diff options
| author | Tom Yu <tlyu@mit.edu> | 2007-04-10 21:51:59 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2007-04-10 21:51:59 +0000 |
| commit | 8c86041853d617eabe613a5906279f8258a543df (patch) | |
| tree | 068f4996236cefc5c08f8698956e80d4f62b4815 /src | |
| parent | ebd2bf7c71d836b443a293aa255bc1761d8b8685 (diff) | |
| download | krb5-8c86041853d617eabe613a5906279f8258a543df.zip krb5-8c86041853d617eabe613a5906279f8258a543df.tar.gz krb5-8c86041853d617eabe613a5906279f8258a543df.tar.bz2 | |
pull up r19399 from trunk
r19399@cathode-dark-space: raeburn | 2007-04-05 16:22:28 -0400
ticket: new
subject: service location plugin returning no addresses handled incorrectly
If a locate plugin (e.g., the Python sample plugin and script, when
given realm BOBO.MIT.EDU) returns no error but no addresses, the library
won't report an error, but will try to make contact, and eventually
crash with a null pointer dereference.
Fix: If a plugin returns a value other than PLUGIN_NO_HANDLE, including
success, continue into the code that checks for an empty address list.
ticket: 5509
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19416 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/krb5/os/locate_kdc.c | 36 |
1 files changed, 18 insertions, 18 deletions
diff --git a/src/lib/krb5/os/locate_kdc.c b/src/lib/krb5/os/locate_kdc.c index 57e2456..61ffe8c 100644 --- a/src/lib/krb5/os/locate_kdc.c +++ b/src/lib/krb5/os/locate_kdc.c @@ -778,28 +778,28 @@ krb5int_locate_server (krb5_context context, const krb5_data *realm, code = module_locate_server(context, realm, &al, svc, socktype, family); Tprintf("module_locate_server returns %d\n", code); - if (code != KRB5_PLUGIN_NO_HANDLE) { - *addrlist = al; - return code; - } - - /* - * We always try the local file before DNS - */ - - code = prof_locate_server(context, realm, &al, svc, socktype, family); + if (code == KRB5_PLUGIN_NO_HANDLE) { + /* + * We always try the local file before DNS. Note that there + * is no way to indicate "service not available" via the + * config file. + */ - /* We could put more heuristics here, like looking up a hostname - of "kerberos."+REALM, etc. */ + code = prof_locate_server(context, realm, &al, svc, socktype, family); #ifdef KRB5_DNS_LOOKUP - if (code) { - krb5_error_code code2; - code2 = dns_locate_server(context, realm, &al, svc, socktype, family); - if (code2 != KRB5_PLUGIN_NO_HANDLE) - code = code2; - } + if (code) { /* Try DNS for all profile errors? */ + krb5_error_code code2; + code2 = dns_locate_server(context, realm, &al, svc, socktype, + family); + if (code2 != KRB5_PLUGIN_NO_HANDLE) + code = code2; + } #endif /* KRB5_DNS_LOOKUP */ + + /* We could put more heuristics here, like looking up a hostname + of "kerberos."+REALM, etc. */ + } if (code == 0) Tprintf ("krb5int_locate_server found %d addresses\n", al.naddrs); |