Michael Ho has uploaded this change for review. ( http://gerrit.cloudera.org:8080/12545
Change subject: KUDU-2706: Workaround the lack of thread safety in krb5_parse_name() ...................................................................... KUDU-2706: Workaround the lack of thread safety in krb5_parse_name() krb5_init_context() sets the field 'default_realm' in a krb5_context object to 0. Upon first call to krb5_parse_name() with a principal without realm specified (e.g. foo/bar), 'default_realm' in the krb5_context object is lazily initialized. When more than one negotiation threads are configured, it's possible for multiple threads to call CanonicalizeKrb5Principal() in parallel. CanonicalizeKrb5Principal() in turn calls krb5_parse_name(g_krb5_ctx, ...) with no lock held. In addition, krb5_parse_name() is also not thread safe. Consequently, 'g_krb5_ctx' which is shared and not supposed to be modified after initialization may be inadvertently modified concurrently by multiple threads, leading to crashes (e.g. double free) or errors. This change works around the problem by explicitly initializing 'g_krb5_ctx->default_realm' once in InitKrb5Ctx() by calling krb5_get_default_realm(). Change-Id: I1bf9224516e2996f51f319088179727f76741ebe --- M src/kudu/security/init.cc 1 file changed, 6 insertions(+), 0 deletions(-) git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/45/12545/1 -- To view, visit http://gerrit.cloudera.org:8080/12545 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: I1bf9224516e2996f51f319088179727f76741ebe Gerrit-Change-Number: 12545 Gerrit-PatchSet: 1 Gerrit-Owner: Michael Ho <[email protected]>
