rpm/krb5
SHA256
1
0
Fork 0
forked from pool/krb5
Code Pull Requests Activity

Accepting request 252436 from home:dmdiss:branches:bnc898439_krb_reply_cache_race_factory

Browse Source 
- Work around replay cache creation race; (bnc#898439).
  krb5-1.13-work-around-replay-cache-creation-race.patch

OBS-URL: https://build.opensuse.org/request/show/252436
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=132
This commit is contained in:
Marcus Meissner 2014-10-01 07:19:37 +00:00 committed by Git OBS Bridge
parent 23582573aa
commit 35dbbe780b
3 changed files with 64 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
krb5-1.13-work-around-replay-cache-creation-race.patch Normal file
View File

@ -0,0 +1,56 @@
From 99e08376c14240e2141c6fa9289fafab8245c754 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Wed, 17 Sep 2014 10:45:28 -0400
Subject: [PATCH] Work around replay cache creation race
If two processes try to initialize the same replay cache at the same
time, krb5_rc_io_creat can race between unlink and open, leading to a
KRB5_RC_IO_PERM error. When this happens, make the losing process
retry so that it can continue.
This does not solve the replay cache creation race, nor is that the
only replay cache race issue. It simply prevents the race from
causing a spurious failure.
(cherry picked from commit c61e8c0c6ad5fda8d23dd896c4aed0ac5b470020)
ticket: 3498
version_fixed: 1.13
status: resolved
---
src/lib/krb5/rcache/rc_io.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/src/lib/krb5/rcache/rc_io.c b/src/lib/krb5/rcache/rc_io.c
index 7e3b7e9..b9859fe 100644
--- a/src/lib/krb5/rcache/rc_io.c
+++ b/src/lib/krb5/rcache/rc_io.c
@@ -158,7 +158,7 @@ krb5_rc_io_creat(krb5_context context, krb5_rc_iostuff *d, char **fn)
{
krb5_int16 rc_vno = htons(KRB5_RC_VNO);
krb5_error_code retval = 0;
- int do_not_unlink = 0;
+ int flags, do_not_unlink = 0;
char *dir;
size_t dirlen;
@@ -166,9 +166,13 @@ krb5_rc_io_creat(krb5_context context, krb5_rc_iostuff *d, char **fn)
if (fn && *fn) {
if (asprintf(&d->fn, "%s%s%s", dir, PATH_SEPARATOR, *fn) < 0)
return KRB5_RC_IO_MALLOC;
- unlink(d->fn);
- d->fd = THREEPARAMOPEN(d->fn, O_WRONLY | O_CREAT | O_TRUNC | O_EXCL |
- O_BINARY, 0600);
+ d->fd = -1;
+ do {
+ if (unlink(d->fn) == -1 && errno != ENOENT)
+ break;
+ flags = O_WRONLY | O_CREAT | O_TRUNC | O_EXCL | O_BINARY;
+ d->fd = THREEPARAMOPEN(d->fn, flags, 0600);
+ } while (d->fd == -1 && errno == EEXIST);
} else {
retval = krb5_rc_io_mkstemp(context, d, dir);
if (retval)
--
1.8.4.5

6
krb5.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Thu Sep 25 12:48:32 UTC 2014 - ddiss@suse.com
- Work around replay cache creation race; (bnc#898439).
krb5-1.13-work-around-replay-cache-creation-race.patch
-------------------------------------------------------------------
Tue Sep 23 13:25:33 UTC 2014 - varkoly@suse.com

2
krb5.spec
View File

@ -84,6 +84,7 @@ Patch13: krb5-1.9-debuginfo.patch
Patch14: krb5-kvno-230379.patch
Patch20: krb5-1.12-doxygen.patch
Patch21: bnc#897874-CVE-2014-5351.diff
Patch22: krb5-1.13-work-around-replay-cache-creation-race.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: mktemp, grep, /bin/touch, coreutils
PreReq: %fillup_prereq
@ -205,6 +206,7 @@ Include Files for Development
%patch14 -p1
%patch20 -p1
%patch21 -p1
%patch22 -p1
%build
# needs to be re-generated