SPNEGO's accept_sec_context and init_sec_context produce a null context
authorGreg Hudson <ghudson@mit.edu>
Tue, 8 Mar 2011 19:34:31 +0000 (19:34 +0000)
committerGreg Hudson <ghudson@mit.edu>
Tue, 8 Mar 2011 19:34:31 +0000 (19:34 +0000)
on error, so it needs to silently succeed when deleting a null context.
It was instead passing the null context along to the mechglue which
would produce an error, causing a leak of the mechglue's union context
wrapper.  Reported by aberry@likewise.com.

ticket: 6863

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24692 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/gssapi/spnego/spnego_mech.c

index e3e029f86329fe1680a4a41a23db151619b2db89..073d7fc97239f88bd5c8c54a4a349e80332a20df 100644 (file)
@@ -2074,14 +2074,18 @@ spnego_gss_delete_sec_context(
        spnego_gss_ctx_id_t *ctx =
                    (spnego_gss_ctx_id_t *)context_handle;
 
+       *minor_status = 0;
+
        if (context_handle == NULL)
                return (GSS_S_FAILURE);
 
+       if (*ctx == NULL)
+               return (GSS_S_COMPLETE);
+
        /*
         * If this is still an SPNEGO mech, release it locally.
         */
-       if (*ctx != NULL &&
-           (*ctx)->magic_num == SPNEGO_MAGIC_ID) {
+       if ((*ctx)->magic_num == SPNEGO_MAGIC_ID) {
                (void) gss_delete_sec_context(minor_status,
                                    &(*ctx)->ctx_handle,
                                    output_token);