Ticket History #3746: krb5_cc_gen_new memory implementation doesn't create a new ccache

krb5_cc_gen_new memory implementation doesn't actually create a new ccache. Because of this
there are race conditions in a variety of places in the library which expect this function to create
a new temporary ccache. These include krb5_verify_init_creds(), gss_accept_sec_context() and
the KLL API.

Note that since the function was broken before the callers must be modified so that they
actually destroy the newly created ccache. They couldn't do this before since that would have
made the race conditions worse.

Fixed the krb5_cc_gen_new memory ccache implementation and updated
krb5_verify_init_creds() and rd_and_store_for_creds() to use the
API properly (possible now that it's been fixed).

Commit By: lxs



Revision: 17997
Changed Files:
U trunk/src/lib/gssapi/krb5/accept_sec_context.c
U trunk/src/lib/krb5/ccache/cc_memory.c
U trunk/src/lib/krb5/krb/vfy_increds.c

[forgot to put ticket number in commit]

Commit By: tlyu
Log Message:
Use unsigned char rather than u_int8_t in random_string().



Changed Files:
U trunk/src/lib/krb5/ccache/cc_memory.c

Memory leaks when credential delegation is used.

Function krb5_mcc_generate_new in ./ccache/cc_memory.c leaks memory.
The local id variable "krb5_ccache lid" is neither freed nor assigned
back to calling function. It is reported as leak in valgrind in version
1.4.1

Fixed by lxs in rev 17997, for the 1.5 releases.