[krbdev.mit.edu #5546] SVN Commit
Tom Yu via RT
rt-comment at krbdev.mit.edu
Wed Apr 25 17:19:15 EDT 2007
* src/lib/krb5/krb/gc_frm_kdc.c (krb5_get_cred_from_kdc_opt):
During referrals fallback, set *tgts to NULL after freeing. This
avoids returning a pointer to freed memory when the first call to
do_traversal() obtains some TGTs and the subsequent
krb5_cc_retrieve_cred() of the final-hop TGT succeeds (due to some
other thread or process storing that TGT into the ccache), causing
second do_traversal() call (which would re-initialize *tgts) to
not execute. Race condition found during KfW-3.2 testing.
Commit By: tlyu
Revision: 19526
Changed Files:
_U trunk/
U trunk/src/lib/krb5/krb/gc_frm_kdc.c
More information about the krb5-bugs
mailing list