diff options
author | rmacklem <rmacklem@FreeBSD.org> | 2012-12-18 00:25:48 +0000 |
---|---|---|
committer | rmacklem <rmacklem@FreeBSD.org> | 2012-12-18 00:25:48 +0000 |
commit | a41d1bc642641e36d620138f93f484921d361bce (patch) | |
tree | 1a528b7e5e6224c7d6841c880e1617f1b61ec29e /sys/kgssapi/gss_delete_sec_context.c | |
parent | 17649eee7d94c9b2e7885ee9119c83cef611a8e4 (diff) | |
download | FreeBSD-src-a41d1bc642641e36d620138f93f484921d361bce.zip FreeBSD-src-a41d1bc642641e36d620138f93f484921d361bce.tar.gz |
Piete.Brooks at cl.cam.ac.uk reported via email a crash which was
caused by use of an invalid kgss_gssd_handle during an upcall to
the gssd daemon when it has exited. This patch seems to avoid the
crashes by holding a reference count on the kgss_gssd_handle until
the upcall is done. It also adds a new mutex kgss_gssd_lock used to
make manipulation of kgss_gssd_handle SMP safe.
Tested by: Illias A. Marinos, Herbert Poeckl
Reviewed by: jhb
MFC after: 2 weeks
Diffstat (limited to 'sys/kgssapi/gss_delete_sec_context.c')
-rw-r--r-- | sys/kgssapi/gss_delete_sec_context.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/sys/kgssapi/gss_delete_sec_context.c b/sys/kgssapi/gss_delete_sec_context.c index e1582a2..8689927 100644 --- a/sys/kgssapi/gss_delete_sec_context.c +++ b/sys/kgssapi/gss_delete_sec_context.c @@ -31,7 +31,9 @@ __FBSDID("$FreeBSD$"); #include <sys/param.h> #include <sys/kernel.h> #include <sys/kobj.h> +#include <sys/lock.h> #include <sys/malloc.h> +#include <sys/mutex.h> #include <kgssapi/gssapi.h> #include <kgssapi/gssapi_impl.h> @@ -46,6 +48,9 @@ gss_delete_sec_context(OM_uint32 *minor_status, gss_ctx_id_t *context_handle, struct delete_sec_context_args args; enum clnt_stat stat; gss_ctx_id_t ctx; + CLIENT *cl; + + *minor_status = 0; if (!kgss_gssd_handle) return (GSS_S_FAILURE); @@ -60,9 +65,13 @@ gss_delete_sec_context(OM_uint32 *minor_status, gss_ctx_id_t *context_handle, */ if (ctx->handle) { args.ctx = ctx->handle; + cl = kgss_gssd_client(); + if (cl == NULL) + return (GSS_S_FAILURE); bzero(&res, sizeof(res)); - stat = gssd_delete_sec_context_1(&args, &res, kgss_gssd_handle); + stat = gssd_delete_sec_context_1(&args, &res, cl); + CLNT_RELEASE(cl); if (stat != RPC_SUCCESS) { *minor_status = stat; return (GSS_S_FAILURE); @@ -85,7 +94,5 @@ gss_delete_sec_context(OM_uint32 *minor_status, gss_ctx_id_t *context_handle, } } - *minor_status = 0; - return (GSS_S_COMPLETE); } |