From: Greg Hudson Date: Thu, 1 Mar 2012 20:49:17 +0000 (+0000) Subject: Fix KDB iteration when callback does write calls X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=4df31be8282f744201814493ebe0dbe92bcb8bcd;p=krb5.git Fix KDB iteration when callback does write calls kdb_db2's ctx_iterate makes an convenience alias to dbc->db in order to call more invoke call the DB's seq method. This alias may become invalidated if the callback writes to the DB, since ctx_lock() may re-open the DB in order to acquire a write lock. Fix the bug by getting rid of the convenience alias. Most KDB iteration operations in the code base do not write to the DB, but kdb5_util update_princ_encryption does. Bug discovered and diagnosed by will.fiveash@oracle.com. ticket: 7096 target_version: 1.10.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25723 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/plugins/kdb/db2/kdb_db2.c b/src/plugins/kdb/db2/kdb_db2.c index f63b12e05..e85ce4be1 100644 --- a/src/plugins/kdb/db2/kdb_db2.c +++ b/src/plugins/kdb/db2/kdb_db2.c @@ -940,7 +940,6 @@ ctx_iterate(krb5_context context, krb5_db2_context *dbc, krb5_error_code (*func)(krb5_pointer, krb5_db_entry *), krb5_pointer func_arg) { - DB *db; DBT key, contents; krb5_data contdata; krb5_db_entry *entry; @@ -951,8 +950,7 @@ ctx_iterate(krb5_context context, krb5_db2_context *dbc, if (retval) return retval; - db = dbc->db; - dbret = db->seq(db, &key, &contents, R_FIRST); + dbret = dbc->db->seq(dbc->db, &key, &contents, R_FIRST); while (dbret == 0) { contdata.data = contents.data; contdata.length = contents.size; @@ -974,7 +972,7 @@ ctx_iterate(krb5_context context, krb5_db2_context *dbc, retval = retval2; break; } - dbret = db->seq(db, &key, &contents, R_NEXT); + dbret = dbc->db->seq(dbc->db, &key, &contents, R_NEXT); } switch (dbret) { case 1: