Add finalization safety check to com_err
This commit is contained in:
		
							parent
							
								
									5c9732a545
								
							
						
					
					
						commit
						dd7e9481aa
					
				
							
								
								
									
										53
									
								
								Add-finalization-safety-check-to-com_err.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										53
									
								
								Add-finalization-safety-check-to-com_err.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,53 @@ | |||||||
|  | From 7d375a59fb36cc5ef8dd87895b83e9dfccc57058 Mon Sep 17 00:00:00 2001 | ||||||
|  | From: Jiri Sasek <Jiri.Sasek@Oracle.COM> | ||||||
|  | Date: Fri, 13 Mar 2020 19:02:58 +0100 | ||||||
|  | Subject: [PATCH] Add finalization safety check to com_err | ||||||
|  | 
 | ||||||
|  | If the linker erroneously runs the libkrb5 finalizer after the | ||||||
|  | libcom_err finalizer, the consequent remove_error_table() calls could | ||||||
|  | crash due to accessing a destroyed mutex or an invalid et_list | ||||||
|  | pointer.  Add an unsynchronized check on finalized in | ||||||
|  | remove_error_table(), and set et_list to null in com_err_terminate() | ||||||
|  | after destroying the list. | ||||||
|  | 
 | ||||||
|  | [ghudson@mit.edu: minimized code hanges; rewrote comment and commit | ||||||
|  | message] | ||||||
|  | 
 | ||||||
|  | ticket: 8890 (new) | ||||||
|  | (cherry picked from commit 9d654aa05e26bbf22f140abde3436afeff2fdf8d) | ||||||
|  | ---
 | ||||||
|  |  src/util/et/error_message.c | 7 ++++++- | ||||||
|  |  1 file changed, 6 insertions(+), 1 deletion(-) | ||||||
|  | 
 | ||||||
|  | diff --git a/src/util/et/error_message.c b/src/util/et/error_message.c
 | ||||||
|  | index d7069a9df..7dc02a34e 100644
 | ||||||
|  | --- a/src/util/et/error_message.c
 | ||||||
|  | +++ b/src/util/et/error_message.c
 | ||||||
|  | @@ -26,7 +26,7 @@
 | ||||||
|  |   | ||||||
|  |  static struct et_list *et_list; | ||||||
|  |  static k5_mutex_t et_list_lock = K5_MUTEX_PARTIAL_INITIALIZER; | ||||||
|  | -static int terminated = 0;      /* for debugging shlib fini sequence errors */
 | ||||||
|  | +static int terminated = 0;      /* for safety and finalization debugging */
 | ||||||
|  |   | ||||||
|  |  MAKE_INIT_FUNCTION(com_err_initialize); | ||||||
|  |  MAKE_FINI_FUNCTION(com_err_terminate); | ||||||
|  | @@ -69,6 +69,7 @@ void com_err_terminate(void)
 | ||||||
|  |          enext = e->next; | ||||||
|  |          free(e); | ||||||
|  |      } | ||||||
|  | +    et_list = NULL;
 | ||||||
|  |      k5_mutex_unlock(&et_list_lock); | ||||||
|  |      k5_mutex_destroy(&et_list_lock); | ||||||
|  |      terminated = 1; | ||||||
|  | @@ -280,6 +281,10 @@ remove_error_table(const struct error_table *et)
 | ||||||
|  |  { | ||||||
|  |      struct et_list **ep, *e; | ||||||
|  |   | ||||||
|  | +    /* Safety check in case libraries are finalized in the wrong order. */
 | ||||||
|  | +    if (terminated)
 | ||||||
|  | +        return ENOENT;
 | ||||||
|  | +
 | ||||||
|  |      if (CALL_INIT_FUNCTION(com_err_initialize)) | ||||||
|  |          return 0; | ||||||
|  |      k5_mutex_lock(&et_list_lock); | ||||||
| @ -18,7 +18,7 @@ Summary: The Kerberos network authentication system | |||||||
| Name: krb5 | Name: krb5 | ||||||
| Version: 1.18 | Version: 1.18 | ||||||
| # for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces) | # for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces) | ||||||
| Release: 7%{?dist} | Release: 8%{?dist} | ||||||
| 
 | 
 | ||||||
| # rharwood has trust path to signing key and verifies on check-in | # rharwood has trust path to signing key and verifies on check-in | ||||||
| Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}.tar.gz | Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}.tar.gz | ||||||
| @ -55,6 +55,7 @@ Patch9: Allow-certauth-modules-to-set-hw-authent-flag.patch | |||||||
| Patch10: Allow-deletion-of-require_auth-with-LDAP-KDB.patch | Patch10: Allow-deletion-of-require_auth-with-LDAP-KDB.patch | ||||||
| Patch11: Refresh-manually-acquired-creds-from-client-keytab.patch | Patch11: Refresh-manually-acquired-creds-from-client-keytab.patch | ||||||
| Patch12: Document-client-keytab-usage.patch | Patch12: Document-client-keytab-usage.patch | ||||||
|  | Patch13: Add-finalization-safety-check-to-com_err.patch | ||||||
| 
 | 
 | ||||||
| License: MIT | License: MIT | ||||||
| URL: https://web.mit.edu/kerberos/www/ | URL: https://web.mit.edu/kerberos/www/ | ||||||
| @ -632,6 +633,9 @@ exit 0 | |||||||
| %{_libdir}/libkadm5srv_mit.so.* | %{_libdir}/libkadm5srv_mit.so.* | ||||||
| 
 | 
 | ||||||
| %changelog | %changelog | ||||||
|  | * Thu Mar 26 2020 Robbie Harwood <rharwood@redhat.com> - 1.18-8 | ||||||
|  | - Add finalization safety check to com_err | ||||||
|  | 
 | ||||||
| * Fri Mar 20 2020 Robbie Harwood <rharwood@redhat.com> - 1.18-7 | * Fri Mar 20 2020 Robbie Harwood <rharwood@redhat.com> - 1.18-7 | ||||||
| - Add maximum openssl version in preparation for openssl 3 | - Add maximum openssl version in preparation for openssl 3 | ||||||
| 
 | 
 | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user