packages/sssd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

backport patches to fix bugs

Browse Source 
Signed-off-by: xuraoqing <xuraoqing@huawei.com>
This commit is contained in:
xuraoqing 2024-10-25 14:51:11 +08:00
parent 029ea8b56b
commit 988a61df65
3 changed files with 107 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
backport-CLIENT-idmap-fix-coverity-warning.patch Normal file
View File

@ -0,0 +1,51 @@
From 7c913edc84e0201020b5ab770dd0823911387781 Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Wed, 22 May 2024 20:19:05 +0200
Subject: [PATCH] CLIENT:idmap: fix coverity warning
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Fixes following issue:
```
"Error: INTEGER_OVERFLOW (CWE-190):
sssd-2.10.0/src/sss_client/idmap/sss_nss_idmap.c:306:5: tainted_data_argument: The value returned in ""replen"" is considered tainted.
sssd-2.10.0/src/sss_client/idmap/sss_nss_idmap.c:331:5: overflow: The expression ""replen - 12UL"" might be negative, but is used in a context that treats it as unsigned.
sssd-2.10.0/src/sss_client/idmap/sss_nss_idmap.c:331:5: assign: Assigning: ""data_len"" = ""replen - 12UL"".
sssd-2.10.0/src/sss_client/idmap/sss_nss_idmap.c:347:9: overflow: The expression ""1UL * data_len"" is deemed underflowed because at least one of its arguments has underflowed.
sssd-2.10.0/src/sss_client/idmap/sss_nss_idmap.c:347:9: overflow_sink: ""1UL * data_len"", which might have underflowed, is passed to ""malloc(1UL * data_len)"".
# 345| }
# 346|
# 347|-> str = malloc(sizeof(char) * data_len);
# 348| if (str == NULL) {
# 349| ret = ENOMEM;"
```
Reviewed-by: Alejandro López <allopez@redhat.com>
Reference: https://github.com/SSSD/sssd/commit/7c913edc84e0201020b5ab770dd0823911387781
Conflict: NA
---
src/sss_client/idmap/sss_nss_idmap.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/sss_client/idmap/sss_nss_idmap.c b/src/sss_client/idmap/sss_nss_idmap.c
index 575d03057..604933c6d 100644
--- a/src/sss_client/idmap/sss_nss_idmap.c
+++ b/src/sss_client/idmap/sss_nss_idmap.c
@@ -324,6 +324,11 @@ static int sss_nss_getyyybyxxx(union input inp, enum sss_cli_command cmd,
goto done;
}
+ if (replen < DATA_START) { /* make sure 'type' is present */
+ ret = EBADMSG;
+ goto done;
+ }
+
/* Skip first two 32 bit values (number of results and
* reserved padding) */
SAFEALIGN_COPY_UINT32(&out->type, repbuf + 2 * sizeof(uint32_t), NULL);
--
2.33.0

48
backport-SSH-sanity-check-to-please-coverity.patch Normal file
View File

@ -0,0 +1,48 @@
From 19df6a5d2ed220e6236aa1c921b7abdeba233dd1 Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Wed, 22 May 2024 21:13:31 +0200
Subject: [PATCH] SSH: sanity check to please coverity
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Fixes:
```
Error: INTEGER_OVERFLOW (CWE-190):
sssd-2.10.0/src/util/sss_ssh.c:195:13: underflow: The decrement operator on the unsigned variable ""len"" might result in an underflow.
sssd-2.10.0/src/util/sss_ssh.c:204:9: overflow_sink: ""len"", which might have underflowed, is passed to ""memcpy(out, pubkey->data, len)"". [Note: The source code implementation of the function has been overridden by a builtin model.]
# 202| }
# 203|
# 204|-> memcpy(out, pubkey->data, len);
# 205| out[len] = '\0';
# 206| }
```
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reference: https://github.com/SSSD/sssd/commit/19df6a5d2ed220e6236aa1c921b7abdeba233dd1
Conflict: NA
---
src/util/sss_ssh.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/util/sss_ssh.c b/src/util/sss_ssh.c
index 9df397873..f9c0918fd 100644
--- a/src/util/sss_ssh.c
+++ b/src/util/sss_ssh.c
@@ -191,6 +191,10 @@ sss_ssh_format_pubkey(TALLOC_CTX *mem_ctx,
}
len = pubkey->data_len;
+ if (len == 0) {
+ ret = EINVAL;
+ goto done;
+ }
if (pubkey->data[len - 1] == '\n') {
len--;
}
--
2.33.0

11
sssd.spec
View File

@ -8,7 +8,7 @@
Name: sssd Name: sssd
Version: 2.9.4 Version: 2.9.4
Release: 7 Release: 8
Summary: System Security Services Daemon Summary: System Security Services Daemon
License: GPL-3.0-or-later License: GPL-3.0-or-later
URL: https://github.com/SSSD/sssd/ URL: https://github.com/SSSD/sssd/
@ -18,8 +18,10 @@ Patch0001: backport-CVE-2023-3758.patch
Patch0002: backport-UTILS-inotify-avoid-potential-NULL-deref.patch Patch0002: backport-UTILS-inotify-avoid-potential-NULL-deref.patch
Patch0003: backport-ad-refresh-root-domain-when-read-directly.patch Patch0003: backport-ad-refresh-root-domain-when-read-directly.patch
Patch0004: backport-RESPONDER-use-proper-context-for-getDomains.patch Patch0004: backport-RESPONDER-use-proper-context-for-getDomains.patch
Patch0005: backport-sysdb-do-not-fail-to-add-non-posix-user-to-MPG-domai.patch Patch0005: backport-SSH-sanity-check-to-please-coverity.patch
Patch0006: backport-Update-sssd.in-to-remove-f-option-from-sysv-init-scr.patch Patch0006: backport-CLIENT-idmap-fix-coverity-warning.patch
Patch0007: backport-sysdb-do-not-fail-to-add-non-posix-user-to-MPG-domai.patch
Patch0008: backport-Update-sssd.in-to-remove-f-option-from-sysv-init-scr.patch
Requires: sssd-ad = %{version}-%{release} Requires: sssd-ad = %{version}-%{release}
Requires: sssd-common = %{version}-%{release} Requires: sssd-common = %{version}-%{release}
@ -919,6 +921,9 @@ fi
%systemd_postun_with_restart sssd.service %systemd_postun_with_restart sssd.service
%changelog %changelog
* Fri Oct 25 2024 xuraoqing <xuraoqing@huawei.com> - 2.9.4-8
- backport patches to fix bugs
* Wed Sep 25 2024 xuraoqing <xuraoqing@huawei.com> - 2.9.4-7 * Wed Sep 25 2024 xuraoqing <xuraoqing@huawei.com> - 2.9.4-7
- backport patches to fix bugs - backport patches to fix bugs