From eff8e21475225808cb5ede8002902a7916e1bba7 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Mar 31 2020 09:40:31 +0000
Subject: import python-kdcproxy-0.3.2-3.el7


---

diff --git a/SOURCES/Always-buffer-TCP-data-in-__handle_recv.patch b/SOURCES/Always-buffer-TCP-data-in-__handle_recv.patch
new file mode 100644
index 0000000..4a8e6ea
--- /dev/null
+++ b/SOURCES/Always-buffer-TCP-data-in-__handle_recv.patch
@@ -0,0 +1,84 @@
+From 0472f5b12beb845515b6ef8a339b7223189112fd Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Thu, 29 Aug 2019 11:13:41 -0400
+Subject: [PATCH] Always buffer TCP data in __handle_recv()
+
+Refactor __handle_recv() to always create a BytesIO() object for TCP
+data.  Linearize control flow for ease of debugging.  Always apply
+length checks so that we don't have to wait for EOF in the multiple-recv
+case.
+
+Fixes a bug where we wouldn't return any data because we never received
+the EOF, or didn't receive it fast enough.
+
+Signed-off-by: Robbie Harwood <rharwood@redhat.com>
+(cherry picked from commit 7e2b1ab27b843c220fe301b74bab01ed61b0f59a)
+---
+ kdcproxy/__init__.py | 54 +++++++++++++++++++++++++-------------------
+ 1 file changed, 31 insertions(+), 23 deletions(-)
+
+diff --git a/kdcproxy/__init__.py b/kdcproxy/__init__.py
+index ab6ed8a..67680c5 100644
+--- a/kdcproxy/__init__.py
++++ b/kdcproxy/__init__.py
+@@ -128,29 +128,37 @@ class Application:
+             # length prefix. So add it.
+             reply = struct.pack("!I", len(reply)) + reply
+             return reply
+-        else:
+-            # TCP is a different story. The reply must be buffered
+-            # until the full answer is accumulated.
+-            buf = read_buffers.get(sock)
+-            part = sock.recv(1048576)
+-            if buf is None:
+-                if len(part) > 4:
+-                    # got enough data in the initial package. Now check
+-                    # if we got the full package in the first run.
+-                    (length, ) = struct.unpack("!I", part[0:4])
+-                    if length + 4 == len(part):
+-                        return part
+-                read_buffers[sock] = buf = io.BytesIO()
+-
+-            if part:
+-                # data received, accumulate it in a buffer
+-                buf.write(part)
+-                return None
+-            else:
+-                # EOF received
+-                read_buffers.pop(sock)
+-                reply = buf.getvalue()
+-                return reply
++
++        # TCP is a different story. The reply must be buffered until the full
++        # answer is accumulated.
++        buf = read_buffers.get(sock)
++        if buf is None:
++            read_buffers[sock] = buf = io.BytesIO()
++
++        part = sock.recv(1048576)
++        if not part:
++            # EOF received.  Return any incomplete data we have on the theory
++            # that a decode error is more apparent than silent failure.  The
++            # client will fail faster, at least.
++            read_buffers.pop(sock)
++            reply = buf.getvalue()
++            return reply
++
++        # Data received, accumulate it in a buffer.
++        buf.write(part)
++
++        reply = buf.getvalue()
++        if len(reply) < 4:
++            # We don't have the length yet.
++            return None
++
++        # Got enough data to check if we have the full package.
++        (length, ) = struct.unpack("!I", reply[0:4])
++        if length + 4 == len(reply):
++            read_buffers.pop(sock)
++            return reply
++
++        return None
+ 
+     def __filter_addr(self, addr):
+         if addr[0] not in (socket.AF_INET, socket.AF_INET6):
diff --git a/SOURCES/Downgrade-socket-problems-to-warnings.patch b/SOURCES/Downgrade-socket-problems-to-warnings.patch
index 0f11585..5eeabac 100644
--- a/SOURCES/Downgrade-socket-problems-to-warnings.patch
+++ b/SOURCES/Downgrade-socket-problems-to-warnings.patch
@@ -1,4 +1,4 @@
-From ea304c819659a8f54d9545eff9af262898a3193a Mon Sep 17 00:00:00 2001
+From 9ee34b339ccf0525dc3f724c22120338156353f6 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Tue, 3 Jul 2018 15:04:28 -0400
 Subject: [PATCH] Downgrade socket problems to warnings
diff --git a/SPECS/python-kdcproxy.spec b/SPECS/python-kdcproxy.spec
index 1979c6b..16fdbc1 100644
--- a/SPECS/python-kdcproxy.spec
+++ b/SPECS/python-kdcproxy.spec
@@ -2,7 +2,7 @@
 
 Name:           python-%{realname}
 Version:        0.3.2
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        MS-KKDCP (kerberos proxy) WSGI module
 
 License:        MIT
@@ -13,6 +13,7 @@ BuildArch:      noarch
 BuildRequires:  python2-devel
 
 Patch0: Downgrade-socket-problems-to-warnings.patch
+Patch1: Always-buffer-TCP-data-in-__handle_recv.patch
 
 %if 0%{?rhel} == 0
 BuildRequires:  python-tox
@@ -55,6 +56,7 @@ minimal configuration.
 %prep
 %setup -q -n %{realname}-%{version}
 %patch0 -p1 -b .Downgrade-socket-problems-to-warnings
+%patch1 -p1 -b .Always-buffer-TCP-data-in-__handle_recv
 
 %build
 %{__python} setup.py build
@@ -87,6 +89,10 @@ tox --sitepackages -e py27,py34
 %endif
 
 %changelog
+* Tue Sep 03 2019 Robbie Harwood <rharwood@redhat.com> - 0.3.2-3
+- Always buffer TCP data in __handle_recv()
+- Resolves: #1746107
+
 * Mon Dec 17 2018 Robbie Harwood <rharwood@redhat.com> - 0.3.2-2
 - Downgrade socket problems to warnings
 - Resolves: #1525925