[krbdev.mit.edu #5471] krb5_ktfile_get_entry() can invalidate keytab file handle
lukeh@padl.com via RT
rt-comment at krbdev.mit.edu
Fri Mar 16 00:30:31 EDT 2007
From:
http://lists.samba.org/archive/samba-technical/2006-March/046171.html
> as the MIT krb5's krb5_rd_req does an explicit close on the keytab when it
> was able to decrypt the ticket (but the ticket is not yet or no longer
> valid), we crash on calling krb5_ktfile_get_entry the next time as the
> krb5_keytab has become invalid. (to reproduce set your clock to a wrong
> time and use "use kerberos keytab = yes).
Although some versions of Samba have a workaround for this, it would
be wise to validate the file handle before deferencing it in kt_file.c.
See attached patch.
regards,
-- Luke
More information about the krb5-bugs
mailing list