[krbdev.mit.edu #1347] Bug in gss_krb5_ccache_name
Marshall Vale via RT
rt-comment at krbdev.mit.edu
Wed Feb 5 17:10:59 EST 2003
Date: Tue, 04 Feb 2003 10:13:07 -0600
From: "Paul W. Nelson" <nelson at thursby.com>
It appears that gss_krb5_ccache_name should return a previous cache name
when the caller passes a non-null out_name. The code attempts to do this,
but it returns a pointer to the cache name storage and not a copy, so when
the name gets set by the call to krb5_cc_set_default_name, the name that is
returned in out_name gets set to the new name and not the old name.
This is in the 1.2.7 source.
Perhaps
if (out_name)
*out_name = krb5_cc_default_name(context);
Should be replaced with
if (out_name)
{
const char * old_ccache = krb5_cc_default_name(context);
*out_name = old_ccache ? strdup( old_ccache ) : NULL;
}
Unfortunately, this call is used in kadm5/clnt/client_init.c, where that
code already does a strdup on the returned old name...
Original 1.2.7 code in src/lib/gssapi/krb5/set_ccache.c:
GSS_DLLIMP OM_uint32 KRB5_CALLCONV
gss_krb5_ccache_name(minor_status, name, out_name)
OM_uint32 *minor_status;
const char *name;
const char **out_name;
{
krb5_context context;
krb5_error_code retval;
OM_uint32 foo_stat;
if (GSS_ERROR(kg_get_context(minor_status, &context)))
return (GSS_S_FAILURE);
if (out_name)
*out_name = krb5_cc_default_name(context);
retval = krb5_cc_set_default_name(context, name);
if (retval) {
*minor_status = retval;
return GSS_S_FAILURE;
}
kg_release_defcred(&foo_stat);
return GSS_S_COMPLETE;
}
--
Paul W. Nelson
Thursby Software Systems, Inc.
More information about the krb5-bugs
mailing list