upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-08 20:12:06 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix GSS context leak when principal name is empty

Browse source 
When gss_accept_sec_context() completes successfully but
gss_display_name() returns an empty principal, the GSS context
was leaked — it was neither stored in a key nor deleted.

Delete the context and reject with BADKEY in this case.  This
should only occur due to a GSS library bug, since a completed
context should always have a valid principal.
This commit is contained in:
Ondřej Surý 2026-03-18 01:00:39 +01:00
parent 8c1fe179e3
commit 5305679633
No known key found for this signature in database
GPG key ID: 2820F37E873DEA41
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
lib/dns/tkey.c
View file

@ -200,6 +200,11 @@ process_gsstkey(dns_message_t *msg, dns_name_t *name, dns_rdata_tkey_t *tkeyin,
if (tsigkey != NULL) {
dns_tsigkey_detach(&tsigkey);
}
dst_gssapi_deletectx(tctx->mctx, &gss_ctx);
tkeyout->error = dns_tsigerror_badkey;
tkey_log("process_gsstkey(): "
"completed context with empty principal");
return ISC_R_SUCCESS;
} else if (tsigkey == NULL) {
#if HAVE_GSSAPI
OM_uint32 gret, minor, lifetime;