Skip Menu |

From: Arlene Berry <>
To: "" <>
Subject: gss_acquire_cred erroneous failure and potential segfault for caller
Date: Wed, 10 Aug 2011 22:16:00 +0000
In src/lib/gssapi/mechglue/g_acquire_cred.c it appears the intent of gss_acquire_cred is to succeed if at least one of the mechanisms succeeds. However, if gss_add_cred for the last mechanism in the list fails, its error will be returned even though some others succeeded. It takes the success path for setting output parameters because creds->count is not less than 1 but then in cleanup it takes the error path because major is still set to the error from the failed gss_add_cred call unless the caller happens to ask for actual_mechs. Note that it sets output_cred_handle to creds and then frees creds.
Subject: SVN Commit

Fix major status handling in gss_acquire_cred.

If we have at least one cred element after the mech loop, reset major
before continuing on, or we could mistakenly return a failure status
from the last mech (and free the returned creds). Reported by
Commit By: ghudson
Revision: 25097
Changed Files:
U trunk/src/lib/gssapi/mechglue/g_acquire_cred.c