Fix overzealous SPNEGO src_name/deleg_cred release
Commit 24b844714dea3e47b17511746b5df5b6ddf13d43 (ticket 8845) added
releases of sc->internal_name and sc->deleg_cred before calling the
underlying mech's gss_accept_sec_context(), to avoid a potential leak
if the mech reports a value multiple times. Commit
c2ca2f26eaf817a6a7ed42257c380437ab802bd9 (ticket 8851) added a branch
which calls negoex_accept() instead of calling directly into the
underlying mech. If negoex_accept() doesn't call into the mech on the
last acceptor leg, the src_name and deleg_cred values from the final
mech call are lost.
Move the releases to the non-NegoEx branch. negoex_accept() already
does its own releases when it calls into the mech.
Reported by Luke Howard.
(cherry picked from commit b2fe66fed560ae28917a4acae6f6c0f020156353)
ticket: 8898
version_fixed: 1.18.2
Greg Hudson
3 years ago
| 1565 | 1565 | } |
| 1566 | 1566 | |
| 1567 | 1567 | mcred = (spcred == NULL) ? GSS_C_NO_CREDENTIAL : spcred->mcred; |
| 1568 | (void) gss_release_name(&tmpmin, &sc->internal_name); | |
| 1569 | (void) gss_release_cred(&tmpmin, &sc->deleg_cred); | |
| 1570 | 1568 | if (negoex) { |
| 1571 | 1569 | ret = negoex_accept(minor_status, sc, mcred, mechtok_in, |
| 1572 | 1570 | mechtok_out, time_rec); |
| 1573 | 1571 | } else { |
| 1572 | (void) gss_release_name(&tmpmin, &sc->internal_name); | |
| 1573 | (void) gss_release_cred(&tmpmin, &sc->deleg_cred); | |
| 1574 | 1574 | ret = gss_accept_sec_context(minor_status, &sc->ctx_handle, |
| 1575 | 1575 | mcred, mechtok_in, |
| 1576 | 1576 | GSS_C_NO_CHANNEL_BINDINGS, |