Fix incorrect use of non-null string in xdr

Also move version number to better reflect what is inside

.gitignore

@@ -15,3 +15,5 @@
 /gssproxy-0.6.0.tar.gz
 /gssproxy-0.6.1.tar.gz
 /gssproxy-0.6.1.tar.gz.sha512sum.txt
+/gssproxy-0.6.2.tar.gz
+/gssproxy-0.6.2.tar.gz.sha512sum.txt

Fix-allocation-of-cred_store-to-have-two-extra-slots.patch

@@ -1,30 +0,0 @@
-From 015e13e242e3959809372b1b03f36938eb592021 Mon Sep 17 00:00:00 2001
-From: Robbie Harwood <rharwood@redhat.com>
-Date: Mon, 23 Jan 2017 13:28:56 -0500
-Subject: [PATCH] Fix allocation of cred_store to have two extra slots
-
-Signed-off-by: Robbie Harwood <rharwood@redhat.com>
----
- proxy/src/gp_creds.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/proxy/src/gp_creds.c b/proxy/src/gp_creds.c
-index 95d5585..0e5532f 100644
---- a/proxy/src/gp_creds.c
-+++ b/proxy/src/gp_creds.c
-@@ -411,9 +411,9 @@ static int gp_get_cred_environment(struct gp_call_ctx *gpcall,
-         return 0;
-     }
- 
--    /* allocate 1 more than in source, just in case we need to add
--     * an internal client_keytab element */
--    cs->elements = calloc(svc->krb5.store.count + 1,
-+    /* allocate 2 more than in source, just in case we need to add
-+     * an internal client_keytab element and ccache */
-+    cs->elements = calloc(svc->krb5.store.count + 2,
-                           sizeof(gss_key_value_element_desc));
-     if (!cs->elements) {
-         ret = ENOMEM;
--- 
-2.11.0
-

Fix-incorrect-use-of-non-null-terminated-string.patch

@@ -0,0 +1,42 @@
+From 5066d2d9d150d9761a33307ecd533f045e11ad59 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Thu, 23 Feb 2017 11:51:04 -0500
+Subject: [PATCH] Fix incorrect use of non-null terminated string
+
+Octet_string_val values are not guaranteed to be zero terminated.
+
+Signed-off-by: Simo Sorce <simo@redhat.com>
+Reviewed-by: Robbie Harwood <rharwood@redhat.com>
+Resolves: #49
+(cherry picked from commit 25c587458c90893168fd906a5de9cc7598e94619)
+---
+ proxy/src/mechglue/gpp_creds.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/proxy/src/mechglue/gpp_creds.c b/proxy/src/mechglue/gpp_creds.c
+index c1506e6..38d03fd 100644
+--- a/proxy/src/mechglue/gpp_creds.c
++++ b/proxy/src/mechglue/gpp_creds.c
+@@ -14,6 +14,7 @@ uint32_t gpp_store_remote_creds(uint32_t *min,
+     krb5_ccache ccache = NULL;
+     krb5_creds cred;
+     krb5_error_code ret;
++    char cred_name[creds->desired_name.display_name.octet_string_len + 1];
+     XDR xdrctx;
+     bool xdrok;
+ 
+@@ -41,9 +42,11 @@ uint32_t gpp_store_remote_creds(uint32_t *min,
+         if (ret) goto done;
+     }
+ 
+-    ret = krb5_parse_name(ctx,
+-                          creds->desired_name.display_name.octet_string_val,
+-                          &cred.client);
++    memcpy(cred_name, creds->desired_name.display_name.octet_string_val,
++           creds->desired_name.display_name.octet_string_len);
++    cred_name[creds->desired_name.display_name.octet_string_len] = '\0';
++
++    ret = krb5_parse_name(ctx, cred_name, &cred.client);
+     if (ret) goto done;
+ 
+     ret = krb5_parse_name(ctx, GPKRB_SRV_NAME, &cred.server);

gssproxy.spec

@@ -1,12 +1,12 @@
 Name:		gssproxy
-Version:	0.6.1
-Release:	3%{?dist}
+Version:	0.6.2
+Release:	1%{?dist}
 Summary:	GSSAPI Proxy
 
 Group:		System Environment/Libraries
 License:	MIT
-URL:		http://fedorahosted.org/gss-proxy
-Source0:	http://fedorahosted.org/released/gss-proxy/%{name}-%{version}.tar.gz
+URL:		https://pagure.io/gssproxy
+Source0:	https://releases.pagure.org/%{name}/%{name}-%{version}.tar.gz
 BuildRoot:	%(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 
 %global servicename gssproxy
@@ -14,7 +14,7 @@ BuildRoot:	%(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 %global gpstatedir %{_localstatedir}/lib/gssproxy
 
 ### Patches ###
-Patch1: Fix-allocation-of-cred_store-to-have-two-extra-slots.patch
+Patch1: Fix-incorrect-use-of-non-null-terminated-string.patch
 
 ### Dependencies ###
 Requires: krb5-libs >= 1.12.0
@@ -58,8 +58,7 @@ A proxy for GSSAPI credential handling
 
 %prep
 %setup -q
-
-%patch1 -p2 -b .Fix-allocation-of-cred_store-to-have-two-extra-slots
+%patch1 -p2 -b .Fix-incorrect-use-of-non-null-terminated-string
 
 %build
 autoreconf -f -i
@@ -120,6 +119,10 @@ rm -rf %{buildroot}
 %systemd_postun_with_restart gssproxy.service
 
 %changelog
+* Thu Feb 23 2017 Robbie Harwood <rharwood@redhat.com> - 0.6.2-1
+- Fix incorrect use of non-null string in xdr
+- Also move version number to better reflect what is inside
+
 * Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.1-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
 

sources

@@ -1,2 +1,2 @@
-SHA512 (gssproxy-0.6.1.tar.gz) = c3dff11ddd17804e4be3f8930b0b2b3f30174d628fa513bd8f3998ab692bf71bd560ef351eb37d4ac40b6258c645e7833fc0b10d53985c45072a335d0270ff1c
-SHA512 (gssproxy-0.6.1.tar.gz.sha512sum.txt) = d40fe2d0a2870a43ccbb40bd73773143014531ca4a9998817876b3071f521ae847a8d80e349804047c797aa79a1de99513afedbd6eaac3ee0f859d813c3e25d9
+SHA512 (gssproxy-0.6.2.tar.gz) = 3c19fbd6e6c8aa2946512f947e016642672a98559b0c47dfb2a4abe2c9dbf06f1bd4f028199cd4828edf00eb0f5d3eac55bda73dcfeb27095e8e9ab14fc88bcd
+SHA512 (gssproxy-0.6.2.tar.gz.sha512sum.txt) = 180f91ee7ef560077ecb689b64c0b71c305c12130a510c5e5c7a51c59593e6f509cb91726ab6cbb35f43905d96e87c77966471b814d02a9d6754aa6b44b192cb