rewrite gss_krb5_ccache_name

Jeffrey Altman jaltman at
Fri Nov 21 23:57:54 EST 2008

Jeffrey Hutzelman wrote:
> --On Friday, November 21, 2008 08:44:04 PM -0500 Jeffrey Altman 
> <jaltman at> wrote:
>> For thread safety reasons the gss library uses thread local storage
>> (TLS) to store a number of values including ccache name and error
>> messages.  The TLS stored value must be a copy in order to prevent
>> corruption when the original source string is deallocated or altered.
> In the example Stephen posted, he does the following:
>     krb5_lock();
>     if( neg_ctx->context == GSS_C_NO_CONTEXT){
>         major_status =gss_krb5_ccache_name(&minor_status,krb5->ccache_name,
> &old_name);
>    :
>    }
>     major_status = gss_init_sec_context(&minor_status,
>   :
>     if(old_name)gss_krb5_ccache_name(&minor_status,old_name, NULL);
>     krb5_unlock();

Stephen wrote that he tried the above code only after

   major_status =gss_krb5_ccache_name(&minor_status,

resulted in a leak.  When the 'old_name' parameter is provided a NULL
input there is no responsibility on the part of the function caller
to free the memory.

Note that there is a second problem with this api.  When a non-NULL
'old_name' parameter is provided, it must be freed using the same
free() as is linked to the gssapi32.dll library.  Unfortunately,
there is no gss_krb5_free_ccname() function in the API available
to make sure that this is possible.  As a result, passing anything
other than NULL as the 'old_name' parameter is dangerous on Windows.

>> If that is the case, the real bug here is that the gssapi32.dll
>> does not implement a DLL_THREAD_DETACH routine which would free
>> any allocated memory stored under the registered TLS keys.
> Well, if you're not doing that, you certainly should...

Indeed, this should be fixed.

Jeffrey Altman

More information about the krbdev mailing list