */ if(mechanisms != NULL) { - status = GSS_S_FAILURE; - mechs = (gss_OID_set) malloc(sizeof(gss_OID_set_desc)); - if (mechs == NULL) - goto error; - mechs->count = 0; - mechs->elements = malloc(sizeof(gss_OID_desc) * - (union_cred ? union_cred->count : 1)); - if (mechs->elements == NULL) + status = gss_create_empty_oid_set(minor_status, &mechs); + if (GSS_ERROR(status)) goto error; if (union_cred) { for (i = 0; i < union_cred->count; i++) { - mechs->elements[i].elements = - malloc(union_cred->mechs_array[i].length); - if (mechs->elements[i].elements == NULL) + status = gss_add_oid_set_member(minor_status, + &union_cred->mechs_array[i], + &mechs); + if (GSS_ERROR(status)) goto error; - g_OID_copy(&mechs->elements[i], &union_cred->mechs_array[i]); - mechs->count++; } } else { - mechs->elements[0].elements = malloc(mech->mech_type.length); - g_OID_copy(&mechs->elements[0], &mech->mech_type); - mechs->count++; + status = gss_add_oid_set_member(minor_status, + &mech->mech_type, &mechs); + if (GSS_ERROR(status)) + goto error; } *mechanisms = mechs; } @@ -153,12 +147,6 @@ gss_OID_set * mechanisms; return(GSS_S_COMPLETE); error: - /* - * cleanup any allocated memory - we can just call - * gss_release_oid_set, because the set is constructed so that - * count always references the currently copied number of - * elements. - */ if (mechs != NULL) (void) gss_release_oid_set(&temp_minor_status, &mechs); |