input_token.length = in.length;
input_token.value = in.data;
+ *out = data_blob_null;
+
switch (gensec_gssapi_state->sasl_state) {
case STAGE_GSS_NEG:
{
gensec_gssapi_state->gss_exchange_count++;
if (maj_stat == GSS_S_COMPLETE) {
- *out = data_blob_talloc(out_mem_ctx, output_token.value, output_token.length);
- gss_release_buffer(&min_stat2, &output_token);
-
+ if (output_token.length) {
+ *out = data_blob_talloc(out_mem_ctx,
+ output_token.value,
+ output_token.length);
+ gss_release_buffer(&min_stat2, &output_token);
+ if (out->data == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+
if (gensec_gssapi_state->gss_got_flags & GSS_C_DELEG_FLAG &&
gensec_gssapi_state->delegated_cred_handle != GSS_C_NO_CREDENTIAL) {
DEBUG(5, ("gensec_gssapi: credentials were delegated\n"));
return NT_STATUS_OK;
}
} else if (maj_stat == GSS_S_CONTINUE_NEEDED) {
- *out = data_blob_talloc(out_mem_ctx, output_token.value, output_token.length);
- gss_release_buffer(&min_stat2, &output_token);
-
+ if (output_token.length) {
+ *out = data_blob_talloc(out_mem_ctx,
+ output_token.value,
+ output_token.length);
+ gss_release_buffer(&min_stat2, &output_token);
+ if (out->data == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+
return NT_STATUS_MORE_PROCESSING_REQUIRED;
} else if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
gss_cred_id_t creds = NULL;