From 4e9f906d6699da98d6ae819b8d1d9696980f8dac Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Wed, 3 Jul 2024 03:14:07 +0300 Subject: [PATCH] import krb5-1.18.2-28.el8_10 --- ...efcred-leak-in-krb5-gss_inquire_cred.patch | 45 +++++++++++++++++++ SPECS/krb5.spec | 7 ++- 2 files changed, 51 insertions(+), 1 deletion(-) create mode 100644 SOURCES/Fix-defcred-leak-in-krb5-gss_inquire_cred.patch diff --git a/SOURCES/Fix-defcred-leak-in-krb5-gss_inquire_cred.patch b/SOURCES/Fix-defcred-leak-in-krb5-gss_inquire_cred.patch new file mode 100644 index 0000000..f9e5403 --- /dev/null +++ b/SOURCES/Fix-defcred-leak-in-krb5-gss_inquire_cred.patch @@ -0,0 +1,45 @@ +From 058dfbaed97c8e09ac4f3f7a1655b64ab3cf0144 Mon Sep 17 00:00:00 2001 +From: Greg Hudson +Date: Wed, 21 Jul 2021 13:44:30 -0400 +Subject: [PATCH] Fix defcred leak in krb5 gss_inquire_cred() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Commit 1cd2821c19b2b95e39d5fc2f451a035585a40fa5 altered the memory +management of krb5_gss_inquire_cred(), introducing defcred to act as +an owner pointer when the function must acquire a default credential. +The commit neglected to update the code to release the default cred +along the successful path. The old code does not trigger because +cred_handle is now reassigned, so the default credential is leaked. + +Reported by Pavel Březina. + +(a minimal alternative to commit 593e16448e1af23eef74689afe06a7bcc86e79c7) + +ticket: 9016 +version_fixed: 1.18.4 + +(cherry picked from commit b92be484630b38e26f5ee4bd67973fbd7627009c) +--- + src/lib/gssapi/krb5/inq_cred.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/src/lib/gssapi/krb5/inq_cred.c b/src/lib/gssapi/krb5/inq_cred.c +index a8f2541102..cd8384d08c 100644 +--- a/src/lib/gssapi/krb5/inq_cred.c ++++ b/src/lib/gssapi/krb5/inq_cred.c +@@ -197,9 +197,7 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, + mechs = GSS_C_NO_OID_SET; + } + +- if (cred_handle == GSS_C_NO_CREDENTIAL) +- krb5_gss_release_cred(minor_status, (gss_cred_id_t *)&cred); +- ++ krb5_gss_release_cred(minor_status, &defcred); + krb5_free_context(context); + *minor_status = 0; + return((lifetime == 0)?GSS_S_CREDENTIALS_EXPIRED:GSS_S_COMPLETE); +-- +2.44.0 + diff --git a/SPECS/krb5.spec b/SPECS/krb5.spec index 6b44f1f..3f7176d 100644 --- a/SPECS/krb5.spec +++ b/SPECS/krb5.spec @@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.18.2 # for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces) -Release: 27%{?dist} +Release: 28%{?dist} # lookaside-cached sources; two downloads and a build artifact Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}.tar.gz @@ -104,6 +104,7 @@ Patch158: End-connection-on-KDC_ERR_SVC_UNAVAILABLE.patch Patch159: Add-request_timeout-configuration-parameter.patch Patch160: Wait-indefinitely-on-KDC-TCP-connections.patch Patch161: Fix-two-unlikely-memory-leaks.patch +Patch162: Fix-defcred-leak-in-krb5-gss_inquire_cred.patch License: MIT URL: http://web.mit.edu/kerberos/www/ @@ -714,6 +715,10 @@ exit 0 %{_libdir}/libkadm5srv_mit.so.* %changelog +* Tue Apr 09 2024 Julien Rische - 1.18.2-28 +- Fix leak of default credentials in gss_inquire_cred() + Resolves: RHEL-32258 + * Thu Mar 21 2024 Julien Rische - 1.18.2-27 - Fix memory leak in GSSAPI interface Resolves: RHEL-27250