SHA256
1
0
forked from pool/krb5

Accepting request 253481 from network

1

OBS-URL: https://build.opensuse.org/request/show/253481
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=106
This commit is contained in:
Stephan Kulow 2014-10-05 18:27:19 +00:00 committed by Git OBS Bridge
commit fea3c25a0a
3 changed files with 64 additions and 0 deletions

View File

@ -0,0 +1,56 @@
From 99e08376c14240e2141c6fa9289fafab8245c754 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Wed, 17 Sep 2014 10:45:28 -0400
Subject: [PATCH] Work around replay cache creation race
If two processes try to initialize the same replay cache at the same
time, krb5_rc_io_creat can race between unlink and open, leading to a
KRB5_RC_IO_PERM error. When this happens, make the losing process
retry so that it can continue.
This does not solve the replay cache creation race, nor is that the
only replay cache race issue. It simply prevents the race from
causing a spurious failure.
(cherry picked from commit c61e8c0c6ad5fda8d23dd896c4aed0ac5b470020)
ticket: 3498
version_fixed: 1.13
status: resolved
---
src/lib/krb5/rcache/rc_io.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/src/lib/krb5/rcache/rc_io.c b/src/lib/krb5/rcache/rc_io.c
index 7e3b7e9..b9859fe 100644
--- a/src/lib/krb5/rcache/rc_io.c
+++ b/src/lib/krb5/rcache/rc_io.c
@@ -158,7 +158,7 @@ krb5_rc_io_creat(krb5_context context, krb5_rc_iostuff *d, char **fn)
{
krb5_int16 rc_vno = htons(KRB5_RC_VNO);
krb5_error_code retval = 0;
- int do_not_unlink = 0;
+ int flags, do_not_unlink = 0;
char *dir;
size_t dirlen;
@@ -166,9 +166,13 @@ krb5_rc_io_creat(krb5_context context, krb5_rc_iostuff *d, char **fn)
if (fn && *fn) {
if (asprintf(&d->fn, "%s%s%s", dir, PATH_SEPARATOR, *fn) < 0)
return KRB5_RC_IO_MALLOC;
- unlink(d->fn);
- d->fd = THREEPARAMOPEN(d->fn, O_WRONLY | O_CREAT | O_TRUNC | O_EXCL |
- O_BINARY, 0600);
+ d->fd = -1;
+ do {
+ if (unlink(d->fn) == -1 && errno != ENOENT)
+ break;
+ flags = O_WRONLY | O_CREAT | O_TRUNC | O_EXCL | O_BINARY;
+ d->fd = THREEPARAMOPEN(d->fn, flags, 0600);
+ } while (d->fd == -1 && errno == EEXIST);
} else {
retval = krb5_rc_io_mkstemp(context, d, dir);
if (retval)
--
1.8.4.5

View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Thu Sep 25 12:48:32 UTC 2014 - ddiss@suse.com
- Work around replay cache creation race; (bnc#898439).
krb5-1.13-work-around-replay-cache-creation-race.patch
-------------------------------------------------------------------
Tue Sep 23 13:25:33 UTC 2014 - varkoly@suse.com

View File

@ -84,6 +84,7 @@ Patch13: krb5-1.9-debuginfo.patch
Patch14: krb5-kvno-230379.patch
Patch20: krb5-1.12-doxygen.patch
Patch21: bnc#897874-CVE-2014-5351.diff
Patch22: krb5-1.13-work-around-replay-cache-creation-race.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: mktemp, grep, /bin/touch, coreutils
PreReq: %fillup_prereq
@ -205,6 +206,7 @@ Include Files for Development
%patch14 -p1
%patch20 -p1
%patch21 -p1
%patch22 -p1
%build
# needs to be re-generated