Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.427 (Entity 5.427) From: ghudson@mit.edu Subject: git commit X-RT-Original-Encoding: iso-8859-1 Content-Length: 1049 Improve pointer hygiene around gss_display_name GSSAPI functions are responsible for setting their output parameters on failure. Take greater care to do so in krb5_gss_display_name. The mechglue is generally defensive about initializing variables used as outputs, and not assuming that mechs will set them on failure. Make gssint_convert_name_to_union_name initialize union_name->external_name before calling mech->gss_display_name, so that if the mech's gss_display_name doesn't touch it, we don't free an uninitialized pointer. Either one of these changes prevents an unlikely memory bug which could occur if krb5_gss_init_context fails within krb5_gss_display_name when called from gssint_convert_name_to_union_name. https://github.com/krb5/krb5/commit/0bf18fd4363f9f1244688daac224bd456bf52e7f Author: Greg Hudson Commit: 0bf18fd4363f9f1244688daac224bd456bf52e7f Branch: master src/lib/gssapi/krb5/disp_name.c | 8 +++++--- src/lib/gssapi/mechglue/g_glue.c | 2 ++ 2 files changed, 7 insertions(+), 3 deletions(-)