Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element():

sssd_ifp killed by SIGSEGV
2016-05-13 11:09:07 +02:00 · 2016-05-13 11:09:07 +02:00 · 9aeb640f15
commit 9aeb640f15
parent 18bea94912
3 changed files with 108 additions and 1 deletions
--- a/0002-UTIL-Add-ERR_SBUS_REQUEST_HANDLED.patch
+++ b/0002-UTIL-Add-ERR_SBUS_REQUEST_HANDLED.patch
@ -0,0 +1,62 @@
+From 33abcf8b0ba5c71369c1c12f91b89e6f6a0143c3 Mon Sep 17 00:00:00 2001
+From: Jakub Hrozek <jhrozek@redhat.com>
+Date: Wed, 27 Apr 2016 11:11:31 +0200
+Subject: [PATCH 2/3] UTIL: Add ERR_SBUS_REQUEST_HANDLED
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+In most cases when sbus request parsing finishes, the request is handled
+internally and a reply is sent to the caller. However, in handlers that
+are parsed and handled completely manually, we might want to be notified
+about this case so that the called of sbus_request_parse_or_finish()
+aborts the request and doesn't proceed with using the sbus request which
+is already freed internally in sbus_request_parse_or_finish().
+
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+(cherry picked from commit 406a7e5b731ae79084dce00021e01ebe7b7d724a)
+---
+ src/sbus/sssd_dbus_request.c | 1 +
+ src/util/util_errors.c       | 1 +
+ src/util/util_errors.h       | 1 +
+ 3 files changed, 3 insertions(+)
+
+diff --git a/src/sbus/sssd_dbus_request.c b/src/sbus/sssd_dbus_request.c
+index aa57f6b6587183a9edd7764d123e82b01b5f6070..c71a79b1f06c92c25f8bb836b5bf815c056d3912 100644
+--- a/src/sbus/sssd_dbus_request.c
+++ b/src/sbus/sssd_dbus_request.c
+@@ -74,6 +74,7 @@ sbus_request_invoke_or_finish(struct sbus_request *dbus_req,
+     }
+ 
+     switch(ret) {
+    case ERR_SBUS_REQUEST_HANDLED:
+     case EOK:
+         return;
+     case ENOMEM:
+diff --git a/src/util/util_errors.c b/src/util/util_errors.c
+index 59ae63ab8d6e834a772349b162bf282f9a4f1c72..c998e14c26e43c3cd6a5a060bb6f74698b9e93ae 100644
+--- a/src/util/util_errors.c
+++ b/src/util/util_errors.c
+@@ -84,6 +84,7 @@ struct err_string error_to_str[] = {
+     { "Subdomain is inactive" }, /* ERR_SUBDOM_INACTIVE */
+     { "Account is locked" }, /* ERR_ACCOUNT_LOCKED */
+     { "AD renewal child failed" }, /* ERR_RENEWAL_CHILD */
+    { "SBUS request already handled" }, /* ERR_SBUS_REQUEST_HANDLED */
+     { "ERR_LAST" } /* ERR_LAST */
+ };
+ 
+diff --git a/src/util/util_errors.h b/src/util/util_errors.h
+index 05791f2f08f107a8b4830b810b8826983763174f..c0d9622a431a9946fdfa5e5c60ecf7b9e1ae66a5 100644
+--- a/src/util/util_errors.h
+++ b/src/util/util_errors.h
+@@ -106,6 +106,7 @@ enum sssd_errors {
+     ERR_SUBDOM_INACTIVE,
+     ERR_ACCOUNT_LOCKED,
+     ERR_RENEWAL_CHILD,
+    ERR_SBUS_REQUEST_HANDLED,
+     ERR_LAST            /* ALWAYS LAST */
+ };
+ 
+-- 
+2.7.4
+
--- a/0003-IFP-Do-not-crash-on-invalid-arguments-to-GetUserAttr.patch
+++ b/0003-IFP-Do-not-crash-on-invalid-arguments-to-GetUserAttr.patch
@ -0,0 +1,39 @@
+From 2dcfe9ba33d65aa08373f84a31065597413fc762 Mon Sep 17 00:00:00 2001
+From: Jakub Hrozek <jhrozek@redhat.com>
+Date: Tue, 10 May 2016 12:24:44 +0200
+Subject: [PATCH 3/3] IFP: Do not crash on invalid arguments to GetUserAttr
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+(cherry picked from commit 7ff6858b18fb463bc446797aa860960d5165fe9e)
+---
+ src/responder/ifp/ifpsrv_cmd.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/responder/ifp/ifpsrv_cmd.c b/src/responder/ifp/ifpsrv_cmd.c
+index ab6156fd6c92e8fd8176da6664cd6b79eb3f5a97..624db5f9f16b7f864dc2df67f7a62983686d8e29 100644
+--- a/src/responder/ifp/ifpsrv_cmd.c
+++ b/src/responder/ifp/ifpsrv_cmd.c
+@@ -83,7 +83,7 @@ int ifp_user_get_attr(struct sbus_request *dbus_req, void *data)
+ 
+     ret = ifp_user_get_attr_unpack_msg(attr_req);
+     if (ret != EOK) {
+-        return ret;     /* handled internally */
+        return ret;     /* internal error */
+     }
+ 
+     DEBUG(SSSDBG_FUNC_DATA,
+@@ -117,7 +117,7 @@ ifp_user_get_attr_unpack_msg(struct ifp_attr_req *attr_req)
+                                           DBUS_TYPE_INVALID);
+     if (parsed == false) {
+         DEBUG(SSSDBG_OP_FAILURE, "Could not parse arguments\n");
+-        return EOK; /* handled */
+        return ERR_SBUS_REQUEST_HANDLED;
+     }
+ 
+     /* Copy the attributes to maintain memory hierarchy with talloc */
+-- 
+2.7.4
+
--- a/sssd.spec
+++ b/sssd.spec
@ -24,7 +24,7 @@

 Name: sssd
 Version: 1.13.4
-Release: 2%{?dist}
+Release: 3%{?dist}
 Group: Applications/System
 Summary: System Security Services Daemon
 License: GPLv3+
@ -34,6 +34,8 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)

 ### Patches ###
 Patch0001: 0001-IPA-terminate-properly-if-view-name-lookup-fails.patch
+Patch0002: 0002-UTIL-Add-ERR_SBUS_REQUEST_HANDLED.patch
+Patch0003: 0003-IFP-Do-not-crash-on-invalid-arguments-to-GetUserAttr.patch
 Patch1001: 1001-Netlink-Ignore-RTM_NEWADDR-signals-from-link-local.patch

 ### Dependencies ###
@ -1020,6 +1022,10 @@ fi
                                %{_libdir}/%{name}/modules/libwbclient.so

 %changelog
+* Fri May 13 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.4-3
+- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element():
+                           sssd_ifp killed by SIGSEGV
+
 * Fri Apr 22 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.4-2
 - Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6