rpms/gssproxy
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Backport two security fixes

Browse Source
This commit is contained in:
Robbie Harwood 2017-09-12 17:38:53 +00:00
parent 21c2f037de
commit bb8257ecb7
3 changed files with 62 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
Fix-potential-free-of-non-heap-address.patch Normal file
View File

@ -0,0 +1,28 @@
From d5e838b8b752ea8039fe174c8944a41aed7034a2 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Mon, 11 Sep 2017 10:52:03 -0400
Subject: [PATCH] Fix potential free of non-heap address
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Merges: #211
(cherry picked from commit 068f4174001c3ea4ae7913fb37210fec84abf1df)
---
proxy/src/client/gpm_common.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/proxy/src/client/gpm_common.c b/proxy/src/client/gpm_common.c
index 9a10c2f..340da2f 100644
--- a/proxy/src/client/gpm_common.c
+++ b/proxy/src/client/gpm_common.c
@@ -556,8 +556,8 @@ static int gpm_send_recv_loop(struct gpm_ctx *gpmctx, char *send_buffer,
ret = gpm_retry_socket(gpmctx);
/* Free buffer and set it to NULL to prevent free(xdr_reply_ctx) */
- free(recv_buffer);
- recv_buffer = NULL;
+ free(*recv_buffer);
+ *recv_buffer = NULL;
if (ret != 0)
return ret;

28
Prevent-uninitialized-read-in-error-path-of-XDR-cont.patch Normal file
View File

@ -0,0 +1,28 @@
From 427c50c9b350e52a1c7aec444e383badc4fc5485 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Tue, 12 Sep 2017 12:40:27 -0400
Subject: [PATCH] Prevent uninitialized read in error path of XDR contexts
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Merges: #211
(cherry picked from commit 8ba0f42f06bc7d0ed68cb2eb3ef2794fc860ac2d)
---
proxy/src/client/gpm_common.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/proxy/src/client/gpm_common.c b/proxy/src/client/gpm_common.c
index 340da2f..5e097ce 100644
--- a/proxy/src/client/gpm_common.c
+++ b/proxy/src/client/gpm_common.c
@@ -659,8 +659,8 @@ int gpm_make_call(int proc, union gp_rpc_arg *arg, union gp_rpc_res *res)
{
struct gpm_ctx *gpmctx;
gp_rpc_msg msg;
- XDR xdr_call_ctx;
- XDR xdr_reply_ctx;
+ XDR xdr_call_ctx = {0};
+ XDR xdr_reply_ctx = {0};
char *send_buffer = NULL;
char *recv_buffer = NULL;
uint32_t send_length;

7
gssproxy.spec
View File

@ -1,6 +1,6 @@
Name: gssproxy Name: gssproxy
Version: 0.7.0 Version: 0.7.0
Release: 14%{?dist} Release: 15%{?dist}
Summary: GSSAPI Proxy Summary: GSSAPI Proxy
Group: System Environment/Libraries Group: System Environment/Libraries
@ -27,6 +27,8 @@ Patch9: Tolerate-NULL-pointers-in-gp_same.patch
Patch10: Add-Client-ID-to-debug-messages.patch Patch10: Add-Client-ID-to-debug-messages.patch
Patch11: client-Switch-to-non-blocking-sockets.patch Patch11: client-Switch-to-non-blocking-sockets.patch
Patch12: server-Add-detailed-request-logging.patch Patch12: server-Add-detailed-request-logging.patch
Patch13: Fix-potential-free-of-non-heap-address.patch
Patch14: Prevent-uninitialized-read-in-error-path-of-XDR-cont.patch
### Dependencies ### ### Dependencies ###
Requires: krb5-libs >= 1.12.0 Requires: krb5-libs >= 1.12.0
@ -119,6 +121,9 @@ rm -rf %{buildroot}
%systemd_postun_with_restart gssproxy.service %systemd_postun_with_restart gssproxy.service
%changelog %changelog
* Tue Sep 12 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-15
- Backport two security fixes
* Tue Aug 22 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-14 * Tue Aug 22 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-14
- Non-blocking IO + Extended request debug logging - Non-blocking IO + Extended request debug logging