negoex: Fix use-after-free

author Nicolas Williams <nico@twosigma.com>

Tue, 3 Jan 2023 02:38:24 +0000 (20:38 -0600)

committer Nicolas Williams <nico@twosigma.com>

Wed, 4 Jan 2023 06:43:43 +0000 (00:43 -0600)
author Nicolas Williams <nico@twosigma.com>
Tue, 3 Jan 2023 02:38:24 +0000 (20:38 -0600)
committer Nicolas Williams <nico@twosigma.com>
Wed, 4 Jan 2023 06:43:43 +0000 (00:43 -0600)
diff --git a/lib/gssapi/spnego/negoex_util.c b/lib/gssapi/spnego/negoex_util.c

index aac09d4483b8400127f1271b7dbea1dc1129d035..dffbfceabe14df74ccb9fbdf6012e98bb7940029 100644 (file)
--- a/lib/gssapi/spnego/negoex_util.c
+++ b/lib/gssapi/spnego/negoex_util.c
@@ -87,10 +87,15 @@ static void
  release_all_mechs(gssspnego_ctx ctx, krb5_context context)
  {
      struct negoex_auth_mech *mech, *next;
+    struct negoex_auth_mech *prev = NULL;
  
      HEIM_TAILQ_FOREACH_SAFE(mech, &ctx->negoex_mechs, links, next) {
-       _gss_negoex_release_auth_mech(context, mech);
+       if (prev)
+           _gss_negoex_release_auth_mech(context, prev);
+       prev = mech;
      }
+    if (prev)
+       _gss_negoex_release_auth_mech(context, mech);
  
      HEIM_TAILQ_INIT(&ctx->negoex_mechs);
  }
author	Nicolas Williams <nico@twosigma.com>
	Tue, 3 Jan 2023 02:38:24 +0000 (20:38 -0600)
committer	Nicolas Williams <nico@twosigma.com>
	Wed, 4 Jan 2023 06:43:43 +0000 (00:43 -0600)