Fix KDB iteration when callback does write calls

Back port r25723

 ------------------------------------------------------------------------
 r25723 | ghudson | 2012-03-01 15:49:17 -0500 (Thu, 01 Mar 2012) | 16 lines

 ticket: 7096
 subject: Fix KDB iteration when callback does write calls
 target_version: 1.10.1
 tags: pullup

 kdb_db2's ctx_iterate makes an convenience alias to dbc->db in order
 to call more invoke call the DB's seq method.  This alias may become
 invalidated if the callback writes to the DB, since ctx_lock() may
 re-open the DB in order to acquire a write lock.  Fix the bug by
 getting rid of the convenience alias.

 Most KDB iteration operations in the code base do not write to the DB,
 but kdb5_util update_princ_encryption does.

 Bug discovered and diagnosed by will.fiveash@oracle.com.

ticket: 7103
version_fixed: 1.9.4
status: resolved

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@25747 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/plugins/kdb/db2/kdb_db2.c b/src/plugins/kdb/db2/kdb_db2.c
index 334e5a3a882322bbb8ebd68b0cf0cdf0695b7aa1..59660da1ef6ad5ce00b2c202b1cfbd527647cc5a 100644 (file)
--- a/src/plugins/kdb/db2/kdb_db2.c
+++ b/src/plugins/kdb/db2/kdb_db2.c
@@ -1032,7 +1032,6 @@ krb5_db2_iterate_ext(krb5_context context,
                      krb5_pointer func_arg, int backwards, int recursive)
 {
     krb5_db2_context *db_ctx;
-    DB     *db;
     DBT     key, contents;
     krb5_data contdata;
     krb5_db_entry *entry;
@@ -1050,17 +1049,17 @@ krb5_db2_iterate_ext(krb5_context context,
     if (retval)
         return retval;
 
-    db = db_ctx->db;
-    if (recursive && db->type != DB_BTREE) {
+    if (recursive && db_ctx->db->type != DB_BTREE) {
         (void) krb5_db2_unlock(context);
         return KRB5_KDB_UK_RERROR;      /* Not optimal, but close enough. */
     }
 
     if (!recursive) {
-        dbret = (*db->seq) (db, &key, &contents, backwards ? R_LAST : R_FIRST);
+        dbret = db_ctx->db->seq(db_ctx->db, &key, &contents,
+                                backwards ? R_LAST : R_FIRST);
     } else {
 #ifdef HAVE_BT_RSEQ
-        dbret = bt_rseq(db, &key, &contents, &cookie,
+        dbret = bt_rseq(db_ctx->db, &key, &contents, &cookie,
                         backwards ? R_LAST : R_FIRST);
 #else
         (void) krb5_db2_unlock(context);
@@ -1091,11 +1090,11 @@ krb5_db2_iterate_ext(krb5_context context,
             break;
         }
         if (!recursive) {
-            dbret = (*db->seq) (db, &key, &contents,
-                                backwards ? R_PREV : R_NEXT);
+            dbret = db_ctx->db->seq(db_ctx->db, &key, &contents,
+                                    backwards ? R_PREV : R_NEXT);
         } else {
 #ifdef HAVE_BT_RSEQ
-            dbret = bt_rseq(db, &key, &contents, &cookie,
+            dbret = bt_rseq(db_ctx->db, &key, &contents, &cookie,
                             backwards ? R_PREV : R_NEXT);
 #else
             (void) krb5_db2_unlock(context);