if ((idx = get_buffer_index( output, SECBUFFER_TOKEN )) == -1) return SEC_E_INVALID_TOKEN; + if (context_req & ISC_REQ_ALLOCATE_MEMORY) + { + output->pBuffers[idx].pvBuffer = RtlAllocateHeap( GetProcessHeap(), 0, KERBEROS_MAX_BUF ); + if (!output->pBuffers[idx].pvBuffer) return STATUS_NO_MEMORY;
'target' should be freed before returning.
Same problem already exists when get_buffer_index() above fails, it probably should be fixed as well.
ctxhandle_gss_to_sspi( ctx_handle, params->new_context ); - if (params->context_attr) *params->context_attr = flags_gss_to_isc_ret( ret_flags ); + if (params->context_attr) *params->context_attr |= flags_gss_to_isc_ret( ret_flags );
It would be better to add the flag in kerberos_SpInitLsaModeContext() when the context handle is created.
It's not clear what should happen in the case of a failure. Should the token buffer be freed or just the flag set for the caller? -- https://gitlab.winehq.org/wine/wine/-/merge_requests/5286#note_64363