[krbdev.mit.edu #8202] git commit
Greg Hudson via RT
rt-comment at KRBDEV-PROD-APP-1.mit.edu
Tue Oct 30 12:25:34 EDT 2018
Fix bugs with concurrent use of MEMORY ccaches
A memory ccache iterator stores an alias into the cache object's
linked list of credentials. If the cache is reinitialized while the
iterator is active, the alias becomes invalid. Also, multiple handles
referencing the same memory ccache all use aliases to the same data
object; if one of the handles is destroyed, the other contains a
dangling pointer.
Fix the first issue by adding a generation counter to the cache and to
cursors, incremented each time the cache is initialized or destroyed.
Check the generation on each cursor step and end the iteration if the
list was invalidated. Fix the second issue by adding a reference
count to the cache object, counting one reference for the table slot
and one for each open handle. Empty the cache object on each destroy
operation, but only release the object when the last handle to it is
destroyed or closed.
Add regression tests for the two issues to t_cc.c.
The first issue was reported by Sorin Manolache.
(cherry picked from commit 146dadec8fe7ccc4149eb2e3f577cc320aee6efb)
https://github.com/krb5/krb5/commit/6d784809fe07c2d5f60c1a692bcac08b0d40f0a7
Author: Greg Hudson <ghudson at mit.edu>
Commit: 6d784809fe07c2d5f60c1a692bcac08b0d40f0a7
Branch: krb5-1.16
src/lib/krb5/ccache/cc_memory.c | 164 ++++++++++++++++++++++++--------------
src/lib/krb5/ccache/t_cc.c | 51 ++++++++++++
2 files changed, 154 insertions(+), 61 deletions(-)
More information about the krb5-bugs
mailing list