Set error message on KCM get_princ failure
This commit is contained in:
parent
c150a97555
commit
ace60f7773
@ -1,29 +0,0 @@
|
|||||||
From 2c88cf9966d2dad7902df3eeef1834b55000b246 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Greg Hudson <ghudson@mit.edu>
|
|
||||||
Date: Tue, 24 Apr 2018 14:31:35 -0400
|
|
||||||
Subject: [PATCH] Check for zero argc in ksu
|
|
||||||
|
|
||||||
Most programs in the tree will perform a null dereference when argc is
|
|
||||||
zero, but as a setuid program ksu should be extra careful about memory
|
|
||||||
errors, even if this one is harmless. Check and exit with status 1
|
|
||||||
immediately.
|
|
||||||
|
|
||||||
ticket: 8661
|
|
||||||
(cherry picked from commit c5b0a998d6349f8c90821a347db5666aed0e50eb)
|
|
||||||
---
|
|
||||||
src/clients/ksu/main.c | 2 ++
|
|
||||||
1 file changed, 2 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c
|
|
||||||
index c6321c01b..6cb91e24f 100644
|
|
||||||
--- a/src/clients/ksu/main.c
|
|
||||||
+++ b/src/clients/ksu/main.c
|
|
||||||
@@ -144,6 +144,8 @@ main (argc, argv)
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if (argc == 0)
|
|
||||||
+ exit(1);
|
|
||||||
if (strrchr(argv[0], '/'))
|
|
||||||
argv[0] = strrchr(argv[0], '/')+1;
|
|
||||||
prog_name = argv[0];
|
|
@ -1,39 +0,0 @@
|
|||||||
From 292843b6a1d774198845d8e9511d1fa2ca5859e4 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Greg Hudson <ghudson@mit.edu>
|
|
||||||
Date: Tue, 24 Apr 2018 19:35:38 -0400
|
|
||||||
Subject: [PATCH] Move zero argc check earlier in ksu
|
|
||||||
|
|
||||||
For improved auditability, check for a zero argc value earlier in
|
|
||||||
main() so that the first two calls to com_err() can't pass a NULL
|
|
||||||
whoami value--which would be harmless, but that may not be obvious to
|
|
||||||
a reader.
|
|
||||||
|
|
||||||
ticket: 8661
|
|
||||||
(cherry picked from commit e1b5b824f5d7388a67d0854b56d3906c4fbdd778)
|
|
||||||
---
|
|
||||||
src/clients/ksu/main.c | 5 +++--
|
|
||||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c
|
|
||||||
index 6cb91e24f..b9a997fc2 100644
|
|
||||||
--- a/src/clients/ksu/main.c
|
|
||||||
+++ b/src/clients/ksu/main.c
|
|
||||||
@@ -127,6 +127,9 @@ main (argc, argv)
|
|
||||||
krb5_boolean restrict_creds;
|
|
||||||
krb5_deltat lifetime, rlife;
|
|
||||||
|
|
||||||
+ if (argc == 0)
|
|
||||||
+ exit(1);
|
|
||||||
+
|
|
||||||
params = (char **) xcalloc (2, sizeof (char *));
|
|
||||||
params[1] = NULL;
|
|
||||||
|
|
||||||
@@ -144,8 +147,6 @@ main (argc, argv)
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (argc == 0)
|
|
||||||
- exit(1);
|
|
||||||
if (strrchr(argv[0], '/'))
|
|
||||||
argv[0] = strrchr(argv[0], '/')+1;
|
|
||||||
prog_name = argv[0];
|
|
@ -1,4 +1,4 @@
|
|||||||
From fb73fe5af9c82c20630cbf72c08e3e89f57deeaf Mon Sep 17 00:00:00 2001
|
From f9c9d683852eb4881e099b3042d4c6e5e1444efc Mon Sep 17 00:00:00 2001
|
||||||
From: Robbie Harwood <rharwood@redhat.com>
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
Date: Fri, 27 Apr 2018 13:51:39 -0400
|
Date: Fri, 27 Apr 2018 13:51:39 -0400
|
||||||
Subject: [PATCH] Set error message on KCM get_princ failure
|
Subject: [PATCH] Set error message on KCM get_princ failure
|
||||||
|
@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
|
|||||||
Name: krb5
|
Name: krb5
|
||||||
Version: 1.16
|
Version: 1.16
|
||||||
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
|
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
|
||||||
Release: 25%{?dist}
|
Release: 26%{?dist}
|
||||||
|
|
||||||
# lookaside-cached sources; two downloads and a build artifact
|
# lookaside-cached sources; two downloads and a build artifact
|
||||||
Source0: https://web.mit.edu/kerberos/dist/krb5/1.16/krb5-%{version}%{prerelease}.tar.gz
|
Source0: https://web.mit.edu/kerberos/dist/krb5/1.16/krb5-%{version}%{prerelease}.tar.gz
|
||||||
@ -94,8 +94,6 @@ Patch67: Return-UPN-SANs-as-strings.patch
|
|||||||
Patch68: Restrict-pre-authentication-fallback-cases.patch
|
Patch68: Restrict-pre-authentication-fallback-cases.patch
|
||||||
Patch69: Merge-duplicate-subsections-in-profile-library.patch
|
Patch69: Merge-duplicate-subsections-in-profile-library.patch
|
||||||
Patch70: Fix-KDC-null-dereference-on-large-TGS-replies.patch
|
Patch70: Fix-KDC-null-dereference-on-large-TGS-replies.patch
|
||||||
Patch71: Check-for-zero-argc-in-ksu.patch
|
|
||||||
Patch72: Move-zero-argc-check-earlier-in-ksu.patch
|
|
||||||
Patch73: Set-error-message-on-KCM-get_princ-failure.patch
|
Patch73: Set-error-message-on-KCM-get_princ-failure.patch
|
||||||
|
|
||||||
License: MIT
|
License: MIT
|
||||||
@ -748,6 +746,9 @@ exit 0
|
|||||||
%{_libdir}/libkadm5srv_mit.so.*
|
%{_libdir}/libkadm5srv_mit.so.*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Apr 30 2018 Robbie Harwood <rharwood@redhat.com> - 1.16-26
|
||||||
|
- Set error message on KCM get_princ failure
|
||||||
|
|
||||||
* Mon Apr 30 2018 Robbie Harwood <rharwood@redhat.com> - 1.16-25
|
* Mon Apr 30 2018 Robbie Harwood <rharwood@redhat.com> - 1.16-25
|
||||||
- Set error message on KCM get_princ failure
|
- Set error message on KCM get_princ failure
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user