Auto sync2gitlab import of krb5-1.18.2-21.el8.src.rpm
This commit is contained in:
parent
d1fa0eecb2
commit
da349d17a0
BIN
krb5-1.18.2-pdfs.tar
Normal file
BIN
krb5-1.18.2-pdfs.tar
Normal file
Binary file not shown.
69
krb5-krad-larger-attrs.patch
Normal file
69
krb5-krad-larger-attrs.patch
Normal file
@ -0,0 +1,69 @@
|
|||||||
|
From b2b7729d71e7ab2cde9c73b40b8e972c82a875a2 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Sumit Bose <sbose@redhat.com>
|
||||||
|
Date: Mon, 8 Nov 2021 17:48:50 +0100
|
||||||
|
Subject: [PATCH] Support larger RADIUS attributes in libkrad
|
||||||
|
|
||||||
|
In kr_attrset_decode(), explicitly treat the length byte as unsigned.
|
||||||
|
Otherwise attributes longer than 125 characters will be rejected with
|
||||||
|
EBADMSG.
|
||||||
|
|
||||||
|
Add a 253-character-long NAS-Identifier attribute to the tests to make
|
||||||
|
sure that attributes with the maximal number of characters are working
|
||||||
|
as expected.
|
||||||
|
|
||||||
|
[ghudson@mit.edu: used uint8_t cast per current practices; edited
|
||||||
|
commit message]
|
||||||
|
|
||||||
|
ticket: 9036 (new)
|
||||||
|
---
|
||||||
|
src/lib/krad/attrset.c | 2 +-
|
||||||
|
src/lib/krad/t_packet.c | 13 +++++++++++++
|
||||||
|
2 files changed, 14 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/lib/krad/attrset.c b/src/lib/krad/attrset.c
|
||||||
|
index d89982a13..6ec031e32 100644
|
||||||
|
--- a/src/lib/krad/attrset.c
|
||||||
|
+++ b/src/lib/krad/attrset.c
|
||||||
|
@@ -218,7 +218,7 @@ kr_attrset_decode(krb5_context ctx, const krb5_data *in, const char *secret,
|
||||||
|
|
||||||
|
for (i = 0; i + 2 < in->length; ) {
|
||||||
|
type = in->data[i++];
|
||||||
|
- tmp = make_data(&in->data[i + 1], in->data[i] - 2);
|
||||||
|
+ tmp = make_data(&in->data[i + 1], (uint8_t)in->data[i] - 2);
|
||||||
|
i += tmp.length + 1;
|
||||||
|
|
||||||
|
retval = (in->length < i) ? EBADMSG : 0;
|
||||||
|
diff --git a/src/lib/krad/t_packet.c b/src/lib/krad/t_packet.c
|
||||||
|
index 0a92e9cc2..c22489144 100644
|
||||||
|
--- a/src/lib/krad/t_packet.c
|
||||||
|
+++ b/src/lib/krad/t_packet.c
|
||||||
|
@@ -57,6 +57,14 @@ make_packet(krb5_context ctx, const krb5_data *username,
|
||||||
|
krb5_error_code retval;
|
||||||
|
const krb5_data *data;
|
||||||
|
int i = 0;
|
||||||
|
+ krb5_data nas_id;
|
||||||
|
+
|
||||||
|
+ nas_id = string2data("12345678901234567890123456789012345678901234567890"
|
||||||
|
+ "12345678901234567890123456789012345678901234567890"
|
||||||
|
+ "12345678901234567890123456789012345678901234567890"
|
||||||
|
+ "12345678901234567890123456789012345678901234567890"
|
||||||
|
+ "12345678901234567890123456789012345678901234567890"
|
||||||
|
+ "123");
|
||||||
|
|
||||||
|
retval = krad_attrset_new(ctx, &set);
|
||||||
|
if (retval != 0)
|
||||||
|
@@ -71,6 +79,11 @@ make_packet(krb5_context ctx, const krb5_data *username,
|
||||||
|
if (retval != 0)
|
||||||
|
goto out;
|
||||||
|
|
||||||
|
+ retval = krad_attrset_add(set, krad_attr_name2num("NAS-Identifier"),
|
||||||
|
+ &nas_id);
|
||||||
|
+ if (retval != 0)
|
||||||
|
+ goto out;
|
||||||
|
+
|
||||||
|
retval = krad_packet_new_request(ctx, "foo",
|
||||||
|
krad_code_name2num("Access-Request"),
|
||||||
|
set, iterator, &i, &tmp);
|
||||||
|
--
|
||||||
|
2.35.3
|
||||||
|
|
171
krb5-krad-remote.patch
Normal file
171
krb5-krad-remote.patch
Normal file
@ -0,0 +1,171 @@
|
|||||||
|
From da677b071dadda3700d12d037f5896b166d3546d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Greg Hudson <ghudson@mit.edu>
|
||||||
|
Date: Tue, 9 Nov 2021 13:00:43 -0500
|
||||||
|
Subject: [PATCH] Avoid use after free during libkrad cleanup
|
||||||
|
|
||||||
|
libkrad client requests contain a list of references to remotes, with
|
||||||
|
no back-references or reference counts. To prevent accesses to
|
||||||
|
dangling references during cleanup, cancel all requests on all remotes
|
||||||
|
before freeing any remotes.
|
||||||
|
|
||||||
|
Remove the code for aging out unused servers. This code was fairly
|
||||||
|
safe as all requests referencing a remote should have completed or
|
||||||
|
timed out during an hour of disuse, but in the current design we have
|
||||||
|
no way to guarantee or check that. The set of addresses we send
|
||||||
|
RADIUS requests to will generally be small, so aging out servers is
|
||||||
|
unnecessary.
|
||||||
|
|
||||||
|
ticket: 9035 (new)
|
||||||
|
---
|
||||||
|
src/lib/krad/client.c | 42 ++++++++++++++---------------------------
|
||||||
|
src/lib/krad/internal.h | 4 ++++
|
||||||
|
src/lib/krad/remote.c | 11 ++++++++---
|
||||||
|
3 files changed, 26 insertions(+), 31 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/lib/krad/client.c b/src/lib/krad/client.c
|
||||||
|
index 6365dd1c6..810940afc 100644
|
||||||
|
--- a/src/lib/krad/client.c
|
||||||
|
+++ b/src/lib/krad/client.c
|
||||||
|
@@ -64,7 +64,6 @@ struct request_st {
|
||||||
|
|
||||||
|
struct server_st {
|
||||||
|
krad_remote *serv;
|
||||||
|
- time_t last;
|
||||||
|
K5_LIST_ENTRY(server_st) list;
|
||||||
|
};
|
||||||
|
|
||||||
|
@@ -81,15 +80,10 @@ get_server(krad_client *rc, const struct addrinfo *ai, const char *secret,
|
||||||
|
krad_remote **out)
|
||||||
|
{
|
||||||
|
krb5_error_code retval;
|
||||||
|
- time_t currtime;
|
||||||
|
server *srv;
|
||||||
|
|
||||||
|
- if (time(&currtime) == (time_t)-1)
|
||||||
|
- return errno;
|
||||||
|
-
|
||||||
|
K5_LIST_FOREACH(srv, &rc->servers, list) {
|
||||||
|
if (kr_remote_equals(srv->serv, ai, secret)) {
|
||||||
|
- srv->last = currtime;
|
||||||
|
*out = srv->serv;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
@@ -98,7 +92,6 @@ get_server(krad_client *rc, const struct addrinfo *ai, const char *secret,
|
||||||
|
srv = calloc(1, sizeof(server));
|
||||||
|
if (srv == NULL)
|
||||||
|
return ENOMEM;
|
||||||
|
- srv->last = currtime;
|
||||||
|
|
||||||
|
retval = kr_remote_new(rc->kctx, rc->vctx, ai, secret, &srv->serv);
|
||||||
|
if (retval != 0) {
|
||||||
|
@@ -173,28 +166,12 @@ request_new(krad_client *rc, krad_code code, const krad_attrset *attrs,
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
-/* Close remotes that haven't been used in a while. */
|
||||||
|
-static void
|
||||||
|
-age(struct server_head *head, time_t currtime)
|
||||||
|
-{
|
||||||
|
- server *srv, *tmp;
|
||||||
|
-
|
||||||
|
- K5_LIST_FOREACH_SAFE(srv, head, list, tmp) {
|
||||||
|
- if (currtime == (time_t)-1 || currtime - srv->last > 60 * 60) {
|
||||||
|
- K5_LIST_REMOVE(srv, list);
|
||||||
|
- kr_remote_free(srv->serv);
|
||||||
|
- free(srv);
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
/* Handle a response from a server (or related errors). */
|
||||||
|
static void
|
||||||
|
on_response(krb5_error_code retval, const krad_packet *reqp,
|
||||||
|
const krad_packet *rspp, void *data)
|
||||||
|
{
|
||||||
|
request *req = data;
|
||||||
|
- time_t currtime;
|
||||||
|
size_t i;
|
||||||
|
|
||||||
|
/* Do nothing if we are already completed. */
|
||||||
|
@@ -221,10 +198,6 @@ on_response(krb5_error_code retval, const krad_packet *reqp,
|
||||||
|
for (i = 0; req->remotes[i].remote != NULL; i++)
|
||||||
|
kr_remote_cancel(req->remotes[i].remote, req->remotes[i].packet);
|
||||||
|
|
||||||
|
- /* Age out servers that haven't been used in a while. */
|
||||||
|
- if (time(&currtime) != (time_t)-1)
|
||||||
|
- age(&req->rc->servers, currtime);
|
||||||
|
-
|
||||||
|
request_free(req);
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -247,10 +220,23 @@ krad_client_new(krb5_context kctx, verto_ctx *vctx, krad_client **out)
|
||||||
|
void
|
||||||
|
krad_client_free(krad_client *rc)
|
||||||
|
{
|
||||||
|
+ server *srv;
|
||||||
|
+
|
||||||
|
if (rc == NULL)
|
||||||
|
return;
|
||||||
|
|
||||||
|
- age(&rc->servers, -1);
|
||||||
|
+ /* Cancel all requests before freeing any remotes, since each request's
|
||||||
|
+ * callback data may contain references to multiple remotes. */
|
||||||
|
+ K5_LIST_FOREACH(srv, &rc->servers, list)
|
||||||
|
+ kr_remote_cancel_all(srv->serv);
|
||||||
|
+
|
||||||
|
+ while (!K5_LIST_EMPTY(&rc->servers)) {
|
||||||
|
+ srv = K5_LIST_FIRST(&rc->servers);
|
||||||
|
+ K5_LIST_REMOVE(srv, list);
|
||||||
|
+ kr_remote_free(srv->serv);
|
||||||
|
+ free(srv);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
free(rc);
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/src/lib/krad/internal.h b/src/lib/krad/internal.h
|
||||||
|
index 312dc8258..b086598fb 100644
|
||||||
|
--- a/src/lib/krad/internal.h
|
||||||
|
+++ b/src/lib/krad/internal.h
|
||||||
|
@@ -120,6 +120,10 @@ kr_remote_send(krad_remote *rr, krad_code code, krad_attrset *attrs,
|
||||||
|
void
|
||||||
|
kr_remote_cancel(krad_remote *rr, const krad_packet *pkt);
|
||||||
|
|
||||||
|
+/* Cancel all requests awaiting responses. */
|
||||||
|
+void
|
||||||
|
+kr_remote_cancel_all(krad_remote *rr);
|
||||||
|
+
|
||||||
|
/* Determine if this remote object refers to the remote resource identified
|
||||||
|
* by the addrinfo struct and the secret. */
|
||||||
|
krb5_boolean
|
||||||
|
diff --git a/src/lib/krad/remote.c b/src/lib/krad/remote.c
|
||||||
|
index 0f90443ce..b5dd8cd19 100644
|
||||||
|
--- a/src/lib/krad/remote.c
|
||||||
|
+++ b/src/lib/krad/remote.c
|
||||||
|
@@ -421,15 +421,20 @@ error:
|
||||||
|
return retval;
|
||||||
|
}
|
||||||
|
|
||||||
|
+void
|
||||||
|
+kr_remote_cancel_all(krad_remote *rr)
|
||||||
|
+{
|
||||||
|
+ while (!K5_TAILQ_EMPTY(&rr->list))
|
||||||
|
+ request_finish(K5_TAILQ_FIRST(&rr->list), ECANCELED, NULL);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
void
|
||||||
|
kr_remote_free(krad_remote *rr)
|
||||||
|
{
|
||||||
|
if (rr == NULL)
|
||||||
|
return;
|
||||||
|
|
||||||
|
- while (!K5_TAILQ_EMPTY(&rr->list))
|
||||||
|
- request_finish(K5_TAILQ_FIRST(&rr->list), ECANCELED, NULL);
|
||||||
|
-
|
||||||
|
+ kr_remote_cancel_all(rr);
|
||||||
|
free(rr->secret);
|
||||||
|
if (rr->info != NULL)
|
||||||
|
free(rr->info->ai_addr);
|
||||||
|
--
|
||||||
|
2.35.3
|
||||||
|
|
@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
|
|||||||
Name: krb5
|
Name: krb5
|
||||||
Version: 1.18.2
|
Version: 1.18.2
|
||||||
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
|
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
|
||||||
Release: 20%{?dist}
|
Release: 21%{?dist}
|
||||||
|
|
||||||
# lookaside-cached sources; two downloads and a build artifact
|
# lookaside-cached sources; two downloads and a build artifact
|
||||||
Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}.tar.gz
|
Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}.tar.gz
|
||||||
@ -91,6 +91,8 @@ Patch145: downstream-Use-newly-enforced-dejagnu-path-naming-convention.patch
|
|||||||
Patch146: Make-kprop-work-for-dump-files-larger-than-4GB.patch
|
Patch146: Make-kprop-work-for-dump-files-larger-than-4GB.patch
|
||||||
Patch147: Try-harder-to-avoid-password-change-replay-errors.patch
|
Patch147: Try-harder-to-avoid-password-change-replay-errors.patch
|
||||||
Patch148: downstream-Fix-dejagnu-unit-tests-directory-name-for-RPC-lib.patch
|
Patch148: downstream-Fix-dejagnu-unit-tests-directory-name-for-RPC-lib.patch
|
||||||
|
Patch149: krb5-krad-larger-attrs.patch
|
||||||
|
Patch150: krb5-krad-remote.patch
|
||||||
|
|
||||||
License: MIT
|
License: MIT
|
||||||
URL: http://web.mit.edu/kerberos/www/
|
URL: http://web.mit.edu/kerberos/www/
|
||||||
@ -701,6 +703,11 @@ exit 0
|
|||||||
%{_libdir}/libkadm5srv_mit.so.*
|
%{_libdir}/libkadm5srv_mit.so.*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jul 01 2022 Julien Rische <jrische@redhat.com> - 1.18.2-21
|
||||||
|
- Backport fix of memory use after free during libkrad cleanup
|
||||||
|
- Backport support for larger RADIUS attributes in libkrad
|
||||||
|
- Resolves: rhbz#2103125
|
||||||
|
|
||||||
* Wed Apr 27 2022 Julien Rische <jrische@redhat.com> - 1.18.2-19
|
* Wed Apr 27 2022 Julien Rische <jrische@redhat.com> - 1.18.2-19
|
||||||
- Try harder to avoid password change replay errors
|
- Try harder to avoid password change replay errors
|
||||||
- Resolves: #2077563
|
- Resolves: #2077563
|
||||||
|
1
sources
1
sources
@ -1,2 +1 @@
|
|||||||
SHA512 (krb5-1.18.2-pdfs.tar) = d6f09e7408ea3db0818c1632fb75e28f494ae9508f84a7ed5d19ff144b86ba4e7e712ed21bdcb8b28f6bc9d6301a81d639c0e1be6439f5c3a0d51707c1084db7
|
|
||||||
SHA512 (krb5-1.18.2.tar.gz) = 7cbb1b28e677fea3e0794e93951f3caaa2c49bb1175dd187951e72a466cc69d96c3b833d838000fe911c1a437d96a558e550f27c53a8b332fb9dfc7cbb7ec44c
|
SHA512 (krb5-1.18.2.tar.gz) = 7cbb1b28e677fea3e0794e93951f3caaa2c49bb1175dd187951e72a466cc69d96c3b833d838000fe911c1a437d96a558e550f27c53a8b332fb9dfc7cbb7ec44c
|
||||||
|
Loading…
Reference in New Issue
Block a user