gss: initialize output parameters in NegoEx

NegoEx failed to initialize output parameters in _gss_negoex_{init,accept}
which could lead it to crash if the underlying mechanism returned an error.

diff --git a/lib/gssapi/spnego/negoex_ctx.c b/lib/gssapi/spnego/negoex_ctx.c
index dd4a880787dcf5a9a7bd2016432c184ea1c2e66d..73ace4d80edb8ca3a4eb34d0e66096b57a7496b6 100644 (file)
--- a/lib/gssapi/spnego/negoex_ctx.c
+++ b/lib/gssapi/spnego/negoex_ctx.c
@@ -783,6 +783,8 @@ _gss_negoex_init(OM_uint32 *minor,
     size_t nmessages = 0;
     int send_alert = FALSE, mech_error = FALSE;
 
+    _mg_buffer_zero(output_token);
+
     if (ctx->negoex_step == 0 && input_token != GSS_C_NO_BUFFER &&
        input_token->length != 0)
        return GSS_S_DEFECTIVE_TOKEN;
@@ -901,6 +903,10 @@ _gss_negoex_accept(OM_uint32 *minor,
     size_t nmessages;
     int send_alert = FALSE, mech_error = FALSE;
 
+    _mg_buffer_zero(output_token);
+    if (deleg_cred)
+       *deleg_cred = GSS_C_NO_CREDENTIAL;
+
     if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) {
        major = GSS_S_DEFECTIVE_TOKEN;
        goto cleanup;

diff --git a/lib/gssapi/spnego/spnego_locl.h b/lib/gssapi/spnego/spnego_locl.h
index 9b0e3310f7bea7014baf66716117c3371bce85e4..6c0ddc956cfb3d48187af16af76c10735d67f915 100644 (file)
--- a/lib/gssapi/spnego/spnego_locl.h
+++ b/lib/gssapi/spnego/spnego_locl.h
@@ -68,6 +68,7 @@
 #include <asn1_err.h>
 
 #include <gssapi_mech.h>
+#include <mech_locl.h>
 
 #include "spnego_asn1.h"
 #include "negoex_locl.h"