[sssd/f15] Fix segfault in TGT renewal

Stephen Gallagher sgallagh at fedoraproject.org
Mon May 23 19:04:29 UTC 2011 

commit 5b468418457ec22e05d8566a9601072770f2135d
Author: Stephen Gallagher <sgallagh at redhat.com>
Date:   Mon May 2 12:29:25 2011 -0400

    Fix segfault in TGT renewal

 ...data-to-the-renewal-item-if-renewal-fails.patch |   63 ++++++++++++++++++++
 sssd.spec                                          |    8 ++-
 2 files changed, 70 insertions(+), 1 deletions(-)
---
diff --git a/0001-Return-pam-data-to-the-renewal-item-if-renewal-fails.patch b/0001-Return-pam-data-to-the-renewal-item-if-renewal-fails.patch
new file mode 100644
index 0000000..2ed94e1
--- /dev/null
+++ b/0001-Return-pam-data-to-the-renewal-item-if-renewal-fails.patch
@@ -0,0 +1,63 @@
+From 7c4392c598f4ce426ee9e3fb9c8786677f55a33d Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose at redhat.com>
+Date: Mon, 2 May 2011 14:54:20 +0200
+Subject: [PATCH] Return pam data to the renewal item if renewal fails
+
+A previous patch changed a talloc_steal() into a talloc_move(). Now it
+is not enough to change the parent memory context with talloc_steal to
+give back the data, but it has to be assigned back too.
+
+Additionally this patch uses the missing pam data as an indication that
+a renewal request for this data is currently running.
+---
+ src/providers/krb5/krb5_renew_tgt.c |   13 +++++++++----
+ 1 files changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/src/providers/krb5/krb5_renew_tgt.c b/src/providers/krb5/krb5_renew_tgt.c
+index cf50666ffea6cf68956673cf3a827f55c958d809..c848afbcfdee5a5201574551f72d23cec59a4263 100644
+--- a/src/providers/krb5/krb5_renew_tgt.c
++++ b/src/providers/krb5/krb5_renew_tgt.c
+@@ -72,7 +72,8 @@ static void renew_tgt(struct tevent_context *ev, struct tevent_timer *te,
+         DEBUG(1, ("krb5_auth_send failed.\n"));
+ /* Give back the pam data to the renewal item to be able to retry at the next
+  * time the renewals re run. */
+-        talloc_steal(auth_data->renew_data, auth_data->pd);
++        auth_data->renew_data->pd = talloc_steal(auth_data->renew_data,
++                                                 auth_data->pd);
+         talloc_free(auth_data);
+         return;
+     }
+@@ -95,7 +96,8 @@ static void renew_tgt_done(struct tevent_req *req)
+         DEBUG(1, ("krb5_auth request failed.\n"));
+         if (auth_data->renew_data != NULL) {
+             DEBUG(5, ("Giving back pam data.\n"));
+-            talloc_steal(auth_data->renew_data, auth_data->pd);
++            auth_data->renew_data->pd = talloc_steal(auth_data->renew_data,
++                                                     auth_data->pd);
+         }
+     } else {
+         switch (pam_status) {
+@@ -130,7 +132,8 @@ static void renew_tgt_done(struct tevent_req *req)
+                           auth_data->pd->user));
+                 if (auth_data->renew_data != NULL) {
+                     DEBUG(5, ("Giving back pam data.\n"));
+-                    talloc_steal(auth_data->renew_data, auth_data->pd);
++                    auth_data->renew_data->pd = talloc_steal(auth_data->renew_data,
++                                                             auth_data->pd);
+                 }
+                 break;
+             default:
+@@ -169,7 +172,9 @@ static errno_t renew_all_tgts(struct renew_tgt_ctx *renew_tgt_ctx)
+         renew_data = talloc_get_type(entries[c].value.ptr, struct renew_data);
+         DEBUG(9, ("Checking [%s] for renewal at [%.24s].\n", renew_data->ccfile,
+                   ctime(&renew_data->start_renew_at)));
+-        if (renew_data->start_renew_at < now) {
++        /* If renew_data->pd == NULL a renewal request for this data is
++         * currently running so we skip it. */
++        if (renew_data->start_renew_at < now && renew_data->pd != NULL) {
+             auth_data = talloc_zero(renew_tgt_ctx, struct auth_data);
+             if (auth_data == NULL) {
+                 DEBUG(1, ("talloc_zero failed.\n"));
+-- 
+1.7.5
+
diff --git a/sssd.spec b/sssd.spec
index 635bad1..8912608 100644
--- a/sssd.spec
+++ b/sssd.spec
@@ -9,7 +9,7 @@
 
 Name: sssd
 Version: 1.5.7
-Release: 1%{?dist}
+Release: 2%{?dist}
 Group: Applications/System
 Summary: System Security Services Daemon
 License: GPLv3+
@@ -19,6 +19,8 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 
 ### Patches ###
 
+Patch0001: 0001-Return-pam-data-to-the-renewal-item-if-renewal-fails.patch
+
 ### Dependencies ###
 
 Requires: libldb = %{ldb_version}
@@ -111,6 +113,7 @@ use with ldap_default_authtok_type = obfuscated_password.
 %prep
 %setup -q
 
+%patch0001 -p1
 
 %build
 autoreconf -ivf
@@ -295,6 +298,9 @@ fi
 %postun client -p /sbin/ldconfig
 
 %changelog
+* Mon May 02 2011 Stephen Gallagher <sgallagh at redhat.com> - 1.5.7-2
+- Fix segfault in TGT renewal
+
 * Fri Apr 29 2011 Stephen Gallagher <sgallagh at redhat.com> - 1.5.7-1
 - Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites
 -                         cached password with predicatable filename

More information about the scm-commits mailing list