rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Continue after KRB5_CC_END in KCM cache iteration

Browse Source
This commit is contained in:
Robbie Harwood 2018-03-29 10:43:22 -04:00
parent 27ca1f2678
commit 09f9308fd8
2 changed files with 47 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
Continue-after-KRB5_CC_END-in-KCM-cache-iteration.patch Normal file
View File

@ -0,0 +1,42 @@
From 3001200ba4598aeb14511353a72dc746034280b1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
Date: Wed, 28 Mar 2018 18:27:06 +0200
Subject: [PATCH] Continue after KRB5_CC_END in KCM cache iteration
The KCM server returns KRB5_CC_END in response to a GET_CACHE_BY_UUID
request to indicate that the specified ccache uuid no longer exists.
In krb5_ptcursor_next(), ignore this error and continue the iteration,
as the Heimdal KCM client code does.
In addition to addressing the case where a third party deletes a cache
between the GET_CACHE_UUID_LIST request and when we reach that uuid in
the iteration, this change also fixes a bug in kdestroy -A where the
caller deletes the primary cache and we later request it by uuid when
iterating over the list.
[ghudson@mit.edu: rewrote commit message; edited comment]
ticket: 8658 (new)
tags: pullup
target_version: 1.16-next
target_version: 1.15-next
(cherry picked from commit 49087f5e6309f298f8898c35af6f4ade418ced60)
---
src/lib/krb5/ccache/cc_kcm.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/lib/krb5/ccache/cc_kcm.c b/src/lib/krb5/ccache/cc_kcm.c
index b621ed33b..0d38b1839 100644
--- a/src/lib/krb5/ccache/cc_kcm.c
+++ b/src/lib/krb5/ccache/cc_kcm.c
@@ -966,6 +966,9 @@ kcm_ptcursor_next(krb5_context context, krb5_cc_ptcursor cursor,
kcmreq_init(&req, KCM_OP_GET_CACHE_BY_UUID, NULL);
k5_buf_add_len(&req.reqbuf, id, KCM_UUID_LEN);
ret = kcmio_call(context, data->io, &req);
+ /* Continue if the cache has been deleted. */
+ if (ret == KRB5_CC_END)
+ continue;
if (ret)
goto cleanup;
ret = kcmreq_get_name(&req, &name);

6
krb5.spec
View File

@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
Name: krb5 Name: krb5
Version: 1.16 Version: 1.16
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces) # for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
Release: 17%{?dist} Release: 18%{?dist}
# lookaside-cached sources; two downloads and a build artifact # lookaside-cached sources; two downloads and a build artifact
Source0: https://web.mit.edu/kerberos/dist/krb5/1.16/krb5-%{version}%{prerelease}.tar.gz Source0: https://web.mit.edu/kerberos/dist/krb5/1.16/krb5-%{version}%{prerelease}.tar.gz
@ -86,6 +86,7 @@ Patch59: Use-k5_buf_init_dynamic_zap-where-appropriate.patch
Patch60: Add-SPAKE-preauth-support.patch Patch60: Add-SPAKE-preauth-support.patch
Patch61: Add-doc-index-entries-for-SPAKE-constants.patch Patch61: Add-doc-index-entries-for-SPAKE-constants.patch
Patch62: Fix-SPAKE-memory-leak.patch Patch62: Fix-SPAKE-memory-leak.patch
Patch63: Continue-after-KRB5_CC_END-in-KCM-cache-iteration.patch
License: MIT License: MIT
URL: http://web.mit.edu/kerberos/www/ URL: http://web.mit.edu/kerberos/www/
@ -736,6 +737,9 @@ exit 0
%{_libdir}/libkadm5srv_mit.so.* %{_libdir}/libkadm5srv_mit.so.*
%changelog %changelog
* Thu Mar 29 2018 Robbie Harwood <rharwood@redhat.com> - 1.16-18
- Continue after KRB5_CC_END in KCM cache iteration
* Tue Mar 27 2018 Robbie Harwood <rharwood@redhat.com> - 1.16-17 * Tue Mar 27 2018 Robbie Harwood <rharwood@redhat.com> - 1.16-17
- Fix SPAKE memory leak - Fix SPAKE memory leak