CVE-2009-0845 (1.6.x) SPNEGO can dereference a null pointer
authorTom Yu <tlyu@mit.edu>
Tue, 17 Mar 2009 21:34:13 +0000 (21:34 +0000)
committerTom Yu <tlyu@mit.edu>
Tue, 17 Mar 2009 21:34:13 +0000 (21:34 +0000)
commit436064dc47dc336c44485068fb2f2fbc6cf840f4
treec633374db63fd927a66e67ea9bf0054a330c646f
parent60ec86205b522fa9809765eb997164ec1c112270
CVE-2009-0845 (1.6.x) SPNEGO can dereference a null pointer

pull up r22084 from trunk

acc_ctx_new() can return an error condition without establishing a
SPNEGO context structure.  This can cause a null pointer dereference
in cleanup code in spnego_gss_accept_sec_context().

ticket: 6426
tags: pullup
target_version: 1.6.4
version_fixed: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@22104 dc483132-0cff-0310-8789-dd5450dbe970
src/lib/gssapi/spnego/spnego_mech.c