diff -Naur -x '*.orig' -x '*.rej' krb5-1.12.5/src/lib/gssapi/mechglue/g_accept_sec_context.c krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_accept_sec_context.c --- krb5-1.12.5/src/lib/gssapi/mechglue/g_accept_sec_context.c 2015-12-16 21:35:51.000000000 +0100 +++ krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_accept_sec_context.c 2017-11-11 15:57:11.560491865 +0100 @@ -185,6 +185,8 @@ } else { union_ctx_id = (gss_union_ctx_id_t)*context_handle; selected_mech = union_ctx_id->mech_type; + if (union_ctx_id->internal_ctx_id == GSS_C_NO_CONTEXT) + return (GSS_S_NO_CONTEXT); } /* Now create a new context if we didn't get one. */ @@ -203,9 +205,6 @@ free(union_ctx_id); return (status); } - - /* set the new context handle to caller's data */ - *context_handle = (gss_ctx_id_t)union_ctx_id; } /* @@ -243,8 +242,10 @@ d_cred ? &tmp_d_cred : NULL); /* If there's more work to do, keep going... */ - if (status == GSS_S_CONTINUE_NEEDED) + if (status == GSS_S_CONTINUE_NEEDED) { + *context_handle = (gss_ctx_id_t)union_ctx_id; return GSS_S_CONTINUE_NEEDED; + } /* if the call failed, return with failure */ if (status != GSS_S_COMPLETE) { @@ -330,14 +331,22 @@ *mech_type = gssint_get_public_oid(actual_mech); if (ret_flags != NULL) *ret_flags = temp_ret_flags; - return (status); + *context_handle = (gss_ctx_id_t)union_ctx_id; + return GSS_S_COMPLETE; } else { status = GSS_S_BAD_MECH; } error_out: - if (union_ctx_id) { + /* + * RFC 2744 5.1 requires that we not create a context on a failed first + * call to accept, and recommends that on a failed subsequent call we + * make the caller responsible for calling gss_delete_sec_context. + * Even if the mech deleted its context, keep the union context around + * for the caller to delete. + */ + if (union_ctx_id && *context_handle == GSS_C_NO_CONTEXT) { if (union_ctx_id->mech_type) { if (union_ctx_id->mech_type->elements) free(union_ctx_id->mech_type->elements); @@ -350,7 +359,6 @@ GSS_C_NO_BUFFER); } free(union_ctx_id); - *context_handle = GSS_C_NO_CONTEXT; } if (src_name) diff -Naur -x '*.orig' -x '*.rej' krb5-1.12.5/src/lib/gssapi/mechglue/g_complete_auth_token.c krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_complete_auth_token.c --- krb5-1.12.5/src/lib/gssapi/mechglue/g_complete_auth_token.c 2015-12-16 21:35:51.000000000 +0100 +++ krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_complete_auth_token.c 2017-11-11 15:57:11.560491865 +0100 @@ -52,6 +52,8 @@ */ ctx = (gss_union_ctx_id_t) context_handle; + if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT) + return GSS_S_NO_CONTEXT; mech = gssint_get_mechanism (ctx->mech_type); if (mech != NULL) { diff -Naur -x '*.orig' -x '*.rej' krb5-1.12.5/src/lib/gssapi/mechglue/g_context_time.c krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_context_time.c --- krb5-1.12.5/src/lib/gssapi/mechglue/g_context_time.c 2015-12-16 21:35:51.000000000 +0100 +++ krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_context_time.c 2017-11-11 15:57:11.560491865 +0100 @@ -58,6 +58,8 @@ */ ctx = (gss_union_ctx_id_t) context_handle; + if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT) + return (GSS_S_NO_CONTEXT); mech = gssint_get_mechanism (ctx->mech_type); if (mech) { diff -Naur -x '*.orig' -x '*.rej' krb5-1.12.5/src/lib/gssapi/mechglue/g_delete_sec_context.c krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_delete_sec_context.c --- krb5-1.12.5/src/lib/gssapi/mechglue/g_delete_sec_context.c 2015-12-16 21:35:51.000000000 +0100 +++ krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_delete_sec_context.c 2017-11-11 15:57:11.560491865 +0100 @@ -87,12 +87,14 @@ if (GSSINT_CHK_LOOP(ctx)) return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT); - status = gssint_delete_internal_sec_context(minor_status, - ctx->mech_type, - &ctx->internal_ctx_id, - output_token); - if (status) - return status; + if (ctx->internal_ctx_id != GSS_C_NO_CONTEXT) { + status = gssint_delete_internal_sec_context(minor_status, + ctx->mech_type, + &ctx->internal_ctx_id, + output_token); + if (status) + return status; + } /* now free up the space for the union context structure */ free(ctx->mech_type->elements); diff -Naur -x '*.orig' -x '*.rej' krb5-1.12.5/src/lib/gssapi/mechglue/g_exp_sec_context.c krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_exp_sec_context.c --- krb5-1.12.5/src/lib/gssapi/mechglue/g_exp_sec_context.c 2015-12-16 21:35:51.000000000 +0100 +++ krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_exp_sec_context.c 2017-11-11 15:57:11.560491865 +0100 @@ -89,6 +89,9 @@ if (status != GSS_S_COMPLETE) return (status); + if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT) + return (GSS_S_NO_CONTEXT); + /* * select the approprate underlying mechanism routine and * call it. diff -Naur -x '*.orig' -x '*.rej' krb5-1.12.5/src/lib/gssapi/mechglue/g_init_sec_context.c krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_init_sec_context.c --- krb5-1.12.5/src/lib/gssapi/mechglue/g_init_sec_context.c 2017-11-11 15:56:36.572646348 +0100 +++ krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_init_sec_context.c 2017-11-11 15:59:22.642925403 +0100 @@ -192,8 +192,13 @@ /* copy the supplied context handle */ union_ctx_id->internal_ctx_id = GSS_C_NO_CONTEXT; - } else + } else { union_ctx_id = (gss_union_ctx_id_t)*context_handle; + if (union_ctx_id->internal_ctx_id == GSS_C_NO_CONTEXT) { + status = GSS_S_NO_CONTEXT; + goto end; + } + } /* * get the appropriate cred handle from the union cred struct. @@ -224,11 +229,11 @@ if (status != GSS_S_COMPLETE && status != GSS_S_CONTINUE_NEEDED) { /* - * The spec says the preferred method is to delete all context info on - * the first call to init, and on all subsequent calls make the caller - * responsible for calling gss_delete_sec_context. However, if the - * mechanism decided to delete the internal context, we should also - * delete the union context. + * RFC 2744 5.19 requires that we not create a context on a failed + * first call to init, and recommends that on a failed subsequent call + * we make the caller responsible for calling gss_delete_sec_context. + * Even if the mech deleted its context, keep the union context around + * for the caller to delete. */ map_error(minor_status, mech); if (union_ctx_id->internal_ctx_id == GSS_C_NO_CONTEXT) diff -Naur -x '*.orig' -x '*.rej' krb5-1.12.5/src/lib/gssapi/mechglue/g_init_sec_context.c~ krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_init_sec_context.c~ --- krb5-1.12.5/src/lib/gssapi/mechglue/g_init_sec_context.c~ 1970-01-01 01:00:00.000000000 +0100 +++ krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_init_sec_context.c~ 2017-11-11 15:58:23.833177306 +0100 @@ -0,0 +1,259 @@ +/* #pragma ident "@(#)g_init_sec_context.c 1.20 03/10/24 SMI" */ + +/* + * Copyright 1996 by Sun Microsystems, Inc. + * + * Permission to use, copy, modify, distribute, and sell this software + * and its documentation for any purpose is hereby granted without fee, + * provided that the above copyright notice appears in all copies and + * that both that copyright notice and this permission notice appear in + * supporting documentation, and that the name of Sun Microsystems not be used + * in advertising or publicity pertaining to distribution of the software + * without specific, written prior permission. Sun Microsystems makes no + * representations about the suitability of this software for any + * purpose. It is provided "as is" without express or implied warranty. + * + * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF + * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR + * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * glue routine for gss_init_sec_context + */ + +#include "mglueP.h" +#include <stdio.h> +#ifdef HAVE_STDLIB_H +#include <stdlib.h> +#endif +#include <string.h> + +static OM_uint32 +val_init_sec_ctx_args( + OM_uint32 *minor_status, + gss_cred_id_t claimant_cred_handle, + gss_ctx_id_t *context_handle, + gss_name_t target_name, + gss_OID req_mech_type, + OM_uint32 req_flags, + OM_uint32 time_req, + gss_channel_bindings_t input_chan_bindings, + gss_buffer_t input_token, + gss_OID *actual_mech_type, + gss_buffer_t output_token, + OM_uint32 *ret_flags, + OM_uint32 *time_rec) +{ + + /* Initialize outputs. */ + + if (minor_status != NULL) + *minor_status = 0; + + if (actual_mech_type != NULL) + *actual_mech_type = GSS_C_NO_OID; + + if (output_token != GSS_C_NO_BUFFER) { + output_token->length = 0; + output_token->value = NULL; + } + + /* Validate arguments. */ + + if (minor_status == NULL) + return (GSS_S_CALL_INACCESSIBLE_WRITE); + + if (context_handle == NULL) + return (GSS_S_CALL_INACCESSIBLE_WRITE | GSS_S_NO_CONTEXT); + + if (target_name == NULL) + return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME); + + if (output_token == NULL) + return (GSS_S_CALL_INACCESSIBLE_WRITE); + + return (GSS_S_COMPLETE); +} + + +OM_uint32 KRB5_CALLCONV +gss_init_sec_context (minor_status, + claimant_cred_handle, + context_handle, + target_name, + req_mech_type, + req_flags, + time_req, + input_chan_bindings, + input_token, + actual_mech_type, + output_token, + ret_flags, + time_rec) + +OM_uint32 * minor_status; +gss_cred_id_t claimant_cred_handle; +gss_ctx_id_t * context_handle; +gss_name_t target_name; +gss_OID req_mech_type; +OM_uint32 req_flags; +OM_uint32 time_req; +gss_channel_bindings_t input_chan_bindings; +gss_buffer_t input_token; +gss_OID * actual_mech_type; +gss_buffer_t output_token; +OM_uint32 * ret_flags; +OM_uint32 * time_rec; + +{ + OM_uint32 status, temp_minor_status; + gss_union_name_t union_name; + gss_union_cred_t union_cred; + gss_name_t internal_name; + gss_union_ctx_id_t union_ctx_id; + gss_OID selected_mech; + gss_mechanism mech; + gss_cred_id_t input_cred_handle; + + status = val_init_sec_ctx_args(minor_status, + claimant_cred_handle, + context_handle, + target_name, + req_mech_type, + req_flags, + time_req, + input_chan_bindings, + input_token, + actual_mech_type, + output_token, + ret_flags, + time_rec); + if (status != GSS_S_COMPLETE) + return (status); + + status = gssint_select_mech_type(minor_status, req_mech_type, + &selected_mech); + if (status != GSS_S_COMPLETE) + return (status); + + union_name = (gss_union_name_t)target_name; + + /* + * obtain the gss mechanism information for the requested + * mechanism. If mech_type is NULL, set it to the resultant + * mechanism + */ + mech = gssint_get_mechanism(selected_mech); + if (mech == NULL) + return (GSS_S_BAD_MECH); + + if (mech->gss_init_sec_context == NULL) + return (GSS_S_UNAVAILABLE); + + /* + * If target_name is mechanism_specific, then it must match the + * mech_type that we're about to use. Otherwise, do an import on + * the external_name form of the target name. + */ + if (union_name->mech_type && + g_OID_equal(union_name->mech_type, selected_mech)) { + internal_name = union_name->mech_name; + } else { + if ((status = gssint_import_internal_name(minor_status, selected_mech, + union_name, + &internal_name)) != GSS_S_COMPLETE) + return (status); + } + + /* + * if context_handle is GSS_C_NO_CONTEXT, allocate a union context + * descriptor to hold the mech type information as well as the + * underlying mechanism context handle. Otherwise, cast the + * value of *context_handle to the union context variable. + */ + + if(*context_handle == GSS_C_NO_CONTEXT) { + status = GSS_S_FAILURE; + union_ctx_id = (gss_union_ctx_id_t) + malloc(sizeof(gss_union_ctx_id_desc)); + if (union_ctx_id == NULL) + goto end; + + if (generic_gss_copy_oid(&temp_minor_status, selected_mech, + &union_ctx_id->mech_type) != GSS_S_COMPLETE) { + free(union_ctx_id); + goto end; + } + + /* copy the supplied context handle */ + union_ctx_id->internal_ctx_id = GSS_C_NO_CONTEXT; + } else { + union_ctx_id = (gss_union_ctx_id_t)*context_handle; + if (union_ctx_id->internal_ctx_id == GSS_C_NO_CONTEXT) { + status = GSS_S_NO_CONTEXT; + goto end; + } + } + + /* + * get the appropriate cred handle from the union cred struct. + * defaults to GSS_C_NO_CREDENTIAL if there is no cred, which will + * use the default credential. + */ + union_cred = (gss_union_cred_t) claimant_cred_handle; + input_cred_handle = gssint_get_mechanism_cred(union_cred, selected_mech); + + /* + * now call the approprate underlying mechanism routine + */ + + status = mech->gss_init_sec_context( + minor_status, + input_cred_handle, + &union_ctx_id->internal_ctx_id, + internal_name, + gssint_get_public_oid(selected_mech), + req_flags, + time_req, + input_chan_bindings, + input_token, + actual_mech_type, + output_token, + ret_flags, + time_rec); + + if (status != GSS_S_COMPLETE && status != GSS_S_CONTINUE_NEEDED) { + /* + * RFC 2744 5.19 requires that we not create a context on a failed + * first call to init, and recommends that on a failed subsequent call + * we make the caller responsible for calling gss_delete_sec_context. + * Even if the mech deleted its context, keep the union context around + * for the caller to delete. + */ + map_error(minor_status, mech); + if (union_ctx_id->internal_ctx_id == GSS_C_NO_CONTEXT) + *context_handle = GSS_C_NO_CONTEXT; + if (*context_handle == GSS_C_NO_CONTEXT) { + free(union_ctx_id->mech_type->elements); + free(union_ctx_id->mech_type); + free(union_ctx_id); + } + } else if (*context_handle == GSS_C_NO_CONTEXT) { + union_ctx_id->loopback = union_ctx_id; + *context_handle = (gss_ctx_id_t)union_ctx_id; + } + +end: + if (union_name->mech_name == NULL || + union_name->mech_name != internal_name) { + (void) gssint_release_internal_name(&temp_minor_status, + selected_mech, &internal_name); + } + + return(status); +} diff -Naur -x '*.orig' -x '*.rej' krb5-1.12.5/src/lib/gssapi/mechglue/g_inq_context.c krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_inq_context.c --- krb5-1.12.5/src/lib/gssapi/mechglue/g_inq_context.c 2015-12-16 21:35:51.000000000 +0100 +++ krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_inq_context.c 2017-11-11 15:57:11.560491865 +0100 @@ -104,6 +104,8 @@ */ ctx = (gss_union_ctx_id_t) context_handle; + if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT) + return (GSS_S_NO_CONTEXT); mech = gssint_get_mechanism (ctx->mech_type); if (!mech || !mech->gss_inquire_context || !mech->gss_display_name || diff -Naur -x '*.orig' -x '*.rej' krb5-1.12.5/src/lib/gssapi/mechglue/g_prf.c krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_prf.c --- krb5-1.12.5/src/lib/gssapi/mechglue/g_prf.c 2015-12-16 21:35:51.000000000 +0100 +++ krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_prf.c 2017-11-11 15:57:11.560491865 +0100 @@ -59,6 +59,8 @@ */ ctx = (gss_union_ctx_id_t) context_handle; + if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT) + return GSS_S_NO_CONTEXT; mech = gssint_get_mechanism (ctx->mech_type); if (mech != NULL) { diff -Naur -x '*.orig' -x '*.rej' krb5-1.12.5/src/lib/gssapi/mechglue/g_process_context.c krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_process_context.c --- krb5-1.12.5/src/lib/gssapi/mechglue/g_process_context.c 2015-12-16 21:35:51.000000000 +0100 +++ krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_process_context.c 2017-11-11 15:57:11.560491865 +0100 @@ -61,6 +61,8 @@ */ ctx = (gss_union_ctx_id_t) context_handle; + if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT) + return (GSS_S_NO_CONTEXT); mech = gssint_get_mechanism (ctx->mech_type); if (mech) { diff -Naur -x '*.orig' -x '*.rej' krb5-1.12.5/src/lib/gssapi/mechglue/g_seal.c krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_seal.c --- krb5-1.12.5/src/lib/gssapi/mechglue/g_seal.c 2015-12-16 21:35:51.000000000 +0100 +++ krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_seal.c 2017-11-11 15:57:11.561491861 +0100 @@ -92,6 +92,8 @@ */ ctx = (gss_union_ctx_id_t) context_handle; + if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT) + return (GSS_S_NO_CONTEXT); mech = gssint_get_mechanism (ctx->mech_type); if (mech) { @@ -226,6 +228,8 @@ */ ctx = (gss_union_ctx_id_t) context_handle; + if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT) + return (GSS_S_NO_CONTEXT); mech = gssint_get_mechanism (ctx->mech_type); if (!mech) diff -Naur -x '*.orig' -x '*.rej' krb5-1.12.5/src/lib/gssapi/mechglue/g_sign.c krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_sign.c --- krb5-1.12.5/src/lib/gssapi/mechglue/g_sign.c 2015-12-16 21:35:51.000000000 +0100 +++ krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_sign.c 2017-11-11 15:57:11.561491861 +0100 @@ -94,6 +94,8 @@ */ ctx = (gss_union_ctx_id_t) context_handle; + if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT) + return (GSS_S_NO_CONTEXT); mech = gssint_get_mechanism (ctx->mech_type); if (mech) { diff -Naur -x '*.orig' -x '*.rej' krb5-1.12.5/src/lib/gssapi/mechglue/g_unseal.c krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_unseal.c --- krb5-1.12.5/src/lib/gssapi/mechglue/g_unseal.c 2015-12-16 21:35:51.000000000 +0100 +++ krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_unseal.c 2017-11-11 15:57:11.561491861 +0100 @@ -76,6 +76,8 @@ * call it. */ ctx = (gss_union_ctx_id_t) context_handle; + if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT) + return (GSS_S_NO_CONTEXT); mech = gssint_get_mechanism (ctx->mech_type); if (mech) { diff -Naur -x '*.orig' -x '*.rej' krb5-1.12.5/src/lib/gssapi/mechglue/g_unwrap_aead.c krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_unwrap_aead.c --- krb5-1.12.5/src/lib/gssapi/mechglue/g_unwrap_aead.c 2015-12-16 21:35:51.000000000 +0100 +++ krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_unwrap_aead.c 2017-11-11 15:57:11.561491861 +0100 @@ -186,6 +186,8 @@ * call it. */ ctx = (gss_union_ctx_id_t) context_handle; + if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT) + return (GSS_S_NO_CONTEXT); mech = gssint_get_mechanism (ctx->mech_type); if (!mech) diff -Naur -x '*.orig' -x '*.rej' krb5-1.12.5/src/lib/gssapi/mechglue/g_unwrap_iov.c krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_unwrap_iov.c --- krb5-1.12.5/src/lib/gssapi/mechglue/g_unwrap_iov.c 2015-12-16 21:35:51.000000000 +0100 +++ krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_unwrap_iov.c 2017-11-11 15:57:11.561491861 +0100 @@ -89,6 +89,8 @@ */ ctx = (gss_union_ctx_id_t) context_handle; + if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT) + return (GSS_S_NO_CONTEXT); mech = gssint_get_mechanism (ctx->mech_type); if (mech) { @@ -128,6 +130,8 @@ /* Select the approprate underlying mechanism routine and call it. */ ctx = (gss_union_ctx_id_t)context_handle; + if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT) + return GSS_S_NO_CONTEXT; mech = gssint_get_mechanism(ctx->mech_type); if (mech == NULL) return GSS_S_BAD_MECH; diff -Naur -x '*.orig' -x '*.rej' krb5-1.12.5/src/lib/gssapi/mechglue/g_verify.c krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_verify.c --- krb5-1.12.5/src/lib/gssapi/mechglue/g_verify.c 2015-12-16 21:35:51.000000000 +0100 +++ krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_verify.c 2017-11-11 15:57:11.561491861 +0100 @@ -65,6 +65,8 @@ */ ctx = (gss_union_ctx_id_t) context_handle; + if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT) + return (GSS_S_NO_CONTEXT); mech = gssint_get_mechanism (ctx->mech_type); if (mech) { diff -Naur -x '*.orig' -x '*.rej' krb5-1.12.5/src/lib/gssapi/mechglue/g_wrap_aead.c krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_wrap_aead.c --- krb5-1.12.5/src/lib/gssapi/mechglue/g_wrap_aead.c 2015-12-16 21:35:51.000000000 +0100 +++ krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_wrap_aead.c 2017-11-11 15:57:11.561491861 +0100 @@ -256,6 +256,8 @@ * call it. */ ctx = (gss_union_ctx_id_t)context_handle; + if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT) + return (GSS_S_NO_CONTEXT); mech = gssint_get_mechanism (ctx->mech_type); if (!mech) return (GSS_S_BAD_MECH); diff -Naur -x '*.orig' -x '*.rej' krb5-1.12.5/src/lib/gssapi/mechglue/g_wrap_iov.c krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_wrap_iov.c --- krb5-1.12.5/src/lib/gssapi/mechglue/g_wrap_iov.c 2015-12-16 21:35:51.000000000 +0100 +++ krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_wrap_iov.c 2017-11-11 15:57:11.561491861 +0100 @@ -93,6 +93,8 @@ */ ctx = (gss_union_ctx_id_t) context_handle; + if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT) + return (GSS_S_NO_CONTEXT); mech = gssint_get_mechanism (ctx->mech_type); if (mech) { @@ -151,6 +153,8 @@ */ ctx = (gss_union_ctx_id_t) context_handle; + if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT) + return (GSS_S_NO_CONTEXT); mech = gssint_get_mechanism (ctx->mech_type); if (mech) { @@ -190,6 +194,8 @@ /* Select the approprate underlying mechanism routine and call it. */ ctx = (gss_union_ctx_id_t)context_handle; + if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT) + return GSS_S_NO_CONTEXT; mech = gssint_get_mechanism(ctx->mech_type); if (mech == NULL) return GSS_S_BAD_MECH; @@ -218,6 +224,8 @@ /* Select the approprate underlying mechanism routine and call it. */ ctx = (gss_union_ctx_id_t)context_handle; + if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT) + return GSS_S_NO_CONTEXT; mech = gssint_get_mechanism(ctx->mech_type); if (mech == NULL) return GSS_S_BAD_MECH;