Open Radar

 
Summary:
When calling gss_export_cred with a GSSAPI credential handle that was previously acquired using gss_acquire_cred, a segmentation fault occurs.

Steps to Reproduce:
1. Compile the attached test case using "clang -framework GSS -o test test.c"
2. Obtain a valid Kerberos TGT using Ticket Viewer.app or kinit
3. Run the compiled test executable

Expected Results:
The test executable should print "Acquiring credential", acquire the default initiator credential, print "Exporting credential", export the previously-acquired credential to a buffer, then print "Exported credential token:" and the content of the exported credential token.

Actual Results:
The test executable exits because of a segmentation fault at the point where it calls gss_export_cred.

Version:
OS X Version 10.9.1 / Build 13B42

Notes:
I have attached a test case C program which always triggers the bug on my configuration. Compile it with "clang -framework GSS -o test test.c".

==== test.c ====

#include <stdio.h>
#include <GSS/GSS.h>

int main(int argc, char *argv[]) {
	OM_uint32 maj_stat, min_stat;
	gss_cred_id_t cred_handle;
	gss_buffer_desc token_buffer;

	puts("Acquiring credential");

	maj_stat = gss_acquire_cred(
		&min_stat, GSS_C_NO_NAME, GSS_C_INDEFINITE, GSS_C_NO_OID_SET, GSS_C_INITIATE,
		&cred_handle, NULL, NULL
	);

	if (maj_stat != GSS_S_COMPLETE) {
		puts("error in gss_acquire_cred");
		return maj_stat;
	}

	puts("Exporting credential");

	maj_stat = gss_export_cred(
		&min_stat, cred_handle, &token_buffer
	);

	if (maj_stat != GSS_S_COMPLETE) {
		puts("error in gss_export_cred");
		return maj_stat;
	}

	puts("Exported credential token:");

	fwrite(token_buffer.value, sizeof(char), token_buffer.length, stdout);

	return 0;
}