svn rev #25680: branches/krb5-1-10/src/kdc/

Fri Feb 10 16:19:01 EST 2012

http://src.mit.edu/fisheye/changelog/krb5/?cs=25680
Commit By: tlyu
Log Message:
ticket: 7081
version_fixed: 1.10.1
status: resolved

Pull up r25659 from trunk

 ------------------------------------------------------------------------
 r25659 | ghudson | 2012-01-26 12:01:05 -0500 (Thu, 26 Jan 2012) | 10 lines

 ticket: 7081
 subject: Don't use stack variable address in as_req state
 target_version: 1.10
 tags: pullup

 The KDC's process_as_req was storing the address of a stack variable
 (client_princ), which fails if the request is not immediately
 serviced.  Move that variable to the state structure so its address
 remains valid for the lifetime of the request.


Changed Files:
U   branches/krb5-1-10/src/kdc/do_as_req.c
Modified: branches/krb5-1-10/src/kdc/do_as_req.c
===================================================================

--- branches/krb5-1-10/src/kdc/do_as_req.c	2012-02-07 15:45:59 UTC (rev 25679)
+++ branches/krb5-1-10/src/kdc/do_as_req.c	2012-02-10 21:19:01 UTC (rev 25680)
@@ -102,6 +102,7 @@
     loop_respond_fn respond;
     void *arg;
 
+    krb5_principal_data client_princ;
     krb5_enc_tkt_part enc_tkt_reply;
     krb5_enc_kdc_rep_part reply_encpart;
     krb5_ticket ticket_reply;
@@ -458,7 +459,6 @@
     krb5_error_code errcode;
     krb5_timestamp rtime;
     unsigned int s_flags = 0;
-    krb5_principal_data client_princ;
     krb5_data encoded_req_body;
     krb5_enctype useenctype;
     struct as_req_state *state;
@@ -699,13 +699,13 @@
 
     state->enc_tkt_reply.session = &state->session_key;
     if (isflagset(state->c_flags, KRB5_KDB_FLAG_CANONICALIZE)) {
-        client_princ = *(state->client->princ);
+        state->client_princ = *(state->client->princ);
     } else {
-        client_princ = *(state->request->client);
+        state->client_princ = *(state->request->client);
         /* The realm is always canonicalized */
-        client_princ.realm = state->client->princ->realm;
+        state->client_princ.realm = state->client->princ->realm;
     }
-    state->enc_tkt_reply.client = &client_princ;
+    state->enc_tkt_reply.client = &state->client_princ;
     state->enc_tkt_reply.transited.tr_type = KRB5_DOMAIN_X500_COMPRESS;
     state->enc_tkt_reply.transited.tr_contents = empty_string;
 

