diff options
| author | Robbie Harwood <rharwood@redhat.com> | 2016-01-08 18:38:54 +0000 |
|---|---|---|
| committer | Robbie Harwood <rharwood@redhat.com> | 2016-01-08 18:38:57 +0000 |
| commit | b653d26d531e3d0e01aa6195d04d82ce7c14c0ad (patch) | |
| tree | 6be2de269fc24165113b02bfd7068b78481a05ee | |
| parent | 07d6f2cd01311773f0b11af9b174b5cb776d36cf (diff) | |
| download | krb5-b653d26d531e3d0e01aa6195d04d82ce7c14c0ad.tar.gz krb5-b653d26d531e3d0e01aa6195d04d82ce7c14c0ad.tar.xz krb5-b653d26d531e3d0e01aa6195d04d82ce7c14c0ad.zip | |
Backport fix for chrome crash in spnego_gss_inquire_context
Resolves: #1295893
| -rw-r--r-- | krb5-init_context_null_spnego.patch | 46 | ||||
| -rw-r--r-- | krb5.spec | 8 |
2 files changed, 53 insertions, 1 deletions
diff --git a/krb5-init_context_null_spnego.patch b/krb5-init_context_null_spnego.patch new file mode 100644 index 0000000..af147cd --- /dev/null +++ b/krb5-init_context_null_spnego.patch @@ -0,0 +1,46 @@ +From 3beb564cea3d219efcf71682b6576cad548c2d23 Mon Sep 17 00:00:00 2001 +From: Simo Sorce <simo@redhat.com> +Date: Tue, 5 Jan 2016 12:11:59 -0500 +Subject: [PATCH] Check internal context on init context errors + +If the mechanism deletes the internal context handle on error, the +mechglue must do the same with the union context, to avoid crashes if +the application calls other functions with this invalid union context. + +[ghudson@mit.edu: edit commit message and code comment] + +ticket: 8337 (new) +target_version: 1.14-next +target_version: 1.13-next +tags: pullup +--- + src/lib/gssapi/mechglue/g_init_sec_context.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/src/lib/gssapi/mechglue/g_init_sec_context.c b/src/lib/gssapi/mechglue/g_init_sec_context.c +index aaae767..9f154b8 100644 +--- a/src/lib/gssapi/mechglue/g_init_sec_context.c ++++ b/src/lib/gssapi/mechglue/g_init_sec_context.c +@@ -224,12 +224,15 @@ OM_uint32 * time_rec; + + if (status != GSS_S_COMPLETE && status != GSS_S_CONTINUE_NEEDED) { + /* +- * the spec says (the preferred) method is to delete all +- * context info on the first call to init, and on all +- * subsequent calls make the caller responsible for +- * calling gss_delete_sec_context ++ * The spec says the preferred method is to delete all context info on ++ * the first call to init, and on all subsequent calls make the caller ++ * responsible for calling gss_delete_sec_context. However, if the ++ * mechanism decided to delete the internal context, we should also ++ * delete the union context. + */ + map_error(minor_status, mech); ++ if (union_ctx_id->internal_ctx_id == GSS_C_NO_CONTEXT) ++ *context_handle = GSS_C_NO_CONTEXT; + if (*context_handle == GSS_C_NO_CONTEXT) { + free(union_ctx_id->mech_type->elements); + free(union_ctx_id->mech_type); +-- +2.6.4 + @@ -20,7 +20,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.14 -Release: 12%{?dist} +Release: 13%{?dist} # - Maybe we should explode from the now-available-to-everybody tarball instead? # http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13.2-signed.tar # - The sources below are stored in a lookaside cache. Upload with @@ -66,6 +66,7 @@ Patch134: krb5-1.11-kpasswdtest.patch Patch148: krb5-disable_ofd_locks.patch Patch150: krb5-fix_interposer.patch Patch151: krb5-mechglue_inqure_attrs.patch +Patch152: krb5-init_context_null_spnego.patch License: MIT URL: http://web.mit.edu/kerberos/www/ @@ -248,6 +249,7 @@ ln NOTICE LICENSE %patch150 -p1 -b .fix_interposer %patch151 -p1 -b .mechglue_inqure_attrs +%patch152 -p1 -b .init_context_null_spnego # Take the execute bit off of documentation. chmod -x doc/krb5-protocol/*.txt doc/ccapi/*.html @@ -818,6 +820,10 @@ exit 0 %changelog +* Fri Jan 08 2016 Robbie Harwood <rharwood@redhat.com> - 1.14-13 +- Backport fix for chrome crash in spnego_gss_inquire_context +- Resolves: #1295893 + * Wed Dec 16 2015 Robbie Harwood <rharwood@redhat.com> - 1.14-12 - Backport patch to fix mechglue for gss_inqure_attrs_for_mech() |