From patchwork Fri Apr 5 22:37:04 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simo Sorce X-Patchwork-Id: 2400731 Return-Path: X-Original-To: patchwork-linux-nfs@patchwork.kernel.org Delivered-To: patchwork-process-083081@patchwork1.kernel.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by patchwork1.kernel.org (Postfix) with ESMTP id 8D0FC40214 for ; Fri, 5 Apr 2013 22:37:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1163016Ab3DEWhR (ORCPT ); Fri, 5 Apr 2013 18:37:17 -0400 Received: from mx1.redhat.com ([209.132.183.28]:24935 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1162912Ab3DEWhR (ORCPT ); Fri, 5 Apr 2013 18:37:17 -0400 Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id r35Mb93t020283 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 5 Apr 2013 18:37:09 -0400 Received: from willson.li.ssimo.org.com (ovpn-113-117.phx2.redhat.com [10.3.113.117]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id r35Mb8LW032756; Fri, 5 Apr 2013 18:37:09 -0400 From: Simo Sorce To: Linux NFS Mailing list , libtirpc-devel@lists.sourceforge.net Cc: Steve Dickson Subject: [PATCH 1/1] Fix private data giveaway Date: Fri, 5 Apr 2013 18:37:04 -0400 Message-Id: <1365201425-21702-2-git-send-email-simo@redhat.com> In-Reply-To: <1365201425-21702-1-git-send-email-simo@redhat.com> References: <1365201425-21702-1-git-send-email-simo@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24 Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org When the private data is given away the gss context also needs to go, because the caller may destroy it, such as when the context is exported into a lucid context to hand it to the kernel. --- src/auth_gss.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/auth_gss.c b/src/auth_gss.c index 81ae8aee316c6f42f317f81cd1438369fb2102c5..703bc3f7b42236b0d4cc3ddbd8935df2aaccf85a 100644 --- a/src/auth_gss.c +++ b/src/auth_gss.c @@ -269,6 +269,7 @@ authgss_get_private_data(AUTH *auth, struct authgss_private_data *pd) * send an RPCSEC_GSS_DESTROY request which might inappropriately * destroy the context. */ + gd->ctx = GSS_C_NO_CONTEXT; gd->gc.gc_ctx.length = 0; gd->gc.gc_ctx.value = NULL; @@ -284,7 +285,8 @@ authgss_free_private_data(struct authgss_private_data *pd) if (!pd) return (FALSE); - pd->pd_ctx = NULL; + if (pd->pd_ctx != GSS_C_NO_CONTEXT) + gss_delete_sec_context(&min_stat, &pd->pd_ctx, NULL); gss_release_buffer(&min_stat, &pd->pd_ctx_hndl); memset(&pd->pd_ctx_hndl, 0, sizeof(pd->pd_ctx_hndl)); pd->pd_seq_win = 0;