From cce711094ba923744d4288b0b9ce1c4f487ced63 Mon Sep 17 00:00:00 2001
From: Luke Howard <lukeh@padl.com>
Date: Tue, 28 Sep 2010 09:38:29 +0200
Subject: [PATCH] don't enter cleanup handler without locking cred

---
 accept_sec_context.c | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/accept_sec_context.c b/accept_sec_context.c
index 5dd68f2..b925566 100644
--- a/accept_sec_context.c
+++ b/accept_sec_context.c
@@ -519,6 +519,19 @@ gss_accept_sec_context(OM_uint32 *minor,
 
     GSSEAP_MUTEX_LOCK(&ctx->mutex);
 
+    /* Validate and lock credentials */
+    if (cred != GSS_C_NO_CREDENTIAL) {
+        if ((cred->flags & CRED_FLAG_ACCEPT) == 0) {
+            major = GSS_S_NO_CRED;
+            goto cleanup;
+        } else if (!gssEapCredAvailable(cred, ctx->mechanismUsed)) {
+            major = GSS_S_BAD_MECH;
+            goto cleanup;
+        }
+
+        GSSEAP_MUTEX_LOCK(&cred->mutex);
+    }
+
     sm = &eapGssAcceptorSm[ctx->state];
 
     major = gssEapVerifyToken(minor, ctx, input_token,
@@ -542,19 +555,6 @@ gss_accept_sec_context(OM_uint32 *minor,
         goto cleanup;
     }
 
-    /* Validate and lock credentials */
-    if (cred != GSS_C_NO_CREDENTIAL) {
-        if ((cred->flags & CRED_FLAG_ACCEPT) == 0) {
-            major = GSS_S_NO_CRED;
-            goto cleanup;
-        } else if (!gssEapCredAvailable(cred, ctx->mechanismUsed)) {
-            major = GSS_S_BAD_MECH;
-            goto cleanup;
-        }
-
-        GSSEAP_MUTEX_LOCK(&cred->mutex);
-    }
-
     do {
         sm = &eapGssAcceptorSm[ctx->state];
 
-- 
2.1.4