packages/sssd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!178 回合上游补丁,修复krb5配置文件导致segment fault

Browse Source 
From: @fwo 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen
This commit is contained in:
openeuler-ci-bot 2024-12-06 03:47:50 +00:00 committed by Gitee
commit 69b36d1571
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 38 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
backport-Make-sure-invalid-krb5-context-is-not-used.patch Normal file
View File

@ -0,0 +1,33 @@
From bdfb92012d6dec2999469d483ba67d6c2521a078 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Thu, 21 Nov 2024 09:23:36 +0100
Subject: [PATCH] ldap_child: make sure invalid krb5 context is not used -
2.9.4
Resolves: https://github.com/SSSD/sssd/issues/7715
---
src/util/sss_krb5.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c
index 3f57e5b268f..0b83142ddfc 100644
--- a/src/util/sss_krb5.c
+++ b/src/util/sss_krb5.c
@@ -140,6 +140,7 @@ errno_t select_principal_from_keytab(TALLOC_CTX *mem_ctx,
kerr = sss_krb5_init_context(&krb_ctx);
if (kerr) {
+ krb_ctx = NULL;
error_message = "Failed to init Kerberos context";
ret = EFAULT;
goto done;
@@ -269,7 +270,7 @@ errno_t select_principal_from_keytab(TALLOC_CTX *mem_ctx,
}
done:
- if (ret != EOK) {
+ if (ret != EOK && krb_ctx != NULL) {
DEBUG(SSSDBG_FATAL_FAILURE, "Failed to read keytab [%s]: %s\n",
sss_printable_keytab_name(krb_ctx, keytab_name),
(error_message ? error_message : sss_strerror(ret)));

6
sssd.spec
View File

@ -8,7 +8,7 @@
Name: sssd
Version: 2.9.4
Release: 10
Release: 11
Summary: System Security Services Daemon
License: GPL-3.0-or-later
URL: https://github.com/SSSD/sssd/
@ -25,6 +25,7 @@ Patch0008: backport-Update-sssd.in-to-remove-f-option-from-sysv-init-scr.patch
Patch0009: backport-Missing-dns_update_per_family-option.patch
Patch0010: backport-TOOLS-mistype-fix.patch
Patch0011: backport-ad-honor-ad_use_ldaps-setting-with-ad_machine_pw_ren.patch
Patch0012: backport-Make-sure-invalid-krb5-context-is-not-used.patch
Requires: sssd-ad = %{version}-%{release}
Requires: sssd-common = %{version}-%{release}
@ -923,6 +924,9 @@ fi
%systemd_postun_with_restart sssd.service
%changelog
* Thu Dec 05 2024 wangjiang <app@cameyan.com> - 2.9.4-11
- backport make sure invalid krb5 context is not used
* Tue Dec 03 2024 wangjiang <app@cameyan.com> - 2.9.4-10
- backport upstream patches