[krb5] Pick up an interop fix from master (RT#7794)
Nalin Dahyabhai
nalin at fedoraproject.org
Wed Dec 18 19:33:47 UTC 2013
commit 735b73ebbba370d01d427affa96fb0807f61720e
Author: Nalin Dahyabhai <nalin at dahyabhai.net>
Date: Wed Dec 18 14:20:57 2013 -0500
Pick up an interop fix from master (RT#7794)
- pull in fix from master to return a NULL pointer rather than allocating
zero bytes of memory if we read a zero-length input token (RT#7794, part of
#1043962)
krb5-master-no-malloc0.patch | 39 +++++++++++++++++++++++++++++++++++++++
krb5.spec | 9 ++++++++-
2 files changed, 47 insertions(+), 1 deletions(-)
---
diff --git a/krb5-master-no-malloc0.patch b/krb5-master-no-malloc0.patch
new file mode 100644
index 0000000..e5b0e63
--- /dev/null
+++ b/krb5-master-no-malloc0.patch
@@ -0,0 +1,39 @@
+commit 13fd26e1863c79f616653f6a10a58c01f65fceff
+Author: Greg Hudson <ghudson at mit.edu>
+Date: Fri Dec 6 18:56:56 2013 -0500
+
+ Avoid malloc(0) in SPNEGO get_input_token
+
+ If we read a zero-length token in spnego_mech.c's get_input_token(),
+ set the value pointer to NULL instead of calling malloc(0).
+
+ ticket: 7794 (new)
+
+diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
+index 24c3440..3937662 100644
+--- a/src/lib/gssapi/spnego/spnego_mech.c
++++ b/src/lib/gssapi/spnego/spnego_mech.c
+@@ -3140,14 +3140,17 @@ get_input_token(unsigned char **buff_in, unsigned int buff_length)
+ return (NULL);
+
+ input_token->length = len;
+- input_token->value = gssalloc_malloc(input_token->length);
++ if (input_token->length > 0) {
++ input_token->value = gssalloc_malloc(input_token->length);
++ if (input_token->value == NULL) {
++ free(input_token);
++ return (NULL);
++ }
+
+- if (input_token->value == NULL) {
+- free(input_token);
+- return (NULL);
++ memcpy(input_token->value, *buff_in, input_token->length);
++ } else {
++ input_token->value = NULL;
+ }
+-
+- (void) memcpy(input_token->value, *buff_in, input_token->length);
+ *buff_in += input_token->length;
+ return (input_token);
+ }
diff --git a/krb5.spec b/krb5.spec
index 1d9161d..bac784a 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -41,7 +41,7 @@
Summary: The Kerberos network authentication system
Name: krb5
Version: 1.12
-Release: 1%{?dist}
+Release: 2%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.12/krb5-1.12-signed.tar
Source0: krb5-%{version}.tar.gz
@@ -90,6 +90,7 @@ Patch86: krb5-1.9-debuginfo.patch
Patch105: krb5-kvno-230379.patch
Patch129: krb5-1.11-run_user_0.patch
Patch134: krb5-1.11-kpasswdtest.patch
+Patch135: krb5-master-no-malloc0.patch
License: MIT
URL: http://web.mit.edu/kerberos/www/
@@ -300,6 +301,7 @@ ln -s NOTICE LICENSE
%patch71 -p1 -b .dirsrv-accountlock %{?_rawbuild}
%patch86 -p0 -b .debuginfo
%patch105 -p1 -b .kvno
+%patch135 -p1 -b .no-malloc0
# Apply when the hard-wired or configured default location is
# DIR:/run/user/%%{uid}/krb5cc.
@@ -954,6 +956,11 @@ exit 0
%{_sbindir}/uuserver
%changelog
+* Wed Dec 18 2013 Nalin Dahyabhai <nalin at redhat.com> - 1.12-2
+- pull in fix from master to return a NULL pointer rather than allocating
+ zero bytes of memory if we read a zero-length input token (RT#7794, part of
+ #1043962)
+
* Wed Dec 11 2013 Nalin Dahyabhai <nalin at redhat.com> - 1.12-1
- update to 1.12 final
More information about the scm-commits
mailing list