From d17107b322f4c6a93ccfa94e00c6af6ef81bb9bd Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Sat, 4 Mar 2017 21:23:32 +0200
Subject: Allow null outputs to gss_get_name_attribute()

In krb5_gss_get_name_attribute(), always ask for kvalue and
kdisplay_value when calling krb5_authdata_get_attribute(), as it
currently expect non-null arguments.  This change allows applications
to pass GSS_C_NO_BUFFER for the value and display_value output
parameters.  (Passing NULL for the authenticated and complete output
parameters already works.)

[ghudson@mit.edu: initialized kvalue and kdisplay_value for safety]

(cherry picked from commit 0cff20bd02c7e9b0bc88c425b58fa2d379da51b3)

ticket: 8557
version_fixed: 1.15.2
---
 src/lib/gssapi/krb5/naming_exts.c | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/src/lib/gssapi/krb5/naming_exts.c b/src/lib/gssapi/krb5/naming_exts.c
index 6062a6d..0edb4b8 100644
--- a/src/lib/gssapi/krb5/naming_exts.c
+++ b/src/lib/gssapi/krb5/naming_exts.c
@@ -319,8 +319,8 @@ krb5_gss_get_name_attribute(OM_uint32 *minor_status,
     krb5_data kattr;
     krb5_boolean kauthenticated;
     krb5_boolean kcomplete;
-    krb5_data kvalue;
-    krb5_data kdisplay_value;
+    krb5_data kvalue = empty_data();
+    krb5_data kdisplay_value = empty_data();
 
     if (minor_status != NULL)
         *minor_status = 0;
@@ -355,8 +355,8 @@ krb5_gss_get_name_attribute(OM_uint32 *minor_status,
                                        &kattr,
                                        &kauthenticated,
                                        &kcomplete,
-                                       value ? &kvalue : NULL,
-                                       display_value ? &kdisplay_value : NULL,
+                                       &kvalue,
+                                       &kdisplay_value,
                                        more);
     if (code == 0) {
         if (value != NULL)
@@ -367,14 +367,13 @@ krb5_gss_get_name_attribute(OM_uint32 *minor_status,
         if (complete != NULL)
             *complete = kcomplete;
 
-        if (display_value != NULL) {
-            if (code == 0)
-                code = data_to_gss(&kdisplay_value, display_value);
-            else
-                free(kdisplay_value.data);
-        }
+        if (display_value != NULL && code == 0)
+            code = data_to_gss(&kdisplay_value, display_value);
     }
 
+    free(kdisplay_value.data);
+    free(kvalue.data);
+
     k5_mutex_unlock(&kname->lock);
     krb5_free_context(context);
 
-- 
cgit v1.1