From 6bb77a0027170e74af9bc18f2d0e61b4d497747e Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Fri, 31 Jul 2020 20:18:03 +0000
Subject: [PATCH] Avoid leak of special mechs in gss_mech_interposer()

---
 ...special-mechs-in-gss_mech_interposer.patch | 33 +++++++++++++++++
 Initialize-our-epoll_event-structures.patch   | 37 +++++++++++++++++++
 gssproxy.spec                                 |  8 +++-
 3 files changed, 77 insertions(+), 1 deletion(-)
 create mode 100644 Avoid-leak-of-special-mechs-in-gss_mech_interposer.patch
 create mode 100644 Initialize-our-epoll_event-structures.patch

diff --git a/Avoid-leak-of-special-mechs-in-gss_mech_interposer.patch b/Avoid-leak-of-special-mechs-in-gss_mech_interposer.patch
new file mode 100644
index 0000000..b29e948
--- /dev/null
+++ b/Avoid-leak-of-special-mechs-in-gss_mech_interposer.patch
@@ -0,0 +1,33 @@
+From 4b9e5f00d36d9b5c1f80835a989fa8865c045ff3 Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Fri, 31 Jul 2020 13:23:30 -0400
+Subject: [PATCH] Avoid leak of special mechs in gss_mech_interposer()
+
+Signed-off-by: Robbie Harwood <rharwood@redhat.com>
+(cherry picked from commit dc405df92173cceac2cafc09a70b1724bb2b97c8)
+---
+ src/mechglue/gss_plugin.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/mechglue/gss_plugin.c b/src/mechglue/gss_plugin.c
+index 69a9644..9ce3e15 100644
+--- a/src/mechglue/gss_plugin.c
++++ b/src/mechglue/gss_plugin.c
+@@ -76,6 +76,7 @@ gss_OID_set gss_mech_interposer(gss_OID mech_type)
+     gss_OID_set interposed_mechs;
+     OM_uint32 maj, min;
+     char *envval;
++    gss_OID_set special_mechs;
+ 
+     /* avoid looping in the gssproxy daemon by avoiding to interpose
+      * any mechanism */
+@@ -118,7 +119,8 @@ gss_OID_set gss_mech_interposer(gss_OID mech_type)
+     }
+ 
+     /* while there also initiaize special_mechs */
+-    (void)gpp_special_available_mechs(interposed_mechs);
++    special_mechs = gpp_special_available_mechs(interposed_mechs);
++    (void)gss_release_oid_set(&min, &special_mechs);
+ 
+ done:
+     if (maj != 0) {
diff --git a/Initialize-our-epoll_event-structures.patch b/Initialize-our-epoll_event-structures.patch
new file mode 100644
index 0000000..459b9f7
--- /dev/null
+++ b/Initialize-our-epoll_event-structures.patch
@@ -0,0 +1,37 @@
+From 35579d9de1d3f295fb4548c73fc6a729d04128c6 Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Thu, 30 Jul 2020 16:43:30 -0400
+Subject: [PATCH] Initialize our epoll_event structures
+
+Fixes a valgrind error for the other fields of epoll_event.
+
+Signed-off-by: Robbie Harwood <rharwood@redhat.com>
+(cherry picked from commit 48bfadc538bca3b9ca478c711af75245163d0b67)
+---
+ src/client/gpm_common.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/client/gpm_common.c b/src/client/gpm_common.c
+index 60b1fdc..786a77b 100644
+--- a/src/client/gpm_common.c
++++ b/src/client/gpm_common.c
+@@ -199,6 +199,8 @@ static int gpm_epoll_setup(struct gpm_ctx *gpmctx)
+     struct epoll_event ev;
+     int ret;
+ 
++    memset(&ev, 0, sizeof(ev));
++
+     if (gpmctx->epollfd >= 0) {
+         gpm_epoll_close(gpmctx);
+     }
+@@ -280,6 +282,10 @@ static int gpm_epoll_wait(struct gpm_ctx *gpmctx, uint32_t event_flags)
+     struct epoll_event events[2];
+     uint64_t timer_read;
+ 
++    memset(&ev, 0, sizeof(ev));
++    memset(&events[0], 0, sizeof(events[0]));
++    memset(&events[1], 0, sizeof(events[1]));
++
+     if (gpmctx->epollfd < 0) {
+         ret = gpm_epoll_setup(gpmctx);
+         if (ret)
diff --git a/gssproxy.spec b/gssproxy.spec
index 42a9e38..13a4fd1 100644
--- a/gssproxy.spec
+++ b/gssproxy.spec
@@ -1,7 +1,7 @@
 Name:		gssproxy
 
 Version:	0.8.3
-Release:	2%{?dist}
+Release:	3%{?dist}
 Summary:	GSSAPI Proxy
 
 License:	MIT
@@ -9,6 +9,9 @@ URL:		https://github.com/gssapi/gssproxy
 Source0:	https://github.com/gssapi/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.gz
 Source1:	rwtab
 
+Patch0: Initialize-our-epoll_event-structures.patch
+Patch1: Avoid-leak-of-special-mechs-in-gss_mech_interposer.patch
+
 %global servicename gssproxy
 %global pubconfpath %{_sysconfdir}/gssproxy
 %global gpstatedir %{_localstatedir}/lib/gssproxy
@@ -109,6 +112,9 @@ install -m644 %{SOURCE1} $RPM_BUILD_ROOT/%{_sysconfdir}/rwtab.d/gssproxy
 %systemd_postun_with_restart gssproxy.service
 
 %changelog
+* Fri Jul 31 2020 Robbie Harwood <rharwood@redhat.com> - 0.8.3-3
+- Avoid leak of special mechs in gss_mech_interposer()
+
 * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.3-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild