Always copy the mechtype so that delete_sec_context() can safely

release the OID without smashing memory passed in by the application.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10117 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog
index 0c65bf13b59059b9b38d3eef700d497b542f2879..35051589719a687dc9e2e70857894dbb989e3c82 100644 (file)
--- a/src/lib/gssapi/krb5/ChangeLog
+++ b/src/lib/gssapi/krb5/ChangeLog
@@ -1,3 +1,9 @@
+Tue Jul 15 22:05:21 1997  Theodore Y. Ts'o  <tytso@mit.edu>
+
+       * init_sec_context.c (krb5_gss_init_sec_context): Always copy the
+               mechtype so that delete_sec_context() can safely release
+               the OID without smashing memory passed in by the application.
+
 Mon Jun 30 14:05:51 1997  Kevin L Mitchell  <klmitch@mit.edu>
 
        * accept_sec_context.c: added code to return a valid delegated

diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c
index ac6ffa23275f63bace363911aea2bbfa8f64cdf2..b3992bd7d2ebb616d37ea405a986c54933dea6b3 100644 (file)
--- a/src/lib/gssapi/krb5/init_sec_context.c
+++ b/src/lib/gssapi/krb5/init_sec_context.c
@@ -324,7 +324,11 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle,
 
       /* fill in the ctx */
       memset(ctx, 0, sizeof(krb5_gss_ctx_id_rec));
-      ctx->mech_used = mech_type;
+      if (generic_gss_copy_oid(minor_status, mech_type, &ctx->mech_used)
+         != GSS_S_COMPLETE) {
+             free(ctx);
+             return (GSS_S_FAILURE);
+      }
       ctx->auth_context = NULL;
       ctx->initiate = 1;
       ctx->gss_flags = KG_IMPLFLAGS(req_flags);