[28514] in CVS-changelog-for-Kerberos-V5

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

krb5 commit: Disallow unlocked iteration of hash databases

daemon@ATHENA.MIT.EDU (Tom Yu)
Thu Aug 7 16:29:50 2014

Date: Thu, 7 Aug 2014 16:29:46 -0400
From: Tom Yu <tlyu@mit.edu>
Message-Id: <201408072029.s77KTkl9013695@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu

https://github.com/krb5/krb5/commit/ded6f17bbda92419a68478b822ce79406c0be1e0
commit ded6f17bbda92419a68478b822ce79406c0be1e0
Author: Tom Yu <tlyu@mit.edu>
Date:   Wed Aug 6 18:45:20 2014 -0400

    Disallow unlocked iteration of hash databases
    
    It's not clear whether unlocked iteration over a hash DB2 database
    will omit unaffected entries if database additions or deletions occur
    concurrently with the iteration.  Avoid this situation by disabling
    unlocked iteration in the unlikely event that someone is still using a
    hash database for their KDB.
    
    ticket: 7977

 src/plugins/kdb/db2/kdb_db2.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/src/plugins/kdb/db2/kdb_db2.c b/src/plugins/kdb/db2/kdb_db2.c
index b7cdc88..4c2292c 100644
--- a/src/plugins/kdb/db2/kdb_db2.c
+++ b/src/plugins/kdb/db2/kdb_db2.c
@@ -386,6 +386,9 @@ open_db(krb5_db2_context *dbc, int flags, int mode)
         break;
     }
 
+    /* Don't try unlocked iteration with a hash database. */
+    if (db != NULL && dbc->hashfirst)
+        dbc->unlockiter = FALSE;
 done:
     free(fname);
     return db;
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5

home	help	back	first	fref	pref	prev	next	nref	lref	last	post