packages/krb5
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
krb5/backport-Prevent-late-initialization-of-GSS-error-map.patch
wjiang c64bcea70a backport patch from upstream community 
(cherry picked from commit 6c307c246cb8b6578f4b1873022e7de73c7ed713)
2024-12-04 19:43:09 +08:00

92 lines
3.5 KiB
Diff
Raw Blame History

From bba0c36394cb88265da6e3d6566dd88b9c7978ca Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Mon, 21 Oct 2024 19:04:08 -0400
Subject: [PATCH] Prevent late initialization of GSS error map
Some of the peripheral libgssapi_krb5 utility functions, such as
gss_str_to_oid(), do not access the mechanism list and therefore do
not reach any of the calls to gssint_mechglue_initialize_library().
If one of these functions is called early and produces an error, its
call to map_error() will operate on the uninitialized error map. When
the library is later initialized, any entries added to the error map
this way will be leaked.
To ensure that the error map is initialized before it is operated on,
add library initialization calls to gssint_mecherrmap_map() and
gssint_mecherrmap_get().
ticket: 9145 (new)
Reference:https://github.com/krb5/krb5/commit/bba0c36394cb88265da6e3d6566dd88b9c7978ca
Conflict:src/lib/gssapi/generic/deps
---
src/lib/gssapi/generic/Makefile.in | 2 +-
src/lib/gssapi/generic/deps | 6 ++++--
src/lib/gssapi/generic/util_errmap.c | 6 +++++-
3 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/src/lib/gssapi/generic/Makefile.in b/src/lib/gssapi/generic/Makefile.in
index 1a95a7d..ac69a85 100644
--- a/src/lib/gssapi/generic/Makefile.in
+++ b/src/lib/gssapi/generic/Makefile.in
@@ -1,6 +1,6 @@
mydir=lib$(S)gssapi$(S)generic
BUILDTOP=$(REL)..$(S)..$(S)..
-LOCALINCLUDES = -I. -I$(srcdir) -I$(srcdir)/..
+LOCALINCLUDES = -I. -I$(srcdir) -I$(srcdir)/../mechglue
##DOS##BUILDTOP = ..\..\..
##DOS##PREFIXDIR=generic
diff --git a/src/lib/gssapi/generic/deps b/src/lib/gssapi/generic/deps
index 5b80e7f..222b088 100644
--- a/src/lib/gssapi/generic/deps
+++ b/src/lib/gssapi/generic/deps
@@ -59,8 +59,10 @@ util_buffer_set.so util_buffer_set.po $(OUTPRE)util_buffer_set.$(OBJEXT): \
util_buffer_set.c
util_errmap.so util_errmap.po $(OUTPRE)util_errmap.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
- $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/krb5/krb5.h \
- $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+ $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+ $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(srcdir)/../mechglue/mechglue.h \
+ $(srcdir)/../mechglue/mglueP.h $(top_srcdir)/include/k5-buf.h \
+ $(top_srcdir)/include/k5-input.h $(top_srcdir)/include/k5-platform.h \
$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
errmap.h gssapiP_generic.h gssapi_err_generic.h gssapi_ext.h \
gssapi_generic.h util_errmap.c
diff --git a/src/lib/gssapi/generic/util_errmap.c b/src/lib/gssapi/generic/util_errmap.c
index 628a455..138310c 100644
--- a/src/lib/gssapi/generic/util_errmap.c
+++ b/src/lib/gssapi/generic/util_errmap.c
@@ -25,6 +25,7 @@
*/
#include "gssapiP_generic.h"
+#include <mglueP.h>
#include <string.h>
#ifndef _WIN32
#include <unistd.h>
@@ -181,6 +182,9 @@ OM_uint32 gssint_mecherrmap_map(OM_uint32 minor, const gss_OID_desc * oid)
f = stderr;
#endif
+ if (gssint_mechglue_initialize_library() != 0)
+ return 0;
+
me.code = minor;
me.mech = *oid;
k5_mutex_lock(&mutex);
@@ -249,7 +253,7 @@ int gssint_mecherrmap_get(OM_uint32 minor, gss_OID mech_oid,
{
const struct mecherror *p;
- if (minor == 0) {
+ if (minor == 0 || gssint_mechglue_initialize_library() != 0) {
return EINVAL;
}
k5_mutex_lock(&mutex);
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink