[krbdev.mit.edu #2870] Crash on exit in mitkfw 2.6.5

[Andrei.Keis@morganstanley.com via RT]

Hi,

There are two problems discovered in cc_mslsa.c implementation in kfw
2.6.5

- support for japanese charset
- crash on exit when using gssapi with MSLSA: cache type

Support for japanese is fixed in unicode2ascii routines (Jeff Altman
provided the fix)

+    if (CodePageInfo.MaxCharSize > 1) {
...

Crash on exit is fixed by changing code in krb5_lcc_retrieve -
commenting out krb5_copy_creds and replacing it with the following code:

    /* keisa - do not copy - instead just change enctype and flags on
existing ticket */
    /* krb5_copy_creds(context, mcreds, &mcreds_noflags); */
    mcreds_noflags = mcreds;
    
    mcreds_noflags->ticket_flags = 0;
    mcreds_noflags->keyblock.enctype = 0;

    if (!GetMSCacheTicketFromMITCred(data->LogonHandle, data->PackageId,
context, mcreds_noflags, &msticket)) {
        kret = KRB5_CC_NOTFOUND;
        goto cleanup;
    }
    
    mcreds_noflags = 0;
    mcreds->ticket_flags = ticket_flags;
    mcreds->keyblock.enctype = enctype;

Instead of copying to a new ticket with 0 flags, modify flags on
existing ticket, perform GetMSCacheTicketFromMITCred and then revert
flags back to original value.

If these lines are not changed, it will result in app crash on exit.

Complete diff -u attached.

Regards,
Andrei. 
--------------------------------------------------------
 
NOTICE: If received in error, please destroy and notify sender.  Sender does not waive confidentiality or privilege, and use is prohibited.