From cd7112ba84759a677e51111e44b5f531d602c77c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 16 Apr 2011 15:39:00 +1000 Subject: s3-gse: Don't release the mech OID from gss_accept_security_context This is constant data according to the man pages I find for this fucntion, and causes a segfault to free() when linked to Heimdal. I am advised that while it is constant for gss_mech_krb5, it may not be for other mechanisms, so an assert will ensure this is dealt with by the programmer who extends this code in future. Andrew Bartlett --- source3/librpc/crypto/gse.c | 35 +++++++++++++++++++++++++++++++---- 1 file changed, 31 insertions(+), 4 deletions(-) (limited to 'source3/librpc/crypto') diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c index 42e9c942a9..22b940a1f3 100644 --- a/source3/librpc/crypto/gse.c +++ b/source3/librpc/crypto/gse.c @@ -85,6 +85,24 @@ struct gse_context { bool authenticated; }; +#ifndef HAVE_GSS_OID_EQUAL + +static bool gss_oid_equal(const gss_OID o1, const gss_OID o2) +{ + if (o1 == o2) { + return true; + } + if ((o1 == NULL && o2 != NULL) || (o1 != NULL && o2 == NULL)) { + return false; + } + if (o1->length != o2->length) { + return false; + } + return memcmp(o1->elements, o2->elements, o1->length) == false; +} + +#endif + /* free non talloc dependent contexts */ static int gse_context_destructor(void *ptr) { @@ -125,10 +143,19 @@ static int gse_context_destructor(void *ptr) gss_maj = gss_release_cred(&gss_min, &gse_ctx->delegated_creds); } - if (gse_ctx->ret_mech) { - gss_maj = gss_release_oid(&gss_min, - &gse_ctx->ret_mech); - } + + /* MIT and Heimdal differ as to if you can call + * gss_release_oid() on this OID, generated by + * gss_{accept,init}_sec_context(). However, as long as the + * oid is gss_mech_krb5 (which it always is at the moment), + * then this is a moot point, as both declare this particular + * OID static, and so no memory is lost. This assert is in + * place to ensure that the programmer who wishes to extend + * this code to EAP or other GSS mechanisms determines an + * implementation-dependent way of releasing any dynamically + * allocated OID */ + SMB_ASSERT(gss_oid_equal(&gse_ctx->gss_mech, GSS_C_NO_OID) || gss_oid_equal(&gse_ctx->gss_mech, gss_mech_krb5)); + return 0; } -- cgit