[Bug 2982] gssapi_cleanup: supported mechs should be freed via gss_release_oid_set

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Jul 12 17:30:48 AEST 2019


https://bugzilla.mindrot.org/show_bug.cgi?id=2982

--- Comment #3 from Markus <markus at blueflash.cc> ---

> I think we should reuse the existing cleanup mechanism here. I don't
> have a working krb/gssapi installation ATM so I can't really test
> this though.

I have debugged this and found that in some circumstances,
gssapi_cleanup() is called multiple times (see comment1).

If the gssapi system reports multiple mechs it goes through the cycle
init/cleanup for each mech.  

So the supported-mechs-list is on sort of a higher level than a single
gssapi auth attempt.

Hence, releasing the mechs-list itself should not be done in the
gssapi_cleanup function but at the very end of authentication.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list