From eef156a09779d93b4b0743f0c14df799ce1222a6 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Tue, 6 Sep 2011 15:14:10 +0000 Subject: [PATCH] Fix several bugs in gss-krb5 inq_cred cred could be used uninitialized if krb5_timeofday() failed. defcred had the wrong type. kg_cred_resolve() should be used instead of krb5_gss_validate_cred() to do delayed name/ccache resolution and get a lock. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25164 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/gssapi/krb5/inq_cred.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/src/lib/gssapi/krb5/inq_cred.c b/src/lib/gssapi/krb5/inq_cred.c index f523a545c..057e51bfa 100644 --- a/src/lib/gssapi/krb5/inq_cred.c +++ b/src/lib/gssapi/krb5/inq_cred.c @@ -83,7 +83,8 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, gss_OID_set *mechanisms; { krb5_context context; - krb5_gss_cred_id_t defcred = GSS_C_NO_CREDENTIAL, cred; + gss_cred_id_t defcred = GSS_C_NO_CREDENTIAL; + krb5_gss_cred_id_t cred = NULL; krb5_error_code code; krb5_timestamp now; krb5_deltat lifetime; @@ -104,12 +105,6 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, if (name) *name = NULL; if (mechanisms) *mechanisms = NULL; - if ((code = krb5_timeofday(context, &now))) { - *minor_status = code; - ret = GSS_S_FAILURE; - goto fail; - } - /* check for default credential */ /*SUPPRESS 29*/ if (cred_handle == GSS_C_NO_CREDENTIAL) { @@ -121,7 +116,7 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, cred_handle = defcred; } - major = krb5_gss_validate_cred(minor_status, cred_handle); + major = kg_cred_resolve(minor_status, context, cred_handle, GSS_C_NO_NAME); if (GSS_ERROR(major)) { krb5_gss_release_cred(minor_status, &defcred); krb5_free_context(context); @@ -129,6 +124,12 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, } cred = (krb5_gss_cred_id_t)cred_handle; + if ((code = krb5_timeofday(context, &now))) { + *minor_status = code; + ret = GSS_S_FAILURE; + goto fail; + } + if (cred->tgt_expire > 0) { if ((lifetime = cred->tgt_expire - now) < 0) lifetime = 0; -- 2.26.2