s4:heimdal: import lorikeet-heimdal-201009250123 (commit 42cabfb5b683dbcb97d583c397b8...

[samba.git] / source4 / heimdal / lib / gssapi / krb5 / accept_sec_context.c

diff --git a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c
index e3ba189b361091d779ca0db20f54472f1493a2b3..8ec3a65a31f1cb6ff03fd22130065c2a828307a6 100644 (file)
--- a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c
+++ b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c
@@ -55,10 +55,10 @@ _gsskrb5_register_acceptor_identity (const char *identity)
     if (identity == NULL) {
        ret = krb5_kt_default(context, &_gsskrb5_keytab);
     } else {
-       char *p;
+       char *p = NULL;
 
-       asprintf(&p, "FILE:%s", identity);
-       if(p == NULL) {
+       ret = asprintf(&p, "FILE:%s", identity);
+       if(ret < 0 || p == NULL) {
            HEIMDAL_MUTEX_unlock(&gssapi_keytab_mutex);
            return GSS_S_FAILURE;
        }
@@ -462,6 +462,7 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
     /*
      * We need to get the flags out of the 8003 checksum.
      */
+
     {
        krb5_authenticator authenticator;
 
@@ -474,6 +475,12 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
            return ret;
        }
 
+       if (authenticator->cksum == NULL) {
+           krb5_free_authenticator(context, &authenticator);
+           *minor_status = 0;
+           return GSS_S_BAD_BINDINGS;
+       }
+
         if (authenticator->cksum->cksumtype == CKSUMTYPE_GSSAPI) {
             ret = _gsskrb5_verify_8003_checksum(minor_status,
                                                input_chan_bindings,
@@ -793,7 +800,7 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status,
 }
 
 
-OM_uint32
+OM_uint32 GSSAPI_CALLCONV
 _gsskrb5_accept_sec_context(OM_uint32 * minor_status,
                            gss_ctx_id_t * context_handle,
                            const gss_cred_id_t acceptor_cred_handle,