krb5 commit [krb5-1.19]: Using locking in MEMORY krb5_cc_get_principal()
Greg Hudson
ghudson at mit.edu
Mon Jul 12 12:29:15 EDT 2021
https://github.com/krb5/krb5/commit/5cf95e57e1a45f20d6ae1ea8232c1511f4b1940b
commit 5cf95e57e1a45f20d6ae1ea8232c1511f4b1940b
Author: Greg Hudson <ghudson at mit.edu>
Date: Sun Jun 20 19:24:07 2021 -0400
Using locking in MEMORY krb5_cc_get_principal()
Without locking, the principal pointer could be freed out from under
krb5_copy_principal() by another thread calling krb5_cc_initialize()
or krb5_cc_destroy().
(cherry picked from commit 1848447291c68e21311f441b0458ae53471d00d3)
ticket: 9014
version_fixed: 1.19.2
src/lib/krb5/ccache/cc_memory.c | 17 +++++++++++------
1 files changed, 11 insertions(+), 6 deletions(-)
diff --git a/src/lib/krb5/ccache/cc_memory.c b/src/lib/krb5/ccache/cc_memory.c
index 610091a..e4c795d 100644
--- a/src/lib/krb5/ccache/cc_memory.c
+++ b/src/lib/krb5/ccache/cc_memory.c
@@ -575,12 +575,17 @@ krb5_mcc_get_name (krb5_context context, krb5_ccache id)
krb5_error_code KRB5_CALLCONV
krb5_mcc_get_principal(krb5_context context, krb5_ccache id, krb5_principal *princ)
{
- krb5_mcc_data *ptr = (krb5_mcc_data *)id->data;
- if (!ptr->prin) {
- *princ = 0L;
- return KRB5_FCC_NOFILE;
- }
- return krb5_copy_principal(context, ptr->prin, princ);
+ krb5_error_code ret;
+ krb5_mcc_data *d = id->data;
+
+ *princ = NULL;
+ k5_cc_mutex_lock(context, &d->lock);
+ if (d->prin == NULL)
+ ret = KRB5_FCC_NOFILE;
+ else
+ ret = krb5_copy_principal(context, d->prin, princ);
+ k5_cc_mutex_unlock(context, &d->lock);
+ return ret;
}
krb5_error_code KRB5_CALLCONV
More information about the cvs-krb5
mailing list