From: Simo Sorce <simo@redhat.com>
Date: Wed, 10 Apr 2013 15:38:14 +0000 (-0400)
Subject: gss: Fix private data giveaway
X-Git-Tag: libtirpc-0-2-4-rc1~1
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4072a0bb8b619cab027bb3833785768681da4ed5;p=libtirpc

gss: Fix private data giveaway

When the private data is given away the gss context also needs to go,
because the caller may destroy it, such as when the context is exported
into a lucid context to hand it to the kernel.

Signed-off-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
---

diff --git a/src/auth_gss.c b/src/auth_gss.c
index 81ae8ae..703bc3f 100644
--- a/src/auth_gss.c
+++ b/src/auth_gss.c
@@ -269,6 +269,7 @@ authgss_get_private_data(AUTH *auth, struct authgss_private_data *pd)
 	 * send an RPCSEC_GSS_DESTROY request which might inappropriately
 	 * destroy the context.
 	 */
+        gd->ctx = GSS_C_NO_CONTEXT;
 	gd->gc.gc_ctx.length = 0;
 	gd->gc.gc_ctx.value = NULL;
 
@@ -284,7 +285,8 @@ authgss_free_private_data(struct authgss_private_data *pd)
 	if (!pd)
 		return (FALSE);
 
-	pd->pd_ctx = NULL;
+	if (pd->pd_ctx != GSS_C_NO_CONTEXT)
+		gss_delete_sec_context(&min_stat, &pd->pd_ctx, NULL);
 	gss_release_buffer(&min_stat, &pd->pd_ctx_hndl);
 	memset(&pd->pd_ctx_hndl, 0, sizeof(pd->pd_ctx_hndl));
 	pd->pd_seq_win = 0;