Skip Menu |
 

Subject: sendto_kdc can invoke poll with negative timeout
Our select/poll wrapper in cm.c and sendto_kdc.c uses an absolute end
time. If an event occurs just prior to the end time and doesn't terminate
the service_fds loop, and we take a few milliseconds to process it, we
could wind up calling cm_select_or_poll after the end time has expired.
The select wrapper in cm.c is careful to check for this, but the poll
wrapper in sendto_kdc.c is not. If we invoke poll with a negative
timeout, it will wait indefinitely.

This issue was reported in a github pull request by Matthieu Hautreax
<matthieu.hautreux@gmail.com>.
From: ghudson@mit.edu
Subject: SVN Commit

Check for negative poll timeout in k5_sendto_kdc

https://github.com/krb5/krb5/commit/74bee54227deb64a41c2e79f57dd2a2c5ea010a3
Author: Greg Hudson <ghudson@mit.edu>
Commit: 74bee54227deb64a41c2e79f57dd2a2c5ea010a3
Branch: master
src/lib/krb5/os/sendto_kdc.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
This should also be pulled up to the 1.10 branch.
From: tlyu@mit.edu
Subject: SVN Commit

Check for negative poll timeout in k5_sendto_kdc

(cherry picked from commit 74bee54227deb64a41c2e79f57dd2a2c5ea010a3)

https://github.com/krb5/krb5/commit/7c4c3962bad878cf7aae9c03e20cfe2ddf7474e9
Author: Greg Hudson <ghudson@mit.edu>
Committer: Tom Yu <tlyu@mit.edu>
Commit: 7c4c3962bad878cf7aae9c03e20cfe2ddf7474e9
Branch: krb5-1.11
src/lib/krb5/os/sendto_kdc.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)