equal
deleted
inserted
replaced
1 # Sanitize context pointer in gss_export_sec_context |
|
2 # |
|
3 # After 4f35b27 context pointer in gss_export_sec_context() is first |
|
4 # dereferenced before arguments are sanitized in val_exp_sec_ctx_args(). |
|
5 # With context == NULL the new code segfaults instead of failing |
|
6 # gracefully. |
|
7 # |
|
8 # Revert this part of 4f35b27 and only dereference context if not NULL. |
|
9 # |
|
10 # Patch submitted upstream: |
|
11 # https://github.com/krb5/krb5/pull/382 |
|
12 # Patch source: in-house |
|
13 # |
|
14 |
|
15 diff -pur old/src/lib/gssapi/mechglue/g_exp_sec_context.c new/src/lib/gssapi/mechglue/g_exp_sec_context.c |
|
16 --- old/src/lib/gssapi/mechglue/g_exp_sec_context.c |
|
17 +++ new/src/lib/gssapi/mechglue/g_exp_sec_context.c |
|
18 @@ -79,7 +79,7 @@ gss_buffer_t interprocess_token; |
|
19 { |
|
20 OM_uint32 status; |
|
21 OM_uint32 length; |
|
22 - gss_union_ctx_id_t ctx = (gss_union_ctx_id_t) *context_handle; |
|
23 + gss_union_ctx_id_t ctx; |
|
24 gss_mechanism mech; |
|
25 gss_buffer_desc token = GSS_C_EMPTY_BUFFER; |
|
26 char *buf; |
|
27 @@ -94,6 +94,7 @@ gss_buffer_t interprocess_token; |
|
28 * call it. |
|
29 */ |
|
30 |
|
31 + ctx = (gss_union_ctx_id_t) *context_handle; |
|
32 mech = gssint_get_mechanism (ctx->mech_type); |
|
33 if (!mech) |
|
34 return GSS_S_BAD_MECH; |
|