46 lines
1.7 KiB
Diff
46 lines
1.7 KiB
Diff
|
From 59f010774d13ea6a0148235db2ff05a3f3c93c7b Mon Sep 17 00:00:00 2001
|
||
|
From: Stanislav Levin <slev@altlinux.org>
|
||
|
Date: Jan 30 2024 15:07:56 +0000
|
||
|
Subject: ipapython: Correct return type of krb5_free_cred_contents
|
||
|
|
||
|
|
||
|
According to https://web.mit.edu/kerberos/krb5-latest/doc/appdev/refs/api/krb5_free_cred_contents.html
|
||
|
|
||
|
> krb5_free_cred_contents - Free the contents of a krb5_creds structure.
|
||
|
>
|
||
|
> void krb5_free_cred_contents(krb5_context context, krb5_creds * val)
|
||
|
> param:
|
||
|
> [in] context - Library context
|
||
|
>
|
||
|
> [in] val - Credential structure to free contents of
|
||
|
>
|
||
|
> This function frees the contents of val , but not the structure itself.
|
||
|
|
||
|
https://github.com/krb5/krb5/blob/5b00197227231943bd2305328c8260dd0b0dbcf0/src/lib/krb5/krb/kfree.c#L166
|
||
|
|
||
|
This leads to undefined behavior and `krb5_free_cred_contents` can
|
||
|
raise KRB5Error (because of garbage data) while actually its foreign
|
||
|
function doesn't.
|
||
|
|
||
|
Fixes: https://pagure.io/freeipa/issue/9519
|
||
|
Signed-off-by: Stanislav Levin <slev@altlinux.org>
|
||
|
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
||
|
|
||
|
---
|
||
|
|
||
|
diff --git a/ipapython/session_storage.py b/ipapython/session_storage.py
|
||
|
index 371cf15..dc36f54 100644
|
||
|
--- a/ipapython/session_storage.py
|
||
|
+++ b/ipapython/session_storage.py
|
||
|
@@ -200,8 +200,7 @@ krb5_cc_end_seq_get.errcheck = krb5_errcheck
|
||
|
|
||
|
krb5_free_cred_contents = LIBKRB5.krb5_free_cred_contents
|
||
|
krb5_free_cred_contents.argtypes = (krb5_context, ctypes.POINTER(krb5_creds))
|
||
|
-krb5_free_cred_contents.restype = krb5_error
|
||
|
-krb5_free_cred_contents.errcheck = krb5_errcheck
|
||
|
+krb5_free_cred_contents.restype = None
|
||
|
|
||
|
krb5_principal_compare = LIBKRB5.krb5_principal_compare
|
||
|
krb5_principal_compare.argtypes = (krb5_context, krb5_principal,
|
||
|
|