rpms/sssd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

KCM: fix use-after-free in kcm_read_options()

Browse Source 
Resolves: RHEL-167758 - sssd-kcm fails to start if krb5_renew_interval is specified
This commit is contained in:
Tomas Halman 2026-04-13 10:18:39 +02:00
parent 6bc311dae8
commit 5d369d0309
2 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
0002-fix-use-after-free-in-kcm_read_options.patch Normal file
View File

@ -0,0 +1,16 @@
KCM: fix use-after-free in `kcm_read_options()`
Based on commit c5a2b48f13af893ae6c7c9fe63e41f64eb77cade
diff --git a/src/responder/kcm/kcm_renew.c b/src/responder/kcm/kcm_renew.c
index 39e9470fa22..32eccf4b48a 100644
--- a/src/responder/kcm/kcm_renew.c
+++ b/src/responder/kcm/kcm_renew.c
@@ -228,7 +228,7 @@ static errno_t kcm_read_options(TALLOC_CTX *mem_ctx,
*_validate = validate;
*_canonicalize = canonicalize;
*_timeout = timeout;
- *_renew_intv = renew_intv;
+ *_renew_intv = talloc_steal(mem_ctx, renew_intv);
ret = EOK;

6
sssd.spec
View File

@ -27,7 +27,7 @@
Name: sssd
Version: 2.9.8
Release: 2%{?dist}
Release: 3%{?dist}
Summary: System Security Services Daemon
License: GPLv3+
URL: https://github.com/SSSD/sssd/
@ -35,6 +35,7 @@ Source0: https://github.com/SSSD/sssd/releases/download/%{version}/sssd-%{versio
### Patches ###
Patch1: 0001-do-not-require-GID-for-non-POSIX-group.patch
Patch2: 0002-fix-use-after-free-in-kcm_read_options.patch
### Dependencies ###
@ -1084,6 +1085,9 @@ fi
%systemd_postun_with_restart sssd.service
%changelog
* Mon Apr 13 2026 Tomas Halman <thalman@redhat.com> - 2.9.8-3
- Resolves: RHEL-167758 - sssd-kcm fails to start if krb5_renew_interval is specified
* Thu Apr 2 2026 Tomas Halman <thalman@redhat.com> - 2.9.8-2
- Resolves: RHEL-150277 - Failed to resolve indirect group-members of nested non-POSIX group