[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bazaar: krb5_fcc_ops has get_cache_first/next/end set



Is there any way for the krb5_fcc_ops get_cache_first, get_cache_next,
and end_cache_get functions to somehow get set?

AFAICT the FILE based credential cache ops does not ever use those
functions and undefined structure members should be initialized to 0
(NULL).  But from looking at a customer's log I see these functions are
set. As a result, get_cache_first is being called and the program crashes.

In gssapi_krb5_init I added a call to a custom logging function that
calls krb5_cc_default_name and krb5_cc_get_prefix_ops and hexdumps the
structure contents:

init.c:95:gssapi_krb5_log_cc_data: default_name[FILE:/tmp/krb5cc_0]
init.c:98:gssapi_krb5_log_cc_data: ops=0x826c8a8
00000:  88 a6 38 41 40 00 37 41 d0 04 37 41 d0 03 37 41  |.8A@.7A.7A.7A|
00010:  a0 0d 37 41 d0 01 37 41 90 01 37 41 a0 0c 37 41  |.7A.7A..7A.7A|
00020:  00 00 00 00 10 0c 37 41 40 0b 37 41 20 07 37 41  |......7A@.7A .7A|
00030:  80 00 37 41 50 00 37 41 60 00 37 41 70 00 37 41  |..7AP.7A`.7Ap.7A|
00040:  7b a6 38 41 70 d9 37 41 90 de 37 41              |{8Ap7A.7A    |
init.c:100:gssapi_krb5_log_cc_data: ops->prefix=FILE

So it's an krb5_fcc_ops structure but the last 3 function pointers are
set. Those are zero'd in my test environment. The pointer values look
legit so it doesn't really look like generic memory corruption.

Can anyone take a wild guess as to how these ops functions could be
getting set?

Mike

-- 
Michael B Allen
PHP Active Directory SSO
http://www.ioplex.com/