From af525bc76084e86416986f326da69223c1e4fc4f Mon Sep 17 00:00:00 2001
From: Tom Yu <tlyu@mit.edu>
Date: Fri, 10 Feb 2012 21:19:01 +0000
Subject: [PATCH] Pull up r25659 from trunk

 ------------------------------------------------------------------------
 r25659 | ghudson | 2012-01-26 12:01:05 -0500 (Thu, 26 Jan 2012) | 10 lines

 ticket: 7081
 subject: Don't use stack variable address in as_req state
 target_version: 1.10
 tags: pullup

 The KDC's process_as_req was storing the address of a stack variable
 (client_princ), which fails if the request is not immediately
 serviced.  Move that variable to the state structure so its address
 remains valid for the lifetime of the request.

ticket: 7081
version_fixed: 1.10.1
status: resolved

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-10@25680 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/kdc/do_as_req.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
index 5d7fc221c..23623fe1b 100644
--- a/src/kdc/do_as_req.c
+++ b/src/kdc/do_as_req.c
@@ -102,6 +102,7 @@ struct as_req_state {
     loop_respond_fn respond;
     void *arg;
 
+    krb5_principal_data client_princ;
     krb5_enc_tkt_part enc_tkt_reply;
     krb5_enc_kdc_rep_part reply_encpart;
     krb5_ticket ticket_reply;
@@ -458,7 +459,6 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
     krb5_error_code errcode;
     krb5_timestamp rtime;
     unsigned int s_flags = 0;
-    krb5_principal_data client_princ;
     krb5_data encoded_req_body;
     krb5_enctype useenctype;
     struct as_req_state *state;
@@ -699,13 +699,13 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
 
     state->enc_tkt_reply.session = &state->session_key;
     if (isflagset(state->c_flags, KRB5_KDB_FLAG_CANONICALIZE)) {
-        client_princ = *(state->client->princ);
+        state->client_princ = *(state->client->princ);
     } else {
-        client_princ = *(state->request->client);
+        state->client_princ = *(state->request->client);
         /* The realm is always canonicalized */
-        client_princ.realm = state->client->princ->realm;
+        state->client_princ.realm = state->client->princ->realm;
     }
-    state->enc_tkt_reply.client = &client_princ;
+    state->enc_tkt_reply.client = &state->client_princ;
     state->enc_tkt_reply.transited.tr_type = KRB5_DOMAIN_X500_COMPRESS;
     state->enc_tkt_reply.transited.tr_contents = empty_string;
 
-- 
2.26.2