Backport fix for chrome crash in spnego_gss_inquire_context
Resolves: #1295893
This commit is contained in:
Robbie Harwood
parent
07d6f2cd01
commit
b653d26d53
46
krb5-init_context_null_spnego.patch
Normal file
46
krb5-init_context_null_spnego.patch
Normal file
@ -0,0 +1,46 @@
|
||||
From 3beb564cea3d219efcf71682b6576cad548c2d23 Mon Sep 17 00:00:00 2001
|
||||
From: Simo Sorce <simo@redhat.com>
|
||||
Date: Tue, 5 Jan 2016 12:11:59 -0500
|
||||
Subject: [PATCH] Check internal context on init context errors
|
||||
|
||||
If the mechanism deletes the internal context handle on error, the
|
||||
mechglue must do the same with the union context, to avoid crashes if
|
||||
the application calls other functions with this invalid union context.
|
||||
|
||||
[ghudson@mit.edu: edit commit message and code comment]
|
||||
|
||||
ticket: 8337 (new)
|
||||
target_version: 1.14-next
|
||||
target_version: 1.13-next
|
||||
tags: pullup
|
||||
---
|
||||
src/lib/gssapi/mechglue/g_init_sec_context.c | 11 +++++++----
|
||||
1 file changed, 7 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/lib/gssapi/mechglue/g_init_sec_context.c b/src/lib/gssapi/mechglue/g_init_sec_context.c
|
||||
index aaae767..9f154b8 100644
|
||||
--- a/src/lib/gssapi/mechglue/g_init_sec_context.c
|
||||
+++ b/src/lib/gssapi/mechglue/g_init_sec_context.c
|
||||
@@ -224,12 +224,15 @@ OM_uint32 * time_rec;
|
||||
|
||||
if (status != GSS_S_COMPLETE && status != GSS_S_CONTINUE_NEEDED) {
|
||||
/*
|
||||
- * the spec says (the preferred) method is to delete all
|
||||
- * context info on the first call to init, and on all
|
||||
- * subsequent calls make the caller responsible for
|
||||
- * calling gss_delete_sec_context
|
||||
+ * The spec says the preferred method is to delete all context info on
|
||||
+ * the first call to init, and on all subsequent calls make the caller
|
||||
+ * responsible for calling gss_delete_sec_context. However, if the
|
||||
+ * mechanism decided to delete the internal context, we should also
|
||||
+ * delete the union context.
|
||||
*/
|
||||
map_error(minor_status, mech);
|
||||
+ if (union_ctx_id->internal_ctx_id == GSS_C_NO_CONTEXT)
|
||||
+ *context_handle = GSS_C_NO_CONTEXT;
|
||||
if (*context_handle == GSS_C_NO_CONTEXT) {
|
||||
free(union_ctx_id->mech_type->elements);
|
||||
free(union_ctx_id->mech_type);
|
||||
--
|
||||
2.6.4
|
||||
|
||||
@ -20,7 +20,7 @@
|
||||
Summary: The Kerberos network authentication system
|
||||
Name: krb5
|
||||
Version: 1.14
|
||||
Release: 12%{?dist}
|
||||
Release: 13%{?dist}
|
||||
# - Maybe we should explode from the now-available-to-everybody tarball instead?
|
||||
# http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13.2-signed.tar
|
||||
# - The sources below are stored in a lookaside cache. Upload with
|
||||
@ -66,6 +66,7 @@ Patch134: krb5-1.11-kpasswdtest.patch
|
||||
Patch148: krb5-disable_ofd_locks.patch
|
||||
Patch150: krb5-fix_interposer.patch
|
||||
Patch151: krb5-mechglue_inqure_attrs.patch
|
||||
Patch152: krb5-init_context_null_spnego.patch
|
||||
|
||||
License: MIT
|
||||
URL: http://web.mit.edu/kerberos/www/
|
||||
@ -248,6 +249,7 @@ ln NOTICE LICENSE
|
||||
|
||||
%patch150 -p1 -b .fix_interposer
|
||||
%patch151 -p1 -b .mechglue_inqure_attrs
|
||||
%patch152 -p1 -b .init_context_null_spnego
|
||||
|
||||
# Take the execute bit off of documentation.
|
||||
chmod -x doc/krb5-protocol/*.txt doc/ccapi/*.html
|
||||
@ -818,6 +820,10 @@ exit 0
|
||||
|
||||
|
||||
%changelog
|
||||
* Fri Jan 08 2016 Robbie Harwood <rharwood@redhat.com> - 1.14-13
|
||||
- Backport fix for chrome crash in spnego_gss_inquire_context
|
||||
- Resolves: #1295893
|
||||
|
||||
* Wed Dec 16 2015 Robbie Harwood <rharwood@redhat.com> - 1.14-12
|
||||
- Backport patch to fix mechglue for gss_inqure_attrs_for_mech()
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user