From: Ken Raeburn Date: Thu, 12 Mar 2009 22:06:35 +0000 (+0000) Subject: Better fix: Delay setting 'outbuf' until after the header buffer might X-Git-Tag: krb5-1.8-alpha1~598 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=e382bc42e2db368463fd44f0676b89f751634f52;p=krb5.git Better fix: Delay setting 'outbuf' until after the header buffer might have been allocated locally, and set it in both code paths instead of just the confidentiality-requested code path. ticket: 6412 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22082 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/gssapi/krb5/k5sealv3iov.c b/src/lib/gssapi/krb5/k5sealv3iov.c index 85f9036b3..c30352b0a 100644 --- a/src/lib/gssapi/krb5/k5sealv3iov.c +++ b/src/lib/gssapi/krb5/k5sealv3iov.c @@ -90,8 +90,6 @@ gss_krb5int_make_seal_token_v3_iov(krb5_context context, trailer = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER); - outbuf = (unsigned char *)header->buffer.value; - if (toktype == KG_TOK_WRAP_MSG && conf_req_flag) { unsigned int k5_headerlen, k5_trailerlen, k5_padlen; size_t ec = 0; @@ -131,11 +129,11 @@ gss_krb5int_make_seal_token_v3_iov(krb5_context context, if (header->type & GSS_IOV_BUFFER_FLAG_ALLOCATE) { code = kg_allocate_iov(header, (size_t) gss_headerlen); - outbuf = (unsigned char *)header->buffer.value; } else if (header->buffer.length < gss_headerlen) code = KRB5_BAD_MSIZE; if (code != 0) goto cleanup; + outbuf = (unsigned char *)header->buffer.value; header->buffer.length = (size_t) gss_headerlen; if (trailer != NULL) { @@ -205,6 +203,7 @@ gss_krb5int_make_seal_token_v3_iov(krb5_context context, code = KRB5_BAD_MSIZE; if (code != 0) goto cleanup; + outbuf = (unsigned char *)header->buffer.value; header->buffer.length = (size_t) gss_headerlen; if (trailer != NULL) {