[201] in Kerberos-V5-bugs

home help back first fref pref prev next nref lref last post

Bugs in lib/ccache/file/fcc_gennew.c

daemon@ATHENA.MIT.EDU (Joe Pato)
Sat Sep 28 18:12:00 1991

From: pato@apollo.com (Joe Pato)
Date: Fri, 27 Sep 91 16:40:40 EDT
To: krb5-bugs@MIT.EDU

Bugs found in fcc_gennew.c:
    1) krb5_ccache fd not initialized (should be set to -1 to indicate file
        is closed)
    2) Extra close of file during normal execution causes problems in a
        multi-threaded environment and is never necessary (close deleted).
    3) Garbage Collection.  Errors left memory allocated.

Question:
    It does not appear that there is a krb5_cc_gen_new #define to make the
gennew function appear to be common... is this just an oversight?

- joe


(chelm|288): diff -c /prgy/krb5/lib/ccache/file/fcc_gennew.c/MIT-beta1 fcc_gennew.c
*** /prgy/krb5/lib/ccache/file/fcc_gennew.c/MIT-beta1	Thu Jun  6 09:40:47 1991
--- fcc_gennew.c	Fri Sep 27 16:06:41 1991
***************
*** 62,67 ****
--- 62,68 ----
  {
       krb5_ccache lid;
       int ret;
+      krb5_error_code    retcode = 0;
       char scratch[sizeof(TKT_ROOT)+6+1]; /* +6 for the scratch part, +1 for
  					    NUL */
       
***************
*** 82,87 ****
--- 83,93 ----
  	  return KRB5_CC_NOMEM;
       }
  
+      /*
+       * The file is initially closed at the end of this call...
+       */
+      ((krb5_fcc_data *) lid->data)->fd = -1;
+ 
       ((krb5_fcc_data *) lid->data)->filename = (char *)
  	  malloc(strlen(scratch) + 1);
       if (((krb5_fcc_data *) lid->data)->filename == NULL) {
***************
*** 98,106 ****
       /* Make sure the file name is reserved */
       ret = open(((krb5_fcc_data *) lid->data)->filename,
  		O_CREAT | O_EXCL | O_WRONLY, 0);
!      if (ret == -1)
! 	  return krb5_fcc_interpret(errno);
!      else {
  	  krb5_int16 fcc_fvno = htons(KRB5_FCC_FVNO);
  	  int errsave, cnt;
  
--- 104,113 ----
       /* Make sure the file name is reserved */
       ret = open(((krb5_fcc_data *) lid->data)->filename,
  		O_CREAT | O_EXCL | O_WRONLY, 0);
!      if (ret == -1) {
! 	  retcode = krb5_fcc_interpret(errno);
!           goto err_out;
!      } else {
  	  krb5_int16 fcc_fvno = htons(KRB5_FCC_FVNO);
  	  int errsave, cnt;
  
***************
*** 111,126 ****
  	      errsave = errno;
  	      (void) close(ret);
  	      (void) unlink(((krb5_fcc_data *) lid->data)->filename);
! 	      return (cnt == -1) ? krb5_fcc_interpret(errsave) : KRB5_CC_IO;
  	  }
  	  if (close(ret) == -1) {
  	      errsave = errno;
  	      (void) unlink(((krb5_fcc_data *) lid->data)->filename);
! 	      return krb5_fcc_interpret(errsave);
  	  }
  
- 	  close(ret);
  	  *id = lid;
  	  return KRB5_OK;
       }
  }
--- 118,140 ----
  	      errsave = errno;
  	      (void) close(ret);
  	      (void) unlink(((krb5_fcc_data *) lid->data)->filename);
! 	      retcode = (cnt == -1) ? krb5_fcc_interpret(errsave) : KRB5_CC_IO;
!               goto err_out;
  	  }
  	  if (close(ret) == -1) {
  	      errsave = errno;
  	      (void) unlink(((krb5_fcc_data *) lid->data)->filename);
! 	      retcode = krb5_fcc_interpret(errsave);
!               goto err_out;
  	  }
  
  	  *id = lid;
  	  return KRB5_OK;
       }
+ 
+ err_out:
+      xfree(((krb5_fcc_data *) lid->data)->filename);
+      xfree(((krb5_fcc_data *) lid->data));
+      xfree(lid);
+      return retcode;
  }
-------
home help back first fref pref prev next nref lref last post