diff --git a/Tolerate-NULL-pointers-in-gp_same.patch b/Tolerate-NULL-pointers-in-gp_same.patch new file mode 100644 index 0000000..62e3b28 --- /dev/null +++ b/Tolerate-NULL-pointers-in-gp_same.patch @@ -0,0 +1,31 @@ +From 2f206673bed2acea306a1313b8158e126bbfecee Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Tue, 13 Jun 2017 14:22:44 -0400 +Subject: [PATCH] Tolerate NULL pointers in gp_same + +Fixes potential NULL derefs of program names + +Signed-off-by: Robbie Harwood +Reviewed-by: Simo Sorce +Merges: #195 +(cherry picked from commit afe4c2fe6f7f939df914959dda11131bd80ccec6) +--- + proxy/src/gp_util.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/proxy/src/gp_util.c b/proxy/src/gp_util.c +index ca83eb3..aab56ba 100644 +--- a/proxy/src/gp_util.c ++++ b/proxy/src/gp_util.c +@@ -12,10 +12,9 @@ + + bool gp_same(const char *a, const char *b) + { +- if ((a == b) || strcmp(a, b) == 0) { ++ if (a == b || (a && b && strcmp(a, b) == 0)) { + return true; + } +- + return false; + } + diff --git a/gssproxy.spec b/gssproxy.spec index 40e3918..571c01b 100644 --- a/gssproxy.spec +++ b/gssproxy.spec @@ -1,6 +1,6 @@ Name: gssproxy Version: 0.7.0 -Release: 9%{?dist} +Release: 10%{?dist} Summary: GSSAPI Proxy Group: System Environment/Libraries @@ -23,6 +23,7 @@ Patch5: Fix-unused-variables.patch Patch6: Fix-segfault-when-no-config-files-are-present.patch Patch7: Include-header-for-writev.patch Patch8: Make-proc-file-failure-loud-but-nonfatal.patch +Patch9: Tolerate-NULL-pointers-in-gp_same.patch ### Dependencies ### Requires: krb5-libs >= 1.12.0 @@ -67,6 +68,7 @@ A proxy for GSSAPI credential handling %patch6 -p2 -b .Fix-segfault-when-no-config-files-are-present %patch7 -p2 -b .Include-header-for-writev %patch8 -p2 -b .Make-proc-file-failure-loud-but-nonfatal +%patch9 -p2 -b .Tolerate-NULL-pointers-in-gp_same %build autoreconf -f -i @@ -122,6 +124,9 @@ rm -rf %{buildroot} %systemd_postun_with_restart gssproxy.service %changelog +* Mon Jun 19 2017 Robbie Harwood - 0.7.0-10 + - Fix potential explicit NULL deref of program name + * Thu May 25 2017 Robbie Harwood - 0.7.0-9 - Make proc failure loud but nonfatal