diff --git a/SOURCES/python-gssapi-display_status-infinite-recursion.patch b/SOURCES/python-gssapi-display_status-infinite-recursion.patch new file mode 100644 index 0000000..326d273 --- /dev/null +++ b/SOURCES/python-gssapi-display_status-infinite-recursion.patch @@ -0,0 +1,71 @@ +From b7e6c6c5451590f18df965a2a84550a63461d76e Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Mon, 27 Mar 2017 13:24:37 -0400 +Subject: [PATCH] Prevent GSSError/_display_status() infinite recursion + +I was unable to reproduce the problem, but this should prevent the issue. + +Resolves: #111 +--- + gssapi/raw/misc.pyx | 20 +++++++++++--------- + 1 file changed, 11 insertions(+), 9 deletions(-) + +diff --git a/gssapi/raw/misc.pyx b/gssapi/raw/misc.pyx +index e278c4b..4ea0c55 100644 +--- a/gssapi/raw/misc.pyx ++++ b/gssapi/raw/misc.pyx +@@ -139,7 +139,7 @@ def _display_status(unsigned int error_code, bint is_major_code, + whether or not to call again for further messages + + Raises: +- GSSError ++ ValueError + """ + + cdef int status_type +@@ -165,13 +165,16 @@ def _display_status(unsigned int error_code, bint is_major_code, + + if maj_stat == GSS_S_COMPLETE: + call_again = bool(msg_ctx_out) +- + msg_out = msg_buff.value[:msg_buff.length] + gss_release_buffer(&min_stat, &msg_buff) + return (msg_out, msg_ctx_out, call_again) + else: +- # NB(directxman12): this is highly unlikely to cause a recursive loop +- raise GSSError(maj_stat, min_stat) ++ # This hides whatever error gss_display_status is complaining about, ++ # but obviates infinite recursion into stack exhaustion. The ++ # exception raised here is handled by get_all_statuses(), which prints ++ # the code. ++ raise ValueError("gss_display_status call returned failure " ++ "(major {0}, minor {1}).".format(maj_stat, min_stat)) + + + class GSSErrorRegistry(type): +@@ -294,8 +297,8 @@ class GSSError(Exception, metaclass=GSSErrorRegistry): + try: + msg, ctx, cont = _display_status(code, is_maj) + res.append(msg.decode(msg_encoding)) +- except GSSError: +- res.append(u'issue decoding code: {0}'.format(code)) ++ except ValueError as e: ++ res.append(u'{0} Decoding code: {1}'.format(e, code)) + cont = False + + while cont: +@@ -303,9 +306,8 @@ class GSSError(Exception, metaclass=GSSErrorRegistry): + msg, ctx, cont = _display_status(code, is_maj, + message_context=ctx) + res.append(msg.decode(msg_encoding)) +- except GSSError: +- res.append(u'issue decoding ' +- u'code: {0}'.format(code)) ++ except ValueError: ++ res.append(u'{0} Decoding code: {1}'.format(e, code)) + cont = False + + return res +-- +2.11.0 + diff --git a/SPECS/python-gssapi.spec b/SPECS/python-gssapi.spec index c3071f0..7f5d7ad 100644 --- a/SPECS/python-gssapi.spec +++ b/SPECS/python-gssapi.spec @@ -6,7 +6,7 @@ Name: python-gssapi Version: 1.2.0 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Python Bindings for GSSAPI (RFC 2743/2744 and extensions) License: ISC @@ -16,6 +16,7 @@ Source0: https://github.com/pythongssapi/%{name}/releases/download/v%{ver Patch0: k5test-0.9.1-usr_lib64.patch Patch1: python-gssapi-cython_0.19.patch Patch2: python-gssapi-1.2.1-overwrite_cred_store.patch +Patch3: python-gssapi-display_status-infinite-recursion.patch BuildRequires: python2-devel BuildRequires: krb5-devel >= 1.10 @@ -76,6 +77,7 @@ RFC 2743, as well as multiple extensions. %patch0 -p1 -b .usr_lib64 %patch1 -p1 -b .cython_0.19 %patch2 -p1 -b .overwrite_cred_store +%patch3 -p1 -b .display_status-infinite-recursion %if 0%{?with_python3} rm -rf %{py3dir} @@ -139,6 +141,10 @@ popd %changelog +* Tue Apr 11 2017 Robbie Harwood - 1.2.0-3 +- Fix an infinite loop from gss_display_status +- Resolves: #1438390 + * Mon Apr 04 2016 Robbie Harwood - 1.2.0-2 - Move python-tox from build requirement to test requirement - Resolves: #1292139