rpms/krb5
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Switch to the upstream patch for #1029110

Browse Source 
Switch to the simplified version of the patch for #1029110 that ended up
being committed upstream (RT#7764).
This commit is contained in:
Nalin Dahyabhai 2013-11-12 13:20:50 -05:00
parent 11d14a1e7c
commit b3399eb8fb
2 changed files with 18 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
krb5-keyring-strtol.patch
View File

@ -1,16 +1,22 @@
commit ffbb8f2fdd54c9d458dc84b544ac29eb3272bd2d commit 5ac159e220297a8f62dd5edcec6f9b988b0627ea
Author: Nalin Dahyabhai <nalin@dahyabhai.net> Author: Nalin Dahyabhai <nalin@dahyabhai.net>
Date: Mon Nov 11 13:10:08 2013 -0500 Date: Mon Nov 11 13:10:08 2013 -0500
Catch more strtol() failures when using KEYRINGs Catch more strtol() failures when using KEYRINGs
When parsing what should be a UID while resolving a KEYRING ccache name, When parsing what should be a UID while resolving a KEYRING ccache
don't just depend on strtol() to set errno when the residual that we name, don't just depend on strtol() to set errno when the residual
pass to it can't be parsed as a number. In addition to checking errno, that we pass to it can't be parsed as a number. In addition to
pass in and check the value of an "endptr". checking errno, pass in and check the value of an "endptr".
[ghudson@mit.edu: simplified slightly]
ticket: 7764 (new)
target_version: 1.12
tags: pullup
diff --git a/src/lib/krb5/ccache/cc_keyring.c b/src/lib/krb5/ccache/cc_keyring.c diff --git a/src/lib/krb5/ccache/cc_keyring.c b/src/lib/krb5/ccache/cc_keyring.c
index 795ccd6..b1fc397 100644 index 795ccd6..a07a0dc 100644
--- a/src/lib/krb5/ccache/cc_keyring.c --- a/src/lib/krb5/ccache/cc_keyring.c
+++ b/src/lib/krb5/ccache/cc_keyring.c +++ b/src/lib/krb5/ccache/cc_keyring.c
@@ -593,7 +593,7 @@ get_collection(const char *anchor_name, const char *collection_name, @@ -593,7 +593,7 @@ get_collection(const char *anchor_name, const char *collection_name,
@ -18,7 +24,7 @@ index 795ccd6..b1fc397 100644
krb5_error_code ret; krb5_error_code ret;
key_serial_t persistent_id, anchor_id, possess_id = 0; key_serial_t persistent_id, anchor_id, possess_id = 0;
- char *ckname; - char *ckname;
+ char *ckname, *cnend = NULL; + char *ckname, *cnend;
long uidnum; long uidnum;
*collection_id_out = 0; *collection_id_out = 0;
@ -29,7 +35,7 @@ index 795ccd6..b1fc397 100644
- uidnum = strtol(collection_name, NULL, 10); - uidnum = strtol(collection_name, NULL, 10);
- if (errno) - if (errno)
+ uidnum = strtol(collection_name, &cnend, 10); + uidnum = strtol(collection_name, &cnend, 10);
+ if (errno || cnend == NULL || *cnend != '\0') + if (errno || *cnend != '\0')
return KRB5_KCC_INVALID_UID; return KRB5_KCC_INVALID_UID;
} else { } else {
uidnum = geteuid(); uidnum = geteuid();

5
krb5.spec
View File

@ -41,7 +41,7 @@
Summary: The Kerberos network authentication system Summary: The Kerberos network authentication system
Name: krb5 Name: krb5
Version: 1.11.3 Version: 1.11.3
Release: 30%{?dist} Release: 31%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead? # Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-1.11.3-signed.tar # http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-1.11.3-signed.tar
Source0: krb5-%{version}.tar.gz Source0: krb5-%{version}.tar.gz
@ -1008,6 +1008,9 @@ exit 0
%{_sbindir}/uuserver %{_sbindir}/uuserver
%changelog %changelog
* Tue Nov 12 2013 Nalin Dahyabhai <nalin@redhat.com> - 1.11.3-31
- switch to the simplified version of the patch for #1029110 (RT#7764)
* Mon Nov 11 2013 Nalin Dahyabhai <nalin@redhat.com> - 1.11.3-30 * Mon Nov 11 2013 Nalin Dahyabhai <nalin@redhat.com> - 1.11.3-30
- check more thoroughly for errors when resolving KEYRING ccache names of type - check more thoroughly for errors when resolving KEYRING ccache names of type
"persistent", which should only have a numeric UID as the next part of the "persistent", which should only have a numeric UID as the next part of the