Re: [PATCH v2 0/1] MR5286: kerberos: Allocate memory for the returned token if requested.

12 Mar 2024


      ...
...
     if ((idx = get_buffer_index( output, SECBUFFER_TOKEN )) == -1) return SEC_E_INVALID_TOKEN;


   if (context_req & ISC_REQ_ALLOCATE_MEMORY)


   {


       output->pBuffers[idx].pvBuffer = RtlAllocateHeap( GetProcessHeap(), 0, KERBEROS_MAX_BUF );


       if (!output->pBuffers[idx].pvBuffer) return STATUS_NO_MEMORY;


'target' should be freed before returning.
Same problem already exists when get_buffer_index() above fails, it probably
should be fixed as well.
...
...
     ctxhandle_gss_to_sspi( ctx_handle, params->new_context );


   if (params->context_attr) *params->context_attr = flags_gss_to_isc_ret( ret_flags );


   if (params->context_attr) *params->context_attr |= flags_gss_to_isc_ret( ret_flags );


It would be better to add the flag in kerberos_SpInitLsaModeContext() when the context handle is created.
It's not clear what should happen in the case of a failure. Should the token
buffer be freed or just the flag set for the caller?
-- 
https://gitlab.winehq.org/wine/wine/-/merge_requests/5286#note_64363

2025

2024

2023

2022

Re: [PATCH v2 0/1] MR5286: kerberos: Allocate memory for the returned token if requested.