Skip Menu |
 

To: krb5-bugs@mit.edu
Subject: mutex locking issues in memory ccaches
Date: Fri, 29 Feb 2008 15:36:20 -0500
From: Roland Dowdeswell <elric@imrryr.org>
Download (untitled) / with headers
text/plain 1.2KiB
There are two mutex locking issues that I've noticed in the memory
ccache. The first one is in cc_memory.c:krb5_mcc_initialize(). When
it is free(3)ing the existing credentials it does not lock the data
structures and hence two separate threads can run into issues.

I attach a proposed patch for this issue.

I think though, that krb5_mcc_destroy() will also have the same issue
but I haven't provided a patch.

Thanks,

--
Roland C. Dowdeswell

Index: cc_memory.c
===================================================================
RCS file: /ms/dev/kerberos/mitkrb5/cvs-dirs/mitkrb5-1.4/mitkrb5/src/lib/krb5/ccache/cc_memory.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -u -r1.2 -r1.3
--- cc_memory.c 29 Feb 2008 20:23:23 -0000 1.2
+++ cc_memory.c 29 Feb 2008 20:24:30 -0000 1.3
@@ -118,10 +118,18 @@
krb5_mcc_initialize(krb5_context context, krb5_ccache id, krb5_principal princ)
{
krb5_error_code ret;
+ krb5_error_code err;
+ krb5_mcc_data *d;
+
+ d = id->data;
+ err = k5_mutex_lock(&d->lock);
+ if (err)
+ return err;

krb5_mcc_free(context, id);
ret = krb5_copy_principal(context, princ,
&((krb5_mcc_data *)id->data)->prin);
+ k5_mutex_unlock(&d->lock);
if (ret == KRB5_OK)
krb5_change_cache();
return ret;
I have reviewed the submitted patch and modified it slightly to apply a
cast. I have also added mutex locking to krb5_mcc_destroy although the
reality is that if you are about to free the memory there is nothing
much that locking can do to help prevent the crash if one thread
destroys the ccache while it is still in use by other threads.
Download rt5895.patch
application/octet-stream 968B

Message body not shown because it is not plain text.

Looks good to me, Jeff, please go ahead check it in...

I don't know if Tom will want it for 1.6.4, but please mark it as ready for pullup, and he can
make the call.
From: jaltman@mit.edu
Subject: SVN Commit

There are two mutex locking issues that Roland Dowdeswell noticed in
the memory ccache. The first one is in cc_memory.c:krb5_mcc_initialize().
When it is free(3)ing the existing credentials it does not lock the
data structures and hence two separate threads can run into issues.

The same problem exists in cc_memory.c:krb5_mcc_destroy().


Commit By: jaltman



Revision: 20555
Changed Files:
U trunk/src/lib/krb5/ccache/cc_memory.c
From: tlyu@mit.edu
Subject: SVN Commit

pull up r20555 from trunk

r20555@cathode-dark-space: jaltman | 2008-07-21 15:43:21 -0400
ticket: 5895
tags: pullup

There are two mutex locking issues that Roland Dowdeswell noticed in
the memory ccache. The first one is in cc_memory.c:krb5_mcc_initialize().
When it is free(3)ing the existing credentials it does not lock the
data structures and hence two separate threads can run into issues.

The same problem exists in cc_memory.c:krb5_mcc_destroy().




Commit By: tlyu



Revision: 20562
Changed Files:
_U branches/krb5-1-6/
U branches/krb5-1-6/src/lib/krb5/ccache/cc_memory.c