[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bazaar: krb5_fcc_ops has get_cache_first/next/end set
Is there any way for the krb5_fcc_ops get_cache_first, get_cache_next,
and end_cache_get functions to somehow get set?
AFAICT the FILE based credential cache ops does not ever use those
functions and undefined structure members should be initialized to 0
(NULL). But from looking at a customer's log I see these functions are
set. As a result, get_cache_first is being called and the program crashes.
In gssapi_krb5_init I added a call to a custom logging function that
calls krb5_cc_default_name and krb5_cc_get_prefix_ops and hexdumps the
structure contents:
init.c:95:gssapi_krb5_log_cc_data: default_name[FILE:/tmp/krb5cc_0]
init.c:98:gssapi_krb5_log_cc_data: ops=0x826c8a8
00000: 88 a6 38 41 40 00 37 41 d0 04 37 41 d0 03 37 41 |.¦8A@.7AÐ.7AÐ.7A|
00010: a0 0d 37 41 d0 01 37 41 90 01 37 41 a0 0c 37 41 | .7AÐ.7A..7A .7A|
00020: 00 00 00 00 10 0c 37 41 40 0b 37 41 20 07 37 41 |......7A@.7A .7A|
00030: 80 00 37 41 50 00 37 41 60 00 37 41 70 00 37 41 |..7AP.7A`.7Ap.7A|
00040: 7b a6 38 41 70 d9 37 41 90 de 37 41 |{¦8ApÙ7A.Þ7A |
init.c:100:gssapi_krb5_log_cc_data: ops->prefix=FILE
So it's an krb5_fcc_ops structure but the last 3 function pointers are
set. Those are zero'd in my test environment. The pointer values look
legit so it doesn't really look like generic memory corruption.
Can anyone take a wild guess as to how these ops functions could be
getting set?
Mike
--
Michael B Allen
PHP Active Directory SSO
http://www.ioplex.com/