Add function to allocate SPNEGO cred handle

Use a helper function to allocate SPNEGO cred handles, to make sure that all members of the cred structure are zeroed or initialized. [ghudson@mit.edu: avoid gss_ prefix on helper function and give it a name similar to create_spnego_ctx(); unbrace some single-line if bodies; clarify commit message]
krb5 · Jul 2, 2015 · 98092b0 · 98092b0
1 parent 9f095e1
commit 98092b0
Showing 1 changed file with 29 additions and 25 deletions.
diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
@@ -329,6 +329,23 @@ void gss_spnegoint_lib_fini(void)
 {
 }
 
+static OM_uint32
+create_spnego_cred(OM_uint32 *minor_status, gss_cred_id_t mcred,
+		   spnego_gss_cred_id_t *cred_out)
+{
+	spnego_gss_cred_id_t spcred;
+
+	*cred_out = NULL;
+	spcred = calloc(1, sizeof(spnego_gss_cred_id_rec));
+	if (spcred == NULL) {
+		*minor_status = ENOMEM;
+		return GSS_S_FAILURE;
+	}
+	spcred->mcred = mcred;
+	*cred_out = spcred;
+	return GSS_S_COMPLETE;
+}
+
 /*ARGSUSED*/
 OM_uint32 KRB5_CALLCONV
 spnego_gss_acquire_cred(OM_uint32 *minor_status,
@@ -372,12 +389,9 @@ spnego_gss_acquire_cred_from(OM_uint32 *minor_status,
 
 	/* We will obtain a mechglue credential and wrap it in a
 	 * spnego_gss_cred_id_rec structure.  Allocate the wrapper. */
-	spcred = malloc(sizeof(spnego_gss_cred_id_rec));
-	if (spcred == NULL) {
-		*minor_status = ENOMEM;
-		return (GSS_S_FAILURE);
-	}
-	spcred->neg_mechs = GSS_C_NULL_OID_SET;
+	status = create_spnego_cred(minor_status, mcred, &spcred);
+	if (status != GSS_S_COMPLETE)
+		return (status);
 
 	/*
 	 * Always use get_available_mechs to collect a list of
@@ -2382,14 +2396,11 @@ spnego_gss_set_cred_option(
 		 * we need to wrap it up in an SPNEGO credential handle.
 		 */
 
-		spcred = malloc(sizeof(spnego_gss_cred_id_rec));
-		if (spcred == NULL) {
+		ret = create_spnego_cred(minor_status, mcred, &spcred);
+		if (ret != GSS_S_COMPLETE) {
 			gss_release_cred(&tmp_minor_status, &mcred);
-			*minor_status = ENOMEM;
-			return (GSS_S_FAILURE);
+			return (ret);
 		}
-		spcred->mcred = mcred;
-		spcred->neg_mechs = GSS_C_NULL_OID_SET;
 		*cred_handle = (gss_cred_id_t)spcred;
 	}
 
@@ -2570,14 +2581,11 @@ spnego_gss_acquire_cred_impersonate_name(OM_uint32 *minor_status,
 	if (amechs != GSS_C_NULL_OID_SET)
 		(void) gss_release_oid_set(minor_status, &amechs);
 
-	out_spcred = malloc(sizeof(spnego_gss_cred_id_rec));
-	if (out_spcred == NULL) {
+	status = create_spnego_cred(minor_status, out_mcred, &out_spcred);
+	if (status != GSS_S_COMPLETE) {
 		gss_release_cred(minor_status, &out_mcred);
-		*minor_status = ENOMEM;
-		return (GSS_S_FAILURE);
+		return (status);
 	}
-	out_spcred->mcred = out_mcred;
-	out_spcred->neg_mechs = GSS_C_NULL_OID_SET;
 	*output_cred_handle = (gss_cred_id_t)out_spcred;
 
 	dsyslog("Leaving spnego_gss_acquire_cred_impersonate_name\n");
@@ -2621,14 +2629,10 @@ spnego_gss_acquire_cred_with_password(OM_uint32 *minor_status,
 	if (status != GSS_S_COMPLETE)
 	    goto cleanup;
 
-	spcred = malloc(sizeof(spnego_gss_cred_id_rec));
-	if (spcred == NULL) {
-		*minor_status = ENOMEM;
-		status = GSS_S_FAILURE;
+	status = create_spnego_cred(minor_status, mcred, &spcred);
+	if (status != GSS_S_COMPLETE)
 		goto cleanup;
-	}
-	spcred->neg_mechs = GSS_C_NULL_OID_SET;
-	spcred->mcred = mcred;
+
 	mcred = GSS_C_NO_CREDENTIAL;
 	*output_cred_handle = (gss_cred_id_t)spcred;