[524] in Kerberos-V5-bugs

home help back first fref pref prev next nref lref last post

Re: krb5kdc - won't run - rcache

daemon@ATHENA.MIT.EDU (grossa@SDSC.EDU)
Tue Jun 21 19:57:48 1994

Date: Tue, 21 Jun 94 16:45:10 PDT
From: grossa@SDSC.EDU
To: ertle@bajoran.emba.uvm.edu
Cc: kerberos@MIT.EDU, krb5-bugs@MIT.EDU

> ertle@wildthing (131)> ./krb5kdc
> krb5kdc: Permission denied in replay cache code while expunging replay
> cache 'dfl:'
> 
>    Anybody have any ideas?

Hello,

   The problem is in krb5_rc_dfl_expunge in lib/krb5/rcache/rc_dfl.c .
The code is:

   krb5_error_code krb5_rc_dfl_expunge(id)
   krb5_rcache id;
   {
       struct dfl_data *t = (struct dfl_data *)id->data;
       char *name = t->name;
       ...
   
       (void) krb5_rc_dfl_close_no_free(id);
       retval = krb5_rc_dfl_resolve(id, name);

Note that name is just a pointer and not copied.  Now add the change
from beta4 to beta5 in krb5_rc_dfl_resolve of memset-ing the new t to
zero:

    if (!(t = (struct dfl_data *) malloc(sizeof(struct dfl_data))))
        return KRB5_RC_MALLOC;
    id->data = (krb5_pointer) t;
    memset(t, 0, sizeof(struct dfl_data));

At this point name has been cleared as you observed.  This only occurs
on machines that would reallocate the space freed by the call
to krb5_rc_dfl_close_no_free .

   Attached is a diff for rc_dfl.c that fixes the problem.  Of course,
now init_db() is failing...

Andrew Gross
=========================================================================
546c546
<     char *name;
---
>     char *name = t->name;
551,553d550
<     if (!(name = (char *) malloc(strlen(t->name))))
< 	return KRB5_RC_MALLOC;
<     strcpy(name,t->name);
556,557c553
<     if (retval) {
<         FREE(name);
---
>     if (retval)
559d554
<     }
561,562c556
<     if (retval) {
<         FREE(name);
---
>     if (retval)
564d557
<     }
567,568c560
<     if (!tmp) {
<         FREE(name);
---
>     if (!tmp)
570d561
<     }
572,573c563
<     if (retval) {
<         FREE(name);
---
>     if (retval)
575d564
<     }
577,578c566
<     if (retval) {
<         FREE(name);
---
>     if (retval)
580d567
<     }
582,583c569
<     if (retval) {
<         FREE(name);
---
>     if (retval)
585d570
<     }
587,588c572
< 	if (krb5_rc_io_store ((struct dfl_data *)tmp->data, &q->rep)) {
<             FREE(name);
---
> 	if (krb5_rc_io_store ((struct dfl_data *)tmp->data, &q->rep))
591,593c575
<     }
<     if (krb5_rc_io_sync(&t->d)) {
<         FREE(name);
---
>     if (krb5_rc_io_sync(&t->d))
595,597c577
<     }
<     if (krb5_rc_io_move(&t->d, &((struct dfl_data *)tmp->data)->d)) {
<         FREE(name);
---
>     if (krb5_rc_io_move(&t->d, &((struct dfl_data *)tmp->data)->d))
599d578
<     }
601d579
<     FREE(name);
home help back first fref pref prev next nref lref last post