--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/krb5/patches/066-sanitize_context_ptr.patch Sat May 14 15:38:32 2016 -0700
@@ -0,0 +1,34 @@
+# Sanitize context pointer in gss_export_sec_context
+#
+# After 4f35b27 context pointer in gss_export_sec_context() is first
+# dereferenced before arguments are sanitized in val_exp_sec_ctx_args().
+# With context == NULL the new code segfaults instead of failing
+# gracefully.
+#
+# Revert this part of 4f35b27 and only dereference context if not NULL.
+#
+# Patch submitted upstream:
+# https://github.com/krb5/krb5/pull/382
+# Patch source: in-house
+#
+
+diff -pur old/src/lib/gssapi/mechglue/g_exp_sec_context.c new/src/lib/gssapi/mechglue/g_exp_sec_context.c
+--- old/src/lib/gssapi/mechglue/g_exp_sec_context.c
++++ new/src/lib/gssapi/mechglue/g_exp_sec_context.c
+@@ -79,7 +79,7 @@ gss_buffer_t interprocess_token;
+ {
+ OM_uint32 status;
+ OM_uint32 length;
+- gss_union_ctx_id_t ctx = (gss_union_ctx_id_t) *context_handle;
++ gss_union_ctx_id_t ctx;
+ gss_mechanism mech;
+ gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
+ char *buf;
+@@ -94,6 +94,7 @@ gss_buffer_t interprocess_token;
+ * call it.
+ */
+
++ ctx = (gss_union_ctx_id_t) *context_handle;
+ mech = gssint_get_mechanism (ctx->mech_type);
+ if (!mech)
+ return GSS_S_BAD_MECH;