rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix config realm change logic in FILE remove_cred

Browse Source
This commit is contained in:
Robbie Harwood 2019-04-17 16:16:38 -04:00
parent 05efb47898
commit 5ebfb70254
2 changed files with 34 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
Fix-config-realm-change-logic-in-FILE-remove_cred.patch Normal file
View File

@ -0,0 +1,29 @@
From 908eb6dde51917bb50d388a1769c50eede68fc10 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Tue, 16 Apr 2019 10:47:35 -0400
Subject: [PATCH] Fix config realm change logic in FILE remove_cred
Use data_eq_string() to check the server realm, and do not check if
cred->server is NULL since it is not expected to be (and
k5_marshal_cred() would have already crashed if it were).
ticket: 8792
(cherry picked from commit e5367fcddd53dc4db0c1fd2279e91eda3791960a)
---
src/lib/krb5/ccache/cc_file.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/lib/krb5/ccache/cc_file.c b/src/lib/krb5/ccache/cc_file.c
index 09da38fa9..a3f67766e 100644
--- a/src/lib/krb5/ccache/cc_file.c
+++ b/src/lib/krb5/ccache/cc_file.c
@@ -1058,8 +1058,7 @@ delete_cred(krb5_context context, krb5_ccache cache, krb5_cc_cursor *cursor,
/* For config entries, also change the realm so that other implementations
* won't match them. */
- if (cred->server != NULL && cred->server->realm.length > 0 &&
- strcmp(cred->server->realm.data, "X-CACHECONF:") == 0)
+ if (data_eq_string(cred->server->realm, "X-CACHECONF:"))
memcpy(cred->server->realm.data, "X-RMED-CONF:", 12);
k5_marshal_cred(&overwrite, fcursor->version, cred);

6
krb5.spec
View File

@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
Name: krb5 Name: krb5
Version: 1.17 Version: 1.17
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces) # for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
Release: 9%{?dist} Release: 10%{?dist}
# lookaside-cached sources; two downloads and a build artifact # lookaside-cached sources; two downloads and a build artifact
Source0: https://web.mit.edu/kerberos/dist/krb5/1.16/krb5-%{version}%{prerelease}.tar.gz Source0: https://web.mit.edu/kerberos/dist/krb5/1.16/krb5-%{version}%{prerelease}.tar.gz
@ -80,6 +80,7 @@ Patch107: Remove-kadmin-RPC-support-for-setting-v4-key.patch
Patch108: Remove-ccapi-related-comments-in-configure.ac.patch Patch108: Remove-ccapi-related-comments-in-configure.ac.patch
Patch109: Remove-doxygen-generated-HTML-output-for-ccapi.patch Patch109: Remove-doxygen-generated-HTML-output-for-ccapi.patch
Patch110: Remove-Kerberos-v4-support-vestiges-from-ccapi.patch Patch110: Remove-Kerberos-v4-support-vestiges-from-ccapi.patch
Patch111: Fix-config-realm-change-logic-in-FILE-remove_cred.patch
License: MIT License: MIT
URL: http://web.mit.edu/kerberos/www/ URL: http://web.mit.edu/kerberos/www/
@ -716,6 +717,9 @@ exit 0
%{_libdir}/libkadm5srv_mit.so.* %{_libdir}/libkadm5srv_mit.so.*
%changelog %changelog
* Wed Apr 17 2019 Robbie Harwood <rharwood@redhat.com> - 1.17-10
- Fix config realm change logic in FILE remove_cred
* Thu Apr 11 2019 Robbie Harwood <rharwood@redhat.com> - 1.17-9 * Thu Apr 11 2019 Robbie Harwood <rharwood@redhat.com> - 1.17-9
- Remove Kerberos v4 support vestiges (including ktany support) - Remove Kerberos v4 support vestiges (including ktany support)