gss_krb5_export_lucid_sec_context broken since 1.7?

ghudson@MIT.EDU ghudson at MIT.EDU
Fri May 6 13:59:38 EDT 2011

While working on the kernel subset, I ran into an apparent fatal bug
in gss_krb5_export_lucid_sec_context.  Since this function was
rewritten in 1.7 to use gss_inquire_sec_context_by_oid, it's been
calling krb5_gss_delete_sec_context on a union context, which
invariably causes a crash.

The fix is easy.  What confuses me is why this hasn't been bothering
Linux-NFS users, while much more subtle issues have been (like
acceptor subkey enctype negotiation).  Does anyone have any insight?
I think there are things I don't understand about the glue between
gssd and the MIT krb5 code.

More information about the krbdev mailing list