[krbdev.mit.edu #7804] krb5_cc_retrieve_cred_seq manipulates KRB5_TC_OPENCLOSE in a non-threadsafe way
Andrea Campi via RT
rt-comment at krbdev.mit.edu
Mon Dec 16 14:33:42 EST 2013
krb5_cc_retrieve_cred_seq changes the OPENCLOSE property not-atomically,
i.e. it unsets this property then releases the lock, then sets this
property at the end.
In the meantime other threads get a messed up OPENCLOSE state for the cache.
So what's happening is that if another thread tries to read the credentials
cache while this OPENCLOSE flag is in the off state, it won't actually open
the file for reading (assuming that it's already open).
More information about the krb5-bugs
mailing list