Problem: TODO in gssapi mechanism

Solution: remove it. Looking at the code: https://github.com/krb5/krb5/blob/master/src/lib/gssapi/mechglue/g_unseal.c#L55 gss_unwrap as the very first thing checks that plaintext is not a null pointer, which in our case it's true given it's on the stack, and then initialises its members to 0 length and null ptr. https://github.com/krb5/krb5/blob/master/src/lib/gssapi/mechglue/g_rel_buffer.c#L36 So it should be safe to release it in all cases, and the release API seems to check again if it's not a null pointer and then if the members are 0 length and null pointer it's a no-op.

Problem: TODO in gssapi mechanism
Solution: remove it. Looking at the code: https://github.com/krb5/krb5/blob/master/src/lib/gssapi/mechglue/g_unseal.c#L55 gss_unwrap as the very first thing checks that plaintext is not a null pointer, which in our case it's true given it's on the stack, and then initialises its members to 0 length and null ptr. https://github.com/krb5/krb5/blob/master/src/lib/gssapi/mechglue/g_rel_buffer.c#L36 So it should be safe to release it in all cases, and the release API seems to check again if it's not a null pointer and then if the members are 0 length and null pointer it's a no-op.
7be3efc9 · Luca Boccassi · 77444e20 · 7be3efc9
Commit 7be3efc9 authored Aug 18, 2017 by Luca Boccassi
Hide whitespace changes
Inline Side-by-side

Showing with 0 additions and 2 deletions

gssapi_mechanism_base.cpp src/gssapi_mechanism_base.cpp +0 -2

No files found.
--- a/src/gssapi_mechanism_base.cpp
+++ b/src/gssapi_mechanism_base.cpp
@@ -183,8 +183,6 @@ int zmq::gssapi_mechanism_base_t::decode_message (msg_t *msg_)

    if (maj_stat != GSS_S_COMPLETE)
    {
-        //  TODO is it correct to release the plaintext buffer if gss_unwrap 
-        //  did not succeed?
        gss_release_buffer (&min_stat, &plaintext);
        free (wrapped.value);
        session->get_socket ()->event_handshake_failed_protocol (