From 35dbbe780b672030801020dcb88b4beda8871c4c233f7b77fb3358d4a09004ac Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Wed, 1 Oct 2014 07:19:37 +0000 Subject: [PATCH] Accepting request 252436 from home:dmdiss:branches:bnc898439_krb_reply_cache_race_factory - Work around replay cache creation race; (bnc#898439). krb5-1.13-work-around-replay-cache-creation-race.patch OBS-URL: https://build.opensuse.org/request/show/252436 OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=132 --- ...rk-around-replay-cache-creation-race.patch | 56 +++++++++++++++++++ krb5.changes | 6 ++ krb5.spec | 2 + 3 files changed, 64 insertions(+) create mode 100644 krb5-1.13-work-around-replay-cache-creation-race.patch diff --git a/krb5-1.13-work-around-replay-cache-creation-race.patch b/krb5-1.13-work-around-replay-cache-creation-race.patch new file mode 100644 index 0000000..92c42ea --- /dev/null +++ b/krb5-1.13-work-around-replay-cache-creation-race.patch @@ -0,0 +1,56 @@ +From 99e08376c14240e2141c6fa9289fafab8245c754 Mon Sep 17 00:00:00 2001 +From: Greg Hudson +Date: Wed, 17 Sep 2014 10:45:28 -0400 +Subject: [PATCH] Work around replay cache creation race + +If two processes try to initialize the same replay cache at the same +time, krb5_rc_io_creat can race between unlink and open, leading to a +KRB5_RC_IO_PERM error. When this happens, make the losing process +retry so that it can continue. + +This does not solve the replay cache creation race, nor is that the +only replay cache race issue. It simply prevents the race from +causing a spurious failure. + +(cherry picked from commit c61e8c0c6ad5fda8d23dd896c4aed0ac5b470020) + +ticket: 3498 +version_fixed: 1.13 +status: resolved +--- + src/lib/krb5/rcache/rc_io.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/src/lib/krb5/rcache/rc_io.c b/src/lib/krb5/rcache/rc_io.c +index 7e3b7e9..b9859fe 100644 +--- a/src/lib/krb5/rcache/rc_io.c ++++ b/src/lib/krb5/rcache/rc_io.c +@@ -158,7 +158,7 @@ krb5_rc_io_creat(krb5_context context, krb5_rc_iostuff *d, char **fn) + { + krb5_int16 rc_vno = htons(KRB5_RC_VNO); + krb5_error_code retval = 0; +- int do_not_unlink = 0; ++ int flags, do_not_unlink = 0; + char *dir; + size_t dirlen; + +@@ -166,9 +166,13 @@ krb5_rc_io_creat(krb5_context context, krb5_rc_iostuff *d, char **fn) + if (fn && *fn) { + if (asprintf(&d->fn, "%s%s%s", dir, PATH_SEPARATOR, *fn) < 0) + return KRB5_RC_IO_MALLOC; +- unlink(d->fn); +- d->fd = THREEPARAMOPEN(d->fn, O_WRONLY | O_CREAT | O_TRUNC | O_EXCL | +- O_BINARY, 0600); ++ d->fd = -1; ++ do { ++ if (unlink(d->fn) == -1 && errno != ENOENT) ++ break; ++ flags = O_WRONLY | O_CREAT | O_TRUNC | O_EXCL | O_BINARY; ++ d->fd = THREEPARAMOPEN(d->fn, flags, 0600); ++ } while (d->fd == -1 && errno == EEXIST); + } else { + retval = krb5_rc_io_mkstemp(context, d, dir); + if (retval) +-- +1.8.4.5 + diff --git a/krb5.changes b/krb5.changes index 3e6db84..1ea0dca 100644 --- a/krb5.changes +++ b/krb5.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Sep 25 12:48:32 UTC 2014 - ddiss@suse.com + +- Work around replay cache creation race; (bnc#898439). + krb5-1.13-work-around-replay-cache-creation-race.patch + ------------------------------------------------------------------- Tue Sep 23 13:25:33 UTC 2014 - varkoly@suse.com diff --git a/krb5.spec b/krb5.spec index a180d6b..d19ff62 100644 --- a/krb5.spec +++ b/krb5.spec @@ -84,6 +84,7 @@ Patch13: krb5-1.9-debuginfo.patch Patch14: krb5-kvno-230379.patch Patch20: krb5-1.12-doxygen.patch Patch21: bnc#897874-CVE-2014-5351.diff +Patch22: krb5-1.13-work-around-replay-cache-creation-race.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %fillup_prereq @@ -205,6 +206,7 @@ Include Files for Development %patch14 -p1 %patch20 -p1 %patch21 -p1 +%patch22 -p1 %build # needs to be re-generated