rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix SPAKE memory leak

Browse Source 
Also fix build problem
This commit is contained in:
Robbie Harwood 2018-03-27 13:55:07 -04:00
parent 99cea2e511
commit 27ca1f2678
2 changed files with 47 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
Fix-SPAKE-memory-leak.patch Normal file
View File

@ -0,0 +1,41 @@
From 9bfd14df2d6458dfef8d1a17af5247af21183e3d Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Tue, 27 Mar 2018 10:36:05 -0400
Subject: [PATCH] Fix SPAKE memory leak
In the NIST group implementations, ossl_fini() needs to free the
groupdata container as well as its fields. Also in
spake_kdc.c:parse_data(), initialize the magic field of the resulting
data object to avoid a harmless uninitialized memory copy.
ticket: 8647
(cherry picked from commit 70b88b8018658e052d6eabf06f8fdad17fbe993c)
---
src/plugins/preauth/spake/openssl.c | 1 +
src/plugins/preauth/spake/spake_kdc.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/src/plugins/preauth/spake/openssl.c b/src/plugins/preauth/spake/openssl.c
index b821a9158..f2e4b53ec 100644
--- a/src/plugins/preauth/spake/openssl.c
+++ b/src/plugins/preauth/spake/openssl.c
@@ -69,6 +69,7 @@ ossl_fini(groupdata *gd)
EC_POINT_free(gd->N);
BN_CTX_free(gd->ctx);
BN_free(gd->order);
+ free(gd);
}
static krb5_error_code
diff --git a/src/plugins/preauth/spake/spake_kdc.c b/src/plugins/preauth/spake/spake_kdc.c
index c1723ebaf..59e88409e 100644
--- a/src/plugins/preauth/spake/spake_kdc.c
+++ b/src/plugins/preauth/spake/spake_kdc.c
@@ -75,6 +75,7 @@ parse_data(struct k5input *in, krb5_data *out)
{
out->length = k5_input_get_uint32_be(in);
out->data = (char *)k5_input_get_bytes(in, out->length);
+ out->magic = KV5M_DATA;
}
/* Parse a received cookie into its components. The pointers stored in the

7
krb5.spec
View File

@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
Name: krb5
Version: 1.16
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
Release: 16%{?dist}
Release: 17%{?dist}
# lookaside-cached sources; two downloads and a build artifact
Source0: https://web.mit.edu/kerberos/dist/krb5/1.16/krb5-%{version}%{prerelease}.tar.gz
@ -85,6 +85,7 @@ Patch58: Implement-k5_buf_init_dynamic_zap.patch
Patch59: Use-k5_buf_init_dynamic_zap-where-appropriate.patch
Patch60: Add-SPAKE-preauth-support.patch
Patch61: Add-doc-index-entries-for-SPAKE-constants.patch
Patch62: Fix-SPAKE-memory-leak.patch
License: MIT
URL: http://web.mit.edu/kerberos/www/
@ -685,6 +686,7 @@ exit 0
%dir %{_libdir}/krb5/plugins
%dir %{_libdir}/krb5/plugins/*
%{_libdir}/krb5/plugins/tls/k5tls.so
%{_libdir}/krb5/plugins/preauth/spake.so
%dir %{_var}/kerberos
%dir %{_var}/kerberos/krb5
%dir %{_var}/kerberos/krb5/user
@ -734,6 +736,9 @@ exit 0
%{_libdir}/libkadm5srv_mit.so.*
%changelog
* Tue Mar 27 2018 Robbie Harwood <rharwood@redhat.com> - 1.16-17
- Fix SPAKE memory leak
* Tue Mar 27 2018 Robbie Harwood <rharwood@redhat.com> - 1.16-16
- Fix gitignore problem with previous patchset