Skip Menu |

Subject: MSLSA get next cred functionality
krb5_lcc_next_cred() has several problems:

1. its supposed to return the next cred and therefore if there is an
error while reading/parsing a ticket it is supposed to skip the error
and try the next ticket. It fails to do this correctly.

2. if an error occurs it sets retval to KRB5_FCC_INTERNAL. if it is
able to obtain a subsequent ticket. It does not clear the error value
which in turn breaks the caller.

3. when an error does occur the cause of the error is lost. a
descriptive error should be provided

4. there is a race between when the enumeration is generated in
krb5_lcc_start_seq_get() and when the tickets are read. If the tickets
are removed in between the KRB5_FCC_INTERNAL error is thrown. We can't
avoid the race entirely but it might be useful to parse all of the
tickets in krb5_lcc_start_seq_get() and then just hand them out. On the
other hand this approach would perform unneeded expensive work if the
app only required the first ticket in the cache.

5. a more general problem. there is no validation that the 'id' and
'cursor' inputs are non-NULL.