Re: krb5_get_error_string() is not indempotent

[Love Hörnquist Åstrand <lha@kth.se>]

Hej Fred,

The current implementation of krb5_get_error_string(krb5_context) will reset the context->error_string to NULL and return error_string. So if some code calls this function second time the error string will be NULL. I wonder if it can be simply strdup()-ed and returned to the caller, to make the function indempotent.

 

The reason is that sometimes an error may be inspected in multiple code components. Each unit of code may want to independently produce debugging message and call this function to get krb5 context error string. Since the caller is expected to call krb5_free_error_string(), it seems to me a strdup() should be OK.

Yes, it would probably be ok, I made the change to trunk but wont pull it up to heimdal-1-0-branch since I don't really know it wil interact with consumers of the message.

I would prefer that you used krb5_get_error_message() instead since its compatible with MIT Kerberos and will allow us to do the check that errno matches error string to avoid strange error messages.

Love