[krb5/f20] Pull in upstream fix for an mischecked strdup()

Wed Aug 20 21:31:15 UTC 2014

commit 302190606389de6a4de467b9959b1cc1eb62b0ef
Author: Nalin Dahyabhai <nalin at redhat.com>
Date:   Wed Aug 20 17:13:20 2014 -0400

    Pull in upstream fix for an mischecked strdup()
    
    - pull in upstream fix for an incorrect check on the value returned by a
      strdup() call (#1132062)

 krb5-master-strdupcheck.patch |   25 +++++++++++++++++++++++++
 krb5.spec                     |    9 ++++++++-
 2 files changed, 33 insertions(+), 1 deletions(-)
---

diff --git a/krb5-master-strdupcheck.patch b/krb5-master-strdupcheck.patch
new file mode 100644
index 0000000..cf72fdf
--- /dev/null
+++ b/krb5-master-strdupcheck.patch
@@ -0,0 +1,25 @@
+Tweaked to apply to 1.11.5.
+
+commit b6810da129512b6d0200580d78d22d38cc214e21
+Author: Lukas Slebodnik <lslebodn at redhat.com>
+Date:   Sat Jun 21 17:09:31 2014 +0200
+
+    Fix error check in krb5_ldap_parse_principal_name
+    
+    Test the correct variable for NULL to detect a strdup failure.
+    
+    [ghudson at mit.edu: clarified commit message]
+
+diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
+index 21695a9..44bf339 100644
+--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
++++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
+@@ -412,7 +412,7 @@ krb5_ldap_parse_principal_name(char *i_princ_name, char **o_princ_name)
+     at_rlm_name = strrchr(i_princ_name, '@');
+     if (!at_rlm_name) {
+         *o_princ_name = strdup(i_princ_name);
+-        if (!o_princ_name)
++        if (!*o_princ_name)
+             return ENOMEM;
+     } else {
+         krb5int_buf_init_dynamic(&buf);
diff --git a/krb5.spec b/krb5.spec
index 19a0dac..face756 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -41,7 +41,7 @@
 Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.11.5
-Release: 11%{?dist}
+Release: 12%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-1.11.5-signed.tar
 Source0: krb5-%{version}.tar.gz
@@ -133,6 +133,8 @@ Patch165: krb5-gssapi-spnego-deref.patch
 Patch166: http://web.mit.edu/kerberos/advisories/2014-001-patch.txt
 Patch167: http://web.mit.edu/kerberos/advisories/2014-001-patch.txt.asc
 
+Patch168: krb5-master-strdupcheck.patch
+
 # Patches for otp plugin backport
 Patch201: krb5-1.11.2-keycheck.patch
 Patch202: krb5-1.11.2-otp.patch
@@ -423,6 +425,7 @@ ln -s NOTICE LICENSE
 %patch165 -p1 -b .gssapi-spnego-deref
 
 %patch166 -p1 -b .2014-001
+%patch168 -p1 -b .master-strdupcheck
 
 %patch201 -p1 -b .keycheck
 %patch202 -p1 -b .otp
@@ -1096,6 +1099,10 @@ exit 0
 %{_sbindir}/uuserver
 
 %changelog
+* Wed Aug 20 2014 Nalin Dahyabhai <nalin at redhat.com> - 1.11.5-12
+- pull in upstream fix for an incorrect check on the value returned by a
+  strdup() call (#1132062)
+
 * Thu Aug  7 2014 Nalin Dahyabhai <nalin at redhat.com> - 1.11.5-11
 - incorporate fix for MITKRB5-SA-2014-001 (CVE-2014-4345)
 
