diff options
author | sashan <anedvedicky@gmail.com> | 2020-11-20 16:22:52 +0100 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2020-11-23 11:38:28 -0500 |
commit | 2c30f41745d29ed7f06028bba452355b328e8fba (patch) | |
tree | 0ce7509e3dfe9863b83a8a44c426f5d08c5898bc /src/lib/gssapi | |
parent | 1bc5f76d2e7013b8771e3bd9960c82642ba0b467 (diff) | |
download | krb5-2c30f41745d29ed7f06028bba452355b328e8fba.zip krb5-2c30f41745d29ed7f06028bba452355b328e8fba.tar.gz krb5-2c30f41745d29ed7f06028bba452355b328e8fba.tar.bz2 |
Improve duplicate checking in gss_add_cred()
If both input and output credentials are provided to gss_add_cred() or
gss_add_cred_from(), check for a duplicate element in the input handle.
[ghudson@mit.edu: reorganized code; rewrote commit message]
ticket: 8966 (new)
Diffstat (limited to 'src/lib/gssapi')
-rw-r--r-- | src/lib/gssapi/mechglue/g_acquire_cred.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/src/lib/gssapi/mechglue/g_acquire_cred.c b/src/lib/gssapi/mechglue/g_acquire_cred.c index f03ab9e..c885f56 100644 --- a/src/lib/gssapi/mechglue/g_acquire_cred.c +++ b/src/lib/gssapi/mechglue/g_acquire_cred.c @@ -480,7 +480,13 @@ gss_add_cred_from(minor_status, input_cred_handle, else if (!mech->gss_acquire_cred) return (GSS_S_UNAVAILABLE); - if (input_cred_handle == GSS_C_NO_CREDENTIAL) { + union_cred = (gss_union_cred_t)input_cred_handle; + if (union_cred != NULL && + gssint_get_mechanism_cred(union_cred, + selected_mech) != GSS_C_NO_CREDENTIAL) + return (GSS_S_DUPLICATE_ELEMENT); + + if (union_cred == NULL) { /* Create a new credential handle. */ union_cred = malloc(sizeof (gss_union_cred_desc)); if (union_cred == NULL) @@ -488,13 +494,7 @@ gss_add_cred_from(minor_status, input_cred_handle, (void) memset(union_cred, 0, sizeof (gss_union_cred_desc)); union_cred->loopback = union_cred; - } else if (output_cred_handle == NULL) { - /* Add to the existing handle. */ - union_cred = (gss_union_cred_t)input_cred_handle; - if (gssint_get_mechanism_cred(union_cred, selected_mech) != - GSS_C_NO_CREDENTIAL) - return (GSS_S_DUPLICATE_ELEMENT); - } else { + } else if (output_cred_handle != NULL) { /* Create a new credential handle with the mechanism credentials of the * input handle plus the acquired mechanism credential. */ status = copy_union_cred(minor_status, input_cred_handle, &union_cred); |