Cdiff g_imp_sec

Cdiff g_imp_sec_context.c
--- /net/etna.eng/build7/semery/mit2/webrev/usr/src/lib/libgss/g_imp_sec_context.c-     Wed Sep  8 17:00:26 2004
+++ g_imp_sec_context.c Wed Sep  8 13:42:03 2004
@@ -1,11 +1,11 @@
 /*
  * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
-#pragma ident  "@(#)g_imp_sec_context.c        1.19    04/09/08 SMI"
+#pragma ident  "@(#)g_imp_sec_context.c        1.18    04/02/23 SMI"
 
 /*
  *  glue routine gss_export_sec_context
  */
 
@@ -23,52 +23,63 @@
 OM_uint32 *            minor_status;
 const gss_buffer_t     interprocess_token;
 gss_ctx_id_t           *context_handle;
 
 {
-       OM_uint32               length;
+       OM_uint32               length = 0;
        OM_uint32               status;
        char                    *p;
        gss_union_ctx_id_t      ctx;
        gss_buffer_desc         token;
        gss_mechanism           mech;
 
-       gss_initialize();
-
+       if (minor_status == NULL)
+               return (GSS_S_CALL_INACCESSIBLE_WRITE);
        *minor_status = 0;
 
-       if (interprocess_token->length == 0 || interprocess_token->value == 0)
-               return (GSS_S_DEFECTIVE_TOKEN);
+       if (context_handle == NULL)
+               return (GSS_S_CALL_INACCESSIBLE_WRITE | GSS_S_NO_CONTEXT);
+       *context_handle = GSS_C_NO_CONTEXT;
 
+       if (GSS_EMPTY_BUFFER(interprocess_token))
+               return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_DEFECTIVE_TOKEN);
+
        status = GSS_S_FAILURE;
 
        ctx = (gss_union_ctx_id_t)malloc(sizeof (gss_union_ctx_id_desc));
-       if (!ctx) {
-               *minor_status = ENOMEM;
+       if (!ctx)
                return (GSS_S_FAILURE);
-       }
+
        ctx->mech_type = (gss_OID) malloc(sizeof (gss_OID_desc));
        if (!ctx->mech_type) {
-               *minor_status = ENOMEM;
-               goto error_out;
+               free(ctx);
+               return (GSS_S_FAILURE);
        }
+
+       if (interprocess_token->length >= sizeof (OM_uint32)) {
        p = interprocess_token->value;
        length = (OM_uint32)*p++;
        length = (OM_uint32)(length << 8) + *p++;
        length = (OM_uint32)(length << 8) + *p++;
        length = (OM_uint32)(length << 8) + *p++;
+       }
 
+       if (length == 0 ||
+           length > (interprocess_token->length - sizeof (OM_uint32))) {
+               free(ctx);
+               return (GSS_S_CALL_BAD_STRUCTURE | GSS_S_DEFECTIVE_TOKEN);
+       }
+
        ctx->mech_type->length = length;
        ctx->mech_type->elements = malloc(length);
        if (!ctx->mech_type->elements) {
-               *minor_status = ENOMEM;
                goto error_out;
        }
        (void) memcpy(ctx->mech_type->elements, p, length);
        p += length;
 
-       token.length = interprocess_token->length - 4 - length;
+       token.length = interprocess_token->length - sizeof (OM_uint32) - length;
        token.value = p;
 
        /*
         * select the approprate underlying mechanism routine and
         * call it.
@@ -78,11 +89,11 @@
        if (!mech) {
                status = GSS_S_BAD_MECH;
                goto error_out;
        }
        if (!mech->gss_import_sec_context) {
-               status = GSS_S_BAD_BINDINGS;
+               status = GSS_S_UNAVAILABLE;
                goto error_out;
        }
 
        status = mech->gss_import_sec_context(mech->context, minor_status,
                                        &token, &ctx->internal_ctx_id);