(krb5-1.5.x) fix MITKRB5-SA-2007-003

pull up r19171 from trunk r19171@cathode-dark-space: raeburn | 2007-02-23 19:56:23 -0500 ticket: 5445 status: open If a reflection is detected, zap the message buffer pointer output argument as well as actually freeing the buffer. (Found while using the gsstest option to exercise error conditions.) ticket: new tags: pullup target_version: 1.5.3 version_fixed: 1.5.3 git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@19422 dc483132-0cff-0310-8789-dd5450dbe970
author: Tom Yu <tlyu@mit.edu> 2007-04-11 02:25:17 +0000
committer: Tom Yu <tlyu@mit.edu> 2007-04-11 02:25:17 +0000
commit: 53d439b14c75cbdada8e7e7bf2222e76f06cb357 (patch)
tree: 70df9c790685d0dd1b42a124efe9c21708b91d42
parent: 555a2c2034e13cc39ef749206d50780021819842 (diff)
download: krb5-53d439b14c75cbdada8e7e7bf2222e76f06cb357.zip
krb5-53d439b14c75cbdada8e7e7bf2222e76f06cb357.tar.gz
krb5-53d439b14c75cbdada8e7e7bf2222e76f06cb357.tar.bz2
1 files changed, 4 insertions, 1 deletions
diff --git a/src/lib/gssapi/krb5/k5unseal.c b/src/lib/gssapi/krb5/k5unseal.c
index 30845bd..8c99986 100644
--- a/src/lib/gssapi/krb5/k5unseal.c
+++ b/src/lib/gssapi/krb5/k5unseal.c
@@ -457,8 +457,11 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
 
     if ((ctx->initiate && direction != 0xff) ||
 	(!ctx->initiate && direction != 0)) {
-	if (toktype == KG_TOK_SEAL_MSG)
+	if (toktype == KG_TOK_SEAL_MSG) {
 	    xfree(token.value);
+	    message_buffer->value = NULL;
+	    message_buffer->length = 0;
+	}
 	*minor_status = G_BAD_DIRECTION;
 	return(GSS_S_BAD_SIG);
     }
author	Tom Yu <tlyu@mit.edu>	2007-04-11 02:25:17 +0000
committer	Tom Yu <tlyu@mit.edu>	2007-04-11 02:25:17 +0000
commit	53d439b14c75cbdada8e7e7bf2222e76f06cb357 (patch)
tree	70df9c790685d0dd1b42a124efe9c21708b91d42
parent	555a2c2034e13cc39ef749206d50780021819842 (diff)
download	krb5-53d439b14c75cbdada8e7e7bf2222e76f06cb357.zip krb5-53d439b14c75cbdada8e7e7bf2222e76f06cb357.tar.gz krb5-53d439b14c75cbdada8e7e7bf2222e76f06cb357.tar.bz2