From 736c9f81b080c02c657bc9ca5e63c37d96d4b9bb Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Wed, 21 Apr 2010 23:20:29 +0000 Subject: [PATCH] In the get_credentials() helper of the gss-krb5 init_sec_context code, ensure that *out_creds is only filled in on successful return. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23917 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/gssapi/krb5/init_sec_context.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c index cbc9ed936..fd29c4571 100644 --- a/src/lib/gssapi/krb5/init_sec_context.c +++ b/src/lib/gssapi/krb5/init_sec_context.c @@ -128,10 +128,12 @@ static krb5_error_code get_credentials(context, cred, server, now, krb5_creds **out_creds; { krb5_error_code code; - krb5_creds in_creds, evidence_creds; + krb5_creds in_creds, evidence_creds, *result_creds = NULL; krb5_flags flags = 0; krb5_principal cc_princ = NULL; + *out_creds = NULL; + k5_mutex_assert_locked(&cred->lock); memset(&in_creds, 0, sizeof(krb5_creds)); memset(&evidence_creds, 0, sizeof(krb5_creds)); @@ -196,7 +198,7 @@ static krb5_error_code get_credentials(context, cred, server, now, } code = krb5_get_credentials(context, flags, cred->ccache, - &in_creds, out_creds); + &in_creds, &result_creds); if (code) goto cleanup; @@ -220,10 +222,14 @@ static krb5_error_code get_credentials(context, cred, server, now, goto cleanup; } + *out_creds = result_creds; + result_creds = NULL; + cleanup: krb5_free_authdata(context, in_creds.authdata); krb5_free_principal(context, cc_princ); krb5_free_cred_contents(context, &evidence_creds); + krb5_free_creds(context, result_creds); return code; } -- 2.26.2