pull up r19043 from trunk r19043@cathode-dark-space: tlyu | 2007-01-09 14:45:25 -0500 ticket: new target_version: 1.6 tags: pullup subject: MITKRB5-SA-2006-003: mechglue argument handling too lax component: krb5-libs Fix mechglue argument checks so that output pointers are always initialized regardless of whether the other arguments fail to validate for some reason. This avoids freeing of uninitialized pointers. Initialize the gss_buffer_descs in ovsec_kadmd.c. Commit By: tlyu Revision: 19050 Changed Files: _U branches/krb5-1-5/ U branches/krb5-1-5/src/kadmin/server/ovsec_kadmd.c U branches/krb5-1-5/src/lib/gssapi/mechglue/g_accept_sec_context.c U branches/krb5-1-5/src/lib/gssapi/mechglue/g_acquire_cred.c U branches/krb5-1-5/src/lib/gssapi/mechglue/g_canon_name.c U branches/krb5-1-5/src/lib/gssapi/mechglue/g_compare_name.c U branches/krb5-1-5/src/lib/gssapi/mechglue/g_delete_sec_context.c U branches/krb5-1-5/src/lib/gssapi/mechglue/g_dsp_name.c U branches/krb5-1-5/src/lib/gssapi/mechglue/g_dsp_status.c U branches/krb5-1-5/src/lib/gssapi/mechglue/g_dup_name.c U branches/krb5-1-5/src/lib/gssapi/mechglue/g_exp_sec_context.c U branches/krb5-1-5/src/lib/gssapi/mechglue/g_export_name.c U branches/krb5-1-5/src/lib/gssapi/mechglue/g_imp_name.c U branches/krb5-1-5/src/lib/gssapi/mechglue/g_imp_sec_context.c U branches/krb5-1-5/src/lib/gssapi/mechglue/g_init_sec_context.c U branches/krb5-1-5/src/lib/gssapi/mechglue/g_initialize.c U branches/krb5-1-5/src/lib/gssapi/mechglue/g_inq_context.c U branches/krb5-1-5/src/lib/gssapi/mechglue/g_inq_cred.c U branches/krb5-1-5/src/lib/gssapi/mechglue/g_inq_names.c U branches/krb5-1-5/src/lib/gssapi/mechglue/g_process_context.c U branches/krb5-1-5/src/lib/gssapi/mechglue/g_seal.c U branches/krb5-1-5/src/lib/gssapi/mechglue/g_sign.c U branches/krb5-1-5/src/lib/gssapi/mechglue/g_store_cred.c U branches/krb5-1-5/src/lib/gssapi/mechglue/g_unseal.c U branches/krb5-1-5/src/lib/gssapi/mechglue/g_verify.c U branches/krb5-1-5/src/lib/gssapi/mechglue/oid_ops.c