[krb5/f20] Pull in upstream fix for an mischecked strdup()
Nalin Dahyabhai
nalin at fedoraproject.org
Wed Aug 20 21:31:15 UTC 2014
commit 302190606389de6a4de467b9959b1cc1eb62b0ef
Author: Nalin Dahyabhai <nalin at redhat.com>
Date: Wed Aug 20 17:13:20 2014 -0400
Pull in upstream fix for an mischecked strdup()
- pull in upstream fix for an incorrect check on the value returned by a
strdup() call (#1132062)
krb5-master-strdupcheck.patch | 25 +++++++++++++++++++++++++
krb5.spec | 9 ++++++++-
2 files changed, 33 insertions(+), 1 deletions(-)
---
diff --git a/krb5-master-strdupcheck.patch b/krb5-master-strdupcheck.patch
new file mode 100644
index 0000000..cf72fdf
--- /dev/null
+++ b/krb5-master-strdupcheck.patch
@@ -0,0 +1,25 @@
+Tweaked to apply to 1.11.5.
+
+commit b6810da129512b6d0200580d78d22d38cc214e21
+Author: Lukas Slebodnik <lslebodn at redhat.com>
+Date: Sat Jun 21 17:09:31 2014 +0200
+
+ Fix error check in krb5_ldap_parse_principal_name
+
+ Test the correct variable for NULL to detect a strdup failure.
+
+ [ghudson at mit.edu: clarified commit message]
+
+diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
+index 21695a9..44bf339 100644
+--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
++++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
+@@ -412,7 +412,7 @@ krb5_ldap_parse_principal_name(char *i_princ_name, char **o_princ_name)
+ at_rlm_name = strrchr(i_princ_name, '@');
+ if (!at_rlm_name) {
+ *o_princ_name = strdup(i_princ_name);
+- if (!o_princ_name)
++ if (!*o_princ_name)
+ return ENOMEM;
+ } else {
+ krb5int_buf_init_dynamic(&buf);
diff --git a/krb5.spec b/krb5.spec
index 19a0dac..face756 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -41,7 +41,7 @@
Summary: The Kerberos network authentication system
Name: krb5
Version: 1.11.5
-Release: 11%{?dist}
+Release: 12%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-1.11.5-signed.tar
Source0: krb5-%{version}.tar.gz
@@ -133,6 +133,8 @@ Patch165: krb5-gssapi-spnego-deref.patch
Patch166: http://web.mit.edu/kerberos/advisories/2014-001-patch.txt
Patch167: http://web.mit.edu/kerberos/advisories/2014-001-patch.txt.asc
+Patch168: krb5-master-strdupcheck.patch
+
# Patches for otp plugin backport
Patch201: krb5-1.11.2-keycheck.patch
Patch202: krb5-1.11.2-otp.patch
@@ -423,6 +425,7 @@ ln -s NOTICE LICENSE
%patch165 -p1 -b .gssapi-spnego-deref
%patch166 -p1 -b .2014-001
+%patch168 -p1 -b .master-strdupcheck
%patch201 -p1 -b .keycheck
%patch202 -p1 -b .otp
@@ -1096,6 +1099,10 @@ exit 0
%{_sbindir}/uuserver
%changelog
+* Wed Aug 20 2014 Nalin Dahyabhai <nalin at redhat.com> - 1.11.5-12
+- pull in upstream fix for an incorrect check on the value returned by a
+ strdup() call (#1132062)
+
* Thu Aug 7 2014 Nalin Dahyabhai <nalin at redhat.com> - 1.11.5-11
- incorporate fix for MITKRB5-SA-2014-001 (CVE-2014-4345)
More information about the scm-commits
mailing list