From: Tom Yu Date: Wed, 6 Aug 2014 22:45:20 +0000 (-0400) Subject: Disallow unlocked iteration of hash databases X-Git-Tag: krb5-1.13-alpha1~12 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ded6f17bbda92419a68478b822ce79406c0be1e0;p=thirdparty%2Fkrb5.git Disallow unlocked iteration of hash databases It's not clear whether unlocked iteration over a hash DB2 database will omit unaffected entries if database additions or deletions occur concurrently with the iteration. Avoid this situation by disabling unlocked iteration in the unlikely event that someone is still using a hash database for their KDB. ticket: 7977 --- diff --git a/src/plugins/kdb/db2/kdb_db2.c b/src/plugins/kdb/db2/kdb_db2.c index b7cdc88e36..4c2292c057 100644 --- a/src/plugins/kdb/db2/kdb_db2.c +++ b/src/plugins/kdb/db2/kdb_db2.c @@ -386,6 +386,9 @@ open_db(krb5_db2_context *dbc, int flags, int mode) break; } + /* Don't try unlocked iteration with a hash database. */ + if (db != NULL && dbc->hashfirst) + dbc->unlockiter = FALSE; done: free(fname); return db;