[krbdev.mit.edu #9035] git commit

[Greg Hudson via RT]

Wed Nov 10 14:11:53 2021: Request 9035 was acted upon.
 Transaction: Ticket created by ghudson at mit.edu
       Queue: krb5
     Subject: git commit
       Owner: ghudson at mit.edu
  Requestors: 
      Status: new
 Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9035 >



Avoid use after free during libkrad cleanup

libkrad client requests contain a list of references to remotes, with
no back-references or reference counts.  To prevent accesses to
dangling references during cleanup, cancel all requests on all remotes
before freeing any remotes.

Remove the code for aging out unused servers.  This code was fairly
safe as all requests referencing a remote should have completed or
timed out during an hour of disuse, but in the current design we have
no way to guarantee or check that.  The set of addresses we send
RADIUS requests to will generally be small, so aging out servers is
unnecessary.

https://github.com/krb5/krb5/commit/ce160f8826bae223876a6527a731c36b6912db15
Author: Greg Hudson <ghudson at mit.edu>
Commit: ce160f8826bae223876a6527a731c36b6912db15
Branch: master
 src/lib/krad/client.c   |   42 ++++++++++++++----------------------------
 src/lib/krad/internal.h |    4 ++++
 src/lib/krad/remote.c   |   11 ++++++++---
 3 files changed, 26 insertions(+), 31 deletions(-)