Ticket History #6944: gss_acquire_cred erroneous failure and potential segfault for caller

# Wed Aug 10 19:57:27 2011 "Arlene Berry" <aberry@likewise.com> - Ticket created

From:	Arlene Berry <aberry@likewise.com>
To:	"krb5-bugs@mit.edu" <krb5-bugs@mit.edu>
Subject:	gss_acquire_cred erroneous failure and potential segfault for caller
Date:	Wed, 10 Aug 2011 22:16:00 +0000

Download (untitled) / with headers
text/plain 610B

In src/lib/gssapi/mechglue/g_acquire_cred.c it appears the intent of gss_acquire_cred is to succeed if at least one of the mechanisms succeeds. However, if gss_add_cred for the last mechanism in the list fails, its error will be returned even though some others succeeded. It takes the success path for setting output parameters because creds->count is not less than 1 but then in cleanup it takes the error path because major is still set to the error from the failed gss_add_cred call unless the caller happens to ask for actual_mechs. Note that it sets output_cred_handle to creds and then frees creds.

# Thu Aug 11 11:13:52 2011 ghudson@mit.edu (Greg Hudson) - Given to ghudson@mit.edu (Greg Hudson)

# Thu Aug 11 11:13:52 2011 ghudson@mit.edu (Greg Hudson) - Status changed from 'new' to 'review'

# Thu Aug 11 11:13:52 2011 ghudson@mit.edu (Greg Hudson) - Correspondence added

From:	ghudson@mit.edu
Subject:	SVN Commit

Download (untitled) / with headers
text/plain 451B

Fix major status handling in gss_acquire_cred.

If we have at least one cred element after the mech loop, reset major
before continuing on, or we could mistakenly return a failure status
from the last mech (and free the returned creds). Reported by
aberry@likewise.com.

https://github.com/krb5/krb5/commit/167aed220154427f3a7b5dbb859d93b773c08992
Commit By: ghudson
Revision: 25097
Changed Files:
U trunk/src/lib/gssapi/mechglue/g_acquire_cred.c

# Mon Oct 17 19:26:20 2011 tlyu (Taylor Yu) - Version_Fixed 1.10 added

# Sun Sep 24 20:39:58 2017 ghudson@mit.edu (Greg Hudson) - Status changed from 'review' to 'resolved'