Switch to the upstream patch for #1029110
Switch to the simplified version of the patch for #1029110 that ended up being committed upstream (RT#7764).
This commit is contained in:
parent
11d14a1e7c
commit
b3399eb8fb
@ -1,16 +1,22 @@
|
||||
commit ffbb8f2fdd54c9d458dc84b544ac29eb3272bd2d
|
||||
commit 5ac159e220297a8f62dd5edcec6f9b988b0627ea
|
||||
Author: Nalin Dahyabhai <nalin@dahyabhai.net>
|
||||
Date: Mon Nov 11 13:10:08 2013 -0500
|
||||
|
||||
Catch more strtol() failures when using KEYRINGs
|
||||
|
||||
When parsing what should be a UID while resolving a KEYRING ccache name,
|
||||
don't just depend on strtol() to set errno when the residual that we
|
||||
pass to it can't be parsed as a number. In addition to checking errno,
|
||||
pass in and check the value of an "endptr".
|
||||
When parsing what should be a UID while resolving a KEYRING ccache
|
||||
name, don't just depend on strtol() to set errno when the residual
|
||||
that we pass to it can't be parsed as a number. In addition to
|
||||
checking errno, pass in and check the value of an "endptr".
|
||||
|
||||
[ghudson@mit.edu: simplified slightly]
|
||||
|
||||
ticket: 7764 (new)
|
||||
target_version: 1.12
|
||||
tags: pullup
|
||||
|
||||
diff --git a/src/lib/krb5/ccache/cc_keyring.c b/src/lib/krb5/ccache/cc_keyring.c
|
||||
index 795ccd6..b1fc397 100644
|
||||
index 795ccd6..a07a0dc 100644
|
||||
--- a/src/lib/krb5/ccache/cc_keyring.c
|
||||
+++ b/src/lib/krb5/ccache/cc_keyring.c
|
||||
@@ -593,7 +593,7 @@ get_collection(const char *anchor_name, const char *collection_name,
|
||||
@ -18,7 +24,7 @@ index 795ccd6..b1fc397 100644
|
||||
krb5_error_code ret;
|
||||
key_serial_t persistent_id, anchor_id, possess_id = 0;
|
||||
- char *ckname;
|
||||
+ char *ckname, *cnend = NULL;
|
||||
+ char *ckname, *cnend;
|
||||
long uidnum;
|
||||
|
||||
*collection_id_out = 0;
|
||||
@ -29,7 +35,7 @@ index 795ccd6..b1fc397 100644
|
||||
- uidnum = strtol(collection_name, NULL, 10);
|
||||
- if (errno)
|
||||
+ uidnum = strtol(collection_name, &cnend, 10);
|
||||
+ if (errno || cnend == NULL || *cnend != '\0')
|
||||
+ if (errno || *cnend != '\0')
|
||||
return KRB5_KCC_INVALID_UID;
|
||||
} else {
|
||||
uidnum = geteuid();
|
||||
|
@ -41,7 +41,7 @@
|
||||
Summary: The Kerberos network authentication system
|
||||
Name: krb5
|
||||
Version: 1.11.3
|
||||
Release: 30%{?dist}
|
||||
Release: 31%{?dist}
|
||||
# Maybe we should explode from the now-available-to-everybody tarball instead?
|
||||
# http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-1.11.3-signed.tar
|
||||
Source0: krb5-%{version}.tar.gz
|
||||
@ -1008,6 +1008,9 @@ exit 0
|
||||
%{_sbindir}/uuserver
|
||||
|
||||
%changelog
|
||||
* Tue Nov 12 2013 Nalin Dahyabhai <nalin@redhat.com> - 1.11.3-31
|
||||
- switch to the simplified version of the patch for #1029110 (RT#7764)
|
||||
|
||||
* Mon Nov 11 2013 Nalin Dahyabhai <nalin@redhat.com> - 1.11.3-30
|
||||
- check more thoroughly for errors when resolving KEYRING ccache names of type
|
||||
"persistent", which should only have a numeric UID as the next part of the
|
||||
|
Loading…
Reference in New Issue
Block a user