From: Ken Raeburn <raeburn@mit.edu>
Date: Sat, 24 Feb 2007 00:56:23 +0000 (+0000)
Subject: If a reflection is detected, zap the message buffer pointer output
X-Git-Tag: krb5-1.7-alpha1~1283
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=ed3fa1390f7f70ab62d476dc467042bac3c5a1b6;p=krb5.git

If a reflection is detected, zap the message buffer pointer output
argument as well as actually freeing the buffer.  (Found while using
the gsstest option to exercise error conditions.)

ticket: 5445
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19171 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/gssapi/krb5/k5unseal.c b/src/lib/gssapi/krb5/k5unseal.c
index 30845bd85..8c999868e 100644
--- a/src/lib/gssapi/krb5/k5unseal.c
+++ b/src/lib/gssapi/krb5/k5unseal.c
@@ -457,8 +457,11 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
 
     if ((ctx->initiate && direction != 0xff) ||
 	(!ctx->initiate && direction != 0)) {
-	if (toktype == KG_TOK_SEAL_MSG)
+	if (toktype == KG_TOK_SEAL_MSG) {
 	    xfree(token.value);
+	    message_buffer->value = NULL;
+	    message_buffer->length = 0;
+	}
 	*minor_status = G_BAD_DIRECTION;
 	return(GSS_S_BAD_SIG);
     }