don't enter cleanup handler without locking cred

author Luke Howard <lukeh@padl.com>

Tue, 28 Sep 2010 07:38:29 +0000 (09:38 +0200)

committer Luke Howard <lukeh@padl.com>

Tue, 28 Sep 2010 07:38:29 +0000 (09:38 +0200)
author Luke Howard <lukeh@padl.com>
Tue, 28 Sep 2010 07:38:29 +0000 (09:38 +0200)
committer Luke Howard <lukeh@padl.com>
Tue, 28 Sep 2010 07:38:29 +0000 (09:38 +0200)
diff --git a/accept_sec_context.c b/accept_sec_context.c

index 5dd68f2..b925566 100644 (file)
--- a/accept_sec_context.c
+++ b/accept_sec_context.c
@@ -519,6 +519,19 @@ gss_accept_sec_context(OM_uint32 *minor,
  
      GSSEAP_MUTEX_LOCK(&ctx->mutex);
  
+    /* Validate and lock credentials */
+    if (cred != GSS_C_NO_CREDENTIAL) {
+        if ((cred->flags & CRED_FLAG_ACCEPT) == 0) {
+            major = GSS_S_NO_CRED;
+            goto cleanup;
+        } else if (!gssEapCredAvailable(cred, ctx->mechanismUsed)) {
+            major = GSS_S_BAD_MECH;
+            goto cleanup;
+        }
+
+        GSSEAP_MUTEX_LOCK(&cred->mutex);
+    }
+
      sm = &eapGssAcceptorSm[ctx->state];
  
      major = gssEapVerifyToken(minor, ctx, input_token,
@@ -542,19 +555,6 @@ gss_accept_sec_context(OM_uint32 *minor,
          goto cleanup;
      }
  
-    /* Validate and lock credentials */
-    if (cred != GSS_C_NO_CREDENTIAL) {
-        if ((cred->flags & CRED_FLAG_ACCEPT) == 0) {
-            major = GSS_S_NO_CRED;
-            goto cleanup;
-        } else if (!gssEapCredAvailable(cred, ctx->mechanismUsed)) {
-            major = GSS_S_BAD_MECH;
-            goto cleanup;
-        }
-
-        GSSEAP_MUTEX_LOCK(&cred->mutex);
-    }
-
      do {
          sm = &eapGssAcceptorSm[ctx->state];
author	Luke Howard <lukeh@padl.com>
	Tue, 28 Sep 2010 07:38:29 +0000 (09:38 +0200)
committer	Luke Howard <lukeh@padl.com>
	Tue, 28 Sep 2010 07:38:29 +0000 (09:38 +0200)