diff options
author | Greg Hudson <ghudson@mit.edu> | 2021-06-20 19:24:07 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2021-07-12 12:00:00 -0400 |
commit | 4abb051f76ae8f55247875a68f424a62a6315ec0 (patch) | |
tree | abb4b758b0409a25098a568b097dec1b6adc2f1c | |
parent | c4a406095b3ea4a67ae5b8ea586cbe9abdbae76f (diff) | |
download | krb5-4abb051f76ae8f55247875a68f424a62a6315ec0.zip krb5-4abb051f76ae8f55247875a68f424a62a6315ec0.tar.gz krb5-4abb051f76ae8f55247875a68f424a62a6315ec0.tar.bz2 |
Using locking in MEMORY krb5_cc_get_principal()
Without locking, the principal pointer could be freed out from under
krb5_copy_principal() by another thread calling krb5_cc_initialize()
or krb5_cc_destroy().
(cherry picked from commit 1848447291c68e21311f441b0458ae53471d00d3)
ticket: 9014
version_fixed: 1.18.4
-rw-r--r-- | src/lib/krb5/ccache/cc_memory.c | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/src/lib/krb5/ccache/cc_memory.c b/src/lib/krb5/ccache/cc_memory.c index 9d13de9..6b07a2d 100644 --- a/src/lib/krb5/ccache/cc_memory.c +++ b/src/lib/krb5/ccache/cc_memory.c @@ -575,12 +575,17 @@ krb5_mcc_get_name (krb5_context context, krb5_ccache id) krb5_error_code KRB5_CALLCONV krb5_mcc_get_principal(krb5_context context, krb5_ccache id, krb5_principal *princ) { - krb5_mcc_data *ptr = (krb5_mcc_data *)id->data; - if (!ptr->prin) { - *princ = 0L; - return KRB5_FCC_NOFILE; - } - return krb5_copy_principal(context, ptr->prin, princ); + krb5_error_code ret; + krb5_mcc_data *d = id->data; + + *princ = NULL; + k5_cc_mutex_lock(context, &d->lock); + if (d->prin == NULL) + ret = KRB5_FCC_NOFILE; + else + ret = krb5_copy_principal(context, d->prin, princ); + k5_cc_mutex_unlock(context, &d->lock); + return ret; } krb5_error_code KRB5_CALLCONV |