From 73735e952263ef8a26de013f742584b205dc387d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Fri, 30 Mar 2018 14:38:32 +0200 Subject: [PATCH] Resolves: usptream#3687 - KCM: Don't pass a non null terminated string to json_loads() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Related to: rhbz#1494843 - KCM Does not work Signed-off-by: Fabiano FidĂȘncio --- ...adb-when-dealing-with-sss_iobuf-data.patch | 67 +++++++++++++++++++ sssd.spec | 3 + 2 files changed, 70 insertions(+) create mode 100644 0008-KCM-Use-json_loadb-when-dealing-with-sss_iobuf-data.patch diff --git a/0008-KCM-Use-json_loadb-when-dealing-with-sss_iobuf-data.patch b/0008-KCM-Use-json_loadb-when-dealing-with-sss_iobuf-data.patch new file mode 100644 index 0000000..91ba3e7 --- /dev/null +++ b/0008-KCM-Use-json_loadb-when-dealing-with-sss_iobuf-data.patch @@ -0,0 +1,67 @@ +From 8a89fce38a2ad76eb4eebd74a0821c80154ac892 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= +Date: Wed, 21 Mar 2018 16:38:22 +0100 +Subject: [PATCH 08/15] KCM: Use json_loadb() when dealing with sss_iobuf data +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +As sss_iobuf data is *non* NULL terminated, we have to use json_loadb() +passing the data's length instead of just using json_loads(). + +Due to this issue, when running sssd-kcm under valgrind and performing a +`kinit foo` a bunch of erros like the following one could be seen: +==2638== Conditional jump or move depends on uninitialised value(s) +==2638== at 0x57DB678: stream_get.part.3 (load.c:172) +==2638== by 0x57DB9CA: stream_get (load.c:643) +==2638== by 0x57DB9CA: lex_get (load.c:246) +==2638== by 0x57DB9CA: lex_scan (load.c:601) +==2638== by 0x57DC56A: parse_json.constprop.7 (load.c:904) +==2638== by 0x57DC6AB: json_loads (load.c:959) +==2638== by 0x11ABEA: ??? (in /usr/libexec/sssd/sssd_kcm) +==2638== by 0x11AEF0: ??? (in /usr/libexec/sssd/sssd_kcm) +==2638== by 0x125D4A: ??? (in /usr/libexec/sssd/sssd_kcm) +==2638== by 0x12623B: ??? (in /usr/libexec/sssd/sssd_kcm) +==2638== by 0x9BCD71F: epoll_event_loop (tevent_epoll.c:728) +==2638== by 0x9BCD71F: epoll_event_loop_once (tevent_epoll.c:930) +==2638== by 0x9BCBBA6: std_event_loop_once (tevent_standard.c:114) +==2638== by 0x9BC7FEC: _tevent_loop_once (tevent.c:725) +==2638== by 0x9BC820A: tevent_common_loop_wait (tevent.c:848) + +Related to: +https://pagure.io/SSSD/sssd/issue/3687 + +Signed-off-by: Fabiano FidĂȘncio + +Reviewed-by: Jakub Hrozek +--- + src/responder/kcm/kcmsrv_ccache_secrets.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/responder/kcm/kcmsrv_ccache_secrets.c b/src/responder/kcm/kcmsrv_ccache_secrets.c +index 8be7daea5..04dad9596 100644 +--- a/src/responder/kcm/kcmsrv_ccache_secrets.c ++++ b/src/responder/kcm/kcmsrv_ccache_secrets.c +@@ -231,6 +231,7 @@ static errno_t sec_list_parse(struct sss_iobuf *outbuf, + { + json_t *root; + uint8_t *sec_http_list; ++ size_t sec_http_list_len; + json_error_t error; + json_t *element; + errno_t ret; +@@ -244,8 +245,10 @@ static errno_t sec_list_parse(struct sss_iobuf *outbuf, + DEBUG(SSSDBG_CRIT_FAILURE, "No data in output buffer?\n"); + return EINVAL; + } ++ sec_http_list_len = sss_iobuf_get_len(outbuf); + +- root = json_loads((const char *) sec_http_list, 0, &error); ++ root = json_loadb((const char *) sec_http_list, ++ sec_http_list_len, 0, &error); + if (root == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to parse JSON payload on line %d: %s\n", +-- +2.14.3 + diff --git a/sssd.spec b/sssd.spec index 2895a6a..283a113 100644 --- a/sssd.spec +++ b/sssd.spec @@ -49,6 +49,7 @@ Patch0004: 0004-TOOLS-Take-into-consideration-app-domains.patch Patch0005: 0005-TESTS-Move-get_call_output-to-util.py.patch Patch0006: 0006-TESTS-Make-get_call_output-more-flexible-about-the-s.patch Patch0007: 0007-TESTS-Add-a-basic-test-of-sssctl-domain-list.patch +Patch0008: 0008-KCM-Use-json_loadb-when-dealing-with-sss_iobuf-data.patch Patch0502: 0502-SYSTEMD-Use-capabilities.patch Patch0503: 0503-Disable-stopping-idle-socket-activated-responders.patch @@ -1254,6 +1255,8 @@ fi - Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly +- Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to + json_loads() * Fri Mar 9 2018 Fabiano FidĂȘncio - 1.16.1-1 - New upstream release 1.16.1