03254981cb
- update to version 1.12
* Add GSSAPI extensions for constructing MIC tokens using IOV lists
* Add a FAST OTP preauthentication module for the KDC which uses
RADIUS to validate OTP token values.
* The AES-based encryption types will use AES-NI instructions
when possible for improved performance.
- revert dependency on libcom_err-mini-devel since it's not yet
available
- update and rebase patches
OBS-URL: https://build.opensuse.org/request/show/213903
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=114
29 lines
1.1 KiB
Diff
29 lines
1.1 KiB
Diff
commit 1cda48a7ed4069cfc052f974ec3d76a9137c8c5a
|
|
Author: Simo Sorce <simo@redhat.com>
|
|
Date: Fri Dec 13 12:00:41 2013 -0500
|
|
|
|
Fix memory leak in SPNEGO initiator
|
|
|
|
If we eliminate a mechanism from the initiator list because
|
|
gss_init_sec_context fails, free the memory for that mech OID before
|
|
removing it from the list.
|
|
|
|
[ghudson@mit.edu: clarified commit message]
|
|
|
|
ticket: 7803 (new)
|
|
target_version: 1.12.1
|
|
tags: pullup
|
|
|
|
diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
|
|
index 818a1b4..06cfab0 100644
|
|
--- a/src/lib/gssapi/spnego/spnego_mech.c
|
|
+++ b/src/lib/gssapi/spnego/spnego_mech.c
|
|
@@ -890,6 +890,7 @@ init_ctx_call_init(OM_uint32 *minor_status,
|
|
* can do this with recursion. If all mechanisms produce errors, the
|
|
* caller should get the error from the first mech in the list.
|
|
*/
|
|
+ gssalloc_free(sc->mech_set->elements->elements);
|
|
memmove(sc->mech_set->elements, sc->mech_set->elements + 1,
|
|
--sc->mech_set->count * sizeof(*sc->mech_set->elements));
|
|
if (sc->mech_set->count == 0)
|