Fix a couple of cases in the SPNEGO implementation where a
authorGreg Hudson <ghudson@mit.edu>
Mon, 10 Jan 2011 18:25:36 +0000 (18:25 +0000)
committerGreg Hudson <ghudson@mit.edu>
Mon, 10 Jan 2011 18:25:36 +0000 (18:25 +0000)
half-constructed SPNEGO context could be leaked.  Patch from
aberry@likewise.com, slightly amended.

ticket: 6816

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24591 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/gssapi/spnego/spnego_mech.c

index 78471466964f2d67c8091987c4f4d9402edbf121..e3e029f86329fe1680a4a41a23db151619b2db89 100644 (file)
@@ -603,7 +603,6 @@ init_ctx_new(OM_uint32 *minor_status,
        }
 
        if (put_mech_set(*mechSet, &sc->DER_mechTypes) < 0) {
-               generic_gss_release_oid(&tmpmin, &sc->internal_mech);
                ret = GSS_S_FAILURE;
                goto cleanup;
        }
@@ -613,10 +612,12 @@ init_ctx_new(OM_uint32 *minor_status,
         */
        sc->ctx_handle = GSS_C_NO_CONTEXT;
        *ctx = (gss_ctx_id_t)sc;
+       sc = NULL;
        *tokflag = INIT_TOKEN_SEND;
        ret = GSS_S_CONTINUE_NEEDED;
 
 cleanup:
+       release_spnego_ctx(&sc);
        gss_release_oid_set(&tmpmin, mechSet);
        return ret;
 }
@@ -1285,9 +1286,11 @@ acc_ctx_hints(OM_uint32 *minor_status,
        *return_token = INIT_TOKEN_SEND;
        sc->firstpass = 1;
        *ctx = (gss_ctx_id_t)sc;
+       sc = NULL;
        ret = GSS_S_COMPLETE;
 
 cleanup:
+       release_spnego_ctx(&sc);
        gss_release_oid_set(&tmpmin, &supported_mechSet);
 
        return ret;