diff options
| author | Tom Yu <tlyu@mit.edu> | 2012-03-08 04:31:57 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2012-03-08 04:31:57 +0000 |
| commit | a9bfc23583411331fd78401815ebd040f2b93409 (patch) | |
| tree | f430433f00c4699a6ba694f58bea1c033ff7dd40 | |
| parent | 3d0b609b25624ea8946f4a08b8dedcea79ee0899 (diff) | |
| download | krb5-a9bfc23583411331fd78401815ebd040f2b93409.zip krb5-a9bfc23583411331fd78401815ebd040f2b93409.tar.gz krb5-a9bfc23583411331fd78401815ebd040f2b93409.tar.bz2 | |
Fix KDB iteration when callback does write calls
Back port r25723
------------------------------------------------------------------------
r25723 | ghudson | 2012-03-01 15:49:17 -0500 (Thu, 01 Mar 2012) | 16 lines
ticket: 7096
subject: Fix KDB iteration when callback does write calls
target_version: 1.10.1
tags: pullup
kdb_db2's ctx_iterate makes an convenience alias to dbc->db in order
to call more invoke call the DB's seq method. This alias may become
invalidated if the callback writes to the DB, since ctx_lock() may
re-open the DB in order to acquire a write lock. Fix the bug by
getting rid of the convenience alias.
Most KDB iteration operations in the code base do not write to the DB,
but kdb5_util update_princ_encryption does.
Bug discovered and diagnosed by will.fiveash@oracle.com.
ticket: 7103
version_fixed: 1.9.4
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@25747 dc483132-0cff-0310-8789-dd5450dbe970
| -rw-r--r-- | src/plugins/kdb/db2/kdb_db2.c | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/src/plugins/kdb/db2/kdb_db2.c b/src/plugins/kdb/db2/kdb_db2.c index 334e5a3..59660da 100644 --- a/src/plugins/kdb/db2/kdb_db2.c +++ b/src/plugins/kdb/db2/kdb_db2.c @@ -1032,7 +1032,6 @@ krb5_db2_iterate_ext(krb5_context context, krb5_pointer func_arg, int backwards, int recursive) { krb5_db2_context *db_ctx; - DB *db; DBT key, contents; krb5_data contdata; krb5_db_entry *entry; @@ -1050,17 +1049,17 @@ krb5_db2_iterate_ext(krb5_context context, if (retval) return retval; - db = db_ctx->db; - if (recursive && db->type != DB_BTREE) { + if (recursive && db_ctx->db->type != DB_BTREE) { (void) krb5_db2_unlock(context); return KRB5_KDB_UK_RERROR; /* Not optimal, but close enough. */ } if (!recursive) { - dbret = (*db->seq) (db, &key, &contents, backwards ? R_LAST : R_FIRST); + dbret = db_ctx->db->seq(db_ctx->db, &key, &contents, + backwards ? R_LAST : R_FIRST); } else { #ifdef HAVE_BT_RSEQ - dbret = bt_rseq(db, &key, &contents, &cookie, + dbret = bt_rseq(db_ctx->db, &key, &contents, &cookie, backwards ? R_LAST : R_FIRST); #else (void) krb5_db2_unlock(context); @@ -1091,11 +1090,11 @@ krb5_db2_iterate_ext(krb5_context context, break; } if (!recursive) { - dbret = (*db->seq) (db, &key, &contents, - backwards ? R_PREV : R_NEXT); + dbret = db_ctx->db->seq(db_ctx->db, &key, &contents, + backwards ? R_PREV : R_NEXT); } else { #ifdef HAVE_BT_RSEQ - dbret = bt_rseq(db, &key, &contents, &cookie, + dbret = bt_rseq(db_ctx->db, &key, &contents, &cookie, backwards ? R_PREV : R_NEXT); #else (void) krb5_db2_unlock(context); |