kdb_db2's ctx_iterate makes an convenience alias to dbc->db in order
to call more invoke call the DB's seq method. This alias may become
invalidated if the callback writes to the DB, since ctx_lock() may
re-open the DB in order to acquire a write lock. Fix the bug by
getting rid of the convenience alias.
Most KDB iteration operations in the code base do not write to the DB,
but kdb5_util update_princ_encryption does.
Bug discovered and diagnosed by will.fiveash@oracle.com.
ticket: 7096
target_version: 1.10.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25723
dc483132-0cff-0310-8789-
dd5450dbe970
krb5_error_code (*func)(krb5_pointer, krb5_db_entry *),
krb5_pointer func_arg)
{
- DB *db;
DBT key, contents;
krb5_data contdata;
krb5_db_entry *entry;
if (retval)
return retval;
- db = dbc->db;
- dbret = db->seq(db, &key, &contents, R_FIRST);
+ dbret = dbc->db->seq(dbc->db, &key, &contents, R_FIRST);
while (dbret == 0) {
contdata.data = contents.data;
contdata.length = contents.size;
retval = retval2;
break;
}
- dbret = db->seq(db, &key, &contents, R_NEXT);
+ dbret = dbc->db->seq(dbc->db, &key, &contents, R_NEXT);
}
switch (dbret) {
case 1:
projects / krb5.git / commitdiff