rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix leaks in gss_inquire_cred_by_oid()

Browse Source
This commit is contained in:
Robbie Harwood 2017-07-06 17:06:12 +00:00
parent b3eef12e9a
commit ff9e66e349
2 changed files with 40 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
Fix-leaks-in-gss_inquire_cred_by_oid.patch Normal file
View File

@ -0,0 +1,35 @@
From e53073b6e1d36b682d8524fcfaec7bdf56b7f81e Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Sun, 12 Mar 2017 12:30:59 -0400
Subject: [PATCH] Fix leaks in gss_inquire_cred_by_oid()
In the mechglue gss_inquire_cred_by_oid(), remove an unnecessary
allocation of ret_set which is overwritten by the first mechanism's
result.
ticket: 8559 (new)
target_version: 1.15-next
target_version: 1.14-next
tags: pullup
(cherry picked from commit 0d39d46852587d36fcc5024d5766586faba9044a)
---
src/lib/gssapi/mechglue/g_inq_cred_oid.c | 5 -----
1 file changed, 5 deletions(-)
diff --git a/src/lib/gssapi/mechglue/g_inq_cred_oid.c b/src/lib/gssapi/mechglue/g_inq_cred_oid.c
index 4c23dfcbd..df51b44e9 100644
--- a/src/lib/gssapi/mechglue/g_inq_cred_oid.c
+++ b/src/lib/gssapi/mechglue/g_inq_cred_oid.c
@@ -85,11 +85,6 @@ gss_inquire_cred_by_oid(OM_uint32 *minor_status,
union_cred = (gss_union_cred_t) cred_handle;
- status = gss_create_empty_buffer_set(minor_status, &ret_set);
- if (status != GSS_S_COMPLETE) {
- return status;
- }
-
status = GSS_S_UNAVAILABLE;
for (i = 0; i < union_cred->count; i++) {

6
krb5.spec
View File

@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
Name: krb5 Name: krb5
Version: 1.15.1 Version: 1.15.1
# for prerelease, should be e.g., 0.3.beta2%{?dist} # for prerelease, should be e.g., 0.3.beta2%{?dist}
Release: 13%{?dist} Release: 14%{?dist}
# - Maybe we should explode from the now-available-to-everybody tarball instead? # - Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13.2-signed.tar # http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13.2-signed.tar
# - The sources below are stored in a lookaside cache. Upload with # - The sources below are stored in a lookaside cache. Upload with
@ -77,6 +77,7 @@ Patch48: Use-the-canonical-client-principal-name-for-OTP.patch
Patch49: Add-certauth-pluggable-interface.patch Patch49: Add-certauth-pluggable-interface.patch
Patch50: Correct-error-handling-bug-in-prior-commit.patch Patch50: Correct-error-handling-bug-in-prior-commit.patch
Patch51: Add-k5test-expected_msg-expected_trace.patch Patch51: Add-k5test-expected_msg-expected_trace.patch
Patch52: Fix-leaks-in-gss_inquire_cred_by_oid.patch
License: MIT License: MIT
URL: http://web.mit.edu/kerberos/www/ URL: http://web.mit.edu/kerberos/www/
@ -739,6 +740,9 @@ exit 0
%{_libdir}/libkadm5srv_mit.so.* %{_libdir}/libkadm5srv_mit.so.*
%changelog %changelog
* Thu Jul 06 2017 Robbie Harwood <rharwood@redhat.com> - 1.15.1-14
- Fix leaks in gss_inquire_cred_by_oid()
* Mon Jun 26 2017 Robbie Harwood <rharwood@redhat.com> - 1.15.1-13 * Mon Jun 26 2017 Robbie Harwood <rharwood@redhat.com> - 1.15.1-13
- Fix arch name (ppc64le, not ppc64el) - Fix arch name (ppc64le, not ppc64el)
- Related-to: #1464381 - Related-to: #1464381