gssd: Fix double free when exporting lucid context

When using GSSAPI's gss_krb5_export_lucid_context the context passed
into the function is actually deleted during the export (to avoid
reuse as the context contains state that depends on its usage).

Change the code to pass in a pointer to the context so that it can be
properly NULLed if we are using the GSSAPI context and following calls to
gss_delete_sec_context will not cause double free errors and segfaults.

Signed-off-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>

1 files changed, 2 insertions, 2 deletions

diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index 698f86f..d6f07e6 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -1066,7 +1066,7 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname,
 		printerr(1, "WARNING: Failed to inquire context for lifetme "
 			    "maj_stat %u\n", maj_stat);
 
-	if (serialize_context_for_kernel(pd.pd_ctx, &token, &krb5oid, NULL)) {
+	if (serialize_context_for_kernel(&pd.pd_ctx, &token, &krb5oid, NULL)) {
 		printerr(0, "WARNING: Failed to serialize krb5 context for "
 			    "user with uid %d for server %s\n",
 			 uid, clp->servername);
@@ -1079,7 +1079,7 @@ out:
 	if (token.value)
 		free(token.value);
 #ifdef HAVE_AUTHGSS_FREE_PRIVATE_DATA
-	if (pd.pd_ctx_hndl.length != 0)
+	if (pd.pd_ctx_hndl.length != 0 || pd.pd_ctx != 0)
 		authgss_free_private_data(&pd);
 #endif
 	if (auth)