don't leak Kerberos context if reauth not supported

author Luke Howard <lukeh@padl.com>

Wed, 9 Mar 2011 13:53:44 +0000 (00:53 +1100)

committer Luke Howard <lukeh@padl.com>

Wed, 9 Mar 2011 13:53:44 +0000 (00:53 +1100)
author Luke Howard <lukeh@padl.com>
Wed, 9 Mar 2011 13:53:44 +0000 (00:53 +1100)
committer Luke Howard <lukeh@padl.com>
Wed, 9 Mar 2011 13:53:44 +0000 (00:53 +1100)
diff --git a/mech_eap/init_sec_context.c b/mech_eap/init_sec_context.c

index cef79d1..b9693df 100644 (file)
--- a/mech_eap/init_sec_context.c
+++ b/mech_eap/init_sec_context.c
@@ -574,9 +574,12 @@ eapGssSmInitIdentity(OM_uint32 *minor,
      struct eap_config eapConfig;
  
      if (GSSEAP_SM_STATE(ctx) == GSSEAP_STATE_REAUTHENTICATE) {
+        OM_uint32 tmpMinor;
+
          /* server didn't support reauthentication, sent EAP request */
-        GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_INITIAL);
+        gssDeleteSecContext(&tmpMinor, &ctx->kerberosCtx, GSS_C_NO_BUFFER);
          ctx->flags &= ~(CTX_FLAG_KRB_REAUTH);
+        GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_INITIAL);
          *smFlags |= SM_FLAG_RESTART;
      } else {
          *smFlags |= SM_FLAG_FORCE_SEND_TOKEN;
author	Luke Howard <lukeh@padl.com>
	Wed, 9 Mar 2011 13:53:44 +0000 (00:53 +1100)
committer	Luke Howard <lukeh@padl.com>
	Wed, 9 Mar 2011 13:53:44 +0000 (00:53 +1100)