included in 1.11.2

2013-04-15 10:12:28 -04:00 · 2013-04-15 10:12:28 -04:00 · 7d195950a0
commit 7d195950a0
parent fd7717242f
2 changed files with 0 additions and 147 deletions
--- a/krb5-1.11.1-interposers.patch
+++ b/krb5-1.11.1-interposers.patch
@ -1,105 +0,0 @@
 commit 36c76aa3c625afc9291b9e1df071db51ccf37dab
 Author: Simo Sorce <simo@redhat.com>
 Date:   Sat Mar 16 15:23:03 2013 -0400
    Fix import_sec_context with interposers
    The code was correctly selecting the mechanism to execute, but it was
    improperly setting the mechanism type of the internal context when the
    selected mechanism was that of an interposer and vice versa.
    When an interposer is involved the internal context is that of the
    interposer, so the mechanism type of the context needs to be the
    interposer oid.  Conversely, when an interposer re-enters gssapi and
    presents a token with a special oid, the mechanism called is the real
    mechanism, and the context returned is a real mechanism context.  In
    this case the mechanism type of the context needs to be that of the
    real mechanism.
    ticket: 7592
    target_version: 1.11.2
    tags: pullup
 diff --git a/src/lib/gssapi/mechglue/g_imp_sec_context.c b/src/lib/gssapi/mechglue/g_imp_sec_context.c
 index 53310dd..a0e2d71 100644
 --- a/src/lib/gssapi/mechglue/g_imp_sec_context.c
 +++ b/src/lib/gssapi/mechglue/g_imp_sec_context.c
@@ -84,6 +84,7 @@ gss_ctx_id_t *		context_handle;
     gss_union_ctx_id_t	ctx;
     gss_ctx_id_t	mctx;
     gss_buffer_desc	token;
 +    gss_OID_desc	token_mech;
     gss_OID		selected_mech = GSS_C_NO_OID;
     gss_OID		public_mech;
     gss_mechanism	mech;
@@ -100,12 +101,6 @@ gss_ctx_id_t *		context_handle;
     if (!ctx)
 	return (GSS_S_FAILURE);
 -    ctx->mech_type = (gss_OID) malloc(sizeof(gss_OID_desc));
 -    if (!ctx->mech_type) {
 -	free(ctx);
 -	return (GSS_S_FAILURE);
 -    }
 -
     if (interprocess_token->length >= sizeof (OM_uint32)) {
 	p = interprocess_token->value;
 	length = (OM_uint32)*p++;
@@ -120,12 +115,9 @@ gss_ctx_id_t *		context_handle;
 	return (GSS_S_CALL_BAD_STRUCTURE | GSS_S_DEFECTIVE_TOKEN);
     }
 -    ctx->mech_type->length = length;
 -    ctx->mech_type->elements = malloc(length);
 -    if (!ctx->mech_type->elements) {
 -	goto error_out;
 -    }
 -    memcpy(ctx->mech_type->elements, p, length);
 +    token_mech.length = length;
 +    token_mech.elements = p;
 +
     p += length;
     token.length = interprocess_token->length - sizeof (OM_uint32) - length;
@@ -136,7 +128,7 @@ gss_ctx_id_t *		context_handle;
      * call it.
      */
 -    status = gssint_select_mech_type(minor_status, ctx->mech_type,
 +    status = gssint_select_mech_type(minor_status, &token_mech,
 				     &selected_mech);
     if (status != GSS_S_COMPLETE)
 	goto error_out;
@@ -152,6 +144,12 @@ gss_ctx_id_t *		context_handle;
 	goto error_out;
     }
 +    if (generic_gss_copy_oid(minor_status, selected_mech,
 +			     &ctx->mech_type) != GSS_S_COMPLETE) {
 +	status = GSS_S_FAILURE;
 +	goto error_out;
 +    }
 +
     if (mech->gssspi_import_sec_context_by_mech) {
 	public_mech = gssint_get_public_oid(selected_mech);
 	status = mech->gssspi_import_sec_context_by_mech(minor_status,
@@ -167,16 +165,11 @@ gss_ctx_id_t *		context_handle;
 	return (GSS_S_COMPLETE);
     }
     map_error(minor_status, mech);
 +    free(ctx->mech_type->elements);
 +    free(ctx->mech_type);
 error_out:
 -    if (ctx) {
 -	if (ctx->mech_type) {
 -	    if (ctx->mech_type->elements)
 -		free(ctx->mech_type->elements);
 -	    free(ctx->mech_type);
 -	}
 -	free(ctx);
 -    }
 +    free(ctx);
     return status;
 }
 #endif /* LEAN_CLIENT */
--- a/krb5-lookup_etypes-leak.patch
+++ b/krb5-lookup_etypes-leak.patch
@ -1,42 +0,0 @@
 Petr Spacek notes that when we walk the keytab in lookup_etypes_for_keytab(),
 we don't free entries when we're finished examining them.  Ensure that when
 krb5_kt_next_entry() succeeds, we make sure to free the entry storage before we
 exit the current loop iteration.  (RT#7586)
 --- a/src/lib/krb5/krb/gic_keytab.c
 +++ b/src/lib/krb5/krb/gic_keytab.c
@@ -110,9 +110,9 @@ lookup_etypes_for_keytab(krb5_context context, krb5_keytab keytab,
             goto cleanup;
         if (!krb5_c_valid_enctype(entry.key.enctype))
 -            continue;
 +            goto next_entry;
         if (!krb5_principal_compare(context, entry.principal, client))
 -            continue;
 +            goto next_entry;
         /* Make sure our list is for the highest kvno found for client. */
         if (entry.vno > max_kvno) {
             free(etypes);
@@ -120,11 +120,12 @@ lookup_etypes_for_keytab(krb5_context context, krb5_keytab keytab,
             count = 0;
             max_kvno = entry.vno;
         } else if (entry.vno != max_kvno)
 -            continue;
 +            goto next_entry;
         /* Leave room for the terminator and possibly a second entry. */
         p = realloc(etypes, (count + 3) * sizeof(*etypes));
         if (p == NULL) {
 +            krb5_free_keytab_entry_contents(context, &entry);
             ret = ENOMEM;
             goto cleanup;
         }
@@ -136,6 +137,8 @@ lookup_etypes_for_keytab(krb5_context context, krb5_keytab keytab,
             entry.key.enctype == ENCTYPE_DES_CBC_MD4)
             etypes[count++] = ENCTYPE_DES_CBC_CRC;
         etypes[count] = 0;
 +next_entry:
 +        krb5_free_keytab_entry_contents(context, &entry);
     }
     ret = 0;