|From:||Arlene Berry <firstname.lastname@example.org>|
|Subject:||gss_acquire_cred erroneous failure and potential segfault for caller|
|Date:||Wed, 10 Aug 2011 22:16:00 +0000|
In src/lib/gssapi/mechglue/g_acquire_cred.c it appears the intent of gss_acquire_cred is to succeed if at least one of the mechanisms succeeds. However, if gss_add_cred for the last mechanism in the list fails, its error will be returned even though some others succeeded. It takes the success path for setting output parameters because creds->count is not less than 1 but then in cleanup it takes the error path because major is still set to the error from the failed gss_add_cred call unless the caller happens to ask for actual_mechs. Note that it sets output_cred_handle to creds and then frees creds.