[krbdev.mit.edu #3099] error handling in keytab manipulation routines

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[krbdev.mit.edu #3099] error handling in keytab manipulation routines

Greg Hudson via RT
>From [hidden email]  Thu Jun 16 18:01:47 2005
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.9.3p2) with ESMTP
        id SAA14980; Thu, 16 Jun 2005 18:01:47 -0400 (EDT)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
        by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id j5GM1CWn017301
        for <[hidden email]>; Thu, 16 Jun 2005 18:01:12 -0400
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU
        [18.7.21.83])
        by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id j5G3g1Wn016589
        for <[hidden email]>; Wed, 15 Jun 2005 23:42:01 -0400
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
        j5G3fuaM001077
        for <[hidden email]>; Wed, 15 Jun 2005 23:41:56 -0400 (EDT)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com
        [172.16.52.254])
        by mx1.redhat.com (8.12.11/8.12.11) with ESMTP id j5G3ft2T026753
        for <[hidden email]>; Wed, 15 Jun 2005 23:41:55 -0400
Received: from devserv.devel.redhat.com (devserv.devel.redhat.com
        [172.16.58.1])
        by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id j5G3ftu10092
        for <[hidden email]>; Wed, 15 Jun 2005 23:41:55 -0400
Received: from blade.boston.redhat.com (blade.boston.redhat.com
        [172.16.80.50])j5G3ftP2023622
        for <[hidden email]>; Wed, 15 Jun 2005 23:41:55 -0400
Received: from blade.boston.redhat.com (localhost.localdomain [127.0.0.1])
        j5G3ftDq007363
        for <[hidden email]>; Wed, 15 Jun 2005 23:41:55 -0400
Received: (from nalin@localhost)
        by blade.boston.redhat.com (8.13.4/8.13.4/Submit) id j5G3ftbA007362;
        Wed, 15 Jun 2005 23:41:55 -0400
Date: Wed, 15 Jun 2005 23:41:55 -0400
From: Nalin Dahyabhai <[hidden email]>
Message-Id: <[hidden email]>
To: [hidden email]
X-send-pr-version: 3.99
X-Spam-Score: -2.601
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
X-Mailman-Approved-At: Thu, 16 Jun 2005 18:01:10 -0400
Subject: error handling in keytab manipulation routines
X-BeenThere: [hidden email]
X-Mailman-Version: 2.1
Precedence: list
Reply-To: [hidden email]
Sender: [hidden email]
Errors-To: [hidden email]


>Submitter-Id: net
>Originator: Nalin Dahyabhai
>Organization:
>Confidential: yes
>Synopsis: error handling in keytab manipulation routines
>Severity: non-critical
>Priority: medium
>Category: krb5-libs
>Class: sw-bug
>Release: 1.4.1
>Environment:
       
System: Linux blade.boston.redhat.com 2.6.11-1.1366_FC4smp #1 SMP Mon May 30 00:12:23 EDT 2005 i686 athlon i386 GNU/Linux
Architecture: i686

>Description:
        The routines which deal with keytab files don't react well to empty
        files, which are an unfortunately common configuration error.  An
        empty file to which the user can't write triggers other errors.
        I'm marking this confidential but non-critical because it's usually
        triggered by a configuration or operator error, but as a crasher it
        might have implications which I'm not aware of.  Feel free to change
        it to non-confidential if you wish.
>How-To-Repeat:
        Run "klist -k -t /dev/null".
>Fix:
        When the file is closed after an error, make sure that an error code is
        returned to the caller (short fread() or fwrite() may not set errno, so
        my guess for a proper error code was EIO).  If we fclose() the file,
        clear the pointer so that if we accidentally try to close it again, we
        at least don't chase into random heap memory.

--- krb5-1.4.1/src/lib/krb5/keytab/kt_file.c 2004-12-03 20:42:57.000000000 -0500
+++ krb5-1.4.1/src/lib/krb5/keytab/kt_file.c 2005-06-15 17:48:20.000000000 -0400
@@ -1099,17 +1099,19 @@
  kt_vno = htons(krb5_kt_default_vno);
  KTVERSION(id) = krb5_kt_default_vno;
  if (!xfwrite(&kt_vno, sizeof(kt_vno), 1, KTFILEP(id))) {
-    kerror = errno;
+    kerror = errno ? errno : EIO;
     (void) krb5_unlock_file(context, fileno(KTFILEP(id)));
     (void) fclose(KTFILEP(id));
+    KTFILEP(id) = 0;
     return kerror;
  }
     } else {
  /* gotta verify it instead... */
  if (!xfread(&kt_vno, sizeof(kt_vno), 1, KTFILEP(id))) {
-    kerror = errno;
+    kerror = errno ? errno : EIO;
     (void) krb5_unlock_file(context, fileno(KTFILEP(id)));
     (void) fclose(KTFILEP(id));
+    KTFILEP(id) = 0;
     return kerror;
  }
  kt_vno = KTVERSION(id) = ntohs(kt_vno);
@@ -1117,6 +1119,7 @@
     (kt_vno != KRB5_KT_VNO_1)) {
     (void) krb5_unlock_file(context, fileno(KTFILEP(id)));
     (void) fclose(KTFILEP(id));
+    KTFILEP(id) = 0;
     return KRB5_KEYTAB_BADVNO;
  }
     }

_______________________________________________
krb5-bugs mailing list
[hidden email]
https://mailman.mit.edu/mailman/listinfo/krb5-bugs