Return-Path: Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (Postfix) with ESMTP id 5CE633DED4; Wed, 10 Aug 2011 19:57:27 -0400 (EDT) Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id p7ANvRXN023849; Wed, 10 Aug 2011 19:57:27 -0400 Received: from mailhub-dmz-4.mit.edu (MAILHUB-DMZ-4.MIT.EDU [18.7.62.38]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id p7AMG1L5014201 for ; Wed, 10 Aug 2011 18:16:01 -0400 Received: from dmz-mailsec-scanner-8.mit.edu (DMZ-MAILSEC-SCANNER-8.MIT.EDU [18.7.68.37]) by mailhub-dmz-4.mit.edu (8.13.8/8.9.2) with ESMTP id p7AMFZse008619 for ; Wed, 10 Aug 2011 18:16:01 -0400 X-Auditid: 12074425-b7b15ae000000f71-c4-4e4302f0026a Authentication-Results: symauth.service.identifier Received: from hub025-nj-1.exch025.serverdata.net (hub025-nj-1.exch025.serverdata.net [206.225.166.84]) by dmz-mailsec-scanner-8.mit.edu (Symantec Messaging Gateway) with SMTP id E8.C3.03953.0F2034E4; Wed, 10 Aug 2011 18:15:12 -0400 (EDT) Received: from MBX025-E1-NJ-4.exch025.domain.local ([10.240.12.54]) by HUB025-NJ-1.exch025.domain.local ([10.240.12.30]) with mapi id 14.01.0289.001; Wed, 10 Aug 2011 15:16:01 -0700 From: Arlene Berry To: "krb5-bugs@mit.edu" Subject: gss_acquire_cred erroneous failure and potential segfault for caller Thread-Topic: gss_acquire_cred erroneous failure and potential segfault for caller Thread-Index: AcxXqxJcLTmYwI7bSauzWHIibIkuSQ== Date: Wed, 10 Aug 2011 22:16:00 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-Tnef-Correlator: X-CR-Hashedpuzzle: AEa1 BG8G Bfa3 C4ep DEIl D68F FOOJ Fyt5 GdlY GskP HErY HOTn JN1r JYLt Jf3T JtFU; 1; awByAGIANQAtAGIAdQBnAHMAQABtAGkAdAAuAGUAZAB1AA==; Sosha1_v1; 7; {DCAC7323-4B68-479E-8B7B-FB35CF2CB7D4}; YQBiAGUAcgByAHkAQABsAGkAawBlAHcAaQBzAGUALgBjAG8AbQA=; Wed, 10 Aug 2011 22:15:54 GMT; ZwBzAHMAXwBhAGMAcQB1AGkAcgBlAF8AYwByAGUAZAAgAGUAcgByAG8AbgBlAG8AdQBzACAAZgBhAGkAbAB1AHIAZQAgAGEAbgBkACAAcABvAHQAZQBuAHQAaQBhAGwAIABzAGUAZwBmAGEAdQBsAHQAIABmAG8AcgAgAGMAYQBsAGwAZQByAA== X-CR-Puzzleid: {DCAC7323-4B68-479E-8B7B-FB35CF2CB7D4} X-Originating-Ip: [74.202.214.86] Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrHKsWRWlGSWpSXmKPExsVy7uGyEN0PTM5+Bufb5CwaHh5nd2D0aDpz lDmAMYrLJiU1J7MstUjfLoEr483KBawFv1gq7q1cydbA2MrSxcjJISFgIrHw4Bkwm1HASGL3 uVesEHExiQv31rN1MXJxCAl8YJQ4ePcIWEJIYCejxOT9BSA2m4CGxK1b68CaRQS0JZbMeMIG YgsL+Eq03HvCDhEPkfj96hJQnAPI1pOY8xRsDIuAqsT6q2/BwrwCURJHGyIhThCT+H5qDROI zSwgLnHryXwmiHMEJJbsOc8MYYtKvHz8jxXkNAmBO8wSEze+h0qYSiw+2MUIYStKNDXuhxqk I7Fg9yc2CFtbYtnC12D1vAKCEidnPmGZwCg2C8m+WUhaZiFpmYWkZQEjyypG2ZTcKt3cxMyc 4tRk3eLkxLy81CJdC73czBK91JTSTYzAyBFid1HdwTjhkNIhRgEORiUeXsbVTn5CrIllxZW5 hxglOZiURHnX/gUK8SXlp1RmJBZnxBeV5qQWH2KU4GBWEuGVmgeU401JrKxKLcqHSUlzsCiJ 877e4eAnJJCeWJKanZpakFoEk2XiYD/EKMPBoSTBuwiYKoQEi1LTUyvSMnNKkNVwgggukDU8 QGuiQAp5iwsSc4sz0yGKTjEqSonzWoIkBEASGaV5cANAya7+////lxhlpYR5GRkYGIR4gC4A ehwhD0qWrxjFgZ4W5p0NMoUnM68EbvoroMVMQIvr7ziALC5JREhJNTDy6kq/NL4/dflmhavd lX5tUdqpdrJi4fdZSqQC6ud+slg8b5fH/0et2hfFE1orju9XCtRe7RD4sJ0//vHzvzxKSr7J hySSny8QjN1SbNN7Jqku+Eiymljoz13+EZrh3I94+nnSnh9Iq8/S7HkY/OPuSwO5i9q36jK8 1s2c+0Tw7LnAiJLSp0osxRmJhlrMRcWJALdTTfNxAwAA Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id p7AMG1L5014201 X-Mailman-Approved-At: Wed, 10 Aug 2011 19:57:25 -0400 X-Beenthere: krb5-bugs-incoming@mailman.mit.edu X-Mailman-Version: 2.1.6 Precedence: list Sender: krb5-bugs-incoming-bounces@PCH.mit.edu Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu X-RT-Original-Encoding: us-ascii Content-Length: 610 In src/lib/gssapi/mechglue/g_acquire_cred.c it appears the intent of gss_acquire_cred is to succeed if at least one of the mechanisms succeeds. However, if gss_add_cred for the last mechanism in the list fails, its error will be returned even though some others succeeded. It takes the success path for setting output parameters because creds->count is not less than 1 but then in cleanup it takes the error path because major is still set to the error from the failed gss_add_cred call unless the caller happens to ask for actual_mechs. Note that it sets output_cred_handle to creds and then frees creds.