Fix incorrect recv() size calculation in libkrad
This commit is contained in:
parent
802e825d17
commit
e165eeccda
44
krb5-1.14.3-krad-recv.patch
Normal file
44
krb5-1.14.3-krad-recv.patch
Normal file
@ -0,0 +1,44 @@
|
||||
From c969e8a37617e9c7743a28177dd3808f7d08cee9 Mon Sep 17 00:00:00 2001
|
||||
From: Nathaniel McCallum <npmccallum@redhat.com>
|
||||
Date: Tue, 21 Jun 2016 16:12:36 -0400
|
||||
Subject: [PATCH] Fix incorrect recv() size calculation in libkrad
|
||||
|
||||
Before this patch libkrad would always subtract the existing buffer
|
||||
length from pktlen before passing it to recv(). In the case of stream
|
||||
sockets, this is incorrect since krad_packet_bytes_needed() already
|
||||
performs this calculation. Subtracting the buffer length twice could
|
||||
cause integer underflow on the len parameter to recv().
|
||||
|
||||
ticket: 8430 (new)
|
||||
target_version: 1.14-next
|
||||
target_version: 1.13-next
|
||||
tags: pullup
|
||||
---
|
||||
src/lib/krad/remote.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/lib/krad/remote.c b/src/lib/krad/remote.c
|
||||
index aaabffd..df3de3a 100644
|
||||
--- a/src/lib/krad/remote.c
|
||||
+++ b/src/lib/krad/remote.c
|
||||
@@ -315,7 +315,7 @@ on_io_read(krad_remote *rr)
|
||||
request *tmp, *r;
|
||||
int i;
|
||||
|
||||
- pktlen = sizeof(rr->buffer_);
|
||||
+ pktlen = sizeof(rr->buffer_) - rr->buffer.length;
|
||||
if (rr->info->ai_socktype == SOCK_STREAM) {
|
||||
pktlen = krad_packet_bytes_needed(&rr->buffer);
|
||||
if (pktlen < 0) {
|
||||
@@ -328,7 +328,7 @@ on_io_read(krad_remote *rr)
|
||||
|
||||
/* Read the packet. */
|
||||
i = recv(verto_get_fd(rr->io), rr->buffer.data + rr->buffer.length,
|
||||
- pktlen - rr->buffer.length, 0);
|
||||
+ pktlen, 0);
|
||||
if (i < 0) {
|
||||
/* Should we try again? */
|
||||
if (errno == EWOULDBLOCK || errno == EAGAIN || errno == EINTR)
|
||||
--
|
||||
2.8.1
|
||||
|
@ -13,7 +13,7 @@
|
||||
Summary: The Kerberos network authentication system
|
||||
Name: krb5
|
||||
Version: 1.14.1
|
||||
Release: 7%{?dist}
|
||||
Release: 8%{?dist}
|
||||
# - Maybe we should explode from the now-available-to-everybody tarball instead?
|
||||
# http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13.2-signed.tar
|
||||
# - The sources below are stored in a lookaside cache. Upload with
|
||||
@ -72,6 +72,7 @@ Patch164: krb5-1.15-kdc_send_receive_hooks.patch
|
||||
Patch165: krb5-1.15-kdc_hooks_test.patch
|
||||
|
||||
Patch166: krb5-1.14.3-fix_otp_as_key.patch
|
||||
Patch167: krb5-1.14.3-krad-recv.patch
|
||||
|
||||
License: MIT
|
||||
URL: http://web.mit.edu/kerberos/www/
|
||||
@ -271,6 +272,7 @@ ln NOTICE LICENSE
|
||||
%patch165 -p1 -b .kdc_hooks_test
|
||||
|
||||
%patch166 -p1 -b .fix_otp_as_key
|
||||
%patch167 -p1 -b .krad-recv
|
||||
|
||||
# Take the execute bit off of documentation.
|
||||
chmod -x doc/krb5-protocol/*.txt doc/ccapi/*.html
|
||||
@ -801,6 +803,9 @@ exit 0
|
||||
%{_libdir}/libkadm5srv_mit.so.*
|
||||
|
||||
%changelog
|
||||
* Wed Jun 22 2016 Robbie Harwood <rharwood@redhat.com> - 1.14.1-8
|
||||
- Fix incorrect recv() size calculation in libkrad
|
||||
|
||||
* Thu Jun 16 2016 Robbie Harwood <rharwood@redhat.com> - 1.14.1-7
|
||||
- Separate out the kadm5 libs
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user