Backport two security fixes
This commit is contained in:
Robbie Harwood
parent
21c2f037de
commit
bb8257ecb7
28
Fix-potential-free-of-non-heap-address.patch
Normal file
28
Fix-potential-free-of-non-heap-address.patch
Normal file
@ -0,0 +1,28 @@
|
||||
From d5e838b8b752ea8039fe174c8944a41aed7034a2 Mon Sep 17 00:00:00 2001
|
||||
From: Robbie Harwood <rharwood@redhat.com>
|
||||
Date: Mon, 11 Sep 2017 10:52:03 -0400
|
||||
Subject: [PATCH] Fix potential free of non-heap address
|
||||
|
||||
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
|
||||
Reviewed-by: Simo Sorce <simo@redhat.com>
|
||||
Merges: #211
|
||||
(cherry picked from commit 068f4174001c3ea4ae7913fb37210fec84abf1df)
|
||||
---
|
||||
proxy/src/client/gpm_common.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/proxy/src/client/gpm_common.c b/proxy/src/client/gpm_common.c
|
||||
index 9a10c2f..340da2f 100644
|
||||
--- a/proxy/src/client/gpm_common.c
|
||||
+++ b/proxy/src/client/gpm_common.c
|
||||
@@ -556,8 +556,8 @@ static int gpm_send_recv_loop(struct gpm_ctx *gpmctx, char *send_buffer,
|
||||
ret = gpm_retry_socket(gpmctx);
|
||||
|
||||
/* Free buffer and set it to NULL to prevent free(xdr_reply_ctx) */
|
||||
- free(recv_buffer);
|
||||
- recv_buffer = NULL;
|
||||
+ free(*recv_buffer);
|
||||
+ *recv_buffer = NULL;
|
||||
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
28
Prevent-uninitialized-read-in-error-path-of-XDR-cont.patch
Normal file
28
Prevent-uninitialized-read-in-error-path-of-XDR-cont.patch
Normal file
@ -0,0 +1,28 @@
|
||||
From 427c50c9b350e52a1c7aec444e383badc4fc5485 Mon Sep 17 00:00:00 2001
|
||||
From: Robbie Harwood <rharwood@redhat.com>
|
||||
Date: Tue, 12 Sep 2017 12:40:27 -0400
|
||||
Subject: [PATCH] Prevent uninitialized read in error path of XDR contexts
|
||||
|
||||
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
|
||||
Reviewed-by: Simo Sorce <simo@redhat.com>
|
||||
Merges: #211
|
||||
(cherry picked from commit 8ba0f42f06bc7d0ed68cb2eb3ef2794fc860ac2d)
|
||||
---
|
||||
proxy/src/client/gpm_common.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/proxy/src/client/gpm_common.c b/proxy/src/client/gpm_common.c
|
||||
index 340da2f..5e097ce 100644
|
||||
--- a/proxy/src/client/gpm_common.c
|
||||
+++ b/proxy/src/client/gpm_common.c
|
||||
@@ -659,8 +659,8 @@ int gpm_make_call(int proc, union gp_rpc_arg *arg, union gp_rpc_res *res)
|
||||
{
|
||||
struct gpm_ctx *gpmctx;
|
||||
gp_rpc_msg msg;
|
||||
- XDR xdr_call_ctx;
|
||||
- XDR xdr_reply_ctx;
|
||||
+ XDR xdr_call_ctx = {0};
|
||||
+ XDR xdr_reply_ctx = {0};
|
||||
char *send_buffer = NULL;
|
||||
char *recv_buffer = NULL;
|
||||
uint32_t send_length;
|
||||
@ -1,6 +1,6 @@
|
||||
Name: gssproxy
|
||||
Version: 0.7.0
|
||||
Release: 14%{?dist}
|
||||
Release: 15%{?dist}
|
||||
Summary: GSSAPI Proxy
|
||||
|
||||
Group: System Environment/Libraries
|
||||
@ -27,6 +27,8 @@ Patch9: Tolerate-NULL-pointers-in-gp_same.patch
|
||||
Patch10: Add-Client-ID-to-debug-messages.patch
|
||||
Patch11: client-Switch-to-non-blocking-sockets.patch
|
||||
Patch12: server-Add-detailed-request-logging.patch
|
||||
Patch13: Fix-potential-free-of-non-heap-address.patch
|
||||
Patch14: Prevent-uninitialized-read-in-error-path-of-XDR-cont.patch
|
||||
|
||||
### Dependencies ###
|
||||
Requires: krb5-libs >= 1.12.0
|
||||
@ -119,6 +121,9 @@ rm -rf %{buildroot}
|
||||
%systemd_postun_with_restart gssproxy.service
|
||||
|
||||
%changelog
|
||||
* Tue Sep 12 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-15
|
||||
- Backport two security fixes
|
||||
|
||||
* Tue Aug 22 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-14
|
||||
- Non-blocking IO + Extended request debug logging
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user