If gss_krb5int_unseal_token_v3() unwraps a message of length 0 - free

memory and return in message_buffer a NULL pointer for value.  This
is consistant with gss_release_buffer in the mechglue implementation in which
memory is only freed if the buffer length != 0.

ticket: 5233
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19022 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/gssapi/krb5/k5sealv3.c b/src/lib/gssapi/krb5/k5sealv3.c
index d83ac8593c8473d07dae9ca605696ee263cce074..2c084865e39f96c24282bf20127e6490bd982064 100644 (file)
--- a/src/lib/gssapi/krb5/k5sealv3.c
+++ b/src/lib/gssapi/krb5/k5sealv3.c
@@ -418,6 +418,10 @@ gss_krb5int_unseal_token_v3(krb5_context *contextptr,
            }
            message_buffer->value = plain.data;
            message_buffer->length = plain.length - ec - 16;
+           if(message_buffer->length == 0) {
+             free(message_buffer->value);
+             message_buffer->value = NULL;
+           }
        } else {
            /* no confidentiality */
            if (conf_state)