RT/krbdev.mit.edu: Ticket #5678 NIM: BUG: APP: WM_TIMER messages if received after timer event is canceled results in invalid data access

RT/krbdev.mit.edu: Ticket #5678 NIM: BUG: APP: WM_TIMER messages if received after timer event is canceled results in invalid data access

Signed in as guest.
[Logout]

[Home]

[Search]

[Configuration]

[Display]

[History]

[Basics]

[Dates]

[People]

[Links]

[Jumbo]

The Basics

Id
5678

Status
resolved

Worked
0 min

Priority
0/0

Queue
krb5

Keyword Selections

Component	windows
Version_reported
Version_Fixed	1.6.3
Target_Version	1.6.3
Tags	pullup

Relationships

Depends on:

Depended on by:

Parents:

5691: (jaltman) Post KFW 3.2.1 Tracking Ticket [resolved]

Children:

Refers to:

Referred to by:

Dates

Created:	Fri Aug 24 10:33:14 2007
Starts:	Not set
Started:	Fri Aug 24 10:33:19 2007
Last Contact:	Fri Sep 28 19:37:18 2007
Due:	Not set
Updated:	Wed Jun 25 03:14:26 2008 by guest

People

Owner
jaltman
Requestors
jaltman@mit.edu
Cc

AdminCc

More about Jeffrey Altman

Comments about this user:
No comment entered about this user
This user's 25 highest priority tickets:

1527: krb5_rd_safe_basic() throws exception when sender_addr is NULL (new)
1809: Krb5 Telnet[d] improperly truncates 3DES keys to DES key (new)
2137: krb5_cc_get_principal prevents implementation of auto kinit dialogs in KfM/KfW (new)
2145: gss_release_buffer() too easily deallocates memory it should not (new)
2147: Debug output hooks need to be added to support Windows Help Desk (open)
2253: W2K+3 vs MIT RC4-HMAC based cross-realm trusts (open)
2536: Krb5 Admin Guide fails to document krb524 (new)
2547: Add support for kpasswd/TCP to kadmind (open)
2596: src/krb524/README out of date (new)
2602: Don't reject renewable of non-renewable tickets (new)
2636: replace all calls to getenv()/setenv() with Get/SetEnvironmentVariable on Windows (open)
2640: krb5_cc_default() blocks for two minutes when MSLSA and Logon Server Unavailable (open)
2736: recode krb5_get_credentials to work without a ccache (new)
3112: telnet does not build on Fedora Core 4 (new)
4157: Windows README is out of date (new)
4325: src/include/krb5_err.h needs to be updated to match RFC4120 (new)
4328: Implement new krb5_get_credentials option: KRB5_GC_REPLACE (open)
4740: cccursor backend for MSLSA (new)
5501: Vista UAC impact on Windows Installer requires modifications to admin privilege test (open)
5536: Build Script Fails to build KFW (open)
5543: Build Scripts fail to package with "beta" version (new)
5714: Build Script - Update for 64-bit Windows build (open)
5718: NIM: BUG: APP: Configuration Identity Panel Apply Button (open)
5720: NIM: BUG: APP: Create command-line request queue (open)
5721: NIM: BUG: KRB5: Identity validation can succeed without prompts (open)

History

Display mode: [Brief headers] [Full headers]

Fri Aug 24 10:33:14 2007	jaltman - Ticket created
From: jaltman@mit.edu Subject: SVN Commit The credentials view in Network Identity Manager displays several user interface elements that need to be updated periodically such as any fields that denote the time remaining for a credential or an identity, or an icon and coloring used to indicate the expiration state. When the display rows are computed, the credentials view creates a set of timers that reference each row that times out when that row needs to be redrawn. Since the rows change when switching views or when the outline is recomputed, all the timers are canceled and re-scheduled. However, a race conditions exists where the timer times-out before it is canceled, in which case a WM_TIMER message is placed in the credential window's message queue. Windows does not support canceling a timer that has already fired and has been placed on the message queue. By the time the WM_TIMER message is received by the window, the rows of the display would have been recomputed and the row that the message references may not be what it intended to reference. A spurious WM_TIMER message is harmless when it refers to a row corresponding to a credential. However, the existing code assumed that if a timer event is received that referred to an outline row, then that outline must be an expanded view of an identity, which is currently the only type of outline row that receives timers. This assumption does not always hold in the case of a spurious WM_TIMER message and may lead to the code attempting to use the outline data as a handle to an identity. The patch fixes the problem by checking if the row is actually an expanded view of an identity and ignoring the message if it is not. Commit By: jaltman Revision: 19857 Changed Files: U trunk/src/windows/identity/ui/credwnd.c		Download (untitled) 1.7k
Fri Aug 24 10:33:19 2007	jaltman - Requestor jaltman@mit.edu added
Fri Aug 24 10:33:19 2007	jaltman - Status changed from new to resolved
Fri Aug 24 10:33:20 2007	jaltman - Component windows added
Fri Sep 28 17:15:55 2007	jaltman - Target_Version 1.6.4 added
Fri Sep 28 17:15:55 2007	jaltman - Tags pullup added
Fri Sep 28 18:19:56 2007	tlyu - Target_Version 1.6.4 changed to 1.6.3
Fri Sep 28 19:37:15 2007	tlyu - Version_Fixed 1.6.3 added
Fri Sep 28 19:37:15 2007	tlyu - Correspondence added
From: tlyu@mit.edu Subject: SVN Commit pull up r19857 from trunk r19857@cathode-dark-space: jaltman \| 2007-08-24 10:33:09 -0400 ticket: new subject: NIM: Cannot cancel timers which have inserted a WM_TIMER message into the queue component: windows The credentials view in Network Identity Manager displays several user interface elements that need to be updated periodically such as any fields that denote the time remaining for a credential or an identity, or an icon and coloring used to indicate the expiration state. When the display rows are computed, the credentials view creates a set of timers that reference each row that times out when that row needs to be redrawn. Since the rows change when switching views or when the outline is recomputed, all the timers are canceled and re-scheduled. However, a race conditions exists where the timer times-out before it is canceled, in which case a WM_TIMER message is placed in the credential window's message queue. Windows does not support canceling a timer that has already fired and has been placed on the message queue. By the time the WM_TIMER message is received by the window, the rows of the display would have been recomputed and the row that the message references may not be what it intended to reference. A spurious WM_TIMER message is harmless when it refers to a row corresponding to a credential. However, the existing code assumed that if a timer event is received that referred to an outline row, then that outline must be an expanded view of an identity, which is currently the only type of outline row that receives timers. This assumption does not always hold in the case of a spurious WM_TIMER message and may lead to the code attempting to use the outline data as a handle to an identity. The patch fixes the problem by checking if the row is actually an expanded view of an identity and ignoring the message if it is not. Commit By: tlyu Revision: 19992 Changed Files: _U branches/krb5-1-6/ U branches/krb5-1-6/src/windows/identity/ui/credwnd.c		Download (untitled) 1.9k
Wed Oct 3 15:10:21 2007	jaltman - Subject changed from NIM: Cannot cancel timers which have inserted a WM_TIMER message into the queue to NIM: BUG: APP: WM_TIMER messages if received after timer event is canceled results in invalid data access