From 2c30f41745d29ed7f06028bba452355b328e8fba Mon Sep 17 00:00:00 2001 From: sashan Date: Fri, 20 Nov 2020 16:22:52 +0100 Subject: Improve duplicate checking in gss_add_cred() If both input and output credentials are provided to gss_add_cred() or gss_add_cred_from(), check for a duplicate element in the input handle. [ghudson@mit.edu: reorganized code; rewrote commit message] ticket: 8966 (new) --- src/lib/gssapi/mechglue/g_acquire_cred.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/lib/gssapi/mechglue/g_acquire_cred.c b/src/lib/gssapi/mechglue/g_acquire_cred.c index f03ab9e..c885f56 100644 --- a/src/lib/gssapi/mechglue/g_acquire_cred.c +++ b/src/lib/gssapi/mechglue/g_acquire_cred.c @@ -480,7 +480,13 @@ gss_add_cred_from(minor_status, input_cred_handle, else if (!mech->gss_acquire_cred) return (GSS_S_UNAVAILABLE); - if (input_cred_handle == GSS_C_NO_CREDENTIAL) { + union_cred = (gss_union_cred_t)input_cred_handle; + if (union_cred != NULL && + gssint_get_mechanism_cred(union_cred, + selected_mech) != GSS_C_NO_CREDENTIAL) + return (GSS_S_DUPLICATE_ELEMENT); + + if (union_cred == NULL) { /* Create a new credential handle. */ union_cred = malloc(sizeof (gss_union_cred_desc)); if (union_cred == NULL) @@ -488,13 +494,7 @@ gss_add_cred_from(minor_status, input_cred_handle, (void) memset(union_cred, 0, sizeof (gss_union_cred_desc)); union_cred->loopback = union_cred; - } else if (output_cred_handle == NULL) { - /* Add to the existing handle. */ - union_cred = (gss_union_cred_t)input_cred_handle; - if (gssint_get_mechanism_cred(union_cred, selected_mech) != - GSS_C_NO_CREDENTIAL) - return (GSS_S_DUPLICATE_ELEMENT); - } else { + } else if (output_cred_handle != NULL) { /* Create a new credential handle with the mechanism credentials of the * input handle plus the acquired mechanism credential. */ status = copy_union_cred(minor_status, input_cred_handle, &union_cred); -- cgit v1.1