From 239d137aa0301777707830ec814d7aeacee6ecc3 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Thu, 23 Feb 2017 18:20:45 +0000 Subject: [PATCH] Fix incorrect use of non-null string in xdr Also move version number to better reflect what is inside --- .gitignore | 2 + ...f-cred_store-to-have-two-extra-slots.patch | 30 ------------- ...ct-use-of-non-null-terminated-string.patch | 42 +++++++++++++++++++ gssproxy.spec | 17 ++++---- sources | 4 +- 5 files changed, 56 insertions(+), 39 deletions(-) delete mode 100644 Fix-allocation-of-cred_store-to-have-two-extra-slots.patch create mode 100644 Fix-incorrect-use-of-non-null-terminated-string.patch diff --git a/.gitignore b/.gitignore index ec0e83c..0787596 100644 --- a/.gitignore +++ b/.gitignore @@ -15,3 +15,5 @@ /gssproxy-0.6.0.tar.gz /gssproxy-0.6.1.tar.gz /gssproxy-0.6.1.tar.gz.sha512sum.txt +/gssproxy-0.6.2.tar.gz +/gssproxy-0.6.2.tar.gz.sha512sum.txt diff --git a/Fix-allocation-of-cred_store-to-have-two-extra-slots.patch b/Fix-allocation-of-cred_store-to-have-two-extra-slots.patch deleted file mode 100644 index 39876d2..0000000 --- a/Fix-allocation-of-cred_store-to-have-two-extra-slots.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 015e13e242e3959809372b1b03f36938eb592021 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Mon, 23 Jan 2017 13:28:56 -0500 -Subject: [PATCH] Fix allocation of cred_store to have two extra slots - -Signed-off-by: Robbie Harwood ---- - proxy/src/gp_creds.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/proxy/src/gp_creds.c b/proxy/src/gp_creds.c -index 95d5585..0e5532f 100644 ---- a/proxy/src/gp_creds.c -+++ b/proxy/src/gp_creds.c -@@ -411,9 +411,9 @@ static int gp_get_cred_environment(struct gp_call_ctx *gpcall, - return 0; - } - -- /* allocate 1 more than in source, just in case we need to add -- * an internal client_keytab element */ -- cs->elements = calloc(svc->krb5.store.count + 1, -+ /* allocate 2 more than in source, just in case we need to add -+ * an internal client_keytab element and ccache */ -+ cs->elements = calloc(svc->krb5.store.count + 2, - sizeof(gss_key_value_element_desc)); - if (!cs->elements) { - ret = ENOMEM; --- -2.11.0 - diff --git a/Fix-incorrect-use-of-non-null-terminated-string.patch b/Fix-incorrect-use-of-non-null-terminated-string.patch new file mode 100644 index 0000000..d54bb43 --- /dev/null +++ b/Fix-incorrect-use-of-non-null-terminated-string.patch @@ -0,0 +1,42 @@ +From 5066d2d9d150d9761a33307ecd533f045e11ad59 Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Thu, 23 Feb 2017 11:51:04 -0500 +Subject: [PATCH] Fix incorrect use of non-null terminated string + +Octet_string_val values are not guaranteed to be zero terminated. + +Signed-off-by: Simo Sorce +Reviewed-by: Robbie Harwood +Resolves: #49 +(cherry picked from commit 25c587458c90893168fd906a5de9cc7598e94619) +--- + proxy/src/mechglue/gpp_creds.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/proxy/src/mechglue/gpp_creds.c b/proxy/src/mechglue/gpp_creds.c +index c1506e6..38d03fd 100644 +--- a/proxy/src/mechglue/gpp_creds.c ++++ b/proxy/src/mechglue/gpp_creds.c +@@ -14,6 +14,7 @@ uint32_t gpp_store_remote_creds(uint32_t *min, + krb5_ccache ccache = NULL; + krb5_creds cred; + krb5_error_code ret; ++ char cred_name[creds->desired_name.display_name.octet_string_len + 1]; + XDR xdrctx; + bool xdrok; + +@@ -41,9 +42,11 @@ uint32_t gpp_store_remote_creds(uint32_t *min, + if (ret) goto done; + } + +- ret = krb5_parse_name(ctx, +- creds->desired_name.display_name.octet_string_val, +- &cred.client); ++ memcpy(cred_name, creds->desired_name.display_name.octet_string_val, ++ creds->desired_name.display_name.octet_string_len); ++ cred_name[creds->desired_name.display_name.octet_string_len] = '\0'; ++ ++ ret = krb5_parse_name(ctx, cred_name, &cred.client); + if (ret) goto done; + + ret = krb5_parse_name(ctx, GPKRB_SRV_NAME, &cred.server); diff --git a/gssproxy.spec b/gssproxy.spec index 5772385..8b7d91f 100644 --- a/gssproxy.spec +++ b/gssproxy.spec @@ -1,12 +1,12 @@ Name: gssproxy -Version: 0.6.1 -Release: 3%{?dist} +Version: 0.6.2 +Release: 1%{?dist} Summary: GSSAPI Proxy Group: System Environment/Libraries License: MIT -URL: http://fedorahosted.org/gss-proxy -Source0: http://fedorahosted.org/released/gss-proxy/%{name}-%{version}.tar.gz +URL: https://pagure.io/gssproxy +Source0: https://releases.pagure.org/%{name}/%{name}-%{version}.tar.gz BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) %global servicename gssproxy @@ -14,7 +14,7 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) %global gpstatedir %{_localstatedir}/lib/gssproxy ### Patches ### -Patch1: Fix-allocation-of-cred_store-to-have-two-extra-slots.patch +Patch1: Fix-incorrect-use-of-non-null-terminated-string.patch ### Dependencies ### Requires: krb5-libs >= 1.12.0 @@ -58,8 +58,7 @@ A proxy for GSSAPI credential handling %prep %setup -q - -%patch1 -p2 -b .Fix-allocation-of-cred_store-to-have-two-extra-slots +%patch1 -p2 -b .Fix-incorrect-use-of-non-null-terminated-string %build autoreconf -f -i @@ -120,6 +119,10 @@ rm -rf %{buildroot} %systemd_postun_with_restart gssproxy.service %changelog +* Thu Feb 23 2017 Robbie Harwood - 0.6.2-1 +- Fix incorrect use of non-null string in xdr +- Also move version number to better reflect what is inside + * Fri Feb 10 2017 Fedora Release Engineering - 0.6.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild diff --git a/sources b/sources index 1269ee5..1239a3c 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (gssproxy-0.6.1.tar.gz) = c3dff11ddd17804e4be3f8930b0b2b3f30174d628fa513bd8f3998ab692bf71bd560ef351eb37d4ac40b6258c645e7833fc0b10d53985c45072a335d0270ff1c -SHA512 (gssproxy-0.6.1.tar.gz.sha512sum.txt) = d40fe2d0a2870a43ccbb40bd73773143014531ca4a9998817876b3071f521ae847a8d80e349804047c797aa79a1de99513afedbd6eaac3ee0f859d813c3e25d9 +SHA512 (gssproxy-0.6.2.tar.gz) = 3c19fbd6e6c8aa2946512f947e016642672a98559b0c47dfb2a4abe2c9dbf06f1bd4f028199cd4828edf00eb0f5d3eac55bda73dcfeb27095e8e9ab14fc88bcd +SHA512 (gssproxy-0.6.2.tar.gz.sha512sum.txt) = 180f91ee7ef560077ecb689b64c0b71c305c12130a510c5e5c7a51c59593e6f509cb91726ab6cbb35f43905d96e87c77966471b814d02a9d6754aa6b44b192cb