[3891] in Kerberos-V5-bugs
[krbdev.mit.edu #1347] Bug in gss_krb5_ccache_name
daemon@ATHENA.MIT.EDU (Marshall Vale via RT)
Wed Feb 5 17:11:25 2003
Date: Wed, 5 Feb 2003 17:10:59 -0500 (EST)
Message-Id: <rt-1347-4426.8.19637447775577@krbdev.mit.edu>
In-Reply-To: <rt-1347@krbdev.mit.edu>
From: "Marshall Vale via RT" <rt-comment@krbdev.mit.edu>
To: krb5-prs@mit.edu
Reply-To: rt-comment@krbdev.mit.edu
Errors-To: krb5-bugs-bounces@mit.edu
Date: Tue, 04 Feb 2003 10:13:07 -0600
From: "Paul W. Nelson" <nelson@thursby.com>
It appears that gss_krb5_ccache_name should return a previous cache name
when the caller passes a non-null out_name. The code attempts to do this,
but it returns a pointer to the cache name storage and not a copy, so when
the name gets set by the call to krb5_cc_set_default_name, the name that is
returned in out_name gets set to the new name and not the old name.
This is in the 1.2.7 source.
Perhaps
if (out_name)
*out_name = krb5_cc_default_name(context);
Should be replaced with
if (out_name)
{
const char * old_ccache = krb5_cc_default_name(context);
*out_name = old_ccache ? strdup( old_ccache ) : NULL;
}
Unfortunately, this call is used in kadm5/clnt/client_init.c, where that
code already does a strdup on the returned old name...
Original 1.2.7 code in src/lib/gssapi/krb5/set_ccache.c:
GSS_DLLIMP OM_uint32 KRB5_CALLCONV
gss_krb5_ccache_name(minor_status, name, out_name)
OM_uint32 *minor_status;
const char *name;
const char **out_name;
{
krb5_context context;
krb5_error_code retval;
OM_uint32 foo_stat;
if (GSS_ERROR(kg_get_context(minor_status, &context)))
return (GSS_S_FAILURE);
if (out_name)
*out_name = krb5_cc_default_name(context);
retval = krb5_cc_set_default_name(context, name);
if (retval) {
*minor_status = retval;
return GSS_S_FAILURE;
}
kg_release_defcred(&foo_stat);
return GSS_S_COMPLETE;
}
--
Paul W. Nelson
Thursby Software Systems, Inc.
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
http://mailman.mit.edu/mailman/listinfo/krb5-bugs
