Return-Path: <krb5-bugs-incoming-bounces@PCH.mit.edu>
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (Postfix) with ESMTP id 8037E3DED2; Fri,  5 Mar 2010 00:41:22 -0500 (EST)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id o255fJ82000332; Fri, 5 Mar 2010 00:41:22 -0500
Received: from mailhub-dmz-3.mit.edu (MAILHUB-DMZ-3.MIT.EDU [18.9.21.42]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id o21LpEtO013442 for <krb5-bugs-incoming@PCH.mit.edu>; Mon, 1 Mar 2010 16:51:14 -0500
Received: from dmz-mailsec-scanner-8.mit.edu (DMZ-MAILSEC-SCANNER-8.MIT.EDU [18.7.68.37]) by mailhub-dmz-3.mit.edu (8.13.8/8.9.2) with ESMTP id o21LnwbG011431 for <krb5-bugs@mit.edu>; Mon, 1 Mar 2010 16:51:14 -0500
X-Auditid: 12074425-b7bc8ae00000097f-43-4b8c36d2d0f9
Received: from sh1.exchange.ms (sh1.exchange.ms [64.71.238.63]) by dmz-mailsec-scanner-8.mit.edu (Symantec Brightmail Gateway) with SMTP id 94.29.02431.2D63C8B4; Mon,  1 Mar 2010 16:51:14 -0500 (EST)
Received: from outbound.mse3.exchange.ms (unknown [10.0.25.203]) by sh1.exchange.ms (Postfix) with ESMTP id 326272D8BBA for <krb5-bugs@mit.edu>; Mon,  1 Mar 2010 16:34:22 -0500 (EST)
X-Mimeole: Produced By Microsoft Exchange V6.5
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Subject: segfault in gss_export_sec_context
Date: Mon, 1 Mar 2010 16:30:57 -0500
Message-ID: <23447137FA0DAA4D95EF535FF356BE46040E0AB5@mse3be2.mse3.exchange.ms>
X-MS-Has-Attach: 
X-MS-Tnef-Correlator: 
Thread-Topic: segfault in gss_export_sec_context
Thread-Index: Acq5hnqPBC9SU+v5QLWO0UztN4pn1Q==
From: "Arlene Berry" <aberry@likewise.com>
To: <krb5-bugs@mit.edu>
X-Brightmail-Tracker: AAAAAA==
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id o21LpEtO013442
X-Mailman-Approved-At: Fri, 05 Mar 2010 00:41:17 -0500
X-Beenthere: krb5-bugs-incoming@mailman.mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
Sender: krb5-bugs-incoming-bounces@PCH.mit.edu
Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu
X-RT-Original-Encoding: us-ascii
Content-Length: 1549

When using gss_export_sec_context on a security context that was created
using impersonated credentials, gss_export_sec_context segfaults.  The
problem is that it assumes that if ctx->initiator exists then
ctx->initiator->ad_context exists which doesn't appear to be the case
when impersonated credentials were used. The following changes fixed it
for us. 

--- krb5/src/lib/gssapi/krb5/ser_sctx.c	(revision 41102)
+++ krb5/src/lib/gssapi/krb5/ser_sctx.c	(working copy)
@@ -357,7 +357,7 @@
 
             initiator_name = ctx->initiate ? ctx->here : ctx->there;
 
-            if (initiator_name) {
+            if (initiator_name && initiator_name->ad_context) {
                 kret = krb5_size_opaque(kcontext,
                                         KV5M_AUTHDATA_CONTEXT,
                                         initiator_name->ad_context,
@@ -534,7 +534,7 @@
 
                 initiator_name = ctx->initiate ? ctx->here :
ctx->there;
 
-                if (initiator_name) {
+                if (initiator_name && initiator_name->ad_context) {
                     kret = krb5_externalize_opaque(kcontext,
 
KV5M_AUTHDATA_CONTEXT,
 
initiator_name->ad_context,
@@ -767,6 +767,8 @@
                                                    (krb5_pointer
*)&initiator_name->ad_context,
                                                    &bp,
                                                    &remain);
+                    if (kret == EINVAL)
+                        kret = 0;
                 }
             }
             /* Get trailer */