8c423dc9d5
- New upstream version (1.21.3) - CVE-2024-37370 CVE-2024-37371 Fix vulnerabilities in GSS message token handling Resolves: RHEL-45387 RHEL-45378 - Fix memory leak in GSSAPI interface Resolves: RHEL-47284 - Fix memory leak in PMAP RPC interface Resolves: RHEL-47287 - Fix memory leak in failing UTF-8 to UTF-16 re-encoding for PAC Resolves: RHEL-47285 - Make TCP waiting time configurable Resolves: RHEL-47278 - Do not include files with "~" termination in krb5-tests Resolves: RHEL-45995 Signed-off-by: Julien Rische <jrische@redhat.com>
72 lines
2.5 KiB
Diff
72 lines
2.5 KiB
Diff
From fa9dfdc9d85e88b6880edde5de45333b97a53a11 Mon Sep 17 00:00:00 2001
|
|
From: Julien Rische <jrische@redhat.com>
|
|
Date: Mon, 8 Jan 2024 16:52:27 +0100
|
|
Subject: [PATCH] Remove klist's defname global variable
|
|
|
|
Addition of a "cleanup" section in kinit's show_ccache() function as
|
|
part of commit 6c5471176f5266564fbc8a7e02f03b4b042202f8 introduced a
|
|
double-free bug, because defname is a global variable. After the
|
|
first call, successive calls may take place with a dangling pointer in
|
|
defname, which will be freed if krb5_cc_get_principal() fails.
|
|
|
|
Convert "defname" to a local variable initialized at the beginning of
|
|
show_ccache().
|
|
|
|
[ghudson@mit.edu: edited commit message]
|
|
|
|
(cherry picked from commit 5b00197227231943bd2305328c8260dd0b0dbcf0)
|
|
---
|
|
src/clients/klist/klist.c | 8 ++++----
|
|
1 file changed, 4 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/src/clients/klist/klist.c b/src/clients/klist/klist.c
|
|
index b5ae96a843..b5808e5c93 100644
|
|
--- a/src/clients/klist/klist.c
|
|
+++ b/src/clients/klist/klist.c
|
|
@@ -53,7 +53,6 @@ int show_flags = 0, show_time = 0, status_only = 0, show_keys = 0;
|
|
int show_etype = 0, show_addresses = 0, no_resolve = 0, print_version = 0;
|
|
int show_adtype = 0, show_all = 0, list_all = 0, use_client_keytab = 0;
|
|
int show_config = 0;
|
|
-char *defname;
|
|
char *progname;
|
|
krb5_timestamp now;
|
|
unsigned int timestamp_width;
|
|
@@ -62,7 +61,7 @@ krb5_context context;
|
|
|
|
static krb5_boolean is_local_tgt(krb5_principal princ, krb5_data *realm);
|
|
static char *etype_string(krb5_enctype );
|
|
-static void show_credential(krb5_creds *);
|
|
+static void show_credential(krb5_creds *, const char *);
|
|
|
|
static void list_all_ccaches(void);
|
|
static int list_ccache(krb5_ccache);
|
|
@@ -473,6 +472,7 @@ show_ccache(krb5_ccache cache)
|
|
krb5_creds creds;
|
|
krb5_principal princ = NULL;
|
|
krb5_error_code ret;
|
|
+ char *defname = NULL;
|
|
int status = 1;
|
|
|
|
ret = krb5_cc_get_principal(context, cache, &princ);
|
|
@@ -503,7 +503,7 @@ show_ccache(krb5_ccache cache)
|
|
}
|
|
while ((ret = krb5_cc_next_cred(context, cache, &cur, &creds)) == 0) {
|
|
if (show_config || !krb5_is_config_principal(context, creds.server))
|
|
- show_credential(&creds);
|
|
+ show_credential(&creds, defname);
|
|
krb5_free_cred_contents(context, &creds);
|
|
}
|
|
if (ret == KRB5_CC_END) {
|
|
@@ -676,7 +676,7 @@ print_config_data(int col, krb5_data *data)
|
|
}
|
|
|
|
static void
|
|
-show_credential(krb5_creds *cred)
|
|
+show_credential(krb5_creds *cred, const char *defname)
|
|
{
|
|
krb5_error_code ret;
|
|
krb5_ticket *tkt = NULL;
|
|
--
|
|
2.45.1
|
|
|