Commit 3f6fe054 by Edward Thomson

gssapi: protect GSS_ERROR macro

The GSS_ERROR(x) macro may expand to `(x & value)` on some
implementations, instead of `((x) & value)`.  This is the case on macOS,
which means that if we attempt to wrap an expression in that macro, like
`a = b`, then that would expand to `(a = b & value)`.

Since `&` has a higher precedence, this is not at all what we want, and
will set our result code to an incorrect value.  Evaluate the expression
then test it with `GSS_ERROR` independently to avoid this.
parent 73fe690d
...@@ -135,7 +135,7 @@ static int negotiate_next_token( ...@@ -135,7 +135,7 @@ static int negotiate_next_token(
mech = &negotiate_oid_spnego; mech = &negotiate_oid_spnego;
if (GSS_ERROR(status_major = gss_init_sec_context( status_major = gss_init_sec_context(
&status_minor, &status_minor,
GSS_C_NO_CREDENTIAL, GSS_C_NO_CREDENTIAL,
&ctx->gss_context, &ctx->gss_context,
...@@ -148,7 +148,9 @@ static int negotiate_next_token( ...@@ -148,7 +148,9 @@ static int negotiate_next_token(
NULL, NULL,
&output_token, &output_token,
NULL, NULL,
NULL))) { NULL);
if (GSS_ERROR(status_major)) {
negotiate_err_set(status_major, status_minor, "negotiate failure"); negotiate_err_set(status_major, status_minor, "negotiate failure");
error = -1; error = -1;
goto done; goto done;
...@@ -220,8 +222,9 @@ static int negotiate_init_context( ...@@ -220,8 +222,9 @@ static int negotiate_init_context(
size_t i; size_t i;
/* Query supported mechanisms looking for SPNEGO) */ /* Query supported mechanisms looking for SPNEGO) */
if (GSS_ERROR(status_major = status_major = gss_indicate_mechs(&status_minor, &mechanism_list);
gss_indicate_mechs(&status_minor, &mechanism_list))) {
if (GSS_ERROR(status_major)) {
negotiate_err_set(status_major, status_minor, negotiate_err_set(status_major, status_minor,
"could not query mechanisms"); "could not query mechanisms");
return -1; return -1;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment