[1444] in Kerberos-V5-bugs
Kerberos 5 Beta 5 - CLEANUP_PUSH Bug
daemon@ATHENA.MIT.EDU (Doug Engert)
Sat Jun 3 16:57:43 1995
Date: Sat, 03 Jun 95 15:57:27 CDT
From: "Doug Engert" <DEEngert@anl.gov>
To: <KRB5-BUGS@MIT.EDU>
Cc: <AUTHTF@ES.NET>, <MIKE@FIONN.LBL.GOV>
The routines mk_priv.c, mk_safe.c rd_cred.c, rd_priv.c, rd_safe.c and
mk_cred.c all use the CLENAUP_PUSH macros defined in cleanup.h.
When they call the CLENAUP_PUSH they pass the address of the pointer
to the area to be cleaned up by free. The CLEANUP_DONE macro
then calls free() with this pointer to a pointer, rather then the pointer.
This caused a segmentation fault on a Linux system, and may cause other
problems on other systems as well. This was discovered trying to forward
credentials from a Linux system to other systems.
A possible fix is to change the above named routines or to change the
cleanup.h file with something like this:
< void * arg;
---
> void ** arg;
21c21
< cleanup_data[cleanup_count].func(cleanup_data[cleanup_count].arg);
---
> cleanup_data[cleanup_count].func(*cleanup_data[cleanup_count].arg);
26c26
< cleanup_data[cleanup_count].func(cleanup_data[cleanup_count].arg);
---
> cleanup_data[cleanup_count].func(*cleanup_data[cleanup_count].arg);
Douglas E. Engert
Systems Programming
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(708) 252-5444
Internet: DEEngert@anl.gov
