rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix potential close(-1) in cc_file.c

Browse Source
This commit is contained in:
Robbie Harwood 2019-04-22 13:09:23 -04:00
parent 707673a505
commit aa800df204
2 changed files with 35 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
Fix-potential-close-1-in-cc_file.c.patch Normal file
View File

@ -0,0 +1,30 @@
From b2002f8286c0f77e57c7387123328a31125cda2e Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Thu, 18 Apr 2019 13:39:37 -0400
Subject: [PATCH] Fix potential close(-1) in cc_file.c
As part of error handling in d3b39a8bac6206b5ea78b0bf6a2958c1df0b0dd5,
an error path in delete_cred() may result in close(-1). While this
shouldn't be a prolblem in practice (just returning EBADF), it does
upset Coverity.
ticket: 8792
(cherry picked from commit 5ccfbaf2f0c8871d2f0ea87ad4b21cc33392ca2c)
---
src/lib/krb5/ccache/cc_file.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/lib/krb5/ccache/cc_file.c b/src/lib/krb5/ccache/cc_file.c
index a3f67766e..bf58c1d45 100644
--- a/src/lib/krb5/ccache/cc_file.c
+++ b/src/lib/krb5/ccache/cc_file.c
@@ -1122,7 +1122,8 @@ delete_cred(krb5_context context, krb5_ccache cache, krb5_cc_cursor *cursor,
}
cleanup:
- close(fd);
+ if (fd >= 0)
+ close(fd);
zapfree(on_disk, expected.len);
k5_buf_free(&expected);
k5_buf_free(&overwrite);

6
krb5.spec
View File

@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
Name: krb5 Name: krb5
Version: 1.17 Version: 1.17
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces) # for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
Release: 11%{?dist} Release: 12%{?dist}
# lookaside-cached sources; two downloads and a build artifact # lookaside-cached sources; two downloads and a build artifact
Source0: https://web.mit.edu/kerberos/dist/krb5/1.16/krb5-%{version}%{prerelease}.tar.gz Source0: https://web.mit.edu/kerberos/dist/krb5/1.16/krb5-%{version}%{prerelease}.tar.gz
@ -83,6 +83,7 @@ Patch110: Remove-Kerberos-v4-support-vestiges-from-ccapi.patch
Patch111: Fix-config-realm-change-logic-in-FILE-remove_cred.patch Patch111: Fix-config-realm-change-logic-in-FILE-remove_cred.patch
Patch112: Remove-confvalidator-utility.patch Patch112: Remove-confvalidator-utility.patch
Patch113: Remove-ovsec_adm_export-dump-format-support.patch Patch113: Remove-ovsec_adm_export-dump-format-support.patch
Patch114: Fix-potential-close-1-in-cc_file.c.patch
License: MIT License: MIT
URL: http://web.mit.edu/kerberos/www/ URL: http://web.mit.edu/kerberos/www/
@ -719,6 +720,9 @@ exit 0
%{_libdir}/libkadm5srv_mit.so.* %{_libdir}/libkadm5srv_mit.so.*
%changelog %changelog
* Mon Apr 22 2019 Robbie Harwood <rharwood@redhat.com> - 1.17-12
- Fix potential close(-1) in cc_file.c
* Wed Apr 17 2019 Robbie Harwood <rharwood@redhat.com> - 1.17-11 * Wed Apr 17 2019 Robbie Harwood <rharwood@redhat.com> - 1.17-11
- Remove ovsec_adm_export and confvalidator - Remove ovsec_adm_export and confvalidator