From e1a0d9eff37cf955826d61e9457eacc06fe94c01 Mon Sep 17 00:00:00 2001
From: Doug Rabson <dfr@FreeBSD.org>
Date: Wed, 30 Apr 2008 11:29:22 +0000
Subject: When receiving delegated credentials, initialise our cred's linked
 list. Add a bit more sanity checking for GSS-API mechanisms that claim to
 have delegated creds but don't actually return a cred handle.

MFC after: 2 weeks
---
 lib/libgssapi/gss_accept_sec_context.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'lib/libgssapi/gss_accept_sec_context.c')

diff --git a/lib/libgssapi/gss_accept_sec_context.c b/lib/libgssapi/gss_accept_sec_context.c
index 269a620219a5..62a3bdadfa89 100644
--- a/lib/libgssapi/gss_accept_sec_context.c
+++ b/lib/libgssapi/gss_accept_sec_context.c
@@ -187,10 +187,13 @@ OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status,
 		*src_name = (gss_name_t) name;
 	}
 
+	if (delegated_mc == GSS_C_NO_CREDENTIAL)
+		mech_ret_flags &= ~GSS_C_DELEG_FLAG;
+
 	if (mech_ret_flags & GSS_C_DELEG_FLAG) {
 		if (!delegated_cred_handle) {
 			m->gm_release_cred(minor_status, &delegated_mc);
-			*ret_flags &= ~GSS_C_DELEG_FLAG;
+			mech_ret_flags &= ~GSS_C_DELEG_FLAG;
 		} else {
 			struct _gss_cred *cred;
 			struct _gss_mechanism_cred *mc;
@@ -200,6 +203,7 @@ OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status,
 				*minor_status = ENOMEM;
 				return (GSS_S_FAILURE);
 			}
+			SLIST_INIT(&cred->gc_mc);
 			mc = malloc(sizeof(struct _gss_mechanism_cred));
 			if (!mc) {
 				free(cred);
-- 
cgit v1.2.3