Skip Menu |
 

Subject: Ticket 5995 (r20586) broke ticket acquistion on Microsoft Windows
Download (untitled) / with headers
text/plain 1.7KiB
Ticket 5995 (r20586) lib/krb5/os/sendto_kdc.c was designed to prevent
socket fd values larger than FD_SETSIZE from being accepted because in
gssapi there are arrays of size FD_SETSIZE that track fd connection state.

Unfortunately, this commit made two errors:

1. It fails to take into account that on Windows, a SOCKET is a form of
HANDLE and it is not an integer value ranging from 0 to FD_SETSIZE-1.
In fact, on Windows, an FD_SET is of arbitrary size and the number of
file descriptors parameter in select() calls is simply ignored.

2. Since SOCKETs are not run time library file descriptors,
closesocket() must be used to close the socket and not close().

As a result of the first error, all sockets that are allocated are
larger than FD_SETSIZE and are immediately closed. It is therefore
impossible to communicate with a KDC.

As a result of the second error, memory is corrupted and random crashes
will occur upon process exit.

A proposed patch:

Index: os/sendto_kdc.c
===================================================================
--- os/sendto_kdc.c (revision 22114)
+++ os/sendto_kdc.c (working copy)
@@ -654,12 +654,17 @@
dprint("socket: %m creating with af %d\n", state->err,
ai->ai_family);
return -1; /* try other hosts */
}
- if (fd >= FD_SETSIZE) {
- close(fd);
+#ifndef _WIN32
+ /* Windows sockets are handles, not sequential ints.
+ * FD_SETSIZE is meaningless on Windows.
+ */
+ if (fd >= FD_SETSIZE) {
+ closesocket(fd);
state->err = EMFILE;
dprint("socket: fd %d too high\n", fd);
return -1;
}
+#endif /* _WIN32 */
/* Make it non-blocking. */
if (ai->ai_socktype == SOCK_STREAM) {
static const int one = 1;

Please pullup to 1.6 branch when applied.

Jeffrey Altman
This should be a pullup of r20479 (ticket #5925). References updated accordingly.
From: tlyu@mit.edu
Subject: SVN Commit

pull up r20479 from trunk. The ticket numbers don't match because
reported on the 1.6 branch.

------------------------------------------------------------------------
r20479 | raeburn | 2008-06-26 20:31:59 -0400 (Thu, 26 Jun 2008) | 8 lines

ticket: 5925
status: open

Don't do FD_SETSIZE check on Windows.
Also, for form's sake, use closesocket instead of close inside the check.

Kevin or Jeff, could you please verify that the code works again?

https://github.com/krb5/krb5/commit/50987eba0262cb34a7ba45a2d1130931ed922e62
Commit By: tlyu
Revision: 22442
Changed Files:
U branches/krb5-1-6/src/lib/krb5/os/sendto_kdc.c