Pick up an interop fix from master (RT#7794)
- pull in fix from master to return a NULL pointer rather than allocating zero bytes of memory if we read a zero-length input token (RT#7794, part of #1043962)
This commit is contained in:
Nalin Dahyabhai
parent
3a1e355f38
commit
735b73ebbb
39
krb5-master-no-malloc0.patch
Normal file
39
krb5-master-no-malloc0.patch
Normal file
@ -0,0 +1,39 @@
|
||||
commit 13fd26e1863c79f616653f6a10a58c01f65fceff
|
||||
Author: Greg Hudson <ghudson@mit.edu>
|
||||
Date: Fri Dec 6 18:56:56 2013 -0500
|
||||
|
||||
Avoid malloc(0) in SPNEGO get_input_token
|
||||
|
||||
If we read a zero-length token in spnego_mech.c's get_input_token(),
|
||||
set the value pointer to NULL instead of calling malloc(0).
|
||||
|
||||
ticket: 7794 (new)
|
||||
|
||||
diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
|
||||
index 24c3440..3937662 100644
|
||||
--- a/src/lib/gssapi/spnego/spnego_mech.c
|
||||
+++ b/src/lib/gssapi/spnego/spnego_mech.c
|
||||
@@ -3140,14 +3140,17 @@ get_input_token(unsigned char **buff_in, unsigned int buff_length)
|
||||
return (NULL);
|
||||
|
||||
input_token->length = len;
|
||||
- input_token->value = gssalloc_malloc(input_token->length);
|
||||
+ if (input_token->length > 0) {
|
||||
+ input_token->value = gssalloc_malloc(input_token->length);
|
||||
+ if (input_token->value == NULL) {
|
||||
+ free(input_token);
|
||||
+ return (NULL);
|
||||
+ }
|
||||
|
||||
- if (input_token->value == NULL) {
|
||||
- free(input_token);
|
||||
- return (NULL);
|
||||
+ memcpy(input_token->value, *buff_in, input_token->length);
|
||||
+ } else {
|
||||
+ input_token->value = NULL;
|
||||
}
|
||||
-
|
||||
- (void) memcpy(input_token->value, *buff_in, input_token->length);
|
||||
*buff_in += input_token->length;
|
||||
return (input_token);
|
||||
}
|
||||
@ -41,7 +41,7 @@
|
||||
Summary: The Kerberos network authentication system
|
||||
Name: krb5
|
||||
Version: 1.12
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
# Maybe we should explode from the now-available-to-everybody tarball instead?
|
||||
# http://web.mit.edu/kerberos/dist/krb5/1.12/krb5-1.12-signed.tar
|
||||
Source0: krb5-%{version}.tar.gz
|
||||
@ -90,6 +90,7 @@ Patch86: krb5-1.9-debuginfo.patch
|
||||
Patch105: krb5-kvno-230379.patch
|
||||
Patch129: krb5-1.11-run_user_0.patch
|
||||
Patch134: krb5-1.11-kpasswdtest.patch
|
||||
Patch135: krb5-master-no-malloc0.patch
|
||||
|
||||
License: MIT
|
||||
URL: http://web.mit.edu/kerberos/www/
|
||||
@ -300,6 +301,7 @@ ln -s NOTICE LICENSE
|
||||
%patch71 -p1 -b .dirsrv-accountlock %{?_rawbuild}
|
||||
%patch86 -p0 -b .debuginfo
|
||||
%patch105 -p1 -b .kvno
|
||||
%patch135 -p1 -b .no-malloc0
|
||||
|
||||
# Apply when the hard-wired or configured default location is
|
||||
# DIR:/run/user/%%{uid}/krb5cc.
|
||||
@ -954,6 +956,11 @@ exit 0
|
||||
%{_sbindir}/uuserver
|
||||
|
||||
%changelog
|
||||
* Wed Dec 18 2013 Nalin Dahyabhai <nalin@redhat.com> - 1.12-2
|
||||
- pull in fix from master to return a NULL pointer rather than allocating
|
||||
zero bytes of memory if we read a zero-length input token (RT#7794, part of
|
||||
#1043962)
|
||||
|
||||
* Wed Dec 11 2013 Nalin Dahyabhai <nalin@redhat.com> - 1.12-1
|
||||
- update to 1.12 final
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user