Skip Menu |
 

From: Luke Howard <lukeh@padl.com>
To: krb5-bugs@mit.edu
Subject: krb5_ktfile_get_entry() can invalidate keytab file handle
Date: Fri, 16 Mar 2007 15:18:56 +1100
Cc: mc@suse.de, gd@samba.org, samba-maintainers@suse.de

From:

http://lists.samba.org/archive/samba-technical/2006-March/046171.html

Show quoted text
> as the MIT krb5's krb5_rd_req does an explicit close on the keytab when it
> was able to decrypt the ticket (but the ticket is not yet or no longer
> valid), we crash on calling krb5_ktfile_get_entry the next time as the
> krb5_keytab has become invalid. (to reproduce set your clock to a wrong
> time and use "use kerberos keytab = yes).

Although some versions of Samba have a workaround for this, it would
be wise to validate the file handle before deferencing it in kt_file.c.

See attached patch.

regards,

-- Luke
Download kt_file.c.diff
text/plain 412B

Message body is not shown because sender requested not to inline it.

--
www.padl.com | www.lukehoward.com
From: raeburn@mit.edu
Subject: SVN Commit
Check for null file handle in get_next.
Patch from Luke Howard.

Commit By: raeburn



Revision: 19736
Changed Files:
_U trunk/
U trunk/src/lib/krb5/keytab/kt_file.c
From: tlyu@mit.edu
Subject: SVN Commit
pull up r19736 from trunk

r19736@cathode-dark-space: raeburn | 2007-07-27 00:38:46 -0400
ticket: 5471

Check for null file handle in get_next.
Patch from Luke Howard.



Commit By: tlyu



Revision: 19907
Changed Files:
_U branches/krb5-1-6/
U branches/krb5-1-6/src/lib/krb5/keytab/kt_file.c