Project review: GSS credential store extensions

Simo Sorce simo at
Thu Jul 12 15:22:56 EDT 2012

On Thu, 2012-07-12 at 12:43 -0400, Sam Hartman wrote:
> >>>>> "Greg" == Greg Hudson <ghudson at MIT.EDU> writes:
> Ok. Well, add me to Nico in the strong disagreement camp here.  If it
> were just the buffers, I would agree with you.  
> I'm actually a bit puzzled about why you're bringing up buffers though;
> this structure does not include buffers.
> My concern is the array
> of pointers to buffers and what happens when you want to try and
> manipulate them. My experience with memory management for oid sets
> suggests this is an area where even in non-performance-sensitive areas
> it gets really messy.
> Even if Nico and I aren't able to build a consensus in favor of a better
> memory management approach, I think it's critical that we document the
> assumptions of this approach.  Namely, you cannot free a cred_set you
> didn't allocate. You cannot manipulate one; you must copy to manipulate.

In my view the cred_store is not something you manipulate within gssapi,
it's a configuration store for credential, not a 'communication means'.

So leaving memory management to the application seem quite reasonable
and safe.


Simo Sorce * Red Hat, Inc * New York

More information about the krbdev mailing list