From 5d369d0309dabe481d3c504313f901611ec2638d Mon Sep 17 00:00:00 2001
From: Tomas Halman <thalman@redhat.com>
Date: Mon, 13 Apr 2026 10:18:39 +0200
Subject: [PATCH] KCM: fix use-after-free in `kcm_read_options()`

Resolves: RHEL-167758 - sssd-kcm fails to start if krb5_renew_interval is specified
---
 ...-fix-use-after-free-in-kcm_read_options.patch | 16 ++++++++++++++++
 sssd.spec                                        |  6 +++++-
 2 files changed, 21 insertions(+), 1 deletion(-)
 create mode 100644 0002-fix-use-after-free-in-kcm_read_options.patch

diff --git a/0002-fix-use-after-free-in-kcm_read_options.patch b/0002-fix-use-after-free-in-kcm_read_options.patch
new file mode 100644
index 0000000..ba11482
--- /dev/null
+++ b/0002-fix-use-after-free-in-kcm_read_options.patch
@@ -0,0 +1,16 @@
+KCM: fix use-after-free in `kcm_read_options()`
+Based on commit c5a2b48f13af893ae6c7c9fe63e41f64eb77cade
+
+diff --git a/src/responder/kcm/kcm_renew.c b/src/responder/kcm/kcm_renew.c
+index 39e9470fa22..32eccf4b48a 100644
+--- a/src/responder/kcm/kcm_renew.c
++++ b/src/responder/kcm/kcm_renew.c
+@@ -228,7 +228,7 @@ static errno_t kcm_read_options(TALLOC_CTX *mem_ctx,
+     *_validate = validate;
+     *_canonicalize = canonicalize;
+     *_timeout = timeout;
+-    *_renew_intv = renew_intv;
++    *_renew_intv = talloc_steal(mem_ctx, renew_intv);
+ 
+     ret = EOK;
+ 
diff --git a/sssd.spec b/sssd.spec
index 506bd62..895ee43 100644
--- a/sssd.spec
+++ b/sssd.spec
@@ -27,7 +27,7 @@
 
 Name: sssd
 Version: 2.9.8
-Release: 2%{?dist}
+Release: 3%{?dist}
 Summary: System Security Services Daemon
 License: GPLv3+
 URL: https://github.com/SSSD/sssd/
@@ -35,6 +35,7 @@ Source0: https://github.com/SSSD/sssd/releases/download/%{version}/sssd-%{versio
 
 ### Patches ###
 Patch1: 0001-do-not-require-GID-for-non-POSIX-group.patch
+Patch2: 0002-fix-use-after-free-in-kcm_read_options.patch
 
 ### Dependencies ###
 
@@ -1084,6 +1085,9 @@ fi
 %systemd_postun_with_restart sssd.service
 
 %changelog
+* Mon Apr 13 2026 Tomas Halman <thalman@redhat.com> - 2.9.8-3
+- Resolves: RHEL-167758 - sssd-kcm fails to start if krb5_renew_interval is specified
+
 * Thu Apr 2 2026 Tomas Halman <thalman@redhat.com> - 2.9.8-2
 - Resolves: RHEL-150277 - Failed to resolve indirect group-members of nested non-POSIX group