pull up r19526 from trunk
r19526@cathode-dark-space: tlyu | 2007-04-25 17:19:07 -0400
ticket: new
target_version: 1.6.2
tags: pullup
subject: race condition in referrals fallback
* src/lib/krb5/krb/gc_frm_kdc.c (krb5_get_cred_from_kdc_opt):
During referrals fallback, set *tgts to NULL after freeing. This
avoids returning a pointer to freed memory when the first call to
do_traversal() obtains some TGTs and the subsequent
krb5_cc_retrieve_cred() of the final-hop TGT succeeds (due to some
other thread or process storing that TGT into the ccache), causing
second do_traversal() call (which would re-initialize *tgts) to
not execute. Race condition found during KfW-3.2 testing.
ticket: 5546
version_fixed: 1.6.2
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19528
dc483132-0cff-0310-8789-
dd5450dbe970
projects / krb5.git / commit