rpms / gssproxy

Clone
Source Code
GIT

Files

  1.   f77ce6fedb332a5ed1924079d7dec1c47860540a
  2.   SOURCES
  3.   gssproxy-0.3.0-inquire-context.patch
Blob Blame History Raw 
From c17f20b949d2e80e596ce21ecd944db80aaa80b1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gdeschner@redhat.com>
Date: Wed, 29 Jan 2014 17:59:03 +0100
Subject: [PATCH] Fix potential segfault in gssi_inquire_context().
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Günther Deschner <gdeschner@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
---
 proxy/src/mechglue/gpp_context.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/proxy/src/mechglue/gpp_context.c b/proxy/src/mechglue/gpp_context.c
index 6010724f8ece09413e85c8926303276b4dffe89b..bb16a93a39b5892388ba9e963fff9b0066283cf4 100644
--- a/proxy/src/mechglue/gpp_context.c
+++ b/proxy/src/mechglue/gpp_context.c
@@ -223,7 +223,7 @@ OM_uint32 gssi_inquire_context(OM_uint32 *minor_status,
         maj = gss_inquire_context(&min,
                                   ctx_handle->local,
                                   s_name ? &s_name->local : NULL,
-                                  s_name ? &t_name->local : NULL,
+                                  t_name ? &t_name->local : NULL,
                                   lifetime_rec,
                                   &mech_oid,
                                   ctx_flags,
@@ -233,7 +233,7 @@ OM_uint32 gssi_inquire_context(OM_uint32 *minor_status,
         maj = gpm_inquire_context(&min,
                                   ctx_handle->remote,
                                   s_name ? &s_name->remote : NULL,
-                                  s_name ? &t_name->remote : NULL,
+                                  t_name ? &t_name->remote : NULL,
                                   lifetime_rec,
                                   &mech_oid,
                                   ctx_flags,
-- 
2.1.0

From 9da1bc9dec8d228b35ef8639832cddc5e477ddf8 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Thu, 22 Jan 2015 14:26:23 -0500
Subject: [PATCH] Zero out the outputs of display_name

The mechglue expects the mechanism function to zero them in all cases.
Otherwise on error it will later try to free the output buffer value
which can be an arbitrary pointer. This will cause a segfault or
worse in glibc's free().

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Roland Mainz <rmainz@redhat.com>
---
 proxy/src/mechglue/gpp_import_and_canon_name.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/proxy/src/mechglue/gpp_import_and_canon_name.c b/proxy/src/mechglue/gpp_import_and_canon_name.c
index 727823c383c32d4ab5ec8a41b034997f18e433f7..92e6e5dca522742c181900fdd43c66318695923e 100644
--- a/proxy/src/mechglue/gpp_import_and_canon_name.c
+++ b/proxy/src/mechglue/gpp_import_and_canon_name.c
@@ -33,6 +33,11 @@ OM_uint32 gssi_display_name(OM_uint32 *minor_status,
     struct gpp_name_handle *name;
     OM_uint32 maj, min = 0;
 
+    output_name_buffer->length = 0;
+    output_name_buffer->value = NULL;
+    if (output_name_type)
+        *output_name_type = GSS_C_NO_OID;
+
     GSSI_TRACE();
 
     name = (struct gpp_name_handle *)input_name;
-- 
2.1.0

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation