48 lines
1.5 KiB
Diff
48 lines
1.5 KiB
Diff
From d9a6607d47ff6449d1cad2a9a5b4d3b9b2768ddd Mon Sep 17 00:00:00 2001
|
|
From: Greg Hudson <ghudson@mit.edu>
|
|
Date: Sun, 20 Jun 2021 19:24:07 -0400
|
|
Subject: [PATCH] Using locking in MEMORY krb5_cc_get_principal()
|
|
|
|
Without locking, the principal pointer could be freed out from under
|
|
krb5_copy_principal() by another thread calling krb5_cc_initialize()
|
|
or krb5_cc_destroy().
|
|
|
|
ticket: 9014 (new)
|
|
tags: pullup
|
|
target_version: 1.19-next
|
|
target_version: 1.18-next
|
|
|
|
(cherry picked from commit 1848447291c68e21311f441b0458ae53471d00d3)
|
|
---
|
|
src/lib/krb5/ccache/cc_memory.c | 17 +++++++++++------
|
|
1 file changed, 11 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/src/lib/krb5/ccache/cc_memory.c b/src/lib/krb5/ccache/cc_memory.c
|
|
index 610091a25..e4c795d25 100644
|
|
--- a/src/lib/krb5/ccache/cc_memory.c
|
|
+++ b/src/lib/krb5/ccache/cc_memory.c
|
|
@@ -575,12 +575,17 @@ krb5_mcc_get_name (krb5_context context, krb5_ccache id)
|
|
krb5_error_code KRB5_CALLCONV
|
|
krb5_mcc_get_principal(krb5_context context, krb5_ccache id, krb5_principal *princ)
|
|
{
|
|
- krb5_mcc_data *ptr = (krb5_mcc_data *)id->data;
|
|
- if (!ptr->prin) {
|
|
- *princ = 0L;
|
|
- return KRB5_FCC_NOFILE;
|
|
- }
|
|
- return krb5_copy_principal(context, ptr->prin, princ);
|
|
+ krb5_error_code ret;
|
|
+ krb5_mcc_data *d = id->data;
|
|
+
|
|
+ *princ = NULL;
|
|
+ k5_cc_mutex_lock(context, &d->lock);
|
|
+ if (d->prin == NULL)
|
|
+ ret = KRB5_FCC_NOFILE;
|
|
+ else
|
|
+ ret = krb5_copy_principal(context, d->prin, princ);
|
|
+ k5_cc_mutex_unlock(context, &d->lock);
|
|
+ return ret;
|
|
}
|
|
|
|
krb5_error_code KRB5_CALLCONV
|