cyrus-sasl/SOURCES/cyrus-sasl-2.1.27-legacy-init.patch

From 4edb8ce82ac530f473a8728bae01d9fc8535c9cb Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Mon, 21 Jun 2021 14:24:18 -0400
Subject: [PATCH] Gracefully handle failed initializations

In OpenSSL 3.0 these algorithms have been moved to the legacy provider
which is not enabled by default. This means allocation can and do fail.
Handle failed allocations by returning an actual error instead of
crashing later with a NULL context.

Signed-off-by: Simo Sorce <simo@redhat.com>
---
 plugins/digestmd5.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/plugins/digestmd5.c b/plugins/digestmd5.c
index c6b54317..b2617536 100644
--- a/plugins/digestmd5.c
+++ b/plugins/digestmd5.c
@@ -254,6 +254,7 @@ typedef struct context {
     decode_context_t decode_context;
 
     /* if privacy mode is used use these functions for encode and decode */
+    char *cipher_name;
     cipher_function_t *cipher_enc;
     cipher_function_t *cipher_dec;
     cipher_init_t *cipher_init;
@@ -2821,6 +2822,7 @@ static int digestmd5_server_mech_step2(server_context_t *stext,
 	}
 	
 	if (cptr->name) {
+	    text->cipher_name = cptr->name;
 	    text->cipher_enc = cptr->cipher_enc;
 	    text->cipher_dec = cptr->cipher_dec;
 	    text->cipher_init = cptr->cipher_init;
@@ -2964,7 +2966,10 @@ static int digestmd5_server_mech_step2(server_context_t *stext,
 	if (text->cipher_init) {
 	    if (text->cipher_init(text, enckey, deckey) != SASL_OK) {
 		sparams->utils->seterror(sparams->utils->conn, 0,
-					 "couldn't init cipher");
+					 "couldn't init cipher '%s'",
+                                         text->cipher_name);
+                result = SASL_FAIL;
+                goto FreeAllMem;
 	    }
 	}
     }
@@ -3515,6 +3520,7 @@ static int make_client_response(context_t *text,
 	oparams->mech_ssf = ctext->cipher->ssf;
 
 	nbits = ctext->cipher->n;
+	text->cipher_name = ctext->cipher->name;
 	text->cipher_enc = ctext->cipher->cipher_enc;
 	text->cipher_dec = ctext->cipher->cipher_dec;
 	text->cipher_free = ctext->cipher->cipher_free;
@@ -3739,7 +3745,13 @@ static int make_client_response(context_t *text,
 	
 	/* initialize cipher if need be */
 	if (text->cipher_init) {
-	    text->cipher_init(text, enckey, deckey);
+	    if (text->cipher_init(text, enckey, deckey) != SASL_OK) {
+	        params->utils->seterror(params->utils->conn, 0,
+		         "internal error: failed to init cipher '%s'",
+                         text->cipher_name);
+                result = SASL_FAIL;
+                goto FreeAllocatedMem;
+            }
 	}
     }
     
-- 
2.31.1
import cyrus-sasl-2.1.27-17.el9 2021-11-04 03:44:24 +00:00			`From 4edb8ce82ac530f473a8728bae01d9fc8535c9cb Mon Sep 17 00:00:00 2001`
			`From: Simo Sorce <simo@redhat.com>`
			`Date: Mon, 21 Jun 2021 14:24:18 -0400`
			`Subject: [PATCH] Gracefully handle failed initializations`

			`In OpenSSL 3.0 these algorithms have been moved to the legacy provider`
			`which is not enabled by default. This means allocation can and do fail.`
			`Handle failed allocations by returning an actual error instead of`
			`crashing later with a NULL context.`

			`Signed-off-by: Simo Sorce <simo@redhat.com>`
			`---`
			`plugins/digestmd5.c \| 16 ++++++++++++++--`
			`1 file changed, 14 insertions(+), 2 deletions(-)`

			`diff --git a/plugins/digestmd5.c b/plugins/digestmd5.c`
			`index c6b54317..b2617536 100644`
			`--- a/plugins/digestmd5.c`
			`+++ b/plugins/digestmd5.c`
			`@@ -254,6 +254,7 @@ typedef struct context {`
			`decode_context_t decode_context;`

			`/* if privacy mode is used use these functions for encode and decode */`
			`+ char *cipher_name;`
			`cipher_function_t *cipher_enc;`
			`cipher_function_t *cipher_dec;`
			`cipher_init_t *cipher_init;`
			`@@ -2821,6 +2822,7 @@ static int digestmd5_server_mech_step2(server_context_t *stext,`
			`}`

			`if (cptr->name) {`
			`+ text->cipher_name = cptr->name;`
			`text->cipher_enc = cptr->cipher_enc;`
			`text->cipher_dec = cptr->cipher_dec;`
			`text->cipher_init = cptr->cipher_init;`
			`@@ -2964,7 +2966,10 @@ static int digestmd5_server_mech_step2(server_context_t *stext,`
			`if (text->cipher_init) {`
			`if (text->cipher_init(text, enckey, deckey) != SASL_OK) {`
			`sparams->utils->seterror(sparams->utils->conn, 0,`
			`- "couldn't init cipher");`
			`+ "couldn't init cipher '%s'",`
			`+ text->cipher_name);`
			`+ result = SASL_FAIL;`
			`+ goto FreeAllMem;`
			`}`
			`}`
			`}`
			`@@ -3515,6 +3520,7 @@ static int make_client_response(context_t *text,`
			`oparams->mech_ssf = ctext->cipher->ssf;`

			`nbits = ctext->cipher->n;`
			`+ text->cipher_name = ctext->cipher->name;`
			`text->cipher_enc = ctext->cipher->cipher_enc;`
			`text->cipher_dec = ctext->cipher->cipher_dec;`
			`text->cipher_free = ctext->cipher->cipher_free;`
			`@@ -3739,7 +3745,13 @@ static int make_client_response(context_t *text,`

			`/* initialize cipher if need be */`
			`if (text->cipher_init) {`
			`- text->cipher_init(text, enckey, deckey);`
			`+ if (text->cipher_init(text, enckey, deckey) != SASL_OK) {`
			`+ params->utils->seterror(params->utils->conn, 0,`
			`+ "internal error: failed to init cipher '%s'",`
			`+ text->cipher_name);`
			`+ result = SASL_FAIL;`
			`+ goto FreeAllocatedMem;`
			`+ }`
			`}`
			`}`

			`--`
			`2.31.1`