Content-Disposition: inline MIME-Version: 1.0 X-Mailer: MIME-tools 5.507 (Entity 5.507) X-RT-Interface: API Subject: git commit Content-Type: text/plain; charset="utf-8" From: ghudson@mit.edu Content-Transfer-Encoding: binary X-RT-Original-Encoding: ascii RT-Message-ID: Content-Length: 1105 Fix overzealous SPNEGO src_name/deleg_cred release Commit 24b844714dea3e47b17511746b5df5b6ddf13d43 (ticket 8845) added releases of sc->internal_name and sc->deleg_cred before calling the underlying mech's gss_accept_sec_context(), to avoid a potential leak if the mech reports a value multiple times. Commit c2ca2f26eaf817a6a7ed42257c380437ab802bd9 (ticket 8851) added a branch which calls negoex_accept() instead of calling directly into the underlying mech. If negoex_accept() doesn't call into the mech on the last acceptor leg, the src_name and deleg_cred values from the final mech call are lost. Move the releases to the non-NegoEx branch. negoex_accept() already does its own releases when it calls into the mech. Reported by Luke Howard. (cherry picked from commit b2fe66fed560ae28917a4acae6f6c0f020156353) https://github.com/krb5/krb5/commit/781166490aa56efab0c45020f404d672c0c6a414 Author: Greg Hudson Commit: 781166490aa56efab0c45020f404d672c0c6a414 Branch: krb5-1.18 src/lib/gssapi/spnego/spnego_mech.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-)