From 9af7bfa3a22c72b88512cec713da37f14a2d5629 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Thu, 15 Oct 2020 06:14:20 +0000 Subject: [PATCH] import gssproxy-0.8.0-18.el8 --- ...special-mechs-in-gss_mech_interposer.patch | 34 +++++++++++++++++ ...-of-mech-OID-in-gssi_inquire_context.patch | 27 +++++++++++++ ...nitialize-our-epoll_event-structures.patch | 38 +++++++++++++++++++ SPECS/gssproxy.spec | 9 ++++- 4 files changed, 107 insertions(+), 1 deletion(-) create mode 100644 SOURCES/Avoid-leak-of-special-mechs-in-gss_mech_interposer.patch create mode 100644 SOURCES/Fix-leak-of-mech-OID-in-gssi_inquire_context.patch create mode 100644 SOURCES/Initialize-our-epoll_event-structures.patch diff --git a/SOURCES/Avoid-leak-of-special-mechs-in-gss_mech_interposer.patch b/SOURCES/Avoid-leak-of-special-mechs-in-gss_mech_interposer.patch new file mode 100644 index 0000000..5baa122 --- /dev/null +++ b/SOURCES/Avoid-leak-of-special-mechs-in-gss_mech_interposer.patch @@ -0,0 +1,34 @@ +From 87a1335a9618788f5d82de08ed0587feebe92c74 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Fri, 31 Jul 2020 13:23:30 -0400 +Subject: [PATCH] Avoid leak of special mechs in gss_mech_interposer() + +Signed-off-by: Robbie Harwood +(cherry picked from commit dc405df92173cceac2cafc09a70b1724bb2b97c8) +(cherry picked from commit 4b9e5f00d36d9b5c1f80835a989fa8865c045ff3) +--- + src/mechglue/gss_plugin.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/mechglue/gss_plugin.c b/src/mechglue/gss_plugin.c +index d735537..8b799cf 100644 +--- a/src/mechglue/gss_plugin.c ++++ b/src/mechglue/gss_plugin.c +@@ -76,6 +76,7 @@ gss_OID_set gss_mech_interposer(gss_OID mech_type) + gss_OID_set interposed_mechs; + OM_uint32 maj, min; + char *envval; ++ gss_OID_set special_mechs; + + /* avoid looping in the gssproxy daemon by avoiding to interpose + * any mechanism */ +@@ -118,7 +119,8 @@ gss_OID_set gss_mech_interposer(gss_OID mech_type) + } + + /* while there also initiaize special_mechs */ +- (void)gpp_special_available_mechs(interposed_mechs); ++ special_mechs = gpp_special_available_mechs(interposed_mechs); ++ (void)gss_release_oid_set(&min, &special_mechs); + + done: + if (maj != 0) { diff --git a/SOURCES/Fix-leak-of-mech-OID-in-gssi_inquire_context.patch b/SOURCES/Fix-leak-of-mech-OID-in-gssi_inquire_context.patch new file mode 100644 index 0000000..dbde259 --- /dev/null +++ b/SOURCES/Fix-leak-of-mech-OID-in-gssi_inquire_context.patch @@ -0,0 +1,27 @@ +From 7777d261923e0f0c3bd9cb2b7f0c2ac81b83f2c3 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Wed, 26 Aug 2020 13:36:50 -0400 +Subject: [PATCH] Fix leak of mech OID in gssi_inquire_context() + +The name it creates holds a copy of the OID, which we need to release. + +Signed-off-by: Robbie Harwood +(cherry picked from commit 482349fa6bd536471216a898713c83260c78c08d) +(cherry picked from commit ce271e38be223a9442efd406c9a8fa961930e35b) +--- + src/mechglue/gpp_import_and_canon_name.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/mechglue/gpp_import_and_canon_name.c b/src/mechglue/gpp_import_and_canon_name.c +index 745be20..7d6829f 100644 +--- a/src/mechglue/gpp_import_and_canon_name.c ++++ b/src/mechglue/gpp_import_and_canon_name.c +@@ -257,6 +257,8 @@ OM_uint32 gssi_release_name(OM_uint32 *minor_status, + return GSS_S_BAD_NAME; + } + ++ (void)gss_release_oid(&rmin, &name->mech_type); ++ + rmaj = gpm_release_name(&rmin, &name->remote); + + if (name->local) { diff --git a/SOURCES/Initialize-our-epoll_event-structures.patch b/SOURCES/Initialize-our-epoll_event-structures.patch new file mode 100644 index 0000000..44751d9 --- /dev/null +++ b/SOURCES/Initialize-our-epoll_event-structures.patch @@ -0,0 +1,38 @@ +From c824b8ef3b5ec630edb0f8be78b64b2431c4482f Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Thu, 30 Jul 2020 16:43:30 -0400 +Subject: [PATCH] Initialize our epoll_event structures + +Fixes a valgrind error for the other fields of epoll_event. + +Signed-off-by: Robbie Harwood +(cherry picked from commit 48bfadc538bca3b9ca478c711af75245163d0b67) +(cherry picked from commit 35579d9de1d3f295fb4548c73fc6a729d04128c6) +--- + src/client/gpm_common.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/client/gpm_common.c b/src/client/gpm_common.c +index 808f350..d932ba2 100644 +--- a/src/client/gpm_common.c ++++ b/src/client/gpm_common.c +@@ -195,6 +195,8 @@ static int gpm_epoll_setup(struct gpm_ctx *gpmctx) + struct epoll_event ev; + int ret; + ++ memset(&ev, 0, sizeof(ev)); ++ + if (gpmctx->epollfd >= 0) { + gpm_epoll_close(gpmctx); + } +@@ -276,6 +278,10 @@ static int gpm_epoll_wait(struct gpm_ctx *gpmctx, uint32_t event_flags) + struct epoll_event events[2]; + uint64_t timer_read; + ++ memset(&ev, 0, sizeof(ev)); ++ memset(&events[0], 0, sizeof(events[0])); ++ memset(&events[1], 0, sizeof(events[1])); ++ + if (gpmctx->epollfd < 0) { + ret = gpm_epoll_setup(gpmctx); + if (ret) diff --git a/SPECS/gssproxy.spec b/SPECS/gssproxy.spec index c8a0dc4..cc1f20a 100644 --- a/SPECS/gssproxy.spec +++ b/SPECS/gssproxy.spec @@ -1,7 +1,7 @@ Name: gssproxy Version: 0.8.0 -Release: 17%{?dist} +Release: 18%{?dist} Summary: GSSAPI Proxy Group: System Environment/Libraries @@ -29,6 +29,9 @@ Patch12: Avoid-uninitialized-free-when-allocating-buffers.patch Patch13: Make-syslog-of-call-status-configurable.patch Patch14: Delay-gssproxy-start-until-after-network.target.patch Patch15: Document-config-file-non-merging.patch +Patch16: Initialize-our-epoll_event-structures.patch +Patch17: Avoid-leak-of-special-mechs-in-gss_mech_interposer.patch +Patch18: Fix-leak-of-mech-OID-in-gssi_inquire_context.patch ### Dependencies ### Requires: krb5-libs >= 1.12.0 @@ -123,6 +126,10 @@ mkdir -p %{buildroot}%{gpstatedir}/rcache %systemd_postun_with_restart gssproxy.service %changelog +* Wed Oct 14 2020 Robbie Harwood - 0.8.0-18 +- Fix leak of mech OID in gssi_inquire_context() +- Resolves: #1813200 + * Tue Oct 13 2020 Robbie Harwood - 0.8.0-17 - Document config file non-merging - Resolves: #1838222