From: Ezra Peisach <epeisach@mit.edu>
Date: Sat, 30 Dec 2006 06:09:25 +0000 (+0000)
Subject: If gss_krb5int_unseal_token_v3() unwraps a message of length 0 - free
X-Git-Tag: krb5-1.7-alpha1~1378
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=a2402f9d816014f3df88557d3cfb52005e90b8fb;p=krb5.git

If gss_krb5int_unseal_token_v3() unwraps a message of length 0 - free
memory and return in message_buffer a NULL pointer for value.  This
is consistant with gss_release_buffer in the mechglue implementation in which
memory is only freed if the buffer length != 0.

ticket: 5233
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19022 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/gssapi/krb5/k5sealv3.c b/src/lib/gssapi/krb5/k5sealv3.c
index d83ac8593..2c084865e 100644
--- a/src/lib/gssapi/krb5/k5sealv3.c
+++ b/src/lib/gssapi/krb5/k5sealv3.c
@@ -418,6 +418,10 @@ gss_krb5int_unseal_token_v3(krb5_context *contextptr,
 	    }
 	    message_buffer->value = plain.data;
 	    message_buffer->length = plain.length - ec - 16;
+	    if(message_buffer->length == 0) {
+	      free(message_buffer->value);
+	      message_buffer->value = NULL;
+	    }
 	} else {
 	    /* no confidentiality */
 	    if (conf_state)