[Heimdal-source-changes] [heimdal/heimdal] aaf4cf: gss: initialize output params in test_negoex_mech

[Luke Howard]

  Branch: refs/heads/master
  Home:   https://github.com/heimdal/heimdal
  Commit: aaf4cf89a5ba011483917cf9fe600489e491f704
      https://github.com/heimdal/heimdal/commit/aaf4cf89a5ba011483917cf9fe600489e491f704
  Author: Luke Howard <lukeh at padl.com>
  Date:   2020-03-02 (Mon, 02 Mar 2020)

  Changed paths:
    M lib/gssapi/test_negoex_mech.c

  Log Message:
  -----------
  gss: initialize output params in test_negoex_mech

test_negoex_mech, being a simple test mechanism ported from MIT that was not
designed to be particularly robust, failed to initialize various output
parameters such as the source name. On Heimdal this triggered an invalid read
because the mechglue did not initialize those variables before calling the
mechanism. This commit fixes this.


  Commit: 41cb135b3044ad536859209a2d28301704fe70e6
      https://github.com/heimdal/heimdal/commit/41cb135b3044ad536859209a2d28301704fe70e6
  Author: Luke Howard <lukeh at padl.com>
  Date:   2020-03-02 (Mon, 02 Mar 2020)

  Changed paths:
    M lib/gssapi/test_negoex_mech.c

  Log Message:
  -----------
  gss: plug leak in test_negoex_mech

test_negoex_mech should free the result of calling decode_GSSAPIContextToken()


  Commit: e8de24f236ed5fdfec184e5cc8b2aceae2d2ba57
      https://github.com/heimdal/heimdal/commit/e8de24f236ed5fdfec184e5cc8b2aceae2d2ba57
  Author: Luke Howard <lukeh at padl.com>
  Date:   2020-03-02 (Mon, 02 Mar 2020)

  Changed paths:
    M lib/gssapi/mech/gss_accept_sec_context.c

  Log Message:
  -----------
  gss: initialize mech output parameters in mechglue

Initialize mechanism output parameters before calling mechanism
GSS_Accept_sec_context(), to behave robustly with poorly implemented mechanisms
that may return before initializing them.


Compare: https://github.com/heimdal/heimdal/compare/839b073facd2...e8de24f236ed