import gssproxy-0.8.0-18.el8

This commit is contained in:
CentOS Sources 2020-10-15 06:14:20 +00:00 committed by Andrew Lukoshko
parent ec89c5503a
commit 9af7bfa3a2
4 changed files with 107 additions and 1 deletions

View File

@ -0,0 +1,34 @@
From 87a1335a9618788f5d82de08ed0587feebe92c74 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Fri, 31 Jul 2020 13:23:30 -0400
Subject: [PATCH] Avoid leak of special mechs in gss_mech_interposer()
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
(cherry picked from commit dc405df92173cceac2cafc09a70b1724bb2b97c8)
(cherry picked from commit 4b9e5f00d36d9b5c1f80835a989fa8865c045ff3)
---
src/mechglue/gss_plugin.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/mechglue/gss_plugin.c b/src/mechglue/gss_plugin.c
index d735537..8b799cf 100644
--- a/src/mechglue/gss_plugin.c
+++ b/src/mechglue/gss_plugin.c
@@ -76,6 +76,7 @@ gss_OID_set gss_mech_interposer(gss_OID mech_type)
gss_OID_set interposed_mechs;
OM_uint32 maj, min;
char *envval;
+ gss_OID_set special_mechs;
/* avoid looping in the gssproxy daemon by avoiding to interpose
* any mechanism */
@@ -118,7 +119,8 @@ gss_OID_set gss_mech_interposer(gss_OID mech_type)
}
/* while there also initiaize special_mechs */
- (void)gpp_special_available_mechs(interposed_mechs);
+ special_mechs = gpp_special_available_mechs(interposed_mechs);
+ (void)gss_release_oid_set(&min, &special_mechs);
done:
if (maj != 0) {

View File

@ -0,0 +1,27 @@
From 7777d261923e0f0c3bd9cb2b7f0c2ac81b83f2c3 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Wed, 26 Aug 2020 13:36:50 -0400
Subject: [PATCH] Fix leak of mech OID in gssi_inquire_context()
The name it creates holds a copy of the OID, which we need to release.
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
(cherry picked from commit 482349fa6bd536471216a898713c83260c78c08d)
(cherry picked from commit ce271e38be223a9442efd406c9a8fa961930e35b)
---
src/mechglue/gpp_import_and_canon_name.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/mechglue/gpp_import_and_canon_name.c b/src/mechglue/gpp_import_and_canon_name.c
index 745be20..7d6829f 100644
--- a/src/mechglue/gpp_import_and_canon_name.c
+++ b/src/mechglue/gpp_import_and_canon_name.c
@@ -257,6 +257,8 @@ OM_uint32 gssi_release_name(OM_uint32 *minor_status,
return GSS_S_BAD_NAME;
}
+ (void)gss_release_oid(&rmin, &name->mech_type);
+
rmaj = gpm_release_name(&rmin, &name->remote);
if (name->local) {

View File

@ -0,0 +1,38 @@
From c824b8ef3b5ec630edb0f8be78b64b2431c4482f Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Thu, 30 Jul 2020 16:43:30 -0400
Subject: [PATCH] Initialize our epoll_event structures
Fixes a valgrind error for the other fields of epoll_event.
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
(cherry picked from commit 48bfadc538bca3b9ca478c711af75245163d0b67)
(cherry picked from commit 35579d9de1d3f295fb4548c73fc6a729d04128c6)
---
src/client/gpm_common.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/client/gpm_common.c b/src/client/gpm_common.c
index 808f350..d932ba2 100644
--- a/src/client/gpm_common.c
+++ b/src/client/gpm_common.c
@@ -195,6 +195,8 @@ static int gpm_epoll_setup(struct gpm_ctx *gpmctx)
struct epoll_event ev;
int ret;
+ memset(&ev, 0, sizeof(ev));
+
if (gpmctx->epollfd >= 0) {
gpm_epoll_close(gpmctx);
}
@@ -276,6 +278,10 @@ static int gpm_epoll_wait(struct gpm_ctx *gpmctx, uint32_t event_flags)
struct epoll_event events[2];
uint64_t timer_read;
+ memset(&ev, 0, sizeof(ev));
+ memset(&events[0], 0, sizeof(events[0]));
+ memset(&events[1], 0, sizeof(events[1]));
+
if (gpmctx->epollfd < 0) {
ret = gpm_epoll_setup(gpmctx);
if (ret)

View File

@ -1,7 +1,7 @@
Name: gssproxy Name: gssproxy
Version: 0.8.0 Version: 0.8.0
Release: 17%{?dist} Release: 18%{?dist}
Summary: GSSAPI Proxy Summary: GSSAPI Proxy
Group: System Environment/Libraries Group: System Environment/Libraries
@ -29,6 +29,9 @@ Patch12: Avoid-uninitialized-free-when-allocating-buffers.patch
Patch13: Make-syslog-of-call-status-configurable.patch Patch13: Make-syslog-of-call-status-configurable.patch
Patch14: Delay-gssproxy-start-until-after-network.target.patch Patch14: Delay-gssproxy-start-until-after-network.target.patch
Patch15: Document-config-file-non-merging.patch Patch15: Document-config-file-non-merging.patch
Patch16: Initialize-our-epoll_event-structures.patch
Patch17: Avoid-leak-of-special-mechs-in-gss_mech_interposer.patch
Patch18: Fix-leak-of-mech-OID-in-gssi_inquire_context.patch
### Dependencies ### ### Dependencies ###
Requires: krb5-libs >= 1.12.0 Requires: krb5-libs >= 1.12.0
@ -123,6 +126,10 @@ mkdir -p %{buildroot}%{gpstatedir}/rcache
%systemd_postun_with_restart gssproxy.service %systemd_postun_with_restart gssproxy.service
%changelog %changelog
* Wed Oct 14 2020 Robbie Harwood <rharwood@redhat.com> - 0.8.0-18
- Fix leak of mech OID in gssi_inquire_context()
- Resolves: #1813200
* Tue Oct 13 2020 Robbie Harwood <rharwood@redhat.com> - 0.8.0-17 * Tue Oct 13 2020 Robbie Harwood <rharwood@redhat.com> - 0.8.0-17
- Document config file non-merging - Document config file non-merging
- Resolves: #1838222 - Resolves: #1838222