SHA256
1
0
forked from pool/krb5
OBS User unknown 2008-08-01 23:11:46 +00:00 committed by Git OBS Bridge
parent d5c17a28f6
commit f3bf4312fc
5 changed files with 207 additions and 3 deletions

View File

@ -2867,3 +2867,190 @@ Index: src/util/profile/prof_init.c
for (fs = files; !PROFILE_LAST_FILESPEC(*fs); fs++) {
retval = profile_open_file(*fs, &new_file);
/* if this file is missing, skip to the next */
Index: src/kdc/network.c
===================================================================
--- src/kdc/network.c (Revision 20580)
+++ src/kdc/network.c (Revision 20587)
@@ -277,6 +277,12 @@
struct connection *newconn;
void *tmp;
+ if (sock > FD_SETSIZE) {
+ data->retval = EMFILE; /* XXX */
+ com_err(data->prog, 0,
+ "file descriptor number %d too high", sock);
+ return 0;
+ }
newconn = malloc(sizeof(*newconn));
if (newconn == 0) {
data->retval = errno;
@@ -360,6 +366,12 @@
paddr(addr));
return -1;
}
+ if (sock > FD_SETSIZE) {
+ close(sock);
+ com_err(data->prog, 0, "TCP socket fd number %d (for %s) too high",
+ sock, paddr(addr));
+ return -1;
+ }
if (setreuseaddr(sock, 1) < 0)
com_err(data->prog, errno,
"Cannot enable SO_REUSEADDR on fd %d", sock);
@@ -791,6 +803,10 @@
s = accept(conn->fd, addr, &addrlen);
if (s < 0)
return;
+ if (s > FD_SETSIZE) {
+ close(s);
+ return;
+ }
setnbio(s), setnolinger(s);
sockdata.prog = prog;
Index: src/lib/gssapi/krb5/accept_sec_context.c
===================================================================
--- src/lib/gssapi/krb5/accept_sec_context.c (Revision 20580)
+++ src/lib/gssapi/krb5/accept_sec_context.c (Revision 20587)
@@ -1,5 +1,5 @@
/*
- * Copyright 2000, 2004 by the Massachusetts Institute of Technology.
+ * Copyright 2000, 2004, 2008 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
@@ -249,6 +249,7 @@
krb5_data option;
const gss_OID_desc *mech_used = NULL;
OM_uint32 major_status = GSS_S_FAILURE;
+ OM_uint32 tmp_minor_status;
krb5_error krb_error_data;
krb5_data scratch;
gss_cred_id_t cred_handle = NULL;
@@ -903,13 +904,14 @@
if (!GSS_ERROR(major_status) && major_status != GSS_S_CONTINUE_NEEDED) {
ctx->k5_context = context;
- return(major_status);
+ context = NULL;
+ goto done;
}
/* from here on is the real "fail" code */
if (ctx)
- (void) krb5_gss_delete_sec_context(minor_status,
+ (void) krb5_gss_delete_sec_context(&tmp_minor_status,
(gss_ctx_id_t *) &ctx, NULL);
if (deleg_cred) { /* free memory associated with the deleg credential */
if (deleg_cred->ccache)
@@ -936,10 +938,9 @@
if (decode_req_message) {
krb5_ap_req * request;
- if (decode_krb5_ap_req(&ap_req, &request)) {
- krb5_free_context(context);
- return (major_status);
- }
+ if (decode_krb5_ap_req(&ap_req, &request))
+ goto done;
+
if (request->ap_options & AP_OPTS_MUTUAL_REQUIRED)
gss_flags |= GSS_C_MUTUAL_FLAG;
krb5_free_ap_req(context, request);
@@ -967,20 +968,16 @@
krb_error_data.server = cred->princ;
code = krb5_mk_error(context, &krb_error_data, &scratch);
- if (code) {
- krb5_free_context(context);
- return (major_status);
- }
+ if (code)
+ goto done;
tmsglen = scratch.length;
toktype = KG_TOK_CTX_ERROR;
token.length = g_token_size(mech_used, tmsglen);
token.value = (unsigned char *) xmalloc(token.length);
- if (!token.value) {
- krb5_free_context(context);
- return (major_status);
- }
+ if (!token.value)
+ goto done;
ptr = token.value;
g_make_token_header(mech_used, tmsglen, &ptr, toktype);
@@ -990,9 +987,13 @@
*output_token = token;
}
+
+ done:
if (!verifier_cred_handle && cred_handle) {
- krb5_gss_release_cred(minor_status, &cred_handle);
+ krb5_gss_release_cred(&tmp_minor_status, &cred_handle);
}
- krb5_free_context(context);
+ if (context) {
+ krb5_free_context(context);
+ }
return (major_status);
}
Index: src/lib/comerr32.def
===================================================================
--- src/lib/comerr32.def (Revision 20580)
+++ src/lib/comerr32.def (Revision 20587)
@@ -3,10 +3,10 @@
HEAPSIZE 8192
EXPORTS
- com_err
- com_err_va
- error_message
- add_error_table
- remove_error_table
- set_com_err_hook
- reset_com_err_hook
+ com_err @2
+ com_err_va @3
+ error_message @4
+ add_error_table @1
+ remove_error_table @5
+ set_com_err_hook @6
+ reset_com_err_hook @7
Index: src/lib/kadm5/srv/svr_principal.c
===================================================================
--- src/lib/kadm5/srv/svr_principal.c (Revision 20580)
+++ src/lib/kadm5/srv/svr_principal.c (Revision 20587)
@@ -2099,7 +2099,8 @@
* inexact match on the enctype; this behavior will go away when
* the key storage architecture gets redesigned for 1.3.
*/
- keyblock->enctype = ktype;
+ if (ktype != -1)
+ keyblock->enctype = ktype;
if (kvnop)
*kvnop = key_data->key_data_kvno;
Index: src/lib/krb5/os/sendto_kdc.c
===================================================================
--- src/lib/krb5/os/sendto_kdc.c (Revision 20580)
+++ src/lib/krb5/os/sendto_kdc.c (Revision 20587)
@@ -654,6 +654,12 @@
dprint("socket: %m creating with af %d\n", state->err, ai->ai_family);
return -1; /* try other hosts */
}
+ if (fd >= FD_SETSIZE) {
+ close(fd);
+ state->err = EMFILE;
+ dprint("socket: fd %d too high\n", fd);
+ return -1;
+ }
/* Make it non-blocking. */
if (ai->ai_socktype == SOCK_STREAM) {
static const int one = 1;

View File

@ -14,7 +14,7 @@
Name: krb5-doc
BuildRequires: ghostscript-library latex2html texlive
Version: 1.6.3
Release: 96
Release: 101
%define srcRoot krb5-1.6.3
Summary: MIT Kerberos5 Implementation--Documentation
License: X11/MIT

View File

@ -14,7 +14,7 @@
Name: krb5-plugins
Version: 1.6.3
Release: 11
Release: 12
BuildRequires: bison krb5-devel ncurses-devel openldap2-devel
%define srcRoot krb5-1.6.3
%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/

View File

@ -1,3 +1,13 @@
-------------------------------------------------------------------
Mon Jul 28 10:43:29 CEST 2008 - mc@suse.de
- add new fixes to post 1.6.3 patch
* fix mem leak in krb5_gss_accept_sec_context()
* keep minor_status
* kadm5_decrypt_key: A ktype of -1 is documented as meaning
"to be ignored"
* Reject socket fds > FD_SETSIZE
-------------------------------------------------------------------
Fri Jul 25 12:13:24 CEST 2008 - mc@suse.de

View File

@ -13,7 +13,7 @@
Name: krb5
Version: 1.6.3
Release: 58
Release: 62
BuildRequires: bison libcom_err-devel ncurses-devel
%if %{suse_version} > 1010
BuildRequires: keyutils keyutils-devel
@ -554,6 +554,13 @@ rm -rf %{buildroot}
%{_mandir}/man1/krb5-config.1*
%changelog
* Mon Jul 28 2008 mc@suse.de
- add new fixes to post 1.6.3 patch
* fix mem leak in krb5_gss_accept_sec_context()
* keep minor_status
* kadm5_decrypt_key: A ktype of -1 is documented as meaning
"to be ignored"
* Reject socket fds > FD_SETSIZE
* Fri Jul 25 2008 mc@suse.de
- add patches from SVN post 1.6.3
* krb5_string_to_keysalts: Fix an infinite loop