[16803] in Kerberos_V5_Development
gss_krb5_export_lucid_sec_context broken since 1.7?
daemon@ATHENA.MIT.EDU (ghudson@mit.edu)
Fri May 6 13:59:46 2011
Date: Fri, 6 May 2011 13:59:38 -0400 (EDT)
From: ghudson@mit.edu
Message-Id: <201105061759.p46HxcvG013218@outgoing.mit.edu>
To: krbdev@mit.edu
Cc: Kevin Coffman <kwc@citi.umich.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
While working on the kernel subset, I ran into an apparent fatal bug
in gss_krb5_export_lucid_sec_context. Since this function was
rewritten in 1.7 to use gss_inquire_sec_context_by_oid, it's been
calling krb5_gss_delete_sec_context on a union context, which
invariably causes a crash.
The fix is easy. What confuses me is why this hasn't been bothering
Linux-NFS users, while much more subtle issues have been (like
acceptor subkey enctype negotiation). Does anyone have any insight?
I think there are things I don't understand about the glue between
gssd and the MIT krb5 code.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
