[krb5] Catch more strtol() failures when using KEYRINGs

[Nalin Dahyabhai]

commit 49c8edfa6b6f76c91d1b144f0778e16450a3c1b4
Author: Nalin Dahyabhai <nalin at dahyabhai.net>
Date:   Mon Nov 11 14:11:29 2013 -0500

    Catch more strtol() failures when using KEYRINGs
    
    - check more thorougly for errors when resolving KEYRING ccache names of type
      "persistent", which should only have a numeric UID as the next part of the
      name (#1029110)

 krb5-keyring-strtol.patch |   35 +++++++++++++++++++++++++++++++++++
 krb5.spec                 |    9 ++++++++-
 2 files changed, 43 insertions(+), 1 deletions(-)
---
diff --git a/krb5-keyring-strtol.patch b/krb5-keyring-strtol.patch
new file mode 100644
index 0000000..8d6d047
--- /dev/null
+++ b/krb5-keyring-strtol.patch
@@ -0,0 +1,35 @@
+commit ffbb8f2fdd54c9d458dc84b544ac29eb3272bd2d
+Author: Nalin Dahyabhai <nalin at dahyabhai.net>
+Date:   Mon Nov 11 13:10:08 2013 -0500
+
+    Catch more strtol() failures when using KEYRINGs
+    
+    When parsing what should be a UID while resolving a KEYRING ccache name,
+    don't just depend on strtol() to set errno when the residual that we
+    pass to it can't be parsed as a number.  In addition to checking errno,
+    pass in and check the value of an "endptr".
+
+diff --git a/src/lib/krb5/ccache/cc_keyring.c b/src/lib/krb5/ccache/cc_keyring.c
+index 795ccd6..b1fc397 100644
+--- a/src/lib/krb5/ccache/cc_keyring.c
++++ b/src/lib/krb5/ccache/cc_keyring.c
+@@ -593,7 +593,7 @@ get_collection(const char *anchor_name, const char *collection_name,
+ {
+     krb5_error_code ret;
+     key_serial_t persistent_id, anchor_id, possess_id = 0;
+-    char *ckname;
++    char *ckname, *cnend = NULL;
+     long uidnum;
+ 
+     *collection_id_out = 0;
+@@ -607,8 +607,8 @@ get_collection(const char *anchor_name, const char *collection_name,
+          */
+         if (*collection_name != '\0') {
+             errno = 0;
+-            uidnum = strtol(collection_name, NULL, 10);
+-            if (errno)
++            uidnum = strtol(collection_name, &cnend, 10);
++            if (errno || cnend == NULL || *cnend != '\0')
+                 return KRB5_KCC_INVALID_UID;
+         } else {
+             uidnum = geteuid();
diff --git a/krb5.spec b/krb5.spec
index b4bc2c8..4928714 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -41,7 +41,7 @@
 Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.11.3
-Release: 29%{?dist}
+Release: 30%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-1.11.3-signed.tar
 Source0: krb5-%{version}.tar.gz
@@ -117,6 +117,7 @@ Patch202: krb5-1.11.2-otp.patch
 # Patches for kernel-persistent-keyring support (backport)
 Patch301: persistent_keyring.patch
 Patch302: krb5-master-kinit-cccol.patch
+Patch303: krb5-keyring-strtol.patch
 
 License: MIT
 URL: http://web.mit.edu/kerberos/www/
@@ -313,6 +314,7 @@ ln -s NOTICE LICENSE
 
 %patch301 -p1 -b .persistent-keyring
 %patch302 -p1 -b .kinit-cccol
+%patch303 -p1 -b .keyring-strtol
 
 %patch60 -p1 -b .pam
 
@@ -1006,6 +1008,11 @@ exit 0
 %{_sbindir}/uuserver
 
 %changelog
+* Mon Nov 11 2013 Nalin Dahyabhai <nalin at redhat.com> - 1.11.3-30
+- check more thorougly for errors when resolving KEYRING ccache names of type
+  "persistent", which should only have a numeric UID as the next part of the
+  name (#1029110)
+
 * Tue Nov  5 2013 Nalin Dahyabhai <nalin at redhat.com> - 1.11.3-29
 - incorporate upstream patch for remote crash of KDCs which serve multiple
   realms simultaneously (RT#7756, CVE-2013-1418)