diff options
author | Greg Hudson <ghudson@mit.edu> | 2012-03-01 20:49:17 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2012-03-01 20:49:17 +0000 |
commit | 4df31be8282f744201814493ebe0dbe92bcb8bcd (patch) | |
tree | 93a0c3257d79f687c4b17ae5f4a728f20864e508 | |
parent | 4918001d76f26cbf663fbc362f7deb0365d99767 (diff) | |
download | krb5-4df31be8282f744201814493ebe0dbe92bcb8bcd.tar.gz krb5-4df31be8282f744201814493ebe0dbe92bcb8bcd.tar.xz krb5-4df31be8282f744201814493ebe0dbe92bcb8bcd.zip |
Fix KDB iteration when callback does write calls
kdb_db2's ctx_iterate makes an convenience alias to dbc->db in order
to call more invoke call the DB's seq method. This alias may become
invalidated if the callback writes to the DB, since ctx_lock() may
re-open the DB in order to acquire a write lock. Fix the bug by
getting rid of the convenience alias.
Most KDB iteration operations in the code base do not write to the DB,
but kdb5_util update_princ_encryption does.
Bug discovered and diagnosed by will.fiveash@oracle.com.
ticket: 7096
target_version: 1.10.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25723 dc483132-0cff-0310-8789-dd5450dbe970
-rw-r--r-- | src/plugins/kdb/db2/kdb_db2.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/src/plugins/kdb/db2/kdb_db2.c b/src/plugins/kdb/db2/kdb_db2.c index f63b12e05..e85ce4be1 100644 --- a/src/plugins/kdb/db2/kdb_db2.c +++ b/src/plugins/kdb/db2/kdb_db2.c @@ -940,7 +940,6 @@ ctx_iterate(krb5_context context, krb5_db2_context *dbc, krb5_error_code (*func)(krb5_pointer, krb5_db_entry *), krb5_pointer func_arg) { - DB *db; DBT key, contents; krb5_data contdata; krb5_db_entry *entry; @@ -951,8 +950,7 @@ ctx_iterate(krb5_context context, krb5_db2_context *dbc, if (retval) return retval; - db = dbc->db; - dbret = db->seq(db, &key, &contents, R_FIRST); + dbret = dbc->db->seq(dbc->db, &key, &contents, R_FIRST); while (dbret == 0) { contdata.data = contents.data; contdata.length = contents.size; @@ -974,7 +972,7 @@ ctx_iterate(krb5_context context, krb5_db2_context *dbc, retval = retval2; break; } - dbret = db->seq(db, &key, &contents, R_NEXT); + dbret = dbc->db->seq(dbc->db, &key, &contents, R_NEXT); } switch (dbret) { case 1: |