|
 |
2c9800 |
From 14e33b725c991d6c500ca93e241ed64e1a755843 Mon Sep 17 00:00:00 2001
|
|
|
2c9800 |
From: Robbie Harwood <rharwood@redhat.com>
|
|
|
2c9800 |
Date: Wed, 16 Dec 2015 17:48:11 -0500
|
|
|
2c9800 |
Subject: [PATCH 2/2] Fix for gss_inquire_attrs_for_mech accepting NULLs
|
|
|
2c9800 |
|
|
|
2c9800 |
As per rfc5587, gss_inquire_attrs_for_mech must accept NULL mech_attrs
|
|
|
2c9800 |
and known_mech_attrs arguments. Up until 1.14, MIT krb5 was not ever
|
|
|
2c9800 |
passing NULLs in these fields.
|
|
|
2c9800 |
|
|
|
2c9800 |
This fixes an interposer loop (and subsequent segmentation fault) due
|
|
|
2c9800 |
to our previous assumption that these arguments not be NULL.
|
|
|
2c9800 |
|
|
|
2c9800 |
See also: https://tools.ietf.org/html/rfc5587#section-3.4.3
|
|
|
2c9800 |
|
|
|
2c9800 |
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
|
|
|
2c9800 |
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
2c9800 |
---
|
|
|
2c9800 |
proxy/src/client/gpm_indicate_mechs.c | 38 ++++++++++++++++++++---------------
|
|
|
2c9800 |
1 file changed, 22 insertions(+), 16 deletions(-)
|
|
|
2c9800 |
|
|
|
2c9800 |
diff --git a/proxy/src/client/gpm_indicate_mechs.c b/proxy/src/client/gpm_indicate_mechs.c
|
|
|
2c9800 |
index 35ce3bb..d4df923 100644
|
|
|
2c9800 |
--- a/proxy/src/client/gpm_indicate_mechs.c
|
|
|
2c9800 |
+++ b/proxy/src/client/gpm_indicate_mechs.c
|
|
|
2c9800 |
@@ -444,10 +444,6 @@ OM_uint32 gpm_inquire_attrs_for_mech(OM_uint32 *minor_status,
|
|
|
2c9800 |
if (!minor_status) {
|
|
|
2c9800 |
return GSS_S_CALL_INACCESSIBLE_WRITE;
|
|
|
2c9800 |
}
|
|
|
2c9800 |
- if (!mech_attrs || !known_mech_attrs) {
|
|
|
2c9800 |
- *minor_status = 0;
|
|
|
2c9800 |
- return GSS_S_CALL_INACCESSIBLE_WRITE;
|
|
|
2c9800 |
- }
|
|
|
2c9800 |
|
|
|
2c9800 |
ret_min = gpmint_init_global_mechs();
|
|
|
2c9800 |
if (ret_min) {
|
|
|
2c9800 |
@@ -459,21 +455,31 @@ OM_uint32 gpm_inquire_attrs_for_mech(OM_uint32 *minor_status,
|
|
|
2c9800 |
if (!gpm_equal_oids(global_mechs.info[i].mech, mech)) {
|
|
|
2c9800 |
continue;
|
|
|
2c9800 |
}
|
|
|
2c9800 |
- ret_maj = gpm_copy_gss_OID_set(&ret_min,
|
|
|
2c9800 |
- global_mechs.info[i].mech_attrs,
|
|
|
2c9800 |
- mech_attrs);
|
|
|
2c9800 |
- if (ret_maj) {
|
|
|
2c9800 |
+
|
|
|
2c9800 |
+ if (mech_attrs != NULL) {
|
|
|
2c9800 |
+ ret_maj = gpm_copy_gss_OID_set(&ret_min,
|
|
|
2c9800 |
+ global_mechs.info[i].mech_attrs,
|
|
|
2c9800 |
+ mech_attrs);
|
|
|
2c9800 |
+ if (ret_maj) {
|
|
|
2c9800 |
+ *minor_status = ret_min;
|
|
|
2c9800 |
+ return ret_maj;
|
|
|
2c9800 |
+ }
|
|
|
2c9800 |
+ }
|
|
|
2c9800 |
+
|
|
|
2c9800 |
+ if (known_mech_attrs != NULL) {
|
|
|
2c9800 |
+ ret_maj = gpm_copy_gss_OID_set(&ret_min,
|
|
|
2c9800 |
+ global_mechs.info[i].known_mech_attrs,
|
|
|
2c9800 |
+ known_mech_attrs);
|
|
|
2c9800 |
+ if (ret_maj) {
|
|
|
2c9800 |
+ gss_release_oid_set(&discard, known_mech_attrs);
|
|
|
2c9800 |
+ }
|
|
|
2c9800 |
*minor_status = ret_min;
|
|
|
2c9800 |
return ret_maj;
|
|
|
2c9800 |
}
|
|
|
2c9800 |
- ret_maj = gpm_copy_gss_OID_set(&ret_min,
|
|
|
2c9800 |
- global_mechs.info[i].known_mech_attrs,
|
|
|
2c9800 |
- known_mech_attrs);
|
|
|
2c9800 |
- if (ret_maj) {
|
|
|
2c9800 |
- gss_release_oid_set(&discard, known_mech_attrs);
|
|
|
2c9800 |
- }
|
|
|
2c9800 |
- *minor_status = ret_min;
|
|
|
2c9800 |
- return ret_maj;
|
|
|
2c9800 |
+
|
|
|
2c9800 |
+ /* all requested attributes copied successfully */
|
|
|
2c9800 |
+ *minor_status = 0;
|
|
|
2c9800 |
+ return GSS_S_COMPLETE;
|
|
|
2c9800 |
}
|
|
|
2c9800 |
|
|
|
2c9800 |
*minor_status = 0;
|
|
|
2c9800 |
--
|
|
|
2c9800 |
2.6.4
|
|
|
2c9800 |
|