This is an automated email from the git hooks/post-receive script.
rharwood pushed a commit to branch sadness in repository gssproxy.
commit 7f08cf35404395785869df33214ce4c236463825 Author: Robbie Harwood rharwood@redhat.com Date: Thu Mar 30 15:23:53 2017 -0400
Use insecure getenv(3) for GSS_USE_PROXY and GSSPROXY_BEHAVIOR
There are no known security consequences of this other than self-DOS. Signed-off-by: Robbie Harwood rharwood@redhat.com --- proxy/src/mechglue/gss_plugin.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/proxy/src/mechglue/gss_plugin.c b/proxy/src/mechglue/gss_plugin.c index d735537..8f47c4e 100644 --- a/proxy/src/mechglue/gss_plugin.c +++ b/proxy/src/mechglue/gss_plugin.c @@ -41,7 +41,8 @@ enum gpp_behavior gpp_get_behavior(void) char *envval;
if (behavior == GPP_UNINITIALIZED) { - envval = gp_getenv("GSSPROXY_BEHAVIOR"); + /* insecure getenv(3) to placate NFS */ + envval = getenv("GSSPROXY_BEHAVIOR"); if (envval) { if (strcmp(envval, "LOCAL_ONLY") == 0) { behavior = GPP_LOCAL_ONLY; @@ -77,9 +78,8 @@ gss_OID_set gss_mech_interposer(gss_OID mech_type) OM_uint32 maj, min; char *envval;
- /* avoid looping in the gssproxy daemon by avoiding to interpose - * any mechanism */ - envval = gp_getenv("GSS_USE_PROXY"); + /* use insecure getenv(3) to placate NFS */ + envval = getenv("GSS_USE_PROXY"); if (!envval) { return NULL; } @@ -88,6 +88,7 @@ gss_OID_set gss_mech_interposer(gss_OID mech_type) return NULL; }
+ /* avoid looping in the gssproxy daemon by not interposing every mech */ interposed_mechs = NULL; maj = 0; if (gss_oid_equal(&gssproxy_mech_interposer, mech_type)) {