Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.420 (Entity 5.420) RT-Send-CC: X-RT-Original-Encoding: iso-8859-1 Content-Length: 1358 Copied from 5442 From: jaltman@mit.edu Subject: SVN Commit This patch addresses the issues raised in this ticket and ticket 5936. (a) In the case where 'cred_handle' != 'verifier_cred_handle'[1] krb5_gss_accept_sec_context() leaks the 'cred_handle' in the success case and the failure cases that result in returning from the function prior to reaching the end of the function. (b) The meaningful 'minor_status' return value is destroyed during the cleanup operations. The approach taken is to add a new 'exit:' label prior to the end of the function through which all function returns after reaching the 'fail:' label will goto. After 'exit:', the 'cred_handle' will be released and if there is a krb5_context 'context' to be freed, the error info will be saved and krb5_free_context() will be called. In the success case, the krb5_context is saved in the gss context and we now set 'context' to NULL to prevent it from being freed. In order to preserve the minor_status return code, a 'tmp_minor_status' variable is added that is used after the 'fail:' label in calls to krb5_gss_delete_sec_context() and krb5_gss_release_cred(). [1] If 'verifier_cred_handle' is non-NULL, then 'cred_handle' is set to the value of 'verifier_cred_handle'. Commit By: jaltman Revision: 20559 Changed Files: U trunk/src/lib/gssapi/krb5/accept_sec_context.c