krb5 commit [krb5-1.17]: Fix Leash crash when ticket autorenewal fails

Tue Nov 3 13:15:04 EST 2020

https://github.com/krb5/krb5/commit/bca389add3d2f2b2460920295c383dbeb4152625
commit bca389add3d2f2b2460920295c383dbeb4152625
Author: Greg Hudson <ghudson at mit.edu>
Date:   Wed Aug 19 11:37:12 2020 -0400

    Fix Leash crash when ticket autorenewal fails
    
    CLeashView::RenewTicket() falls back to an ImportTicket or InitTicket
    operation if ticket renewal fails.  A 2004 commit (from the old
    pismere repository) added code to heuristically determine whether
    Leash's cache was imported by comparing the MSLSA cache principal name
    to ticketinfo.Krb5.principal.  Commit
    9bc411e72fce5bed3ed00ae5b09f8c239309bae0 broke this code by removing
    the call to initialize ticketinfo.Krb5 and by making
    ticketinfo.Krb5.principal ephemeral.  The strcmp() call now crashes
    the process with a null dereference.
    
    Fix the crash by removing the heuristic detection of imported tickets,
    using the current value of m_importedTickets (which should be correct
    unless Leash was restarted after the tickets were obtained) to decide
    whether to import or initialize tickets.
    
    (cherry picked from commit 7fc4cdae79d0689afed32f9bcfeb28f410a9d79c)
    
    ticket: 8938
    version_fixed: 1.17.2

 src/windows/leash/LeashView.cpp |   27 ---------------------------
 1 files changed, 0 insertions(+), 27 deletions(-)

diff --git a/src/windows/leash/LeashView.cpp b/src/windows/leash/LeashView.cpp
index a2d005b..904bdaa 100644
--- a/src/windows/leash/LeashView.cpp
+++ b/src/windows/leash/LeashView.cpp
@@ -838,33 +838,6 @@ UINT CLeashView::RenewTicket(void * hWnd)
         return 0;
     }
 
-    krb5_error_code code;
-    krb5_ccache mslsa_ccache=0;
-    krb5_principal princ = 0;
-    char * pname = 0;
-
-    if (code = pkrb5_cc_resolve(CLeashApp::m_krbv5_context, "MSLSA:", &mslsa_ccache))
-        goto cleanup;
-
-    if (code = pkrb5_cc_get_principal(CLeashApp::m_krbv5_context, mslsa_ccache, &princ))
-        goto cleanup;
-
-    if (code = pkrb5_unparse_name(CLeashApp::m_krbv5_context, princ, &pname))
-        goto cleanup;
-
-    if ( !strcmp(ticketinfo.Krb5.principal, pname) )
-        m_importedTickets = 1;
-
-  cleanup:
-    if (pname)
-        pkrb5_free_unparsed_name(CLeashApp::m_krbv5_context, pname);
-
-    if (princ)
-        pkrb5_free_principal(CLeashApp::m_krbv5_context, princ);
-
-    if (mslsa_ccache)
-        pkrb5_cc_close(CLeashApp::m_krbv5_context, mslsa_ccache);
-
     // If imported from Kerberos LSA, re-import
     // Otherwise, init the tickets
     if ( m_importedTickets )
