diff --git a/Add-a-safety-timeout-to-epoll.patch b/Add-a-safety-timeout-to-epoll.patch deleted file mode 100644 index 2635970..0000000 --- a/Add-a-safety-timeout-to-epoll.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 616620ad1f8568437da8d9ec235ffa2f2ec9ca32 Mon Sep 17 00:00:00 2001 -From: Simo Sorce -Date: Wed, 6 Mar 2019 10:36:11 -0500 -Subject: [PATCH] Add a safety timeout to epoll - -Add a safety timeout just in case something goes wrong with the use of -timerfd. This way the process should't be stuck forever. - -Signed-off-by: Simo Sorce -[rharwood@redhat.com: remove outdated comment] -Reviewed-by: Robbie Harwood -Merges: #241 -(cherry picked from commit d55be9fa2455fe52b6eb904ad427f22141ab3f26) ---- - src/client/gpm_common.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/src/client/gpm_common.c b/src/client/gpm_common.c -index d491200..95a39ab 100644 ---- a/src/client/gpm_common.c -+++ b/src/client/gpm_common.c -@@ -14,6 +14,7 @@ - #define FRAGMENT_BIT (1 << 31) - - #define RESPONSE_TIMEOUT 15 -+#define SAFETY_TIMEOUT RESPONSE_TIMEOUT * 10 * 1000 - #define MAX_TIMEOUT_RETRY 3 - - struct gpm_ctx { -@@ -291,7 +292,7 @@ static int gpm_epoll_wait(struct gpm_ctx *gpmctx, uint32_t event_flags) - } - - do { -- epoll_ret = epoll_wait(gpmctx->epollfd, events, 2, -1); -+ epoll_ret = epoll_wait(gpmctx->epollfd, events, 2, SAFETY_TIMEOUT); - } while (epoll_ret < 0 && errno == EINTR); - - if (epoll_ret < 0) { -@@ -299,8 +300,6 @@ static int gpm_epoll_wait(struct gpm_ctx *gpmctx, uint32_t event_flags) - ret = errno; - gpm_epoll_close(gpmctx); - } else if (epoll_ret == 0) { -- /* Shouldn't happen as timeout == -1; treat it like a timeout -- * occurred. */ - ret = ETIMEDOUT; - gpm_epoll_close(gpmctx); - } else if (epoll_ret == 1 && events[0].data.fd == gpmctx->timerfd) { diff --git a/Always-choose-highest-requested-debug-level.patch b/Always-choose-highest-requested-debug-level.patch deleted file mode 100644 index 59acb8e..0000000 --- a/Always-choose-highest-requested-debug-level.patch +++ /dev/null @@ -1,107 +0,0 @@ -From d284ec7dc9fe0a824b177873078aeb36a25b7878 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Wed, 11 Apr 2018 16:15:00 -0400 -Subject: [PATCH] Always choose highest requested debug level - -Allowing the CLI to lower the debug level specified in a config file -is dubious, and previously broken since we don't distinguish "default -value" from "explicitly requested value of 0" in popt. This resulted -in "Debug Enabled (level: 0)" even when the log level was not actually -0, which is confusing for users. - -Remove the gp_debug_args() function since it is no longer used. - -Signed-off-by: Robbie Harwood -Reviewed-by: Simo Sorce -Merges: #229 -(cherry picked from commit 5a714768aec776dc875237dd729c85389932a688) ---- - src/gp_debug.c | 34 ++++++++-------------------------- - src/gp_debug.h | 3 +-- - src/gssproxy.c | 2 +- - 3 files changed, 10 insertions(+), 29 deletions(-) - -diff --git a/src/gp_debug.c b/src/gp_debug.c -index 4a141fc..a0f51f0 100644 ---- a/src/gp_debug.c -+++ b/src/gp_debug.c -@@ -1,4 +1,4 @@ --/* Copyright (C) 2011 the GSS-PROXY contributors, see COPYING for license */ -+/* Copyright (C) 2011,2018 the GSS-PROXY contributors, see COPYING for license */ - - #include "config.h" - #include -@@ -7,35 +7,17 @@ - #include "gp_log.h" - - /* global debug switch */ --int gp_debug; -- --int gp_debug_args(int level) { -- static int args_level = 0; -- -- if (level != 0) { -- args_level = level; -- } -- return args_level; --} -+int gp_debug = 0; - - void gp_debug_toggle(int level) - { -- static bool krb5_trace_set = false; -+ if (level <= gp_debug) -+ return; - -- /* Command line and environment options override config file */ -- gp_debug = gp_debug_args(0); -- if (gp_debug == 0) { -- gp_debug = level; -- } -- if (level >= 3) { -- if (!getenv("KRB5_TRACE")) { -- setenv("KRB5_TRACE", "/dev/stderr", 1); -- krb5_trace_set = true; -- } -- } else if (krb5_trace_set) { -- unsetenv("KRB5_TRACE"); -- krb5_trace_set = false; -- } -+ if (level >= 3 && !getenv("KRB5_TRACE")) -+ setenv("KRB5_TRACE", "/dev/stderr", 1); -+ -+ gp_debug = level; - GPDEBUG("Debug Enabled (level: %d)\n", level); - } - -diff --git a/src/gp_debug.h b/src/gp_debug.h -index 1c2f8a3..4932bfd 100644 ---- a/src/gp_debug.h -+++ b/src/gp_debug.h -@@ -1,4 +1,4 @@ --/* Copyright (C) 2011 the GSS-PROXY contributors, see COPYING for license */ -+/* Copyright (C) 2011,2018 the GSS-PROXY contributors, see COPYING for license */ - - #ifndef _GP_DEBUG_H_ - #define _GP_DEBUG_H_ -@@ -10,7 +10,6 @@ - - extern int gp_debug; - --int gp_debug_args(int level); - void gp_debug_toggle(int); - void gp_debug_printf(const char *format, ...); - void gp_debug_time_printf(const char *format, ...); -diff --git a/src/gssproxy.c b/src/gssproxy.c -index 6d36a5d..db6e89b 100644 ---- a/src/gssproxy.c -+++ b/src/gssproxy.c -@@ -208,7 +208,7 @@ int main(int argc, const char *argv[]) - - if (opt_debug || opt_debug_level > 0) { - if (opt_debug_level == 0) opt_debug_level = 1; -- gp_debug_args(opt_debug_level); -+ gp_debug_toggle(opt_debug_level); - } - - if (opt_daemon && opt_interactive) { diff --git a/Always-use-the-encype-we-selected.patch b/Always-use-the-encype-we-selected.patch deleted file mode 100644 index afbf251..0000000 --- a/Always-use-the-encype-we-selected.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 64bf7f099fe52a214794486d16e3383ff25e8682 Mon Sep 17 00:00:00 2001 -From: Simo Sorce -Date: Tue, 27 Feb 2018 11:59:25 -0500 -Subject: [PATCH] Always use the encype we selected - -The enctype is selected from the keytab or from the fallback code. -Either way make sure to use the enctype stored in the key block. - -Signed-off-by: Simo Sorce -Reviewed-by: Robbie Harwood -Merges: #226 -(cherry picked from commit d73c96d658059ce64ecd41ff2924071d86f2b54f) ---- - src/gp_export.c | 7 +++---- - 1 file changed, 3 insertions(+), 4 deletions(-) - -diff --git a/src/gp_export.c b/src/gp_export.c -index c9f5fd4..5e8e160 100644 ---- a/src/gp_export.c -+++ b/src/gp_export.c -@@ -168,11 +168,10 @@ uint32_t gp_init_creds_handle(uint32_t *min, const char *svc_name, - GP_CREDS_HANDLE_KEY_ENCTYPE, 0, - &handle->key); - if (ret == 0) { -- ret = krb5_c_make_random_key(handle->context, -- GP_CREDS_HANDLE_KEY_ENCTYPE, -+ ret = krb5_c_make_random_key(handle->context, handle->key->enctype, - handle->key); - GPDEBUG("Service: %s, Enckey: [ephemeral], Enctype: %d\n", -- svc_name, GP_CREDS_HANDLE_KEY_ENCTYPE); -+ svc_name, handle->key->enctype); - } - if (ret) { - ret_min = ret; -@@ -254,7 +253,7 @@ static int gp_decrypt_buffer(krb5_context context, krb5_keyblock *key, - - memset(&enc_handle, '\0', sizeof(krb5_enc_data)); - -- enc_handle.enctype = GP_CREDS_HANDLE_KEY_ENCTYPE; -+ enc_handle.enctype = key->enctype; - enc_handle.ciphertext.data = in->octet_string_val; - enc_handle.ciphertext.length = in->octet_string_len; - diff --git a/Avoid-uninitialized-free-when-allocating-buffers.patch b/Avoid-uninitialized-free-when-allocating-buffers.patch new file mode 100644 index 0000000..5ad2f09 --- /dev/null +++ b/Avoid-uninitialized-free-when-allocating-buffers.patch @@ -0,0 +1,39 @@ +From e19466d172e0fd6d86b98b1423e9d99e0be30313 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Wed, 1 May 2019 11:27:13 -0400 +Subject: [PATCH] Avoid uninitialized free when allocating buffers + +Signed-off-by: Robbie Harwood +Reviewed-by: Simo Sorce +Resolves: #248 +(cherry picked from commit eafa3c9272c95646400123f8e4d6fb50cf36d36c) +--- + src/gp_export.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/gp_export.c b/src/gp_export.c +index dbfddeb..a5681c0 100644 +--- a/src/gp_export.c ++++ b/src/gp_export.c +@@ -300,6 +300,7 @@ static int gp_encrypt_buffer(krb5_context context, krb5_keyblock *key, + &data_in, + &enc_handle); + if (ret) { ++ free(enc_handle.ciphertext.data); + ret = EINVAL; + goto done; + } +@@ -308,12 +309,12 @@ static int gp_encrypt_buffer(krb5_context context, krb5_keyblock *key, + enc_handle.ciphertext.data, + out); + if (ret) { ++ free(enc_handle.ciphertext.data); + goto done; + } + + done: + free(padded); +- free(enc_handle.ciphertext.data); + return ret; + } + diff --git a/Clarify-debug-and-debug_level-in-man-pages.patch b/Clarify-debug-and-debug_level-in-man-pages.patch deleted file mode 100644 index 1a5f224..0000000 --- a/Clarify-debug-and-debug_level-in-man-pages.patch +++ /dev/null @@ -1,74 +0,0 @@ -From d71d354f1020a7deac57f26cc7c2cafb3fa675a3 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Wed, 11 Apr 2018 16:01:21 -0400 -Subject: [PATCH] Clarify debug and debug_level in man pages - -In particular, add debug_level to gssproxy(5) since it was previously -accepted but not documented. - -Signed-off-by: Robbie Harwood -Reviewed-by: Simo Sorce -Merges: #229 -(cherry picked from commit e0e96e46be03102903533a9816b4deefe1adfaf8) ---- - man/gssproxy.8.xml | 24 +++++++++++++++++++++++- - man/gssproxy.conf.5.xml | 5 ++++- - 2 files changed, 27 insertions(+), 2 deletions(-) - -diff --git a/man/gssproxy.8.xml b/man/gssproxy.8.xml -index 1df4b0d..21f7e6a 100644 ---- a/man/gssproxy.8.xml -+++ b/man/gssproxy.8.xml -@@ -118,13 +118,35 @@ - - - -+ - - - , - - - -- Turn on debugging. -+ Turn on debugging. This option is identical to -+ --debug-level=1. -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ Turn on debugging at the specified level. 0 -+ corresponds to no logging, while 1 turns on basic -+ debug logging. Level 2 increases verbosity, including -+ more detailed credential verification. -+ -+ -+ At level 3 and above, KRB5_TRACE output is logged. If -+ KRB5_TRACE was already set in the execution -+ environment, trace output is sent to its value -+ instead. - - - -diff --git a/man/gssproxy.conf.5.xml b/man/gssproxy.conf.5.xml -index de846b4..21c9653 100644 ---- a/man/gssproxy.conf.5.xml -+++ b/man/gssproxy.conf.5.xml -@@ -192,7 +192,10 @@ - - debug (boolean) - -- Enable debugging to syslog. -+ -+ Enable debugging to syslog. Setting to true is -+ identical to setting debug_level to 1. -+ - Default: debug = false - - diff --git a/Close-epoll-fd-within-the-lock.patch b/Close-epoll-fd-within-the-lock.patch deleted file mode 100644 index 156c13e..0000000 --- a/Close-epoll-fd-within-the-lock.patch +++ /dev/null @@ -1,174 +0,0 @@ -From 9c0c6b8202ecd20dc25ea37bab7b7297cfca077f Mon Sep 17 00:00:00 2001 -From: Simo Sorce -Date: Wed, 6 Mar 2019 10:31:13 -0500 -Subject: [PATCH] Close epoll fd within the lock - -A race condition may happen where we close the epoll socket, after -another thread grabbed the lock and is using epoll itself. -On some kernels this may cause epoll to not fire any event leaving the -thread stuck forever. - -Signed-off-by: Simo Sorce -[rharwood@redhat.com: cleanup commit message, adjusted function ordering] -Reviewed-by: Robbie Harwood -Merges: #241 -(cherry picked from commit 0ccfd32f8ef16caf65698c5319dfa251d43433af) ---- - src/client/gpm_common.c | 106 +++++++++++++++++++++------------------- - 1 file changed, 56 insertions(+), 50 deletions(-) - -diff --git a/src/client/gpm_common.c b/src/client/gpm_common.c -index c254280..d491200 100644 ---- a/src/client/gpm_common.c -+++ b/src/client/gpm_common.c -@@ -139,41 +139,14 @@ static void gpm_close_socket(struct gpm_ctx *gpmctx) - gpmctx->fd = -1; - } - --static int gpm_grab_sock(struct gpm_ctx *gpmctx) -+static void gpm_epoll_close(struct gpm_ctx *gpmctx) - { -- int ret; -- pid_t p; -- uid_t u; -- gid_t g; -- -- ret = pthread_mutex_lock(&gpmctx->lock); -- if (ret) { -- return ret; -+ if (gpmctx->epollfd < 0) { -+ return; - } - -- /* Detect fork / setresuid and friends */ -- p = getpid(); -- u = geteuid(); -- g = getegid(); -- -- if (gpmctx->fd != -1 && -- (p != gpmctx->pid || u != gpmctx->uid || g != gpmctx->gid)) { -- gpm_close_socket(gpmctx); -- } -- -- if (gpmctx->fd == -1) { -- ret = gpm_open_socket(gpmctx); -- } -- -- if (ret) { -- pthread_mutex_unlock(&gpmctx->lock); -- } -- return ret; --} -- --static int gpm_release_sock(struct gpm_ctx *gpmctx) --{ -- return pthread_mutex_unlock(&gpmctx->lock); -+ close(gpmctx->epollfd); -+ gpmctx->epollfd = -1; - } - - static void gpm_timer_close(struct gpm_ctx *gpmctx) -@@ -186,6 +159,13 @@ static void gpm_timer_close(struct gpm_ctx *gpmctx) - gpmctx->timerfd = -1; - } - -+static int gpm_release_sock(struct gpm_ctx *gpmctx) -+{ -+ gpm_epoll_close(gpmctx); -+ gpm_timer_close(gpmctx); -+ return pthread_mutex_unlock(&gpmctx->lock); -+} -+ - static int gpm_timer_setup(struct gpm_ctx *gpmctx, int timeout_seconds) - { - int ret; -@@ -216,16 +196,6 @@ static int gpm_timer_setup(struct gpm_ctx *gpmctx, int timeout_seconds) - return 0; - } - --static void gpm_epoll_close(struct gpm_ctx *gpmctx) --{ -- if (gpmctx->epollfd < 0) { -- return; -- } -- -- close(gpmctx->epollfd); -- gpmctx->epollfd = -1; --} -- - static int gpm_epoll_setup(struct gpm_ctx *gpmctx) - { - struct epoll_event ev; -@@ -253,6 +223,50 @@ static int gpm_epoll_setup(struct gpm_ctx *gpmctx) - return ret; - } - -+static int gpm_grab_sock(struct gpm_ctx *gpmctx) -+{ -+ int ret; -+ pid_t p; -+ uid_t u; -+ gid_t g; -+ -+ ret = pthread_mutex_lock(&gpmctx->lock); -+ if (ret) { -+ return ret; -+ } -+ -+ /* Detect fork / setresuid and friends */ -+ p = getpid(); -+ u = geteuid(); -+ g = getegid(); -+ -+ if (gpmctx->fd != -1 && -+ (p != gpmctx->pid || u != gpmctx->uid || g != gpmctx->gid)) { -+ gpm_close_socket(gpmctx); -+ } -+ -+ if (gpmctx->fd == -1) { -+ ret = gpm_open_socket(gpmctx); -+ if (ret) { -+ goto done; -+ } -+ } -+ -+ /* setup timer */ -+ ret = gpm_timer_setup(gpmctx, RESPONSE_TIMEOUT); -+ if (ret) { -+ goto done; -+ } -+ /* create epoll fd as well */ -+ ret = gpm_epoll_setup(gpmctx); -+ -+done: -+ if (ret) { -+ gpm_release_sock(gpmctx); -+ } -+ return ret; -+} -+ - static int gpm_epoll_wait(struct gpm_ctx *gpmctx, uint32_t event_flags) - { - int ret; -@@ -530,11 +544,6 @@ static int gpm_send_recv_loop(struct gpm_ctx *gpmctx, char *send_buffer, - int ret; - int retry_count; - -- /* setup timer */ -- ret = gpm_timer_setup(gpmctx, RESPONSE_TIMEOUT); -- if (ret) -- return ret; -- - for (retry_count = 0; retry_count < MAX_TIMEOUT_RETRY; retry_count++) { - /* send to proxy */ - ret = gpm_send_buffer(gpmctx, send_buffer, send_length); -@@ -761,9 +770,6 @@ int gpm_make_call(int proc, union gp_rpc_arg *arg, union gp_rpc_res *res) - } - - done: -- gpm_timer_close(gpmctx); -- gpm_epoll_close(gpmctx); -- - if (sockgrab) { - gpm_release_sock(gpmctx); - } diff --git a/Don-t-leak-sock_ctx-if-verto_add_io-fails.patch b/Don-t-leak-sock_ctx-if-verto_add_io-fails.patch deleted file mode 100644 index aaa17b8..0000000 --- a/Don-t-leak-sock_ctx-if-verto_add_io-fails.patch +++ /dev/null @@ -1,23 +0,0 @@ -From 322a7e578cc1f3b54bfb317dd57442231a8f7cf7 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Thu, 2 Aug 2018 16:02:50 -0400 -Subject: [PATCH] Don't leak sock_ctx if verto_add_io() fails - -Signed-off-by: Robbie Harwood -(cherry picked from commit 459152be1e701af6aafdecffc1af21156b43bf78) ---- - src/gssproxy.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/gssproxy.c b/src/gssproxy.c -index db6e89b..93c1c1e 100644 ---- a/src/gssproxy.c -+++ b/src/gssproxy.c -@@ -46,6 +46,7 @@ static verto_ev *setup_socket(char *sock_name, verto_ctx *vctx) - - ev = verto_add_io(vctx, vflags, accept_sock_conn, sock_ctx->fd); - if (!ev) { -+ free(sock_ctx); - return NULL; - } - diff --git a/Reorder-functions.patch b/Reorder-functions.patch deleted file mode 100644 index 88027d9..0000000 --- a/Reorder-functions.patch +++ /dev/null @@ -1,81 +0,0 @@ -From 6803191543fe0cea1f39c75e9f81bbe90ab8b053 Mon Sep 17 00:00:00 2001 -From: Simo Sorce -Date: Wed, 6 Mar 2019 15:06:14 -0500 -Subject: [PATCH] Reorder functions - -Keep related functions closer together like before - -Signed-off-by: Simo Sorce -Reviewed-by: Robbie Harwood -Resolves: #242 -(cherry picked from commit 6accc0afead574e11447447c949f2abcb1a34826) ---- - src/client/gpm_common.c | 34 +++++++++++++++++----------------- - 1 file changed, 17 insertions(+), 17 deletions(-) - -diff --git a/src/client/gpm_common.c b/src/client/gpm_common.c -index 95a39ab..808f350 100644 ---- a/src/client/gpm_common.c -+++ b/src/client/gpm_common.c -@@ -140,16 +140,6 @@ static void gpm_close_socket(struct gpm_ctx *gpmctx) - gpmctx->fd = -1; - } - --static void gpm_epoll_close(struct gpm_ctx *gpmctx) --{ -- if (gpmctx->epollfd < 0) { -- return; -- } -- -- close(gpmctx->epollfd); -- gpmctx->epollfd = -1; --} -- - static void gpm_timer_close(struct gpm_ctx *gpmctx) - { - if (gpmctx->timerfd < 0) { -@@ -160,13 +150,6 @@ static void gpm_timer_close(struct gpm_ctx *gpmctx) - gpmctx->timerfd = -1; - } - --static int gpm_release_sock(struct gpm_ctx *gpmctx) --{ -- gpm_epoll_close(gpmctx); -- gpm_timer_close(gpmctx); -- return pthread_mutex_unlock(&gpmctx->lock); --} -- - static int gpm_timer_setup(struct gpm_ctx *gpmctx, int timeout_seconds) - { - int ret; -@@ -197,6 +180,16 @@ static int gpm_timer_setup(struct gpm_ctx *gpmctx, int timeout_seconds) - return 0; - } - -+static void gpm_epoll_close(struct gpm_ctx *gpmctx) -+{ -+ if (gpmctx->epollfd < 0) { -+ return; -+ } -+ -+ close(gpmctx->epollfd); -+ gpmctx->epollfd = -1; -+} -+ - static int gpm_epoll_setup(struct gpm_ctx *gpmctx) - { - struct epoll_event ev; -@@ -224,6 +217,13 @@ static int gpm_epoll_setup(struct gpm_ctx *gpmctx) - return ret; - } - -+static int gpm_release_sock(struct gpm_ctx *gpmctx) -+{ -+ gpm_epoll_close(gpmctx); -+ gpm_timer_close(gpmctx); -+ return pthread_mutex_unlock(&gpmctx->lock); -+} -+ - static int gpm_grab_sock(struct gpm_ctx *gpmctx) - { - int ret; diff --git a/Update-docs-to-reflect-actual-behavior-of-krb5_princ.patch b/Update-docs-to-reflect-actual-behavior-of-krb5_princ.patch deleted file mode 100644 index caf9665..0000000 --- a/Update-docs-to-reflect-actual-behavior-of-krb5_princ.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 9b2bf07af65f38f204eabb4d7622a4c86ce06789 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Tue, 2 Oct 2018 14:52:18 -0400 -Subject: [PATCH] Update docs to reflect actual behavior of krb5_principal - -Signed-off-by: Robbie Harwood -Reviewed-by: Simo Sorce -Merges: #235 -(cherry picked from commit ffb05b5eeb9aa818690e5eece5ab6d84cf8fc24b) ---- - man/gssproxy.conf.5.xml | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/man/gssproxy.conf.5.xml b/man/gssproxy.conf.5.xml -index 21c9653..a6a620b 100644 ---- a/man/gssproxy.conf.5.xml -+++ b/man/gssproxy.conf.5.xml -@@ -308,7 +308,12 @@ - - krb5_principal (string) - -- The krb5 principal to be used by this service. -+ -+ The krb5 principal to be used preferred for this -+ service, if one isn't requested by the -+ application. Note that this does not enforce use -+ of this specific name; it only sets a default. -+ - Default: krb5_principal = - - diff --git a/Use-pthread-keys-for-thread-local-storage.patch b/Use-pthread-keys-for-thread-local-storage.patch deleted file mode 100644 index d80db05..0000000 --- a/Use-pthread-keys-for-thread-local-storage.patch +++ /dev/null @@ -1,149 +0,0 @@ -From 89dc0ee157caa4617d32fd72287849296d7fe26d Mon Sep 17 00:00:00 2001 -From: Simo Sorce -Date: Thu, 20 Sep 2018 17:37:53 -0400 -Subject: [PATCH] Use pthread keys for thread local storage - -This interface is slower but also more portable, and more importantly -it provides a way to specify destructor that is called when a thread -is canceled so we stop leaking memory. - -Signed-off-by: Simo Sorce -Reviewed-by: Robbie Harwood -Merges: #233 -(cherry picked from commit 0faccc1441bc7a6b3e8bd806f22c8a961e5f586e) ---- - src/client/gpm_common.c | 2 ++ - src/client/gpm_display_status.c | 57 ++++++++++++++++++++++----------- - src/client/gssapi_gpm.h | 1 + - 3 files changed, 42 insertions(+), 18 deletions(-) - -diff --git a/src/client/gpm_common.c b/src/client/gpm_common.c -index dd29519..c254280 100644 ---- a/src/client/gpm_common.c -+++ b/src/client/gpm_common.c -@@ -55,6 +55,8 @@ static void gpm_init_once(void) - gpm_global_ctx.next_xid = rand_r(&seedp); - - pthread_mutexattr_destroy(&attr); -+ -+ gpm_display_status_init_once(); - } - - static int get_pipe_name(char *name) -diff --git a/src/client/gpm_display_status.c b/src/client/gpm_display_status.c -index bbb546f..e3aa4ea 100644 ---- a/src/client/gpm_display_status.c -+++ b/src/client/gpm_display_status.c -@@ -1,27 +1,47 @@ - /* Copyright (C) 2011 the GSS-PROXY contributors, see COPYING for license */ - - #include "gssapi_gpm.h" -+#include - --__thread gssx_status *tls_last_status = NULL; -+static pthread_key_t gpm_last_status; - --/* Thread local storage for return status. -- * FIXME: it's not the most portable construct, so may need fixing in future */ -+static void gpm_destroy_last_status(void *arg) -+{ -+ gssx_status *status = (gssx_status *)arg; -+ xdr_free((xdrproc_t)xdr_gssx_status, (char *)status); -+ free(status); -+} -+ -+void gpm_display_status_init_once(void) -+{ -+ (void)pthread_key_create(&gpm_last_status, gpm_destroy_last_status); -+} -+ -+/* Portable thread local storage for return status. */ - void gpm_save_status(gssx_status *status) - { -+ gssx_status *last_status; - int ret; - -- if (tls_last_status) { -- xdr_free((xdrproc_t)xdr_gssx_status, (char *)tls_last_status); -- free(tls_last_status); -+ last_status = (gssx_status *)pthread_getspecific(gpm_last_status); -+ if (last_status != NULL) { -+ /* store NULL first so we do not risk a double free if we are -+ * racing on a pthread_cancel */ -+ pthread_setspecific(gpm_last_status, NULL); -+ gpm_destroy_last_status(last_status); - } - -- ret = gp_copy_gssx_status_alloc(status, &tls_last_status); -- if (ret) { -- /* make sure tls_last_status is zeored on error */ -- tls_last_status = NULL; -+ ret = gp_copy_gssx_status_alloc(status, &last_status); -+ if (ret == 0) { -+ pthread_setspecific(gpm_last_status, last_status); - } - } - -+gssx_status *gpm_get_saved_status(void) -+{ -+ return (gssx_status *)pthread_getspecific(gpm_last_status); -+} -+ - /* This funciton is used to record internal mech errors that are - * generated by the proxy client code */ - void gpm_save_internal_status(uint32_t err, char *err_str) -@@ -47,15 +67,16 @@ OM_uint32 gpm_display_status(OM_uint32 *minor_status, - OM_uint32 *message_context, - gss_buffer_t status_string) - { -+ gssx_status *last_status = gpm_get_saved_status(); - utf8string tmp; - int ret; - - switch(status_type) { - case GSS_C_GSS_CODE: -- if (tls_last_status && -- tls_last_status->major_status == status_value && -- tls_last_status->major_status_string.utf8string_len) { -- ret = gp_copy_utf8string(&tls_last_status->major_status_string, -+ if (last_status && -+ last_status->major_status == status_value && -+ last_status->major_status_string.utf8string_len) { -+ ret = gp_copy_utf8string(&last_status->major_status_string, - &tmp); - if (ret) { - *minor_status = ret; -@@ -70,9 +91,9 @@ OM_uint32 gpm_display_status(OM_uint32 *minor_status, - return GSS_S_UNAVAILABLE; - } - case GSS_C_MECH_CODE: -- if (tls_last_status && -- tls_last_status->minor_status == status_value && -- tls_last_status->minor_status_string.utf8string_len) { -+ if (last_status && -+ last_status->minor_status == status_value && -+ last_status->minor_status_string.utf8string_len) { - - if (*message_context) { - /* we do not support multiple messages for now */ -@@ -80,7 +101,7 @@ OM_uint32 gpm_display_status(OM_uint32 *minor_status, - return GSS_S_FAILURE; - } - -- ret = gp_copy_utf8string(&tls_last_status->minor_status_string, -+ ret = gp_copy_utf8string(&last_status->minor_status_string, - &tmp); - if (ret) { - *minor_status = ret; -diff --git a/src/client/gssapi_gpm.h b/src/client/gssapi_gpm.h -index 22beecf..61124e0 100644 ---- a/src/client/gssapi_gpm.h -+++ b/src/client/gssapi_gpm.h -@@ -23,6 +23,7 @@ OM_uint32 gpm_release_name(OM_uint32 *minor_status, - OM_uint32 gpm_release_buffer(OM_uint32 *minor_status, - gss_buffer_t buffer); - -+void gpm_display_status_init_once(void); - void gpm_save_status(gssx_status *status); - void gpm_save_internal_status(uint32_t err, char *err_str); - diff --git a/gssproxy.spec b/gssproxy.spec index 6f0f0c1..29688c8 100644 --- a/gssproxy.spec +++ b/gssproxy.spec @@ -1,7 +1,7 @@ Name: gssproxy Version: 0.8.2 -Release: 1%{?dist} +Release: 2%{?dist} Summary: GSSAPI Proxy License: MIT @@ -14,7 +14,7 @@ Source1: rwtab %global gpstatedir %{_localstatedir}/lib/gssproxy ### Patches ### - +Patch0: Avoid-uninitialized-free-when-allocating-buffers.patch ### Dependencies ### Requires: krb5-libs >= 1.12.0 @@ -110,6 +110,9 @@ install -m644 %{SOURCE1} $RPM_BUILD_ROOT/%{_sysconfdir}/rwtab.d/gssproxy %systemd_postun_with_restart gssproxy.service %changelog +* Wed May 01 2019 Robbie Harwood - 0.8.2-2 +- Avoid uninitialized free when allocating buffers + * Thu Apr 18 2019 Robbie Harwood - 0.8.2-1 - New usptream version (0.8.2)