From 8b0f159350e8b938cfc5dca1a254f8d6ff7f595a Mon Sep 17 00:00:00 2001 From: Ken Raeburn Date: Thu, 12 Mar 2009 16:48:15 +0000 Subject: [PATCH] crash using library-allocated storage for header in wrap_iov When allocating storage for the header buffer, update the internal output buffer pointer as well. ticket: 6412 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22081 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/gssapi/krb5/k5sealv3iov.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/lib/gssapi/krb5/k5sealv3iov.c b/src/lib/gssapi/krb5/k5sealv3iov.c index 98904b62d..85f9036b3 100644 --- a/src/lib/gssapi/krb5/k5sealv3iov.c +++ b/src/lib/gssapi/krb5/k5sealv3iov.c @@ -129,9 +129,10 @@ gss_krb5int_make_seal_token_v3_iov(krb5_context context, gss_headerlen += gss_trailerlen; } - if (header->type & GSS_IOV_BUFFER_FLAG_ALLOCATE) + if (header->type & GSS_IOV_BUFFER_FLAG_ALLOCATE) { code = kg_allocate_iov(header, (size_t) gss_headerlen); - else if (header->buffer.length < gss_headerlen) + outbuf = (unsigned char *)header->buffer.value; + } else if (header->buffer.length < gss_headerlen) code = KRB5_BAD_MSIZE; if (code != 0) goto cleanup; -- 2.26.2