diff --git a/Fix-leak-of-mech-OID-in-gssi_inquire_context.patch b/Fix-leak-of-mech-OID-in-gssi_inquire_context.patch new file mode 100644 index 0000000..2ea0938 --- /dev/null +++ b/Fix-leak-of-mech-OID-in-gssi_inquire_context.patch @@ -0,0 +1,26 @@ +From ce271e38be223a9442efd406c9a8fa961930e35b Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Wed, 26 Aug 2020 13:36:50 -0400 +Subject: [PATCH] Fix leak of mech OID in gssi_inquire_context() + +The name it creates holds a copy of the OID, which we need to release. + +Signed-off-by: Robbie Harwood +(cherry picked from commit 482349fa6bd536471216a898713c83260c78c08d) +--- + src/mechglue/gpp_import_and_canon_name.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/mechglue/gpp_import_and_canon_name.c b/src/mechglue/gpp_import_and_canon_name.c +index 745be20..7d6829f 100644 +--- a/src/mechglue/gpp_import_and_canon_name.c ++++ b/src/mechglue/gpp_import_and_canon_name.c +@@ -257,6 +257,8 @@ OM_uint32 gssi_release_name(OM_uint32 *minor_status, + return GSS_S_BAD_NAME; + } + ++ (void)gss_release_oid(&rmin, &name->mech_type); ++ + rmaj = gpm_release_name(&rmin, &name->remote); + + if (name->local) { diff --git a/gssproxy.spec b/gssproxy.spec index 13a4fd1..80a51fa 100644 --- a/gssproxy.spec +++ b/gssproxy.spec @@ -1,7 +1,7 @@ Name: gssproxy Version: 0.8.3 -Release: 3%{?dist} +Release: 4%{?dist} Summary: GSSAPI Proxy License: MIT @@ -11,6 +11,7 @@ Source1: rwtab Patch0: Initialize-our-epoll_event-structures.patch Patch1: Avoid-leak-of-special-mechs-in-gss_mech_interposer.patch +Patch2: Fix-leak-of-mech-OID-in-gssi_inquire_context.patch %global servicename gssproxy %global pubconfpath %{_sysconfdir}/gssproxy @@ -112,6 +113,9 @@ install -m644 %{SOURCE1} $RPM_BUILD_ROOT/%{_sysconfdir}/rwtab.d/gssproxy %systemd_postun_with_restart gssproxy.service %changelog +* Wed Aug 26 2020 Robbie Harwood - 0.8.3-4 +- Fix leak of mech OID in gssi_inquire_context() + * Fri Jul 31 2020 Robbie Harwood - 0.8.3-3 - Avoid leak of special mechs in gss_mech_interposer()