git.ipfire.org Git - thirdparty/krb5.git/commit

author	Greg Hudson <ghudson@mit.edu>
	Sun, 1 Jul 2018 04:12:25 +0000 (00:12 -0400)
committer	Greg Hudson <ghudson@mit.edu>
	Wed, 11 Jul 2018 03:59:13 +0000 (23:59 -0400)
commit	146dadec8fe7ccc4149eb2e3f577cc320aee6efb
tree	9ed99a4da33f36d4f54f10db3e277732022afe65	tree
parent	4c547e03daffe18c5477be7075e52f69f84acb08	commit \| diff

Fix bugs with concurrent use of MEMORY ccaches

A memory ccache iterator stores an alias into the cache object's
linked list of credentials.  If the cache is reinitialized while the
iterator is active, the alias becomes invalid.  Also, multiple handles
referencing the same memory ccache all use aliases to the same data
object; if one of the handles is destroyed, the other contains a
dangling pointer.

Fix the first issue by adding a generation counter to the cache and to
cursors, incremented each time the cache is initialized or destroyed.
Check the generation on each cursor step and end the iteration if the
list was invalidated.  Fix the second issue by adding a reference
count to the cache object, counting one reference for the table slot
and one for each open handle.  Empty the cache object on each destroy
operation, but only release the object when the last handle to it is
destroyed or closed.

Add regression tests for the two issues to t_cc.c.

The first issue was reported by Sorin Manolache.

ticket: 8202
tags: pullup
target_version: 1.16-next
target_version: 1.15-next

src/lib/krb5/ccache/cc_memory.c		diff \| blob \| blame \| history
src/lib/krb5/ccache/t_cc.c		diff \| blob \| blame \| history