Fix problem where gss_display_status can infinite loop

This commit is contained in:
Robbie Harwood 2017-04-04 19:37:08 +00:00
parent e92d767663
commit 95bdd67d78
2 changed files with 81 additions and 2 deletions

View File

@ -0,0 +1,69 @@
From d7793765e75e2c0db31565903b50bb90bced18ff Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Mon, 27 Mar 2017 13:24:37 -0400
Subject: [PATCH] Prevent GSSError/_display_status() infinite recursion
I was unable to reproduce the problem, but this should prevent the issue.
Resolves: #111
(cherry picked from commit b7e6c6c5451590f18df965a2a84550a63461d76e)
---
gssapi/raw/misc.pyx | 20 +++++++++++---------
1 file changed, 11 insertions(+), 9 deletions(-)
diff --git a/gssapi/raw/misc.pyx b/gssapi/raw/misc.pyx
index e278c4b..4ea0c55 100644
--- a/gssapi/raw/misc.pyx
+++ b/gssapi/raw/misc.pyx
@@ -139,7 +139,7 @@ def _display_status(unsigned int error_code, bint is_major_code,
whether or not to call again for further messages
Raises:
- GSSError
+ ValueError
"""
cdef int status_type
@@ -165,13 +165,16 @@ def _display_status(unsigned int error_code, bint is_major_code,
if maj_stat == GSS_S_COMPLETE:
call_again = bool(msg_ctx_out)
-
msg_out = msg_buff.value[:msg_buff.length]
gss_release_buffer(&min_stat, &msg_buff)
return (msg_out, msg_ctx_out, call_again)
else:
- # NB(directxman12): this is highly unlikely to cause a recursive loop
- raise GSSError(maj_stat, min_stat)
+ # This hides whatever error gss_display_status is complaining about,
+ # but obviates infinite recursion into stack exhaustion. The
+ # exception raised here is handled by get_all_statuses(), which prints
+ # the code.
+ raise ValueError("gss_display_status call returned failure "
+ "(major {0}, minor {1}).".format(maj_stat, min_stat))
class GSSErrorRegistry(type):
@@ -294,8 +297,8 @@ class GSSError(Exception, metaclass=GSSErrorRegistry):
try:
msg, ctx, cont = _display_status(code, is_maj)
res.append(msg.decode(msg_encoding))
- except GSSError:
- res.append(u'issue decoding code: {0}'.format(code))
+ except ValueError as e:
+ res.append(u'{0} Decoding code: {1}'.format(e, code))
cont = False
while cont:
@@ -303,9 +306,8 @@ class GSSError(Exception, metaclass=GSSErrorRegistry):
msg, ctx, cont = _display_status(code, is_maj,
message_context=ctx)
res.append(msg.decode(msg_encoding))
- except GSSError:
- res.append(u'issue decoding '
- u'code: {0}'.format(code))
+ except ValueError:
+ res.append(u'{0} Decoding code: {1}'.format(e, code))
cont = False
return res

View File

@ -5,13 +5,16 @@
Name: python-gssapi
Version: 1.2.0
Release: 4%{?dist}
Release: 5%{?dist}
Summary: Python Bindings for GSSAPI (RFC 2743/2744 and extensions)
License: ISC
URL: https://github.com/pythongssapi/python-gssapi
Source0: https://github.com/pythongssapi/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.gz
# Patches
Patch0: Prevent-GSSError-_display_status-infinite-recursion.patch
BuildRequires: python2-devel
BuildRequires: krb5-devel >= 1.10
BuildRequires: krb5-libs >= 1.10
@ -23,6 +26,9 @@ Requires: python-six
Requires: python-enum34
Requires: python-decorator
# For autosetup
BuildRequires: git
%if 0%{?run_tests}
BuildRequires: python-nose
BuildRequires: python-nose-parameterized
@ -64,7 +70,7 @@ RFC 2743, as well as multiple extensions.
%endif
%prep
%setup -q
%autosetup -S git -n %{name}-%{version}
%if 0%{?with_python3}
rm -rf %{py3dir}
@ -128,6 +134,10 @@ popd
%changelog
* Tue Apr 04 2017 Robbie Harwood <rharwood@redhat.com> 1.2.0-5
- Fix problem where gss_display_status can infinite loop
- Move to autosetup and rpm-git-tree
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild