If a reflection is detected, zap the message buffer pointer output

argument as well as actually freeing the buffer.  (Found while using
the gsstest option to exercise error conditions.)

ticket: 5445
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19171 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/gssapi/krb5/k5unseal.c b/src/lib/gssapi/krb5/k5unseal.c
index 30845bd85a88f08de0623f28c54344f7d0387f82..8c999868efccf37bad2280bfed3f99e147fadd25 100644 (file)
--- a/src/lib/gssapi/krb5/k5unseal.c
+++ b/src/lib/gssapi/krb5/k5unseal.c
@@ -457,8 +457,11 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
 
     if ((ctx->initiate && direction != 0xff) ||
        (!ctx->initiate && direction != 0)) {
-       if (toktype == KG_TOK_SEAL_MSG)
+       if (toktype == KG_TOK_SEAL_MSG) {
            xfree(token.value);
+           message_buffer->value = NULL;
+           message_buffer->length = 0;
+       }
        *minor_status = G_BAD_DIRECTION;
        return(GSS_S_BAD_SIG);
     }