diff options
author | Tom Yu <tlyu@mit.edu> | 2010-11-01 20:36:37 +0000 |
---|---|---|
committer | Tom Yu <tlyu@mit.edu> | 2010-11-01 20:36:37 +0000 |
commit | f81030c8386e20914d027d07a9991ae879987ae0 (patch) | |
tree | 5fbb76c89db90e1fe3c06a86d8db4438a93620e7 | |
parent | dc17806ebfd42041f4829310035fde643efced7b (diff) | |
download | krb5-f81030c8386e20914d027d07a9991ae879987ae0.zip krb5-f81030c8386e20914d027d07a9991ae879987ae0.tar.gz krb5-f81030c8386e20914d027d07a9991ae879987ae0.tar.bz2 |
pull up r24481 from trunk
------------------------------------------------------------------------
r24481 | ghudson | 2010-10-25 16:17:54 -0400 (Mon, 25 Oct 2010) | 7 lines
ticket: 6796
target_version: 1.9
tags: pullup
Use safer output parameter handling in
krb5_gss_acquire_cred_impersonate_name and its subsidiary helpers.
ticket: 6796
version_fixed: 1.9
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24499 dc483132-0cff-0310-8789-dd5450dbe970
-rw-r--r-- | src/lib/gssapi/krb5/s4u_gss_glue.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/lib/gssapi/krb5/s4u_gss_glue.c b/src/lib/gssapi/krb5/s4u_gss_glue.c index 9072518..ac07dad 100644 --- a/src/lib/gssapi/krb5/s4u_gss_glue.c +++ b/src/lib/gssapi/krb5/s4u_gss_glue.c @@ -50,8 +50,8 @@ kg_impersonate_name(OM_uint32 *minor_status, krb5_error_code code; krb5_creds in_creds, *out_creds = NULL; + *output_cred = NULL; memset(&in_creds, 0, sizeof(in_creds)); - memset(&out_creds, 0, sizeof(out_creds)); in_creds.client = user->princ; in_creds.server = impersonator_cred->name->princ; @@ -161,7 +161,8 @@ krb5_gss_acquire_cred_impersonate_name(OM_uint32 *minor_status, time_rec, context); - *output_cred_handle = (gss_cred_id_t)cred; + if (!GSS_ERROR(major_status)) + *output_cred_handle = (gss_cred_id_t)cred; k5_mutex_unlock(&((krb5_gss_cred_id_t)impersonator_cred_handle)->lock); krb5_free_context(context); @@ -183,6 +184,7 @@ kg_compose_deleg_cred(OM_uint32 *minor_status, krb5_error_code code; krb5_gss_cred_id_t cred = NULL; + *output_cred = NULL; k5_mutex_assert_locked(&impersonator_cred->lock); if (!kg_is_initiator_cred(impersonator_cred) || |