From f3bf4312fc7d48a2415d8a93b3970372a5f0f6ea858bb1aca3ebcde35ef65c3b Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Fri, 1 Aug 2008 23:11:46 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=36 --- krb5-1.6.3-post.dif | 187 ++++++++++++++++++++++++++++++++++++++++++++ krb5-doc.spec | 2 +- krb5-plugins.spec | 2 +- krb5.changes | 10 +++ krb5.spec | 9 ++- 5 files changed, 207 insertions(+), 3 deletions(-) diff --git a/krb5-1.6.3-post.dif b/krb5-1.6.3-post.dif index d136ad3..da018c7 100644 --- a/krb5-1.6.3-post.dif +++ b/krb5-1.6.3-post.dif @@ -2867,3 +2867,190 @@ Index: src/util/profile/prof_init.c for (fs = files; !PROFILE_LAST_FILESPEC(*fs); fs++) { retval = profile_open_file(*fs, &new_file); /* if this file is missing, skip to the next */ +Index: src/kdc/network.c +=================================================================== +--- src/kdc/network.c (Revision 20580) ++++ src/kdc/network.c (Revision 20587) +@@ -277,6 +277,12 @@ + struct connection *newconn; + void *tmp; + ++ if (sock > FD_SETSIZE) { ++ data->retval = EMFILE; /* XXX */ ++ com_err(data->prog, 0, ++ "file descriptor number %d too high", sock); ++ return 0; ++ } + newconn = malloc(sizeof(*newconn)); + if (newconn == 0) { + data->retval = errno; +@@ -360,6 +366,12 @@ + paddr(addr)); + return -1; + } ++ if (sock > FD_SETSIZE) { ++ close(sock); ++ com_err(data->prog, 0, "TCP socket fd number %d (for %s) too high", ++ sock, paddr(addr)); ++ return -1; ++ } + if (setreuseaddr(sock, 1) < 0) + com_err(data->prog, errno, + "Cannot enable SO_REUSEADDR on fd %d", sock); +@@ -791,6 +803,10 @@ + s = accept(conn->fd, addr, &addrlen); + if (s < 0) + return; ++ if (s > FD_SETSIZE) { ++ close(s); ++ return; ++ } + setnbio(s), setnolinger(s); + + sockdata.prog = prog; +Index: src/lib/gssapi/krb5/accept_sec_context.c +=================================================================== +--- src/lib/gssapi/krb5/accept_sec_context.c (Revision 20580) ++++ src/lib/gssapi/krb5/accept_sec_context.c (Revision 20587) +@@ -1,5 +1,5 @@ + /* +- * Copyright 2000, 2004 by the Massachusetts Institute of Technology. ++ * Copyright 2000, 2004, 2008 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may +@@ -249,6 +249,7 @@ + krb5_data option; + const gss_OID_desc *mech_used = NULL; + OM_uint32 major_status = GSS_S_FAILURE; ++ OM_uint32 tmp_minor_status; + krb5_error krb_error_data; + krb5_data scratch; + gss_cred_id_t cred_handle = NULL; +@@ -903,13 +904,14 @@ + + if (!GSS_ERROR(major_status) && major_status != GSS_S_CONTINUE_NEEDED) { + ctx->k5_context = context; +- return(major_status); ++ context = NULL; ++ goto done; + } + + /* from here on is the real "fail" code */ + + if (ctx) +- (void) krb5_gss_delete_sec_context(minor_status, ++ (void) krb5_gss_delete_sec_context(&tmp_minor_status, + (gss_ctx_id_t *) &ctx, NULL); + if (deleg_cred) { /* free memory associated with the deleg credential */ + if (deleg_cred->ccache) +@@ -936,10 +938,9 @@ + if (decode_req_message) { + krb5_ap_req * request; + +- if (decode_krb5_ap_req(&ap_req, &request)) { +- krb5_free_context(context); +- return (major_status); +- } ++ if (decode_krb5_ap_req(&ap_req, &request)) ++ goto done; ++ + if (request->ap_options & AP_OPTS_MUTUAL_REQUIRED) + gss_flags |= GSS_C_MUTUAL_FLAG; + krb5_free_ap_req(context, request); +@@ -967,20 +968,16 @@ + krb_error_data.server = cred->princ; + + code = krb5_mk_error(context, &krb_error_data, &scratch); +- if (code) { +- krb5_free_context(context); +- return (major_status); +- } ++ if (code) ++ goto done; + + tmsglen = scratch.length; + toktype = KG_TOK_CTX_ERROR; + + token.length = g_token_size(mech_used, tmsglen); + token.value = (unsigned char *) xmalloc(token.length); +- if (!token.value) { +- krb5_free_context(context); +- return (major_status); +- } ++ if (!token.value) ++ goto done; + + ptr = token.value; + g_make_token_header(mech_used, tmsglen, &ptr, toktype); +@@ -990,9 +987,13 @@ + + *output_token = token; + } ++ ++ done: + if (!verifier_cred_handle && cred_handle) { +- krb5_gss_release_cred(minor_status, &cred_handle); ++ krb5_gss_release_cred(&tmp_minor_status, &cred_handle); + } +- krb5_free_context(context); ++ if (context) { ++ krb5_free_context(context); ++ } + return (major_status); + } +Index: src/lib/comerr32.def +=================================================================== +--- src/lib/comerr32.def (Revision 20580) ++++ src/lib/comerr32.def (Revision 20587) +@@ -3,10 +3,10 @@ + HEAPSIZE 8192 + + EXPORTS +- com_err +- com_err_va +- error_message +- add_error_table +- remove_error_table +- set_com_err_hook +- reset_com_err_hook ++ com_err @2 ++ com_err_va @3 ++ error_message @4 ++ add_error_table @1 ++ remove_error_table @5 ++ set_com_err_hook @6 ++ reset_com_err_hook @7 +Index: src/lib/kadm5/srv/svr_principal.c +=================================================================== +--- src/lib/kadm5/srv/svr_principal.c (Revision 20580) ++++ src/lib/kadm5/srv/svr_principal.c (Revision 20587) +@@ -2099,7 +2099,8 @@ + * inexact match on the enctype; this behavior will go away when + * the key storage architecture gets redesigned for 1.3. + */ +- keyblock->enctype = ktype; ++ if (ktype != -1) ++ keyblock->enctype = ktype; + + if (kvnop) + *kvnop = key_data->key_data_kvno; +Index: src/lib/krb5/os/sendto_kdc.c +=================================================================== +--- src/lib/krb5/os/sendto_kdc.c (Revision 20580) ++++ src/lib/krb5/os/sendto_kdc.c (Revision 20587) +@@ -654,6 +654,12 @@ + dprint("socket: %m creating with af %d\n", state->err, ai->ai_family); + return -1; /* try other hosts */ + } ++ if (fd >= FD_SETSIZE) { ++ close(fd); ++ state->err = EMFILE; ++ dprint("socket: fd %d too high\n", fd); ++ return -1; ++ } + /* Make it non-blocking. */ + if (ai->ai_socktype == SOCK_STREAM) { + static const int one = 1; + + diff --git a/krb5-doc.spec b/krb5-doc.spec index 8af3980..f35d458 100644 --- a/krb5-doc.spec +++ b/krb5-doc.spec @@ -14,7 +14,7 @@ Name: krb5-doc BuildRequires: ghostscript-library latex2html texlive Version: 1.6.3 -Release: 96 +Release: 101 %define srcRoot krb5-1.6.3 Summary: MIT Kerberos5 Implementation--Documentation License: X11/MIT diff --git a/krb5-plugins.spec b/krb5-plugins.spec index 16c3af4..3af5250 100644 --- a/krb5-plugins.spec +++ b/krb5-plugins.spec @@ -14,7 +14,7 @@ Name: krb5-plugins Version: 1.6.3 -Release: 11 +Release: 12 BuildRequires: bison krb5-devel ncurses-devel openldap2-devel %define srcRoot krb5-1.6.3 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ diff --git a/krb5.changes b/krb5.changes index 13f3a51..541504f 100644 --- a/krb5.changes +++ b/krb5.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Mon Jul 28 10:43:29 CEST 2008 - mc@suse.de + +- add new fixes to post 1.6.3 patch + * fix mem leak in krb5_gss_accept_sec_context() + * keep minor_status + * kadm5_decrypt_key: A ktype of -1 is documented as meaning + "to be ignored" + * Reject socket fds > FD_SETSIZE + ------------------------------------------------------------------- Fri Jul 25 12:13:24 CEST 2008 - mc@suse.de diff --git a/krb5.spec b/krb5.spec index fa895d1..74353e4 100644 --- a/krb5.spec +++ b/krb5.spec @@ -13,7 +13,7 @@ Name: krb5 Version: 1.6.3 -Release: 58 +Release: 62 BuildRequires: bison libcom_err-devel ncurses-devel %if %{suse_version} > 1010 BuildRequires: keyutils keyutils-devel @@ -554,6 +554,13 @@ rm -rf %{buildroot} %{_mandir}/man1/krb5-config.1* %changelog +* Mon Jul 28 2008 mc@suse.de +- add new fixes to post 1.6.3 patch + * fix mem leak in krb5_gss_accept_sec_context() + * keep minor_status + * kadm5_decrypt_key: A ktype of -1 is documented as meaning + "to be ignored" + * Reject socket fds > FD_SETSIZE * Fri Jul 25 2008 mc@suse.de - add patches from SVN post 1.6.3 * krb5_string_to_keysalts: Fix an infinite loop