[16076] in Kerberos-V5-bugs

home help back first fref pref prev next nref lref last post

[krbdev.mit.edu #8202] git commit

daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Wed Jul 11 00:09:37 2018

Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: "Greg Hudson via RT" <rt-comment@KRBDEV-PROD-APP-1.mit.edu>
In-Reply-To: <rt-8202@krbdev.mit.edu>
Message-ID: <rt-8202-48703.1.46362645628209@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #8202'":;
Date: Wed, 11 Jul 2018 00:09:30 -0400 (EDT)
Reply-To: rt-comment@KRBDEV-PROD-APP-1.mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu


Fix bugs with concurrent use of MEMORY ccaches

A memory ccache iterator stores an alias into the cache object's
linked list of credentials.  If the cache is reinitialized while the
iterator is active, the alias becomes invalid.  Also, multiple handles
referencing the same memory ccache all use aliases to the same data
object; if one of the handles is destroyed, the other contains a
dangling pointer.

Fix the first issue by adding a generation counter to the cache and to
cursors, incremented each time the cache is initialized or destroyed.
Check the generation on each cursor step and end the iteration if the
list was invalidated.  Fix the second issue by adding a reference
count to the cache object, counting one reference for the table slot
and one for each open handle.  Empty the cache object on each destroy
operation, but only release the object when the last handle to it is
destroyed or closed.

Add regression tests for the two issues to t_cc.c.

The first issue was reported by Sorin Manolache.

https://github.com/krb5/krb5/commit/146dadec8fe7ccc4149eb2e3f577cc320aee6efb
Author: Greg Hudson <ghudson@mit.edu>
Commit: 146dadec8fe7ccc4149eb2e3f577cc320aee6efb
Branch: master
 src/lib/krb5/ccache/cc_memory.c |  164 ++++++++++++++++++++++++--------------
 src/lib/krb5/ccache/t_cc.c      |   51 ++++++++++++
 2 files changed, 154 insertions(+), 61 deletions(-)

_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs

home help back first fref pref prev next nref lref last post