Merge branch 'master' into tlv

[mech_eap.orig] / accept_sec_context.c

diff --git a/accept_sec_context.c b/accept_sec_context.c
index 5da5ea6..eb38c92 100644 (file)
--- a/accept_sec_context.c
+++ b/accept_sec_context.c
@@ -575,9 +575,6 @@ eapGssSmAcceptAuthenticate(OM_uint32 *minor,
         ctx->acceptorCtx.vps = frresp->vps;
         frresp->vps = NULL;
 
-        rs_conn_destroy(ctx->acceptorCtx.radConn);
-        ctx->acceptorCtx.radConn = NULL;
-
         major = acceptReadyEap(minor, ctx, cred);
         if (GSS_ERROR(major))
             goto cleanup;
@@ -594,6 +591,14 @@ cleanup:
         rs_request_destroy(request);
     if (req != NULL)
         rs_packet_destroy(req);
+    if (resp != NULL)
+        rs_packet_destroy(resp);
+    if (GSSEAP_SM_STATE(ctx) == GSSEAP_STATE_INITIATOR_EXTS) {
+        assert(major == GSS_S_CONTINUE_NEEDED);
+
+        rs_conn_destroy(ctx->acceptorCtx.radConn);
+        ctx->acceptorCtx.radConn = NULL;
+    }
 
     return major;
 }
@@ -624,7 +629,7 @@ eapGssSmAcceptGssChannelBindings(OM_uint32 *minor,
     major = gssEapUnwrapOrVerifyMIC(minor, ctx, NULL, NULL,
                                     iov, 2, TOK_TYPE_WRAP);
     if (GSS_ERROR(major))
-        return GSS_S_BAD_BINDINGS;
+        return major;
 
     if (chanBindings != GSS_C_NO_CHANNEL_BINDINGS &&
         !bufferEqual(&iov[0].buffer, &chanBindings->application_data)) {