Fix problem where gss_display_status can infinite loop
This commit is contained in:
parent
e92d767663
commit
95bdd67d78
69
Prevent-GSSError-_display_status-infinite-recursion.patch
Normal file
69
Prevent-GSSError-_display_status-infinite-recursion.patch
Normal file
@ -0,0 +1,69 @@
|
|||||||
|
From d7793765e75e2c0db31565903b50bb90bced18ff Mon Sep 17 00:00:00 2001
|
||||||
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
|
Date: Mon, 27 Mar 2017 13:24:37 -0400
|
||||||
|
Subject: [PATCH] Prevent GSSError/_display_status() infinite recursion
|
||||||
|
|
||||||
|
I was unable to reproduce the problem, but this should prevent the issue.
|
||||||
|
|
||||||
|
Resolves: #111
|
||||||
|
(cherry picked from commit b7e6c6c5451590f18df965a2a84550a63461d76e)
|
||||||
|
---
|
||||||
|
gssapi/raw/misc.pyx | 20 +++++++++++---------
|
||||||
|
1 file changed, 11 insertions(+), 9 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/gssapi/raw/misc.pyx b/gssapi/raw/misc.pyx
|
||||||
|
index e278c4b..4ea0c55 100644
|
||||||
|
--- a/gssapi/raw/misc.pyx
|
||||||
|
+++ b/gssapi/raw/misc.pyx
|
||||||
|
@@ -139,7 +139,7 @@ def _display_status(unsigned int error_code, bint is_major_code,
|
||||||
|
whether or not to call again for further messages
|
||||||
|
|
||||||
|
Raises:
|
||||||
|
- GSSError
|
||||||
|
+ ValueError
|
||||||
|
"""
|
||||||
|
|
||||||
|
cdef int status_type
|
||||||
|
@@ -165,13 +165,16 @@ def _display_status(unsigned int error_code, bint is_major_code,
|
||||||
|
|
||||||
|
if maj_stat == GSS_S_COMPLETE:
|
||||||
|
call_again = bool(msg_ctx_out)
|
||||||
|
-
|
||||||
|
msg_out = msg_buff.value[:msg_buff.length]
|
||||||
|
gss_release_buffer(&min_stat, &msg_buff)
|
||||||
|
return (msg_out, msg_ctx_out, call_again)
|
||||||
|
else:
|
||||||
|
- # NB(directxman12): this is highly unlikely to cause a recursive loop
|
||||||
|
- raise GSSError(maj_stat, min_stat)
|
||||||
|
+ # This hides whatever error gss_display_status is complaining about,
|
||||||
|
+ # but obviates infinite recursion into stack exhaustion. The
|
||||||
|
+ # exception raised here is handled by get_all_statuses(), which prints
|
||||||
|
+ # the code.
|
||||||
|
+ raise ValueError("gss_display_status call returned failure "
|
||||||
|
+ "(major {0}, minor {1}).".format(maj_stat, min_stat))
|
||||||
|
|
||||||
|
|
||||||
|
class GSSErrorRegistry(type):
|
||||||
|
@@ -294,8 +297,8 @@ class GSSError(Exception, metaclass=GSSErrorRegistry):
|
||||||
|
try:
|
||||||
|
msg, ctx, cont = _display_status(code, is_maj)
|
||||||
|
res.append(msg.decode(msg_encoding))
|
||||||
|
- except GSSError:
|
||||||
|
- res.append(u'issue decoding code: {0}'.format(code))
|
||||||
|
+ except ValueError as e:
|
||||||
|
+ res.append(u'{0} Decoding code: {1}'.format(e, code))
|
||||||
|
cont = False
|
||||||
|
|
||||||
|
while cont:
|
||||||
|
@@ -303,9 +306,8 @@ class GSSError(Exception, metaclass=GSSErrorRegistry):
|
||||||
|
msg, ctx, cont = _display_status(code, is_maj,
|
||||||
|
message_context=ctx)
|
||||||
|
res.append(msg.decode(msg_encoding))
|
||||||
|
- except GSSError:
|
||||||
|
- res.append(u'issue decoding '
|
||||||
|
- u'code: {0}'.format(code))
|
||||||
|
+ except ValueError:
|
||||||
|
+ res.append(u'{0} Decoding code: {1}'.format(e, code))
|
||||||
|
cont = False
|
||||||
|
|
||||||
|
return res
|
@ -5,13 +5,16 @@
|
|||||||
|
|
||||||
Name: python-gssapi
|
Name: python-gssapi
|
||||||
Version: 1.2.0
|
Version: 1.2.0
|
||||||
Release: 4%{?dist}
|
Release: 5%{?dist}
|
||||||
Summary: Python Bindings for GSSAPI (RFC 2743/2744 and extensions)
|
Summary: Python Bindings for GSSAPI (RFC 2743/2744 and extensions)
|
||||||
|
|
||||||
License: ISC
|
License: ISC
|
||||||
URL: https://github.com/pythongssapi/python-gssapi
|
URL: https://github.com/pythongssapi/python-gssapi
|
||||||
Source0: https://github.com/pythongssapi/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.gz
|
Source0: https://github.com/pythongssapi/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.gz
|
||||||
|
|
||||||
|
# Patches
|
||||||
|
Patch0: Prevent-GSSError-_display_status-infinite-recursion.patch
|
||||||
|
|
||||||
BuildRequires: python2-devel
|
BuildRequires: python2-devel
|
||||||
BuildRequires: krb5-devel >= 1.10
|
BuildRequires: krb5-devel >= 1.10
|
||||||
BuildRequires: krb5-libs >= 1.10
|
BuildRequires: krb5-libs >= 1.10
|
||||||
@ -23,6 +26,9 @@ Requires: python-six
|
|||||||
Requires: python-enum34
|
Requires: python-enum34
|
||||||
Requires: python-decorator
|
Requires: python-decorator
|
||||||
|
|
||||||
|
# For autosetup
|
||||||
|
BuildRequires: git
|
||||||
|
|
||||||
%if 0%{?run_tests}
|
%if 0%{?run_tests}
|
||||||
BuildRequires: python-nose
|
BuildRequires: python-nose
|
||||||
BuildRequires: python-nose-parameterized
|
BuildRequires: python-nose-parameterized
|
||||||
@ -64,7 +70,7 @@ RFC 2743, as well as multiple extensions.
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%autosetup -S git -n %{name}-%{version}
|
||||||
|
|
||||||
%if 0%{?with_python3}
|
%if 0%{?with_python3}
|
||||||
rm -rf %{py3dir}
|
rm -rf %{py3dir}
|
||||||
@ -128,6 +134,10 @@ popd
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Apr 04 2017 Robbie Harwood <rharwood@redhat.com> 1.2.0-5
|
||||||
|
- Fix problem where gss_display_status can infinite loop
|
||||||
|
- Move to autosetup and rpm-git-tree
|
||||||
|
|
||||||
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.0-4
|
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.0-4
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user