* accept_sec_context.c (krb5_gss_accept_sec_context): If an error

	occurs after the auth_context is established, but before the
	krb5_gss_ctx_id_rec is established, release our pointer to the
	replay cache and invoke krb5_auth_con_free(). (krb5-libs/855)

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12721 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog
index 0e8d905dd81371909849fed215077db10bb01c35..04a6bab05d7bf892ca3d4613cb34855ce1072886 100644 (file)
--- a/src/lib/gssapi/krb5/ChangeLog
+++ b/src/lib/gssapi/krb5/ChangeLog
@@ -1,3 +1,10 @@
+2000-10-04  Ezra Peisach  <epeisach@mit.edu>
+
+       * accept_sec_context.c (krb5_gss_accept_sec_context): If an error
+       occurs after the auth_context is established, but before the
+       krb5_gss_ctx_id_rec is established, release our pointer to the
+       replay cache and invoke krb5_auth_con_free(). (krb5-libs/855)
+
 2000-10-03  Ezra Peisach  <epeisach@mit.edu>
 
        * add_cred.c (krb5_gss_add_cred): krb5_cc_get_type() and

diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c
index 75a6eaecac74c2227b1a8dd26052ec7c3b447edb..4f7f73d23887bf765a20babd16d50aadf44029e5 100644 (file)
--- a/src/lib/gssapi/krb5/accept_sec_context.c
+++ b/src/lib/gssapi/krb5/accept_sec_context.c
@@ -743,6 +743,11 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
        free(ctypes);
    if (authdat)
        krb5_free_authenticator(context, authdat);
+   /* The ctx structure has the handle of the auth_context */
+   if (auth_context & !ctx) {
+       (void)krb5_auth_con_setrcache(context, auth_context, NULL);
+       krb5_auth_con_free(context, auth_context);
+   }
    if (reqcksum.contents)
        xfree(reqcksum.contents);
    if (ap_rep.data)