From 01020a3a932d367464c52a64c771d14e8ed899f0 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Mon, 30 Oct 2017 17:38:48 -0400 Subject: [PATCH] Fix error message handling in gp_config_from_dir() --- ...ssage-handling-in-gp_config_from_dir.patch | 53 +++++++++++++++++++ gssproxy.spec | 6 ++- 2 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 Fix-error-message-handling-in-gp_config_from_dir.patch diff --git a/Fix-error-message-handling-in-gp_config_from_dir.patch b/Fix-error-message-handling-in-gp_config_from_dir.patch new file mode 100644 index 0000000..0a863a8 --- /dev/null +++ b/Fix-error-message-handling-in-gp_config_from_dir.patch @@ -0,0 +1,53 @@ +From 05d65d68d0103ab4bc4b1bc64e4962dce6847c3e Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Fri, 27 Oct 2017 14:39:35 -0400 +Subject: [PATCH] Fix error message handling in gp_config_from_dir() + +Resolves a potential double free if we ever get both a return value +and error message back from ini_config_augment(). + +Commit c0d85387fc38f9554d601ec2ddb111031a694387 exposes a misbehavior +in libini wherein merge failures are presented as nonfatal errors. +Paper around this. + +Signed-off-by: Robbie Harwood +(cherry picked from commit 49708ddde8c58d8197e1f7dfc2b2d097c6b278d5) +--- + proxy/src/gp_config.c | 17 ++++++++++------- + 1 file changed, 10 insertions(+), 7 deletions(-) + +diff --git a/proxy/src/gp_config.c b/proxy/src/gp_config.c +index f3ff1fd..d5db76a 100644 +--- a/proxy/src/gp_config.c ++++ b/proxy/src/gp_config.c +@@ -800,20 +800,23 @@ static int gp_config_from_dir(const char *config_dir, + &error_list, + NULL); + if (error_list) { +- uint32_t len; +- len = ref_array_len(error_list); ++ uint32_t len = ref_array_len(error_list); + for (uint32_t i = 0; i < len; i++) { + /* libini has an unfixable bug where error strings are (char **) */ +- GPAUDIT("Error when reading config directory: %s\n", +- *(char **)ref_array_get(error_list, i, NULL)); ++ char *errmsg = *(char **)ref_array_get(error_list, i, NULL); ++ ++ /* libini reports pattern match failure as (non-fatal) error ++ * https://pagure.io/SSSD/ding-libs/issue/3182 */ ++ if (strstr(errmsg, "did not match provided patterns. Skipping")) { ++ continue; ++ } ++ ++ GPAUDIT("Error when reading config directory: %s\n", errmsg); + } + ref_array_destroy(error_list); + } +- + if (ret && ret != EEXIST) { + GPERROR("Error when reading config directory number: %d\n", ret); +- +- ref_array_destroy(error_list); + return ret; + } + diff --git a/gssproxy.spec b/gssproxy.spec index 606ea8b..f55ab3e 100644 --- a/gssproxy.spec +++ b/gssproxy.spec @@ -1,6 +1,6 @@ Name: gssproxy Version: 0.7.0 -Release: 22%{?dist} +Release: 23%{?dist} Summary: GSSAPI Proxy Group: System Environment/Libraries @@ -37,6 +37,7 @@ Patch19: Fix-error-handling-in-gp_config_from_dir.patch Patch20: Fix-silent-crash-with-duplicate-config-sections.patch Patch21: Emit-debug-on-queue-errors.patch Patch22: Do-not-call-gpm_grab_sock-twice.patch +Patch23: Fix-error-message-handling-in-gp_config_from_dir.patch ### Dependencies ### Requires: krb5-libs >= 1.12.0 @@ -134,6 +135,9 @@ rm -rf %{buildroot} %systemd_postun_with_restart gssproxy.service %changelog +* Mon Oct 30 2017 Robbie Harwood - 0.7.0-23 +- Fix error message handling in gp_config_from_dir() + * Fri Oct 27 2017 Robbie Harwood - 0.7.0-22 - Fix concurrency issue in server socket handling