[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug-inetutils] Important update of telnetd.
|
From: |
Mats Erik Andersson |
|
Subject: |
Re: [bug-inetutils] Important update of telnetd. |
|
Date: |
Wed, 8 Aug 2012 14:33:14 +0200 |
|
User-agent: |
Mutt/1.5.18 (2008-05-17) |
onsdag den 8 augusti 2012 klockan 14:07 skrev Simon Josefsson detta:
> Thanks for working on Shishi support in InetUtils!
>
> Mats Erik Andersson <address@hidden> writes:
>
> > * There was a call to shishi_done() executed from within
> > auth_finished() until yesterday. That lead to the premature
> > release of the Shishi handle, and sometimes segfaults.
>
> Do you know what kind of problems you'd get due to this?
As long as krb5shishi_cleanup() was called by auth_finished()
in krb5shishi_is_auth() [sic!] there was a segmentation fault
when krb5shishi_status() issued shishi_authorized_p(), caused
by the invalidation of the handle. This is how I discovered
the matter. Not easy to back track after that, though.
The issue at hand originates in "telnetd/utility.c" where the
server cannot avoid to call auth_wait() in order to capture
the authorization status. This is done very late, so the
Shishi handle must be alive at least until this point.
How about the encryption case? Does it need prolonged access
to the handle, or could the encryption run independently of
the shishi handle?
The client needs shishi_done() in order to incorporate
any issued and valid ticket into the cache. Does the server
need to propagate any bits into its own cache? In such case,
we must find a suitable location to call shishi_done().
Regards,
Mats