diff options
| author | Nalin Dahyabhai <nalin@fedoraproject.org> | 2008-02-25 19:50:42 +0000 |
|---|---|---|
| committer | Nalin Dahyabhai <nalin@fedoraproject.org> | 2008-02-25 19:50:42 +0000 |
| commit | 2cc4303bbc9d322fa1e448dcd0a7ee724ba87604 (patch) | |
| tree | 79ad57ae8e594eab295c67938bdf22d065edbb87 | |
| parent | a7d42c7b033afc04d091cf33f7c8cbae18c0caa9 (diff) | |
- ftp: don't lose track of a descriptor on passive get when the server
fails to open a file
| -rw-r--r-- | krb5-1.6.3-ftp_fdleak.patch | 67 | ||||
| -rw-r--r-- | krb5.spec | 6 |
2 files changed, 73 insertions, 0 deletions
diff --git a/krb5-1.6.3-ftp_fdleak.patch b/krb5-1.6.3-ftp_fdleak.patch new file mode 100644 index 0000000..7a9272b --- /dev/null +++ b/krb5-1.6.3-ftp_fdleak.patch @@ -0,0 +1,67 @@ +Don't open a new socket without closing a possibly already-open one. RT#5597. +diff -uNr krb5/src/appl/gssftp/ftp/ftp.c krb5/src/appl/gssftp/ftp/ftp.c +--- krb5/src/appl/gssftp/ftp/ftp.c ++++ krb5/src/appl/gssftp/ftp/ftp.c +@@ -196,7 +196,7 @@ char * + hookup(char* host, int port) + { + register struct hostent *hp = 0; +- int s; ++ int s, t; + socklen_t len; + #ifdef IP_TOS + #ifdef IPTOS_LOWDELAY +@@ -274,8 +274,13 @@ hookup(char* host, int port) + } + #endif + #endif ++#ifndef _WIN32 ++ t = dup(s); ++#else ++ t = s; ++#endif + cin = FDOPEN_SOCKET(s, "r"); +- cout = FDOPEN_SOCKET(s, "w"); ++ cout = FDOPEN_SOCKET(t, "w"); + if (cin == NULL || cout == NULL) { + fprintf(stderr, "ftp: fdopen failed.\n"); + if (cin) { +@@ -1448,6 +1453,8 @@ + int a1,a2,a3,a4,p1,p2; + + if (passivemode) { ++ if (data != INVALID_SOCKET) ++ (void) closesocket(data); + data = socket(AF_INET, SOCK_STREAM, 0); + if (data == INVALID_SOCKET) { + PERROR_SOCKET("ftp: socket"); +@@ -2366,4 +2371,16 @@ FILE* fdopen_socket(SOCKET s, char* mode + + return f; + } ++#else ++/* Non-Win32 case takes the address of the variable so that we can "take ++ * ownership" of the descriptor number. */ ++FILE* fdopen_socket(int *s, char* mode) ++{ ++ FILE *fp; ++ fp = fdopen(*s, mode); ++ if (fp) { ++ *s = INVALID_SOCKET; ++ } ++ return fp; ++} + #endif /* _WIN32 */ +diff -up krb5-1.3.4/src/appl/gssftp/ftp/ftp_var.h krb5-1.3.4/src/appl/gssftp/ftp/ftp_var.h +--- krb5-1.3.4/src/appl/gssftp/ftp/ftp_var.h 2007-08-03 00:53:35.000000000 -0400 ++++ krb5-1.3.4/src/appl/gssftp/ftp/ftp_var.h 2007-08-03 00:53:39.000000000 -0400 +@@ -48,7 +48,8 @@ FILE* fdopen_socket(SOCKET s, char* mode + #define PERROR_SOCKET(str) do { errno = SOCKET_ERRNO; perror(str); } while(0) + #else + #define FCLOSE_SOCKET(f) fclose(f) +-#define FDOPEN_SOCKET(s, mode) fdopen(s, mode) ++FILE* fdopen_socket(int *s, char* mode); ++#define FDOPEN_SOCKET(s, mode) fdopen_socket(&s, mode) + #define SOCKETNO(fd) (fd) + #define PERROR_SOCKET(str) perror(str) + #endif @@ -96,6 +96,7 @@ Patch68: krb5-trunk-spnego_delegation.patch Patch69: krb5-trunk-seqnum.patch Patch70: krb5-trunk-kpasswd_tcp2.patch Patch71: krb5-1.6.2-dirsrv-accountlock.patch +Patch72: krb5-1.6.3-ftp_fdleak.patch License: MIT, freely distributable. URL: http://web.mit.edu/kerberos/www/ @@ -227,6 +228,10 @@ certificate. %changelog * Mon Feb 25 2008 Nalin Dahyabhai <nalin@redhat.com> +- ftp: don't lose track of a descriptor on passive get when the server fails to + open a file + +* Mon Feb 25 2008 Nalin Dahyabhai <nalin@redhat.com> - in login, allow PAM to interact with the user when they've been strongly authenticated - in login, signal PAM when we're changing an expired password that it's an @@ -1309,6 +1314,7 @@ popd %patch69 -p0 -b .seqnum #%patch70 -p0 -b .kpasswd_tcp2 %patch71 -p1 -b .dirsrv-accountlock +%patch72 -p1 -b .ftp_fdleak cp src/krb524/README README.krb524 gzip doc/*.ps |