gss_krb5_export_lucid_sec_context broken since 1.7?
ghudson at MIT.EDU
Fri May 6 13:59:38 EDT 2011
While working on the kernel subset, I ran into an apparent fatal bug
in gss_krb5_export_lucid_sec_context. Since this function was
rewritten in 1.7 to use gss_inquire_sec_context_by_oid, it's been
calling krb5_gss_delete_sec_context on a union context, which
invariably causes a crash.
The fix is easy. What confuses me is why this hasn't been bothering
Linux-NFS users, while much more subtle issues have been (like
acceptor subkey enctype negotiation). Does anyone have any insight?
I think there are things I don't understand about the glue between
gssd and the MIT krb5 code.
More information about the krbdev