[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Invalid free() in gssapi_krb5_set_error_string?



On Sun, 2005-02-13 at 09:06 +1100, Luke Howard wrote:
> >So gssapi_krb5_set_error_string() should always call strdup(), to ensure
> >that when gssapi_krb5_get_error_string() is called, the caller can own
> >the string, right?
> >
> >Or is the assumption that the kerberos layer has made a similar promise,
> >and the kerberos error routines should call strdup()?
> 
> See krb5_vset_error_string() in lib/krb5/error_string.c. It uses
> vasprintf().
> 
> Interestingly if vasprintf() it fails then it falls back to using a
> static buffer inside the krb5_context. Perhaps this is the cause of
> the prolbem you are seeing.

Ahh, thanks for pointing that out, I hadn't seen the asprintf(), only
the subsequent vsnprinf().

It wasn't an error I was seeing in real life, just as I read over the
code, something triggered in my brain as 'that doesn't look right'.  (I
saw the krb5_clear_error_string() workaround, and then the lack of such
a workaround elsewhere).

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net

This is a digitally signed message part