* accept_sec_context.c (krb5_gss_accept_sec_context): If an error

	occurs after the auth_context is established, but before the
	krb5_gss_ctx_id_rec is established, release our pointer to the
	replay cache and invoke krb5_auth_con_free(). (krb5-libs/855)

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12721 dc483132-0cff-0310-8789-dd5450dbe970

2 files changed, 12 insertions, 0 deletions

diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog
index 0e8d905dd..04a6bab05 100644
--- a/src/lib/gssapi/krb5/ChangeLog
+++ b/src/lib/gssapi/krb5/ChangeLog
@@ -1,3 +1,10 @@
+2000-10-04  Ezra Peisach  <epeisach@mit.edu>
+
+	* accept_sec_context.c (krb5_gss_accept_sec_context): If an error
+	occurs after the auth_context is established, but before the
+	krb5_gss_ctx_id_rec is established, release our pointer to the
+	replay cache and invoke krb5_auth_con_free(). (krb5-libs/855)
+
 2000-10-03  Ezra Peisach  <epeisach@mit.edu>
 
 	* add_cred.c (krb5_gss_add_cred): krb5_cc_get_type() and
diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c
index 75a6eaeca..4f7f73d23 100644
--- a/src/lib/gssapi/krb5/accept_sec_context.c
+++ b/src/lib/gssapi/krb5/accept_sec_context.c
@@ -743,6 +743,11 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
        free(ctypes);
    if (authdat)
        krb5_free_authenticator(context, authdat);
+   /* The ctx structure has the handle of the auth_context */
+   if (auth_context & !ctx) {
+       (void)krb5_auth_con_setrcache(context, auth_context, NULL);
+       krb5_auth_con_free(context, auth_context);
+   }
    if (reqcksum.contents)
        xfree(reqcksum.contents);
    if (ap_rep.data)