From 1c4d63e491400f6190da5e5afc717434bc2cfba4 Mon Sep 17 00:00:00 2001
From: Doug Rabson <dfr@FreeBSD.org>
Date: Fri, 19 Sep 2008 07:59:20 +0000
Subject: [PATCH] MFC: r178692 - make sure we initialise delegated creds
 properly. This fixes a crash in sshd when a user authenticates using GSS-API.

Approved by:	re (kensmith)
---
 lib/libgssapi/gss_accept_sec_context.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/libgssapi/gss_accept_sec_context.c b/lib/libgssapi/gss_accept_sec_context.c
index 269a620219a5..62a3bdadfa89 100644
--- a/lib/libgssapi/gss_accept_sec_context.c
+++ b/lib/libgssapi/gss_accept_sec_context.c
@@ -187,10 +187,13 @@ OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status,
 		*src_name = (gss_name_t) name;
 	}
 
+	if (delegated_mc == GSS_C_NO_CREDENTIAL)
+		mech_ret_flags &= ~GSS_C_DELEG_FLAG;
+
 	if (mech_ret_flags & GSS_C_DELEG_FLAG) {
 		if (!delegated_cred_handle) {
 			m->gm_release_cred(minor_status, &delegated_mc);
-			*ret_flags &= ~GSS_C_DELEG_FLAG;
+			mech_ret_flags &= ~GSS_C_DELEG_FLAG;
 		} else {
 			struct _gss_cred *cred;
 			struct _gss_mechanism_cred *mc;
@@ -200,6 +203,7 @@ OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status,
 				*minor_status = ENOMEM;
 				return (GSS_S_FAILURE);
 			}
+			SLIST_INIT(&cred->gc_mc);
 			mc = malloc(sizeof(struct _gss_mechanism_cred));
 			if (!mc) {
 				free(cred);