1 # Sanitize context pointer in gss_export_sec_context

     2 # 

     3 # After 4f35b27 context pointer in gss_export_sec_context() is first

     4 # dereferenced before arguments are sanitized in val_exp_sec_ctx_args().

     5 # With context == NULL the new code segfaults instead of failing

     6 # gracefully.

     7 # 

     8 # Revert this part of 4f35b27 and only dereference context if not NULL.

     9 #

    10 # Patch submitted upstream:

    11 # https://github.com/krb5/krb5/pull/382

    12 # Patch source: in-house

    13 #

    14 

    15 diff -pur old/src/lib/gssapi/mechglue/g_exp_sec_context.c new/src/lib/gssapi/mechglue/g_exp_sec_context.c

    16 --- old/src/lib/gssapi/mechglue/g_exp_sec_context.c

    17 +++ new/src/lib/gssapi/mechglue/g_exp_sec_context.c

    18 @@ -79,7 +79,7 @@ gss_buffer_t		interprocess_token;

    19  {

    20      OM_uint32		status;

    21      OM_uint32 		length;

    22 -    gss_union_ctx_id_t	ctx = (gss_union_ctx_id_t) *context_handle;

    23 +    gss_union_ctx_id_t	ctx;

    24      gss_mechanism	mech;

    25      gss_buffer_desc	token = GSS_C_EMPTY_BUFFER;

    26      char		*buf;

    27 @@ -94,6 +94,7 @@ gss_buffer_t		interprocess_token;

    28       * call it.

    29       */

    30  

    31 +    ctx = (gss_union_ctx_id_t) *context_handle;

    32      mech = gssint_get_mechanism (ctx->mech_type);

    33      if (!mech)

    34  	return GSS_S_BAD_MECH;