summaryrefslogtreecommitdiffstats
path: root/src/lib/gssapi
diff options
context:
space:
mode:
authorGreg Hudson <ghudson@mit.edu>2011-01-10 20:32:56 +0000
committerGreg Hudson <ghudson@mit.edu>2011-01-10 20:32:56 +0000
commit4d6dc27a5bf3c69ffecec35d32b816d654e1c970 (patch)
tree4d179364880a1ebf2bfa9f13d49c0c130182f40a /src/lib/gssapi
parent152485846a37a4f44c2287b638c2d3c42162d3d0 (diff)
downloadkrb5-4d6dc27a5bf3c69ffecec35d32b816d654e1c970.tar.gz
krb5-4d6dc27a5bf3c69ffecec35d32b816d654e1c970.tar.xz
krb5-4d6dc27a5bf3c69ffecec35d32b816d654e1c970.zip
Tighten up the error handling in the mechglue's gss_canonicalize_name,
eliminating a null pointer dereference in the (unlikely) case that allocation of out_union fails. Reported by aberry@likewise.com. ticket: 6817 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24592 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/gssapi')
-rw-r--r--src/lib/gssapi/mechglue/g_canon_name.c46
1 files changed, 14 insertions, 32 deletions
diff --git a/src/lib/gssapi/mechglue/g_canon_name.c b/src/lib/gssapi/mechglue/g_canon_name.c
index 3d371c0e0..51e5ae48e 100644
--- a/src/lib/gssapi/mechglue/g_canon_name.c
+++ b/src/lib/gssapi/mechglue/g_canon_name.c
@@ -64,7 +64,7 @@ const gss_OID mech_type;
gss_name_t *output_name;
{
gss_union_name_t in_union, out_union = NULL, dest_union = NULL;
- OM_uint32 major_status = GSS_S_FAILURE;
+ OM_uint32 major_status = GSS_S_FAILURE, tmpmin;
major_status = val_canon_name_args(minor_status,
input_name,
@@ -151,38 +151,20 @@ gss_name_t *output_name;
return (GSS_S_COMPLETE);
allocation_failure:
- /* do not delete the src name external name format */
- if (output_name) {
- if (out_union->external_name) {
- if (out_union->external_name->value)
- free(out_union->external_name->value);
- free(out_union->external_name);
- }
- if (out_union->name_type)
- (void) gss_release_oid(minor_status,
- &out_union->name_type);
-
- dest_union = out_union;
- } else
- dest_union = in_union;
-
- /*
- * delete the partially created mech specific name
- * applies for both src and dest which ever is being used for output
- */
-
- if (dest_union->mech_name) {
- (void) gssint_release_internal_name(minor_status,
- dest_union->mech_type,
- &dest_union->mech_name);
+ if (out_union) {
+ /* Release the partly constructed out_union. */
+ gss_name_t name = (gss_name_t)out_union;
+ (void) gss_release_name(&tmpmin, &name);
+ } else if (!output_name) {
+ /* Release only the mech name fields in in_union. */
+ if (in_union->mech_name) {
+ (void) gssint_release_internal_name(&tmpmin,
+ dest_union->mech_type,
+ &dest_union->mech_name);
+ }
+ if (in_union->mech_type)
+ (void) gss_release_oid(&tmpmin, &dest_union->mech_type);
}
- if (dest_union->mech_type)
- (void) gss_release_oid(minor_status, &dest_union->mech_type);
-
-
- if (output_name)
- free(out_union);
-
return (major_status);
} /********** gss_canonicalize_name ********/
generated by cgit (git 2.34.1) at 2026-01-05 23:11:15 +0000