rpms/krb5
6
0
Fork 0
Code Issues Pull Requests Releases Activity

- ftp: don't lose track of a descriptor on passive get when the server

Browse Source 
fails to open a file
This commit is contained in:
Nalin Dahyabhai 2008-02-25 19:50:42 +00:00
parent a7d42c7b03
commit 2cc4303bbc
2 changed files with 73 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
krb5-1.6.3-ftp_fdleak.patch Normal file
View File

@ -0,0 +1,67 @@
Don't open a new socket without closing a possibly already-open one. RT#5597.
diff -uNr krb5/src/appl/gssftp/ftp/ftp.c krb5/src/appl/gssftp/ftp/ftp.c
--- krb5/src/appl/gssftp/ftp/ftp.c
+++ krb5/src/appl/gssftp/ftp/ftp.c
@@ -196,7 +196,7 @@ char *
hookup(char* host, int port)
{
register struct hostent *hp = 0;
- int s;
+ int s, t;
socklen_t len;
#ifdef IP_TOS
#ifdef IPTOS_LOWDELAY
@@ -274,8 +274,13 @@ hookup(char* host, int port)
}
#endif
#endif
+#ifndef _WIN32
+ t = dup(s);
+#else
+ t = s;
+#endif
cin = FDOPEN_SOCKET(s, "r");
- cout = FDOPEN_SOCKET(s, "w");
+ cout = FDOPEN_SOCKET(t, "w");
if (cin == NULL || cout == NULL) {
fprintf(stderr, "ftp: fdopen failed.\n");
if (cin) {
@@ -1448,6 +1453,8 @@
int a1,a2,a3,a4,p1,p2;
if (passivemode) {
+ if (data != INVALID_SOCKET)
+ (void) closesocket(data);
data = socket(AF_INET, SOCK_STREAM, 0);
if (data == INVALID_SOCKET) {
PERROR_SOCKET("ftp: socket");
@@ -2366,4 +2371,16 @@ FILE* fdopen_socket(SOCKET s, char* mode
return f;
}
+#else
+/* Non-Win32 case takes the address of the variable so that we can "take
+ * ownership" of the descriptor number. */
+FILE* fdopen_socket(int *s, char* mode)
+{
+ FILE *fp;
+ fp = fdopen(*s, mode);
+ if (fp) {
+ *s = INVALID_SOCKET;
+ }
+ return fp;
+}
#endif /* _WIN32 */
diff -up krb5-1.3.4/src/appl/gssftp/ftp/ftp_var.h krb5-1.3.4/src/appl/gssftp/ftp/ftp_var.h
--- krb5-1.3.4/src/appl/gssftp/ftp/ftp_var.h 2007-08-03 00:53:35.000000000 -0400
+++ krb5-1.3.4/src/appl/gssftp/ftp/ftp_var.h 2007-08-03 00:53:39.000000000 -0400
@@ -48,7 +48,8 @@ FILE* fdopen_socket(SOCKET s, char* mode
#define PERROR_SOCKET(str) do { errno = SOCKET_ERRNO; perror(str); } while(0)
#else
#define FCLOSE_SOCKET(f) fclose(f)
-#define FDOPEN_SOCKET(s, mode) fdopen(s, mode)
+FILE* fdopen_socket(int *s, char* mode);
+#define FDOPEN_SOCKET(s, mode) fdopen_socket(&s, mode)
#define SOCKETNO(fd) (fd)
#define PERROR_SOCKET(str) perror(str)
#endif

6
krb5.spec
View File

@ -96,6 +96,7 @@ Patch68: krb5-trunk-spnego_delegation.patch
Patch69: krb5-trunk-seqnum.patch Patch69: krb5-trunk-seqnum.patch
Patch70: krb5-trunk-kpasswd_tcp2.patch Patch70: krb5-trunk-kpasswd_tcp2.patch
Patch71: krb5-1.6.2-dirsrv-accountlock.patch Patch71: krb5-1.6.2-dirsrv-accountlock.patch
Patch72: krb5-1.6.3-ftp_fdleak.patch
License: MIT, freely distributable. License: MIT, freely distributable.
URL: http://web.mit.edu/kerberos/www/ URL: http://web.mit.edu/kerberos/www/
@ -226,6 +227,10 @@ to obtain initial credentials from a KDC using a private key and a
certificate. certificate.
%changelog %changelog
* Mon Feb 25 2008 Nalin Dahyabhai <nalin@redhat.com>
- ftp: don't lose track of a descriptor on passive get when the server fails to
open a file
* Mon Feb 25 2008 Nalin Dahyabhai <nalin@redhat.com> * Mon Feb 25 2008 Nalin Dahyabhai <nalin@redhat.com>
- in login, allow PAM to interact with the user when they've been strongly - in login, allow PAM to interact with the user when they've been strongly
authenticated authenticated
@ -1309,6 +1314,7 @@ popd
%patch69 -p0 -b .seqnum %patch69 -p0 -b .seqnum
#%patch70 -p0 -b .kpasswd_tcp2 #%patch70 -p0 -b .kpasswd_tcp2
%patch71 -p1 -b .dirsrv-accountlock %patch71 -p1 -b .dirsrv-accountlock
%patch72 -p1 -b .ftp_fdleak
cp src/krb524/README README.krb524 cp src/krb524/README README.krb524
gzip doc/*.ps gzip doc/*.ps