From 4dc4718becc20224b9da5657b8216af7d4da8ac5 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 5 Apr 2013 18:04:35 -0400 Subject: Fix double free when exporting lucid context When using GSSAPI's gss_krb5_export_lucid_context the context passed into the function is actually deleted during the export (to avoid reuse as the context contains state that depends on its usage). Change the code to pass in a pointer to the context so that it can be properly NULLed if we are using the GSSAPI context and following calls to gss_delete_sec_context will not cause double free errors and segfaults. Signed-off-by: Simo Sorce --- utils/gssd/gssd_proc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'utils/gssd/gssd_proc.c') diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c index 698f86f..d6f07e6 100644 --- a/utils/gssd/gssd_proc.c +++ b/utils/gssd/gssd_proc.c @@ -1066,7 +1066,7 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname, printerr(1, "WARNING: Failed to inquire context for lifetme " "maj_stat %u\n", maj_stat); - if (serialize_context_for_kernel(pd.pd_ctx, &token, &krb5oid, NULL)) { + if (serialize_context_for_kernel(&pd.pd_ctx, &token, &krb5oid, NULL)) { printerr(0, "WARNING: Failed to serialize krb5 context for " "user with uid %d for server %s\n", uid, clp->servername); @@ -1079,7 +1079,7 @@ out: if (token.value) free(token.value); #ifdef HAVE_AUTHGSS_FREE_PRIVATE_DATA - if (pd.pd_ctx_hndl.length != 0) + if (pd.pd_ctx_hndl.length != 0 || pd.pd_ctx != 0) authgss_free_private_data(&pd); #endif if (auth) -- cgit