diff options
| author | Robbie Harwood <rharwood@redhat.com> | 2016-06-23 16:07:50 +0000 |
|---|---|---|
| committer | Robbie Harwood <rharwood@redhat.com> | 2016-06-23 16:07:51 +0000 |
| commit | e165eeccda5209c3a11833f5198e761964fca5e0 (patch) | |
| tree | d15b09627537a6cc8f2d4781b11ad6f3a72ec1dc | |
| parent | 802e825d17707fa4490b78c62807fffe71b7a625 (diff) | |
| download | krb5-e165eeccda5209c3a11833f5198e761964fca5e0.tar.gz krb5-e165eeccda5209c3a11833f5198e761964fca5e0.tar.xz krb5-e165eeccda5209c3a11833f5198e761964fca5e0.zip | |
Fix incorrect recv() size calculation in libkrad
| -rw-r--r-- | krb5-1.14.3-krad-recv.patch | 44 | ||||
| -rw-r--r-- | krb5.spec | 7 |
2 files changed, 50 insertions, 1 deletions
diff --git a/krb5-1.14.3-krad-recv.patch b/krb5-1.14.3-krad-recv.patch new file mode 100644 index 0000000..9016c88 --- /dev/null +++ b/krb5-1.14.3-krad-recv.patch @@ -0,0 +1,44 @@ +From c969e8a37617e9c7743a28177dd3808f7d08cee9 Mon Sep 17 00:00:00 2001 +From: Nathaniel McCallum <npmccallum@redhat.com> +Date: Tue, 21 Jun 2016 16:12:36 -0400 +Subject: [PATCH] Fix incorrect recv() size calculation in libkrad + +Before this patch libkrad would always subtract the existing buffer +length from pktlen before passing it to recv(). In the case of stream +sockets, this is incorrect since krad_packet_bytes_needed() already +performs this calculation. Subtracting the buffer length twice could +cause integer underflow on the len parameter to recv(). + +ticket: 8430 (new) +target_version: 1.14-next +target_version: 1.13-next +tags: pullup +--- + src/lib/krad/remote.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/lib/krad/remote.c b/src/lib/krad/remote.c +index aaabffd..df3de3a 100644 +--- a/src/lib/krad/remote.c ++++ b/src/lib/krad/remote.c +@@ -315,7 +315,7 @@ on_io_read(krad_remote *rr) + request *tmp, *r; + int i; + +- pktlen = sizeof(rr->buffer_); ++ pktlen = sizeof(rr->buffer_) - rr->buffer.length; + if (rr->info->ai_socktype == SOCK_STREAM) { + pktlen = krad_packet_bytes_needed(&rr->buffer); + if (pktlen < 0) { +@@ -328,7 +328,7 @@ on_io_read(krad_remote *rr) + + /* Read the packet. */ + i = recv(verto_get_fd(rr->io), rr->buffer.data + rr->buffer.length, +- pktlen - rr->buffer.length, 0); ++ pktlen, 0); + if (i < 0) { + /* Should we try again? */ + if (errno == EWOULDBLOCK || errno == EAGAIN || errno == EINTR) +-- +2.8.1 + @@ -13,7 +13,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.14.1 -Release: 7%{?dist} +Release: 8%{?dist} # - Maybe we should explode from the now-available-to-everybody tarball instead? # http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13.2-signed.tar # - The sources below are stored in a lookaside cache. Upload with @@ -72,6 +72,7 @@ Patch164: krb5-1.15-kdc_send_receive_hooks.patch Patch165: krb5-1.15-kdc_hooks_test.patch Patch166: krb5-1.14.3-fix_otp_as_key.patch +Patch167: krb5-1.14.3-krad-recv.patch License: MIT URL: http://web.mit.edu/kerberos/www/ @@ -271,6 +272,7 @@ ln NOTICE LICENSE %patch165 -p1 -b .kdc_hooks_test %patch166 -p1 -b .fix_otp_as_key +%patch167 -p1 -b .krad-recv # Take the execute bit off of documentation. chmod -x doc/krb5-protocol/*.txt doc/ccapi/*.html @@ -801,6 +803,9 @@ exit 0 %{_libdir}/libkadm5srv_mit.so.* %changelog +* Wed Jun 22 2016 Robbie Harwood <rharwood@redhat.com> - 1.14.1-8 +- Fix incorrect recv() size calculation in libkrad + * Thu Jun 16 2016 Robbie Harwood <rharwood@redhat.com> - 1.14.1-7 - Separate out the kadm5 libs |