Backport fix for chrome crash in spnego_gss_inquire_context
Resolves: #1295893
This commit is contained in:
parent
07d6f2cd01
commit
b653d26d53
46
krb5-init_context_null_spnego.patch
Normal file
46
krb5-init_context_null_spnego.patch
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
From 3beb564cea3d219efcf71682b6576cad548c2d23 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Simo Sorce <simo@redhat.com>
|
||||||
|
Date: Tue, 5 Jan 2016 12:11:59 -0500
|
||||||
|
Subject: [PATCH] Check internal context on init context errors
|
||||||
|
|
||||||
|
If the mechanism deletes the internal context handle on error, the
|
||||||
|
mechglue must do the same with the union context, to avoid crashes if
|
||||||
|
the application calls other functions with this invalid union context.
|
||||||
|
|
||||||
|
[ghudson@mit.edu: edit commit message and code comment]
|
||||||
|
|
||||||
|
ticket: 8337 (new)
|
||||||
|
target_version: 1.14-next
|
||||||
|
target_version: 1.13-next
|
||||||
|
tags: pullup
|
||||||
|
---
|
||||||
|
src/lib/gssapi/mechglue/g_init_sec_context.c | 11 +++++++----
|
||||||
|
1 file changed, 7 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/lib/gssapi/mechglue/g_init_sec_context.c b/src/lib/gssapi/mechglue/g_init_sec_context.c
|
||||||
|
index aaae767..9f154b8 100644
|
||||||
|
--- a/src/lib/gssapi/mechglue/g_init_sec_context.c
|
||||||
|
+++ b/src/lib/gssapi/mechglue/g_init_sec_context.c
|
||||||
|
@@ -224,12 +224,15 @@ OM_uint32 * time_rec;
|
||||||
|
|
||||||
|
if (status != GSS_S_COMPLETE && status != GSS_S_CONTINUE_NEEDED) {
|
||||||
|
/*
|
||||||
|
- * the spec says (the preferred) method is to delete all
|
||||||
|
- * context info on the first call to init, and on all
|
||||||
|
- * subsequent calls make the caller responsible for
|
||||||
|
- * calling gss_delete_sec_context
|
||||||
|
+ * The spec says the preferred method is to delete all context info on
|
||||||
|
+ * the first call to init, and on all subsequent calls make the caller
|
||||||
|
+ * responsible for calling gss_delete_sec_context. However, if the
|
||||||
|
+ * mechanism decided to delete the internal context, we should also
|
||||||
|
+ * delete the union context.
|
||||||
|
*/
|
||||||
|
map_error(minor_status, mech);
|
||||||
|
+ if (union_ctx_id->internal_ctx_id == GSS_C_NO_CONTEXT)
|
||||||
|
+ *context_handle = GSS_C_NO_CONTEXT;
|
||||||
|
if (*context_handle == GSS_C_NO_CONTEXT) {
|
||||||
|
free(union_ctx_id->mech_type->elements);
|
||||||
|
free(union_ctx_id->mech_type);
|
||||||
|
--
|
||||||
|
2.6.4
|
||||||
|
|
@ -20,7 +20,7 @@
|
|||||||
Summary: The Kerberos network authentication system
|
Summary: The Kerberos network authentication system
|
||||||
Name: krb5
|
Name: krb5
|
||||||
Version: 1.14
|
Version: 1.14
|
||||||
Release: 12%{?dist}
|
Release: 13%{?dist}
|
||||||
# - Maybe we should explode from the now-available-to-everybody tarball instead?
|
# - Maybe we should explode from the now-available-to-everybody tarball instead?
|
||||||
# http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13.2-signed.tar
|
# http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13.2-signed.tar
|
||||||
# - The sources below are stored in a lookaside cache. Upload with
|
# - The sources below are stored in a lookaside cache. Upload with
|
||||||
@ -66,6 +66,7 @@ Patch134: krb5-1.11-kpasswdtest.patch
|
|||||||
Patch148: krb5-disable_ofd_locks.patch
|
Patch148: krb5-disable_ofd_locks.patch
|
||||||
Patch150: krb5-fix_interposer.patch
|
Patch150: krb5-fix_interposer.patch
|
||||||
Patch151: krb5-mechglue_inqure_attrs.patch
|
Patch151: krb5-mechglue_inqure_attrs.patch
|
||||||
|
Patch152: krb5-init_context_null_spnego.patch
|
||||||
|
|
||||||
License: MIT
|
License: MIT
|
||||||
URL: http://web.mit.edu/kerberos/www/
|
URL: http://web.mit.edu/kerberos/www/
|
||||||
@ -248,6 +249,7 @@ ln NOTICE LICENSE
|
|||||||
|
|
||||||
%patch150 -p1 -b .fix_interposer
|
%patch150 -p1 -b .fix_interposer
|
||||||
%patch151 -p1 -b .mechglue_inqure_attrs
|
%patch151 -p1 -b .mechglue_inqure_attrs
|
||||||
|
%patch152 -p1 -b .init_context_null_spnego
|
||||||
|
|
||||||
# Take the execute bit off of documentation.
|
# Take the execute bit off of documentation.
|
||||||
chmod -x doc/krb5-protocol/*.txt doc/ccapi/*.html
|
chmod -x doc/krb5-protocol/*.txt doc/ccapi/*.html
|
||||||
@ -818,6 +820,10 @@ exit 0
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jan 08 2016 Robbie Harwood <rharwood@redhat.com> - 1.14-13
|
||||||
|
- Backport fix for chrome crash in spnego_gss_inquire_context
|
||||||
|
- Resolves: #1295893
|
||||||
|
|
||||||
* Wed Dec 16 2015 Robbie Harwood <rharwood@redhat.com> - 1.14-12
|
* Wed Dec 16 2015 Robbie Harwood <rharwood@redhat.com> - 1.14-12
|
||||||
- Backport patch to fix mechglue for gss_inqure_attrs_for_mech()
|
- Backport patch to fix mechglue for gss_inqure_attrs_for_mech()
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user