pull up r20555 from trunk

 r20555@cathode-dark-space:  jaltman | 2008-07-21 15:43:21 -0400
 ticket: 5895
 tags: pullup

 There are two mutex locking issues that Roland Dowdeswell noticed in
 the memory ccache.  The first one is in cc_memory.c:krb5_mcc_initialize().
 When it is free(3)ing the existing credentials it does not lock the
 data structures and hence two separate threads can run into issues.

 The same problem exists in cc_memory.c:krb5_mcc_destroy().

ticket: 5895
status: resolved
version_fixed: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20562 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/krb5/ccache/cc_memory.c b/src/lib/krb5/ccache/cc_memory.c
index a289425e111720bc0ed5d10c760be9abde791048..5c8cffd29eb677c2973b73758e101c41e081a629 100644 (file)
--- a/src/lib/krb5/ccache/cc_memory.c
+++ b/src/lib/krb5/ccache/cc_memory.c
@@ -135,10 +135,18 @@ krb5_error_code KRB5_CALLCONV
 krb5_mcc_initialize(krb5_context context, krb5_ccache id, krb5_principal princ)
 {
     krb5_error_code ret; 
+    krb5_mcc_data *d;
+
+    d = (krb5_mcc_data *)id->data;
+    ret = k5_mutex_lock(&d->lock);
+    if (ret)
+        return ret;
 
     krb5_mcc_free(context, id);
     ret = krb5_copy_principal(context, princ,
                              &((krb5_mcc_data *)id->data)->prin);
+
+    k5_mutex_unlock(&d->lock);
     if (ret == KRB5_OK)
         krb5_change_cache();
     return ret;
@@ -205,8 +213,13 @@ krb5_mcc_destroy(krb5_context context, krb5_ccache id)
     }
     k5_mutex_unlock(&krb5int_mcc_mutex);
 
+    err = k5_mutex_lock(&d->lock);
+    if (err)
+        return err;
+
     krb5_mcc_free(context, id);
     krb5_xfree(d->name);
+    k5_mutex_unlock(&d->lock);
     k5_mutex_destroy(&d->lock);
     krb5_xfree(d); 
     krb5_xfree(id);