Closed
Description
When using this function gss_inquire_attrs_for_mech() is called.
This function can legally return GSS_S_COMPLETE with GSS_NO_OID_SET for both return arguments.
However we do not catch this case and try to build sets for both causing a seggault as soon as we try to check for mech_set.count inside of c_create_oid_set()
You can test this with MIT (any version) and GSS-NTLMSSP and this snippet:
import gssapi
ntlm_mech = gssapi.OID.from_int_seq("1.3.6.1.4.1.311.2.2.10")
gssapi.raw.inquire_attrs_for_mech(ntlm_mech)