Check for null name_type in gss_display_name_ext

It is possible for the input name's name_type to be GSS_C_NO_OID.
g_OID_equal() does not account for GSS_C_NO_OID, so we have to
manually check before use to prevent null pointer dereferences.

(cherry picked from commit 3fdf09ac9a36581b47f40c9d177e463cc12687ff)

ticket: 8310 (new)
version_fixed: 1.12.5
status: resolved

1 files changed, 3 insertions, 1 deletions

diff --git a/src/lib/gssapi/mechglue/g_dsp_name_ext.c b/src/lib/gssapi/mechglue/g_dsp_name_ext.c
index 14326a3..be08dd1 100644
--- a/src/lib/gssapi/mechglue/g_dsp_name_ext.c
+++ b/src/lib/gssapi/mechglue/g_dsp_name_ext.c
@@ -94,6 +94,7 @@ gss_display_name_ext (OM_uint32 *minor_status,
             status = GSS_S_BAD_NAME;
         else if (mech->gss_display_name_ext == NULL) {
             if (mech->gss_display_name != NULL &&
+                union_name->name_type != GSS_C_NO_OID &&
                 g_OID_equal(display_as_name_type, union_name->name_type)) {
                 status = (*mech->gss_display_name)(minor_status,
                                                    union_name->mech_name,
@@ -114,7 +115,8 @@ gss_display_name_ext (OM_uint32 *minor_status,
         return status;
     }
 
-    if (!g_OID_equal(display_as_name_type, union_name->name_type))
+    if (union_name->name_type == GSS_C_NO_OID ||
+        !g_OID_equal(display_as_name_type, union_name->name_type))
         return GSS_S_UNAVAILABLE;
 
     if ((output_name_buffer->value =