[krbdev.mit.edu #8202] git commit
Greg Hudson via RT
rt-comment at KRBDEV-PROD-APP-1.mit.edu
Tue Oct 30 12:27:31 EDT 2018
Fix bugs with concurrent use of MEMORY ccaches
A memory ccache iterator stores an alias into the cache object's
linked list of credentials. If the cache is reinitialized while the
iterator is active, the alias becomes invalid. Also, multiple handles
referencing the same memory ccache all use aliases to the same data
object; if one of the handles is destroyed, the other contains a
dangling pointer.
Fix the first issue by adding a generation counter to the cache and to
cursors, incremented each time the cache is initialized or destroyed.
Check the generation on each cursor step and end the iteration if the
list was invalidated. Fix the second issue by adding a reference
count to the cache object, counting one reference for the table slot
and one for each open handle. Empty the cache object on each destroy
operation, but only release the object when the last handle to it is
destroyed or closed.
Add regression tests for the two issues to t_cc.c.
The first issue was reported by Sorin Manolache.
(cherry picked from commit 146dadec8fe7ccc4149eb2e3f577cc320aee6efb)
https://github.com/krb5/krb5/commit/9c70a33b30919c217167b5e2191c871229e5abbf
Author: Greg Hudson <ghudson at mit.edu>
Commit: 9c70a33b30919c217167b5e2191c871229e5abbf
Branch: krb5-1.15
src/lib/krb5/ccache/cc_memory.c | 164 ++++++++++++++++++++++++--------------
src/lib/krb5/ccache/t_cc.c | 51 ++++++++++++
2 files changed, 154 insertions(+), 61 deletions(-)
More information about the krb5-bugs
mailing list