import gssproxy-0.8.0-18.el8

2020-10-15 06:14:20 +00:00 · 2020-10-15 06:14:20 +00:00 · 9af7bfa3a2
commit 9af7bfa3a2
parent ec89c5503a
4 changed files with 107 additions and 1 deletions
--- a/SOURCES/Avoid-leak-of-special-mechs-in-gss_mech_interposer.patch
+++ b/SOURCES/Avoid-leak-of-special-mechs-in-gss_mech_interposer.patch
@ -0,0 +1,34 @@
+From 87a1335a9618788f5d82de08ed0587feebe92c74 Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Fri, 31 Jul 2020 13:23:30 -0400
+Subject: [PATCH] Avoid leak of special mechs in gss_mech_interposer()
+
+Signed-off-by: Robbie Harwood <rharwood@redhat.com>
+(cherry picked from commit dc405df92173cceac2cafc09a70b1724bb2b97c8)
+(cherry picked from commit 4b9e5f00d36d9b5c1f80835a989fa8865c045ff3)
+---
+ src/mechglue/gss_plugin.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/mechglue/gss_plugin.c b/src/mechglue/gss_plugin.c
+index d735537..8b799cf 100644
+--- a/src/mechglue/gss_plugin.c
+++ b/src/mechglue/gss_plugin.c
+@@ -76,6 +76,7 @@ gss_OID_set gss_mech_interposer(gss_OID mech_type)
+     gss_OID_set interposed_mechs;
+     OM_uint32 maj, min;
+     char *envval;
+    gss_OID_set special_mechs;
+ 
+     /* avoid looping in the gssproxy daemon by avoiding to interpose
+      * any mechanism */
+@@ -118,7 +119,8 @@ gss_OID_set gss_mech_interposer(gss_OID mech_type)
+     }
+ 
+     /* while there also initiaize special_mechs */
+-    (void)gpp_special_available_mechs(interposed_mechs);
+    special_mechs = gpp_special_available_mechs(interposed_mechs);
+    (void)gss_release_oid_set(&min, &special_mechs);
+ 
+ done:
+     if (maj != 0) {
--- a/SOURCES/Fix-leak-of-mech-OID-in-gssi_inquire_context.patch
+++ b/SOURCES/Fix-leak-of-mech-OID-in-gssi_inquire_context.patch
@ -0,0 +1,27 @@
+From 7777d261923e0f0c3bd9cb2b7f0c2ac81b83f2c3 Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Wed, 26 Aug 2020 13:36:50 -0400
+Subject: [PATCH] Fix leak of mech OID in gssi_inquire_context()
+
+The name it creates holds a copy of the OID, which we need to release.
+
+Signed-off-by: Robbie Harwood <rharwood@redhat.com>
+(cherry picked from commit 482349fa6bd536471216a898713c83260c78c08d)
+(cherry picked from commit ce271e38be223a9442efd406c9a8fa961930e35b)
+---
+ src/mechglue/gpp_import_and_canon_name.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/mechglue/gpp_import_and_canon_name.c b/src/mechglue/gpp_import_and_canon_name.c
+index 745be20..7d6829f 100644
+--- a/src/mechglue/gpp_import_and_canon_name.c
+++ b/src/mechglue/gpp_import_and_canon_name.c
+@@ -257,6 +257,8 @@ OM_uint32 gssi_release_name(OM_uint32 *minor_status,
+         return GSS_S_BAD_NAME;
+     }
+ 
+    (void)gss_release_oid(&rmin, &name->mech_type);
+
+     rmaj = gpm_release_name(&rmin, &name->remote);
+ 
+     if (name->local) {
--- a/SOURCES/Initialize-our-epoll_event-structures.patch
+++ b/SOURCES/Initialize-our-epoll_event-structures.patch
@ -0,0 +1,38 @@
+From c824b8ef3b5ec630edb0f8be78b64b2431c4482f Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Thu, 30 Jul 2020 16:43:30 -0400
+Subject: [PATCH] Initialize our epoll_event structures
+
+Fixes a valgrind error for the other fields of epoll_event.
+
+Signed-off-by: Robbie Harwood <rharwood@redhat.com>
+(cherry picked from commit 48bfadc538bca3b9ca478c711af75245163d0b67)
+(cherry picked from commit 35579d9de1d3f295fb4548c73fc6a729d04128c6)
+---
+ src/client/gpm_common.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/client/gpm_common.c b/src/client/gpm_common.c
+index 808f350..d932ba2 100644
+--- a/src/client/gpm_common.c
+++ b/src/client/gpm_common.c
+@@ -195,6 +195,8 @@ static int gpm_epoll_setup(struct gpm_ctx *gpmctx)
+     struct epoll_event ev;
+     int ret;
+ 
+    memset(&ev, 0, sizeof(ev));
+
+     if (gpmctx->epollfd >= 0) {
+         gpm_epoll_close(gpmctx);
+     }
+@@ -276,6 +278,10 @@ static int gpm_epoll_wait(struct gpm_ctx *gpmctx, uint32_t event_flags)
+     struct epoll_event events[2];
+     uint64_t timer_read;
+ 
+    memset(&ev, 0, sizeof(ev));
+    memset(&events[0], 0, sizeof(events[0]));
+    memset(&events[1], 0, sizeof(events[1]));
+
+     if (gpmctx->epollfd < 0) {
+         ret = gpm_epoll_setup(gpmctx);
+         if (ret)
--- a/SPECS/gssproxy.spec
+++ b/SPECS/gssproxy.spec
@ -1,7 +1,7 @@
 Name:		gssproxy

 Version:	0.8.0
-Release:	17%{?dist}
+Release:	18%{?dist}
 Summary:	GSSAPI Proxy

 Group:		System Environment/Libraries
@ -29,6 +29,9 @@ Patch12: Avoid-uninitialized-free-when-allocating-buffers.patch
 Patch13: Make-syslog-of-call-status-configurable.patch
 Patch14: Delay-gssproxy-start-until-after-network.target.patch
 Patch15: Document-config-file-non-merging.patch
+Patch16: Initialize-our-epoll_event-structures.patch
+Patch17: Avoid-leak-of-special-mechs-in-gss_mech_interposer.patch
+Patch18: Fix-leak-of-mech-OID-in-gssi_inquire_context.patch

 ### Dependencies ###
 Requires: krb5-libs >= 1.12.0
@ -123,6 +126,10 @@ mkdir -p %{buildroot}%{gpstatedir}/rcache
 %systemd_postun_with_restart gssproxy.service

 %changelog
+* Wed Oct 14 2020 Robbie Harwood <rharwood@redhat.com> - 0.8.0-18
+- Fix leak of mech OID in gssi_inquire_context()
+- Resolves: #1813200
+
 * Tue Oct 13 2020 Robbie Harwood <rharwood@redhat.com> - 0.8.0-17
 - Document config file non-merging
 - Resolves: #1838222