diff --git a/Add-finalization-safety-check-to-com_err.patch b/Add-finalization-safety-check-to-com_err.patch new file mode 100644 index 0000000..0fcb8cc --- /dev/null +++ b/Add-finalization-safety-check-to-com_err.patch @@ -0,0 +1,53 @@ +From 7d375a59fb36cc5ef8dd87895b83e9dfccc57058 Mon Sep 17 00:00:00 2001 +From: Jiri Sasek +Date: Fri, 13 Mar 2020 19:02:58 +0100 +Subject: [PATCH] Add finalization safety check to com_err + +If the linker erroneously runs the libkrb5 finalizer after the +libcom_err finalizer, the consequent remove_error_table() calls could +crash due to accessing a destroyed mutex or an invalid et_list +pointer. Add an unsynchronized check on finalized in +remove_error_table(), and set et_list to null in com_err_terminate() +after destroying the list. + +[ghudson@mit.edu: minimized code hanges; rewrote comment and commit +message] + +ticket: 8890 (new) +(cherry picked from commit 9d654aa05e26bbf22f140abde3436afeff2fdf8d) +--- + src/util/et/error_message.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/util/et/error_message.c b/src/util/et/error_message.c +index d7069a9df..7dc02a34e 100644 +--- a/src/util/et/error_message.c ++++ b/src/util/et/error_message.c +@@ -26,7 +26,7 @@ + + static struct et_list *et_list; + static k5_mutex_t et_list_lock = K5_MUTEX_PARTIAL_INITIALIZER; +-static int terminated = 0; /* for debugging shlib fini sequence errors */ ++static int terminated = 0; /* for safety and finalization debugging */ + + MAKE_INIT_FUNCTION(com_err_initialize); + MAKE_FINI_FUNCTION(com_err_terminate); +@@ -69,6 +69,7 @@ void com_err_terminate(void) + enext = e->next; + free(e); + } ++ et_list = NULL; + k5_mutex_unlock(&et_list_lock); + k5_mutex_destroy(&et_list_lock); + terminated = 1; +@@ -280,6 +281,10 @@ remove_error_table(const struct error_table *et) + { + struct et_list **ep, *e; + ++ /* Safety check in case libraries are finalized in the wrong order. */ ++ if (terminated) ++ return ENOENT; ++ + if (CALL_INIT_FUNCTION(com_err_initialize)) + return 0; + k5_mutex_lock(&et_list_lock); diff --git a/krb5.spec b/krb5.spec index 51ef2ae..6e2698b 100644 --- a/krb5.spec +++ b/krb5.spec @@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.18 # for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces) -Release: 7%{?dist} +Release: 8%{?dist} # rharwood has trust path to signing key and verifies on check-in Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}.tar.gz @@ -55,6 +55,7 @@ Patch9: Allow-certauth-modules-to-set-hw-authent-flag.patch Patch10: Allow-deletion-of-require_auth-with-LDAP-KDB.patch Patch11: Refresh-manually-acquired-creds-from-client-keytab.patch Patch12: Document-client-keytab-usage.patch +Patch13: Add-finalization-safety-check-to-com_err.patch License: MIT URL: https://web.mit.edu/kerberos/www/ @@ -632,6 +633,9 @@ exit 0 %{_libdir}/libkadm5srv_mit.so.* %changelog +* Thu Mar 26 2020 Robbie Harwood - 1.18-8 +- Add finalization safety check to com_err + * Fri Mar 20 2020 Robbie Harwood - 1.18-7 - Add maximum openssl version in preparation for openssl 3