summaryrefslogtreecommitdiffstats
path: root/src/tests/gssapi/t_gssapi.py
diff options
context:
space:
mode:
authorSimo Sorce <simo@redhat.com>2012-08-14 15:14:15 +0200
committerGreg Hudson <ghudson@mit.edu>2012-09-16 11:08:58 -0400
commit56feee187579905c9101b0cdbdd8c6a850adcfc9 (patch)
tree0c99a9825ad6fa9fc23a86786631a2ca0a485521 /src/tests/gssapi/t_gssapi.py
parent6d9a424a12cc23da9f4b3dc71502f9ad917bc1fd (diff)
downloadkrb5-56feee187579905c9101b0cdbdd8c6a850adcfc9.tar.gz
krb5-56feee187579905c9101b0cdbdd8c6a850adcfc9.tar.xz
krb5-56feee187579905c9101b0cdbdd8c6a850adcfc9.zip
Avoid leaks on gss_accept_sec_context errors
Failure handling during the postprocessing of mech->gss_accept_sec_context was inconsistent. In one case we delete the output token but leave the partly-constructed context present in *context_handle (violating RFC 2744 if this is the first call); in other cases we leave the output token in the caller's buffer but do destroy the partly-constructed context. Make this more consistent by always destroying the output token and partly-constructed context. (RFC 2744 prefers, but does not require, leaving the partly-constructed context present on error if it was present on entry. At the moment we are ignoring that preference.) [ghudson@mit.edu: Rewrote commit message with more details]
Diffstat (limited to 'src/tests/gssapi/t_gssapi.py')
0 files changed, 0 insertions, 0 deletions
generated by cgit (git 2.34.1) at 2025-09-18 13:01:28 +0000