Dmitry Belyavskiy
parent
606a2027e3
commit
b06fafa9fe
|
|
@ -0,0 +1,56 @@
|
|||
diff -up cyrus-sasl-2.1.27/include/makemd5.c.coverity cyrus-sasl-2.1.27/include/makemd5.c
|
||||
--- cyrus-sasl-2.1.27/include/makemd5.c.coverity 2021-04-12 15:10:25.421431535 +0200
|
||||
+++ cyrus-sasl-2.1.27/include/makemd5.c 2021-04-12 15:56:46.752827737 +0200
|
||||
@@ -107,7 +107,6 @@ my_strupr(char *s)
|
||||
}
|
||||
}
|
||||
|
||||
-
|
||||
#define BITSIZE(TYPE) \
|
||||
{ \
|
||||
int b = 0; TYPE x = 1, zero = 0; char *pre = "U"; \
|
||||
@@ -129,6 +128,8 @@ my_strupr(char *s)
|
||||
static void
|
||||
try_signed(FILE *f, int len)
|
||||
{
|
||||
+/* Local macros for not-installed program. No coverity/compiler issues! */
|
||||
+#pragma GCC diagnostic ignored "-Wformat-overflow"
|
||||
#ifdef HAVE_INT8_T
|
||||
BITSIZE(int8_t);
|
||||
#endif
|
||||
@@ -149,6 +150,7 @@ try_signed(FILE *f, int len)
|
||||
BITSIZE(long long);
|
||||
#endif
|
||||
fprintf(f, "/* There is no %d bit type */\n", len);
|
||||
+#pragma GCC pop
|
||||
}
|
||||
|
||||
static void
|
||||
diff -up cyrus-sasl-2.1.27/saslauthd/lak.c.coverity cyrus-sasl-2.1.27/saslauthd/lak.c
|
||||
--- cyrus-sasl-2.1.27/saslauthd/lak.c.coverity 2018-11-08 18:29:57.000000000 +0100
|
||||
+++ cyrus-sasl-2.1.27/saslauthd/lak.c 2021-04-12 15:10:25.433431630 +0200
|
||||
@@ -337,9 +337,9 @@ static int lak_config_read(
|
||||
EMPTY(conf->group_search_base) )
|
||||
strlcpy(conf->group_search_base, conf->search_base, LAK_DN_LEN);
|
||||
|
||||
- fclose(infile);
|
||||
+ fclose(infile);
|
||||
|
||||
- return LAK_OK;
|
||||
+ return LAK_OK;
|
||||
}
|
||||
|
||||
static int lak_config_int(
|
||||
diff -up cyrus-sasl-2.1.27/saslauthd/saslauthd-main.c.coverity cyrus-sasl-2.1.27/saslauthd/saslauthd-main.c
|
||||
--- cyrus-sasl-2.1.27/saslauthd/saslauthd-main.c.coverity 2018-01-19 15:13:40.000000000 +0100
|
||||
+++ cyrus-sasl-2.1.27/saslauthd/saslauthd-main.c 2021-04-12 15:10:25.433431630 +0200
|
||||
@@ -833,7 +833,8 @@ void detach_tty() {
|
||||
}
|
||||
|
||||
logger(L_INFO, L_FUNC, "master pid is: %lu", (unsigned long)master_pid);
|
||||
-
|
||||
+ /* null_fd expected to be more than 2, so it is closed after dups, no leaks occur */
|
||||
+ /* coverity[leaked_handle : FALSE]*/
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
@ -0,0 +1,51 @@
|
|||
diff --git a/plugins/gssapi.c b/plugins/gssapi.c
|
||||
index 5d900c5e..4688bb9a 100644
|
||||
--- a/plugins/gssapi.c
|
||||
+++ b/plugins/gssapi.c
|
||||
@@ -1567,7 +1567,6 @@ int gssapiv2_server_plug_init(
|
||||
{
|
||||
#ifdef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY
|
||||
const char *keytab = NULL;
|
||||
- char keytab_path[1024];
|
||||
unsigned int rl;
|
||||
#endif
|
||||
|
||||
@@ -1589,15 +1588,7 @@ int gssapiv2_server_plug_init(
|
||||
return SASL_FAIL;
|
||||
}
|
||||
|
||||
- if(strlen(keytab) > 1024) {
|
||||
- utils->log(NULL, SASL_LOG_ERR,
|
||||
- "path to keytab is > 1024 characters");
|
||||
- return SASL_BUFOVER;
|
||||
- }
|
||||
-
|
||||
- strncpy(keytab_path, keytab, 1024);
|
||||
-
|
||||
- gsskrb5_register_acceptor_identity(keytab_path);
|
||||
+ gsskrb5_register_acceptor_identity(keytab);
|
||||
}
|
||||
#endif
|
||||
|
||||
diff --git a/plugins/ntlm.c b/plugins/ntlm.c
|
||||
index aeb3ac34..8a7d9065 100644
|
||||
--- a/plugins/ntlm.c
|
||||
+++ b/plugins/ntlm.c
|
||||
@@ -375,10 +375,15 @@ static unsigned char *P16_lm(unsigned char *P16, sasl_secret_t *passwd,
|
||||
unsigned *buflen __attribute__((unused)),
|
||||
int *result)
|
||||
{
|
||||
- char P14[14];
|
||||
+ char P14[14] = { 0 };
|
||||
+ int Plen;
|
||||
unsigned char S8[] = { 0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 };
|
||||
|
||||
- strncpy(P14, (const char *) passwd->data, sizeof(P14));
|
||||
+ Plen = sizeof(P14);
|
||||
+ if (passwd->len < Plen) {
|
||||
+ Plen = passwd->len;
|
||||
+ }
|
||||
+ memcpy(P14, (const char *) passwd->data, Plen);
|
||||
ucase(P14, sizeof(P14));
|
||||
|
||||
E(P16, (unsigned char *) P14, sizeof(P14), S8, sizeof(S8));
|
||||
|
|
@ -8,7 +8,7 @@
|
|||
Summary: The Cyrus SASL library
|
||||
Name: cyrus-sasl
|
||||
Version: 2.1.27
|
||||
Release: 8%{?dist}
|
||||
Release: 9%{?dist}
|
||||
License: BSD with advertising
|
||||
URL: https://www.cyrusimap.org/sasl/
|
||||
|
||||
|
|
@ -38,6 +38,9 @@ Patch101: cyrus-sasl-2.1.27-Add-basic-test-infrastructure.patch
|
|||
Patch102: cyrus-sasl-2.1.27-Add-Channel-Binding-support-for-GSSAPI-GSS-SPNEGO.patch
|
||||
Patch103: cyrus-sasl-2.1.27-Add-support-for-setting-max-ssf-0-to-GSS-SPNEGO.patch
|
||||
Patch104: cyrus-sasl-2.1.27-Emit-debug-log-only-in-case-of-errors.patch
|
||||
#https://github.com/simo5/cyrus-sasl/commit/ebd2387f06c84c7f9aac3167ec041bb01e5c6e48
|
||||
Patch105: cyrus-sasl-2.1.27-nostrncpy.patch
|
||||
Patch500: cyrus-sasl-2.1.27-coverity.patch
|
||||
|
||||
BuildRequires: autoconf, automake, libtool, gdbm-devel, groff
|
||||
BuildRequires: krb5-devel >= 1.2.2, openssl-devel, pam-devel, pkgconfig
|
||||
|
|
@ -165,6 +168,8 @@ the GS2 authentication scheme.
|
|||
%patch102 -p1 -b .gssapi_cbs
|
||||
%patch103 -p1 -b .maxssf0
|
||||
%patch104 -p1 -b .nolog
|
||||
%patch105 -p1 -b .nostrncpy
|
||||
%patch500 -p1 -b .coverity
|
||||
|
||||
%build
|
||||
# reconfigure
|
||||
|
|
@ -373,6 +378,9 @@ getent passwd %{username} >/dev/null || useradd -r -g %{username} -d %{homedir}
|
|||
%{_sbindir}/sasl2-shared-mechlist
|
||||
|
||||
%changelog
|
||||
* Mon Apr 12 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 2.1.27-9
|
||||
- Coverity-related fixes (#1938700)
|
||||
|
||||
* Mon Feb 08 2021 Pavel Raiskup <praiskup@redhat.com> - 2.1.27-8
|
||||
- rebuild for libpq ABI fix rhbz#1908268
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue