From 76843c3ef01a06ba162cf5174009df5ca5e7fb02 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Fri, 30 Sep 2016 17:38:08 +0000 Subject: [PATCH] Properly close krad sockets Resolves: #1380836 --- ...dle-EOF-condition-on-libkrad-sockets.patch | 49 +++++++++++++++++++ krb5.spec | 7 ++- 2 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 Properly-handle-EOF-condition-on-libkrad-sockets.patch diff --git a/Properly-handle-EOF-condition-on-libkrad-sockets.patch b/Properly-handle-EOF-condition-on-libkrad-sockets.patch new file mode 100644 index 0000000..7c989d0 --- /dev/null +++ b/Properly-handle-EOF-condition-on-libkrad-sockets.patch @@ -0,0 +1,49 @@ +From 9a3a64665819a0e1ee82953bf879f57d6f433358 Mon Sep 17 00:00:00 2001 +From: Nathaniel McCallum +Date: Fri, 30 Sep 2016 10:03:33 -0400 +Subject: [PATCH] Properly handle EOF condition on libkrad sockets + +In the previous code, when the remote peer performed an orderly shutdown +on the socket, libkrad would enter a state in which all future requests +timed out. Instead, if the peer shuts down its socket, we need to +attempt to reopen it. + +ticket: 8504 (new) +target_version: 1.14-next +tags: pullup + +(cherry picked from commit 248497427d5a45225817b6c22e9224e8ad969872) +--- + src/lib/krad/remote.c | 13 ++++++------- + 1 file changed, 6 insertions(+), 7 deletions(-) + +diff --git a/src/lib/krad/remote.c b/src/lib/krad/remote.c +index df3de3a..68cd16f 100644 +--- a/src/lib/krad/remote.c ++++ b/src/lib/krad/remote.c +@@ -329,16 +329,15 @@ on_io_read(krad_remote *rr) + /* Read the packet. */ + i = recv(verto_get_fd(rr->io), rr->buffer.data + rr->buffer.length, + pktlen, 0); +- if (i < 0) { +- /* Should we try again? */ +- if (errno == EWOULDBLOCK || errno == EAGAIN || errno == EINTR) +- return; + +- /* The socket is unrecoverable. */ ++ /* On these errors, try again. */ ++ if (i < 0 && (errno == EWOULDBLOCK || errno == EAGAIN || errno == EINTR)) ++ return; ++ ++ /* On any other errors or on EOF, the socket is unrecoverable. */ ++ if (i <= 0) { + remote_shutdown(rr); + return; +- } else if (i == 0) { +- remote_del_flags(rr, FLAGS_READ); + } + + /* If we have a partial read or just the header, try again. */ +-- +2.9.3 + diff --git a/krb5.spec b/krb5.spec index 10447f9..a3bc7db 100644 --- a/krb5.spec +++ b/krb5.spec @@ -13,7 +13,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.14.4 -Release: 4%{?dist} +Release: 5%{?dist} # - Maybe we should explode from the now-available-to-everybody tarball instead? # http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13.2-signed.tar # - The sources below are stored in a lookaside cache. Upload with @@ -68,6 +68,7 @@ Patch20: Don-t-feed-OS-RNG-output-into-the-OS-RNG.patch Patch21: Rename-prng_os.c-to-prng_device.c.patch Patch22: Add-getrandom-to-k5_get_os_entropy-using-syscall.patch Patch23: Add-OS-prng-intended-for-use-with-getrandom.patch +Patch24: Properly-handle-EOF-condition-on-libkrad-sockets.patch License: MIT URL: http://web.mit.edu/kerberos/www/ @@ -722,6 +723,10 @@ exit 0 %{_libdir}/libkadm5srv_mit.so.* %changelog +* Fri Sep 30 2016 Robbie Harwood - 1.14.4-5 +- Properly close krad sockets +- Resolves: #1380836 + * Fri Sep 30 2016 Robbie Harwood - 1.14.4-4 - Fix backward check in kprop.service