From 52fd212263c4d2af5ee93894517ad790db705f13 Mon Sep 17 00:00:00 2001 From: Alexandra Ellwood Date: Tue, 19 Sep 2006 22:40:09 +0000 Subject: [PATCH] Bad loop logic in krb5_mcc_generate_new krb5_mcc_generate_new() Error in loop caused first item in the list to not get checked the second time through scanning for duplicates. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18594 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/ccache/cc_memory.c | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/src/lib/krb5/ccache/cc_memory.c b/src/lib/krb5/ccache/cc_memory.c index 9ead3a6f5..9b5ee9f38 100644 --- a/src/lib/krb5/ccache/cc_memory.c +++ b/src/lib/krb5/ccache/cc_memory.c @@ -464,7 +464,6 @@ krb5_mcc_generate_new (krb5_context context, krb5_ccache *id) char uniquename[8]; krb5_error_code err; krb5_mcc_data *d; - krb5_mcc_list_node *ptr; /* Allocate memory */ lid = (krb5_ccache) malloc(sizeof(struct _krb5_ccache)); @@ -472,9 +471,7 @@ krb5_mcc_generate_new (krb5_context context, krb5_ccache *id) return KRB5_CC_NOMEM; lid->ops = &krb5_mcc_ops; - - random_string (context, uniquename, sizeof (uniquename)); - + err = k5_mutex_lock(&krb5int_mcc_mutex); if (err) { free(lid); @@ -483,15 +480,16 @@ krb5_mcc_generate_new (krb5_context context, krb5_ccache *id) /* Check for uniqueness with mutex locked to avoid race conditions */ while (1) { + krb5_mcc_list_node *ptr; + + random_string (context, uniquename, sizeof (uniquename)); + for (ptr = mcc_head; ptr; ptr=ptr->next) { if (!strcmp(ptr->cache->name, uniquename)) { - /* name already exists. Pick a new one and start over. */ - random_string (context, uniquename, sizeof (uniquename)); - ptr = mcc_head; - continue; + break; /* got a match, loop again */ } } - break; /* got a unique name. Stop. */ + if (!ptr) break; /* got to the end without finding a match */ } err = new_mcc_data(uniquename, &d); @@ -518,7 +516,7 @@ random_string (krb5_context context, char *string, krb5_int32 length) "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; krb5_error_code err = 0; unsigned char *bytes = NULL; - size_t bytecount = length - 1; + krb5_int32 bytecount = length - 1; if (!err) { bytes = malloc (bytecount); -- 2.26.2