import CS libtirpc-1.3.3-8.el9_3

This commit is contained in:
eabdullin 2024-04-30 11:37:43 +00:00
parent 1dfcdc0ea2
commit e0198a23ba
5 changed files with 160 additions and 1 deletions

View File

@ -0,0 +1,32 @@
commit 1d2e10afb2ffc35cb3623f57a15f712359f18e75
Author: Herb Wartens <wartens2@llnl.gov>
Date: Tue Aug 1 10:36:16 2023 -0400
rpcb_clnt.c: Eliminate double frees in delete_cache()
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2224666
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/src/rpcb_clnt.c b/src/rpcb_clnt.c
index c0a9e12..68fe69a 100644
--- a/src/rpcb_clnt.c
+++ b/src/rpcb_clnt.c
@@ -262,12 +262,15 @@ delete_cache(addr)
for (cptr = front; cptr != NULL; cptr = cptr->ac_next) {
if (!memcmp(cptr->ac_taddr->buf, addr->buf, addr->len)) {
/* Unlink from cache. We'll destroy it after releasing the mutex. */
- if (cptr->ac_uaddr)
+ if (cptr->ac_uaddr) {
free(cptr->ac_uaddr);
- if (prevptr)
+ cptr->ac_uaddr = NULL;
+ }
+ if (prevptr) {
prevptr->ac_next = cptr->ac_next;
- else
+ } else {
front = cptr->ac_next;
+ }
cachesize--;
break;
}

View File

@ -0,0 +1,30 @@
commit 22b1c0cd6076dcd7df822cd1181e98278dc865db
Author: Olga Kornievskaia <kolga@netapp.com>
Date: Wed Jan 3 17:50:42 2024 -0500
gssapi: fix rpc_gss_seccreate passed in cred
Fix rpc_gss_seccreate() usage of the passed in gss credential.
Fixes: 5f1fe4dde861 ("Pass time_req and input_channel_bindings through to init_sec_context")
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/src/auth_gss.c b/src/auth_gss.c
index e317664..9d18f96 100644
--- a/src/auth_gss.c
+++ b/src/auth_gss.c
@@ -842,9 +842,9 @@ rpc_gss_seccreate(CLIENT *clnt, char *principal, char *mechanism,
gd->sec = sec;
if (req) {
- sec.req_flags = req->req_flags;
+ gd->sec.req_flags = req->req_flags;
gd->time_req = req->time_req;
- sec.cred = req->my_cred;
+ gd->sec.cred = req->my_cred;
gd->icb = req->input_channel_bindings;
}

View File

@ -0,0 +1,23 @@
commit 6951a9c3139c9c7dbb0bdae70737996011fc7a37
Author: Herb Wartens <wartens2@llnl.gov>
Date: Mon Mar 18 11:07:15 2024 -0400
rpcb_clnt.c: memory leak in destroy_addr
Piece was dropped from original fix.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2225226
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/src/rpcb_clnt.c b/src/rpcb_clnt.c
index 68fe69a..d909efc 100644
--- a/src/rpcb_clnt.c
+++ b/src/rpcb_clnt.c
@@ -121,6 +121,7 @@ destroy_addr(addr)
free(addr->ac_taddr->buf);
addr->ac_taddr->buf = NULL;
}
+ free(addr->ac_taddr);
addr->ac_taddr = NULL;
}
free(addr);

View File

@ -0,0 +1,48 @@
commit 89c63bdfd79b1c94384daaaa03a9e3582540f843
Author: Herb Wartens <wartens2@llnl.gov>
Date: Tue Aug 1 10:21:42 2023 -0400
rpcb_clnt.c: memory leak in destroy_addr
Null pointers so they are not used again
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2225226
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/src/rpcb_clnt.c b/src/rpcb_clnt.c
index d178d86..c0a9e12 100644
--- a/src/rpcb_clnt.c
+++ b/src/rpcb_clnt.c
@@ -104,17 +104,27 @@ destroy_addr(addr)
{
if (addr == NULL)
return;
- if(addr->ac_host != NULL)
+ if (addr->ac_host != NULL) {
free(addr->ac_host);
- if(addr->ac_netid != NULL)
+ addr->ac_host = NULL;
+ }
+ if (addr->ac_netid != NULL) {
free(addr->ac_netid);
- if(addr->ac_uaddr != NULL)
+ addr->ac_netid = NULL;
+ }
+ if (addr->ac_uaddr != NULL) {
free(addr->ac_uaddr);
- if(addr->ac_taddr != NULL) {
- if(addr->ac_taddr->buf != NULL)
+ addr->ac_uaddr = NULL;
+ }
+ if (addr->ac_taddr != NULL) {
+ if(addr->ac_taddr->buf != NULL) {
free(addr->ac_taddr->buf);
+ addr->ac_taddr->buf = NULL;
+ }
+ addr->ac_taddr = NULL;
}
free(addr);
+ addr = NULL;
}
/*

View File

@ -2,7 +2,7 @@
Name: libtirpc Name: libtirpc
Version: 1.3.3 Version: 1.3.3
Release: 2%{?dist} Release: 8%{?dist}
Summary: Transport Independent RPC Library Summary: Transport Independent RPC Library
License: SISSL and BSD License: SISSL and BSD
URL: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=summary URL: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=summary
@ -24,6 +24,14 @@ Patch002: libtirpc-1.3.3-clnt-raw-ptr.patch
# #
Patch003: libtirpc-1.3.3-dos-sleep.patch Patch003: libtirpc-1.3.3-dos-sleep.patch
#
# RHEL9.4
#
Patch004: libtirpc-1.3.3-null-ptrs-not-reused.patch
Patch005: libtirpc-1.3.3-gssd-context-creation.patch
Patch006: libtirpc-1.3.3-double-free.patch
Patch007: libtirpc-1.3.3-null-ptrs-not-reused-fixed.patch
%description %description
This package contains SunLib's implementation of transport-independent This package contains SunLib's implementation of transport-independent
RPC (TI-RPC) documentation. This library forms a piece of the base of RPC (TI-RPC) documentation. This library forms a piece of the base of
@ -123,6 +131,24 @@ mv %{buildroot}%{_mandir}/man3 %{buildroot}%{_mandir}/man3t
%{_mandir}/*/* %{_mandir}/*/*
%changelog %changelog
* Tue Mar 19 2024 Steve Dickson <steved@redhat.com> - 1.3.3-8
- rpcb_clnt.c (fixed): Eliminate double frees in delete_cache() (RHEL-11183)
* Wed Mar 13 2024 Steve Dickson <steved@redhat.com> - 1.3.3-7
- exception build (RHEL-11183)
* Tue Mar 5 2024 Steve Dickson <steved@redhat.com> - 1.3.3-6
- rpcb_clnt.c: Eliminate double frees in delete_cache() (RHEL-11183)
* Mon Mar 4 2024 Steve Dickson <steved@redhat.com> - 1.3.3-5
- Fix rpc_gss_seccreate() usage of the passed in gss credential. (RHEL-27936)
* Mon Feb 19 2024 Pavel Reichl <preichl@redhat.com> - 1.3.3-4
- Add gating tests (rhel-7883)
* Tue Jan 2 2024 Steve Dickson <steved@redhat.com> - 1.3.3-3
- Null pointers so they are not used again (RHEL-11371)
* Thu May 18 2023 Steve Dickson <steved@redhat.com> - 1.3.3-2 * Thu May 18 2023 Steve Dickson <steved@redhat.com> - 1.3.3-2
- getnetconfigent: avoid potential DoS (bz 2150611) - getnetconfigent: avoid potential DoS (bz 2150611)