diff options
author | Nalin Dahyabhai <nalin@dahyabhai.net> | 2013-12-18 14:20:57 -0500 |
---|---|---|
committer | Nalin Dahyabhai <nalin@dahyabhai.net> | 2013-12-18 14:20:57 -0500 |
commit | 735b73ebbba370d01d427affa96fb0807f61720e (patch) | |
tree | cc4e9a9774e1c140311d1cb0e3438f1886664775 | |
parent | 3a1e355f38e6831d2b859d35686b905ccdc05f58 (diff) | |
download | krb5-735b73ebbba370d01d427affa96fb0807f61720e.tar.gz krb5-735b73ebbba370d01d427affa96fb0807f61720e.tar.xz krb5-735b73ebbba370d01d427affa96fb0807f61720e.zip |
Pick up an interop fix from master (RT#7794)
- pull in fix from master to return a NULL pointer rather than allocating
zero bytes of memory if we read a zero-length input token (RT#7794, part of
#1043962)
-rw-r--r-- | krb5-master-no-malloc0.patch | 39 | ||||
-rw-r--r-- | krb5.spec | 9 |
2 files changed, 47 insertions, 1 deletions
diff --git a/krb5-master-no-malloc0.patch b/krb5-master-no-malloc0.patch new file mode 100644 index 0000000..e5b0e63 --- /dev/null +++ b/krb5-master-no-malloc0.patch @@ -0,0 +1,39 @@ +commit 13fd26e1863c79f616653f6a10a58c01f65fceff +Author: Greg Hudson <ghudson@mit.edu> +Date: Fri Dec 6 18:56:56 2013 -0500 + + Avoid malloc(0) in SPNEGO get_input_token + + If we read a zero-length token in spnego_mech.c's get_input_token(), + set the value pointer to NULL instead of calling malloc(0). + + ticket: 7794 (new) + +diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c +index 24c3440..3937662 100644 +--- a/src/lib/gssapi/spnego/spnego_mech.c ++++ b/src/lib/gssapi/spnego/spnego_mech.c +@@ -3140,14 +3140,17 @@ get_input_token(unsigned char **buff_in, unsigned int buff_length) + return (NULL); + + input_token->length = len; +- input_token->value = gssalloc_malloc(input_token->length); ++ if (input_token->length > 0) { ++ input_token->value = gssalloc_malloc(input_token->length); ++ if (input_token->value == NULL) { ++ free(input_token); ++ return (NULL); ++ } + +- if (input_token->value == NULL) { +- free(input_token); +- return (NULL); ++ memcpy(input_token->value, *buff_in, input_token->length); ++ } else { ++ input_token->value = NULL; + } +- +- (void) memcpy(input_token->value, *buff_in, input_token->length); + *buff_in += input_token->length; + return (input_token); + } @@ -41,7 +41,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.12 -Release: 1%{?dist} +Release: 2%{?dist} # Maybe we should explode from the now-available-to-everybody tarball instead? # http://web.mit.edu/kerberos/dist/krb5/1.12/krb5-1.12-signed.tar Source0: krb5-%{version}.tar.gz @@ -90,6 +90,7 @@ Patch86: krb5-1.9-debuginfo.patch Patch105: krb5-kvno-230379.patch Patch129: krb5-1.11-run_user_0.patch Patch134: krb5-1.11-kpasswdtest.patch +Patch135: krb5-master-no-malloc0.patch License: MIT URL: http://web.mit.edu/kerberos/www/ @@ -300,6 +301,7 @@ ln -s NOTICE LICENSE %patch71 -p1 -b .dirsrv-accountlock %{?_rawbuild} %patch86 -p0 -b .debuginfo %patch105 -p1 -b .kvno +%patch135 -p1 -b .no-malloc0 # Apply when the hard-wired or configured default location is # DIR:/run/user/%%{uid}/krb5cc. @@ -954,6 +956,11 @@ exit 0 %{_sbindir}/uuserver %changelog +* Wed Dec 18 2013 Nalin Dahyabhai <nalin@redhat.com> - 1.12-2 +- pull in fix from master to return a NULL pointer rather than allocating + zero bytes of memory if we read a zero-length input token (RT#7794, part of + #1043962) + * Wed Dec 11 2013 Nalin Dahyabhai <nalin@redhat.com> - 1.12-1 - update to 1.12 final |