gensec: Fix a memory corruption in gensec_use_kerberos_mechs
Andrew Bartlett
abartlet at samba.org
Fri Feb 10 02:53:32 MST 2012
On Fri, 2012-02-10 at 07:34 +0100, Volker Lendecke wrote:
> On Fri, Feb 10, 2012 at 01:25:31PM +1100, Andrew Bartlett wrote:
> > Thanks for finding this!
> >
> > In this case it wasn't intentional that there ever be more output
> > mechanisms than were input to the filter, so I would like to propose an
> > alternate approach.
> >
> > I've attached a proposed patch, but unfortunately (and oddly) I've been
> > unable to reproduce the original issue under valgrind. Can you
> > double-check it for me?
>
> That is the approach I had initially done. But because it
> changes the core logic of the function I opted for the *2
> solution that Michael Adam proposed. There must have be a
> reason why spnego is added every time we go through the
> loop, and I did not understand that reason. Your patch also
> fixes the valgrind error, but we get less output than with
> my patch.
The aim of the function is to, given a list of possible gensec mechs:
if we are in the default AUTO have kerberos:
- take a reference to the master list
otherwise
- always add spnego then:
- if we 'MUST' have kerberos:
only add kerberos mechs
- if we 'DONT' want kerberos':
only add non-kerberos mechs
I'll shortly autobuild this, and an additional patche with this
explanation.
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list