|
 |
f77ce6 |
From c17f20b949d2e80e596ce21ecd944db80aaa80b1 Mon Sep 17 00:00:00 2001
|
|
|
f77ce6 |
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gdeschner@redhat.com>
|
|
|
f77ce6 |
Date: Wed, 29 Jan 2014 17:59:03 +0100
|
|
|
f77ce6 |
Subject: [PATCH] Fix potential segfault in gssi_inquire_context().
|
|
|
f77ce6 |
MIME-Version: 1.0
|
|
|
f77ce6 |
Content-Type: text/plain; charset=UTF-8
|
|
|
f77ce6 |
Content-Transfer-Encoding: 8bit
|
|
|
f77ce6 |
|
|
|
f77ce6 |
Signed-off-by: Günther Deschner <gdeschner@redhat.com>
|
|
|
f77ce6 |
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
f77ce6 |
---
|
|
|
f77ce6 |
proxy/src/mechglue/gpp_context.c | 4 ++--
|
|
|
f77ce6 |
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
f77ce6 |
|
|
|
f77ce6 |
diff --git a/proxy/src/mechglue/gpp_context.c b/proxy/src/mechglue/gpp_context.c
|
|
|
f77ce6 |
index 6010724f8ece09413e85c8926303276b4dffe89b..bb16a93a39b5892388ba9e963fff9b0066283cf4 100644
|
|
|
f77ce6 |
--- a/proxy/src/mechglue/gpp_context.c
|
|
|
f77ce6 |
+++ b/proxy/src/mechglue/gpp_context.c
|
|
|
f77ce6 |
@@ -223,7 +223,7 @@ OM_uint32 gssi_inquire_context(OM_uint32 *minor_status,
|
|
|
f77ce6 |
maj = gss_inquire_context(&min,
|
|
|
f77ce6 |
ctx_handle->local,
|
|
|
f77ce6 |
s_name ? &s_name->local : NULL,
|
|
|
f77ce6 |
- s_name ? &t_name->local : NULL,
|
|
|
f77ce6 |
+ t_name ? &t_name->local : NULL,
|
|
|
f77ce6 |
lifetime_rec,
|
|
|
f77ce6 |
&mech_oid,
|
|
|
f77ce6 |
ctx_flags,
|
|
|
f77ce6 |
@@ -233,7 +233,7 @@ OM_uint32 gssi_inquire_context(OM_uint32 *minor_status,
|
|
|
f77ce6 |
maj = gpm_inquire_context(&min,
|
|
|
f77ce6 |
ctx_handle->remote,
|
|
|
f77ce6 |
s_name ? &s_name->remote : NULL,
|
|
|
f77ce6 |
- s_name ? &t_name->remote : NULL,
|
|
|
f77ce6 |
+ t_name ? &t_name->remote : NULL,
|
|
|
f77ce6 |
lifetime_rec,
|
|
|
f77ce6 |
&mech_oid,
|
|
|
f77ce6 |
ctx_flags,
|
|
|
f77ce6 |
--
|
|
|
f77ce6 |
2.1.0
|
|
|
f77ce6 |
|
|
|
f77ce6 |
From 9da1bc9dec8d228b35ef8639832cddc5e477ddf8 Mon Sep 17 00:00:00 2001
|
|
|
f77ce6 |
From: Simo Sorce <simo@redhat.com>
|
|
|
f77ce6 |
Date: Thu, 22 Jan 2015 14:26:23 -0500
|
|
|
f77ce6 |
Subject: [PATCH] Zero out the outputs of display_name
|
|
|
f77ce6 |
|
|
|
f77ce6 |
The mechglue expects the mechanism function to zero them in all cases.
|
|
|
f77ce6 |
Otherwise on error it will later try to free the output buffer value
|
|
|
f77ce6 |
which can be an arbitrary pointer. This will cause a segfault or
|
|
|
f77ce6 |
worse in glibc's free().
|
|
|
f77ce6 |
|
|
|
f77ce6 |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
f77ce6 |
Reviewed-by: Roland Mainz <rmainz@redhat.com>
|
|
|
f77ce6 |
---
|
|
|
f77ce6 |
proxy/src/mechglue/gpp_import_and_canon_name.c | 5 +++++
|
|
|
f77ce6 |
1 file changed, 5 insertions(+)
|
|
|
f77ce6 |
|
|
|
f77ce6 |
diff --git a/proxy/src/mechglue/gpp_import_and_canon_name.c b/proxy/src/mechglue/gpp_import_and_canon_name.c
|
|
|
f77ce6 |
index 727823c383c32d4ab5ec8a41b034997f18e433f7..92e6e5dca522742c181900fdd43c66318695923e 100644
|
|
|
f77ce6 |
--- a/proxy/src/mechglue/gpp_import_and_canon_name.c
|
|
|
f77ce6 |
+++ b/proxy/src/mechglue/gpp_import_and_canon_name.c
|
|
|
f77ce6 |
@@ -33,6 +33,11 @@ OM_uint32 gssi_display_name(OM_uint32 *minor_status,
|
|
|
f77ce6 |
struct gpp_name_handle *name;
|
|
|
f77ce6 |
OM_uint32 maj, min = 0;
|
|
|
f77ce6 |
|
|
|
f77ce6 |
+ output_name_buffer->length = 0;
|
|
|
f77ce6 |
+ output_name_buffer->value = NULL;
|
|
|
f77ce6 |
+ if (output_name_type)
|
|
|
f77ce6 |
+ *output_name_type = GSS_C_NO_OID;
|
|
|
f77ce6 |
+
|
|
|
f77ce6 |
GSSI_TRACE();
|
|
|
f77ce6 |
|
|
|
f77ce6 |
name = (struct gpp_name_handle *)input_name;
|
|
|
f77ce6 |
--
|
|
|
f77ce6 |
2.1.0
|
|
|
f77ce6 |
|