[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Invalid free() in gssapi_krb5_set_error_string?



On Sun, 2005-02-13 at 00:50 +1100, Luke Howard wrote:
> >There seems to be some general confusion in the libs as to if this
> >string should be allocated, or if it is static storage on a context
> >somewhere.  Note that gssapi_krb5_get_error_string() does not free() the
> >string before assigning the pointer to NULL, and neither does
> >krb5_get_error_string().  
> >
> >Is there a document in which the correct semantics for the error string
> >handling is recorded, at least so I can figure out what the correct fix
> >should be?
> 
> >From my reading of the code:
> 
> gssapi_krb5_set_error_string() stores the last Kerberos error in thread-
> specific data.
> 
> When gssapi_krb5_get_error_string() is called, the caller then owns the
> error string.

So gssapi_krb5_set_error_string() should always call strdup(), to ensure
that when gssapi_krb5_get_error_string() is called, the caller can own
the string, right?

Or is the assumption that the kerberos layer has made a similar promise,
and the kerberos error routines should call strdup()?

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net

This is a digitally signed message part