From 7be3efc93642362623bc3b4be44763e40bd38c46 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Fri, 18 Aug 2017 15:58:35 +0100 Subject: [PATCH] Problem: TODO in gssapi mechanism Solution: remove it. Looking at the code: https://github.com/krb5/krb5/blob/master/src/lib/gssapi/mechglue/g_unseal.c#L55 gss_unwrap as the very first thing checks that plaintext is not a null pointer, which in our case it's true given it's on the stack, and then initialises its members to 0 length and null ptr. https://github.com/krb5/krb5/blob/master/src/lib/gssapi/mechglue/g_rel_buffer.c#L36 So it should be safe to release it in all cases, and the release API seems to check again if it's not a null pointer and then if the members are 0 length and null pointer it's a no-op. --- src/gssapi_mechanism_base.cpp | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/gssapi_mechanism_base.cpp b/src/gssapi_mechanism_base.cpp index d8b76b8a..bc6f984e 100644 --- a/src/gssapi_mechanism_base.cpp +++ b/src/gssapi_mechanism_base.cpp @@ -183,8 +183,6 @@ int zmq::gssapi_mechanism_base_t::decode_message (msg_t *msg_) if (maj_stat != GSS_S_COMPLETE) { - // TODO is it correct to release the plaintext buffer if gss_unwrap - // did not succeed? gss_release_buffer (&min_stat, &plaintext); free (wrapped.value); session->get_socket ()->event_handshake_failed_protocol (