From: Tom Yu <tlyu@mit.edu>
Date: Sat, 20 Jan 2007 00:20:53 +0000 (+0000)
Subject: pull up r19022 from trunk
X-Git-Tag: kfw-3.2.0-beta1~94
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=50cc0ba64a2be018a7ca66f6218f8c44c61d0fcf;p=krb5.git

pull up r19022 from trunk

 r19022@cathode-dark-space:  epeisach | 2006-12-30 01:09:25 -0500
 ticket: 5233
 tags: pullup

 If gss_krb5int_unseal_token_v3() unwraps a message of length 0 - free
 memory and return in message_buffer a NULL pointer for value.  This
 is consistant with gss_release_buffer in the mechglue implementation in which
 memory is only freed if the buffer length != 0.



ticket: 5233
version_fixed: 1.6.1

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19074 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/gssapi/krb5/k5sealv3.c b/src/lib/gssapi/krb5/k5sealv3.c
index d83ac8593..2c084865e 100644
--- a/src/lib/gssapi/krb5/k5sealv3.c
+++ b/src/lib/gssapi/krb5/k5sealv3.c
@@ -418,6 +418,10 @@ gss_krb5int_unseal_token_v3(krb5_context *contextptr,
 	    }
 	    message_buffer->value = plain.data;
 	    message_buffer->length = plain.length - ec - 16;
+	    if(message_buffer->length == 0) {
+	      free(message_buffer->value);
+	      message_buffer->value = NULL;
+	    }
 	} else {
 	    /* no confidentiality */
 	    if (conf_state)