[krb5/f20] Pull in fix for possible NULL deref on bdb error
Nalin Dahyabhai
nalin at fedoraproject.org
Wed Aug 20 21:31:20 UTC 2014
commit 5f545864a3614959679e0b1cf7cef5906822deb0
Author: Nalin Dahyabhai <nalin at redhat.com>
Date: Wed Aug 20 17:15:09 2014 -0400
Pull in fix for possible NULL deref on bdb error
- pull in upstream fix for a possible null dereference in a db2 btree
error case (#1132062)
krb5-master-hprev.patch | 43 +++++++++++++++++++++++++++++++++++++++++++
krb5.spec | 4 ++++
2 files changed, 47 insertions(+), 0 deletions(-)
---
diff --git a/krb5-master-hprev.patch b/krb5-master-hprev.patch
new file mode 100644
index 0000000..04d814e
--- /dev/null
+++ b/krb5-master-hprev.patch
@@ -0,0 +1,43 @@
+commit f5345bba2a993066f9b886dae491d211ed9be057
+Author: Greg Hudson <ghudson at mit.edu>
+Date: Thu Dec 20 14:17:45 2012 -0500
+
+ Avoid null dereference in BDB dbtree error case
+
+ An error case in __bt_first would deference a null pointer. This is
+ an old upstream BDB bug. Use a separate variable to hold the result
+ of mpool_get() until it has been checked. Reported by Nickolai
+ Zeldovich <nickolai at csail.mit.edu>.
+
+ ticket: 7511
+
+diff --git a/src/plugins/kdb/db2/libdb2/btree/bt_seq.c b/src/plugins/kdb/db2/libdb2/btree/bt_seq.c
+index 5707cab..b39d89e 100644
+--- a/src/plugins/kdb/db2/libdb2/btree/bt_seq.c
++++ b/src/plugins/kdb/db2/libdb2/btree/bt_seq.c
+@@ -400,7 +400,7 @@ __bt_first(t, key, erval, exactp)
+ EPG *erval;
+ int *exactp;
+ {
+- PAGE *h;
++ PAGE *h, *hprev;
+ EPG *ep, save;
+ db_pgno_t pg;
+
+@@ -444,14 +444,14 @@ __bt_first(t, key, erval, exactp)
+ break;
+ if (h->pgno != save.page->pgno)
+ mpool_put(t->bt_mp, h, 0);
+- if ((h = mpool_get(t->bt_mp,
++ if ((hprev = mpool_get(t->bt_mp,
+ h->prevpg, 0)) == NULL) {
+ if (h->pgno == save.page->pgno)
+ mpool_put(t->bt_mp,
+ save.page, 0);
+ return (RET_ERROR);
+ }
+- ep->page = h;
++ ep->page = h = hprev;
+ ep->index = NEXTINDEX(h);
+ }
+ --ep->index;
diff --git a/krb5.spec b/krb5.spec
index face756..cbab18b 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -134,6 +134,7 @@ Patch166: http://web.mit.edu/kerberos/advisories/2014-001-patch.txt
Patch167: http://web.mit.edu/kerberos/advisories/2014-001-patch.txt.asc
Patch168: krb5-master-strdupcheck.patch
+Patch169: krb5-master-hprev.patch
# Patches for otp plugin backport
Patch201: krb5-1.11.2-keycheck.patch
@@ -426,6 +427,7 @@ ln -s NOTICE LICENSE
%patch166 -p1 -b .2014-001
%patch168 -p1 -b .master-strdupcheck
+%patch169 -p1 -b .master-hprev
%patch201 -p1 -b .keycheck
%patch202 -p1 -b .otp
@@ -1102,6 +1104,8 @@ exit 0
* Wed Aug 20 2014 Nalin Dahyabhai <nalin at redhat.com> - 1.11.5-12
- pull in upstream fix for an incorrect check on the value returned by a
strdup() call (#1132062)
+- pull in upstream fix for a possible null dereference in a db2 btree error
+ case (#1132062)
* Thu Aug 7 2014 Nalin Dahyabhai <nalin at redhat.com> - 1.11.5-11
- incorporate fix for MITKRB5-SA-2014-001 (CVE-2014-4345)
More information about the scm-commits
mailing list