Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound?
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
This commit is contained in:
Fabiano Fidêncio
parent
3115154117
commit
209701ef7f
34
0035-nss-idmap-do-not-set-a-limit.patch
Normal file
34
0035-nss-idmap-do-not-set-a-limit.patch
Normal file
@ -0,0 +1,34 @@
|
||||
From b489dcc998fc305f3a0a43b6484c042065320001 Mon Sep 17 00:00:00 2001
|
||||
From: Sumit Bose <sbose@redhat.com>
|
||||
Date: Wed, 18 Apr 2018 10:20:06 +0200
|
||||
Subject: [PATCH] nss-idmap: do not set a limit
|
||||
|
||||
If the limit is set the needed size to return all groups cannot be
|
||||
returned.
|
||||
|
||||
Related to https://pagure.io/SSSD/sssd/issue/3715
|
||||
|
||||
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
||||
(cherry picked from commit 46a4c265629d9b725c41f22849741ce7342bdd85)
|
||||
---
|
||||
src/sss_client/idmap/sss_nss_ex.c | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/sss_client/idmap/sss_nss_ex.c b/src/sss_client/idmap/sss_nss_ex.c
|
||||
index c00e64cc4..b87b5e3b2 100644
|
||||
--- a/src/sss_client/idmap/sss_nss_ex.c
|
||||
+++ b/src/sss_client/idmap/sss_nss_ex.c
|
||||
@@ -96,7 +96,9 @@ errno_t sss_nss_mc_get(struct nss_input *inp)
|
||||
inp->result.initgrrep.start,
|
||||
inp->result.initgrrep.ngroups,
|
||||
&(inp->result.initgrrep.groups),
|
||||
- *(inp->result.initgrrep.ngroups));
|
||||
+ /* no limit so that needed size can
|
||||
+ * be returned properly */
|
||||
+ -1);
|
||||
break;
|
||||
default:
|
||||
return EINVAL;
|
||||
--
|
||||
2.14.3
|
||||
|
||||
@ -0,0 +1,69 @@
|
||||
From b24ef81656fc3d0dce49b1756ba53c46b5881a14 Mon Sep 17 00:00:00 2001
|
||||
From: Sumit Bose <sbose@redhat.com>
|
||||
Date: Wed, 18 Apr 2018 10:23:22 +0200
|
||||
Subject: [PATCH] nss-idmap: use right group list pointer after sss_get_ex()
|
||||
|
||||
If the initial array is too small it will be reallocated during
|
||||
sss_get_ex() and the pointer might change and the initial memory area
|
||||
should not be used anymore.
|
||||
|
||||
Related to https://pagure.io/SSSD/sssd/issue/3715
|
||||
|
||||
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
||||
(cherry picked from commit 2c4dc7a4d98c439c69625f12ba4c3c8253f4cc5b)
|
||||
---
|
||||
src/sss_client/idmap/sss_nss_ex.c | 18 +++++++++---------
|
||||
1 file changed, 9 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/src/sss_client/idmap/sss_nss_ex.c b/src/sss_client/idmap/sss_nss_ex.c
|
||||
index b87b5e3b2..971422063 100644
|
||||
--- a/src/sss_client/idmap/sss_nss_ex.c
|
||||
+++ b/src/sss_client/idmap/sss_nss_ex.c
|
||||
@@ -485,7 +485,6 @@ int sss_nss_getgrouplist_timeout(const char *name, gid_t group,
|
||||
uint32_t flags, unsigned int timeout)
|
||||
{
|
||||
int ret;
|
||||
- gid_t *new_groups;
|
||||
long int new_ngroups;
|
||||
long int start = 1;
|
||||
struct nss_input inp = {
|
||||
@@ -498,27 +497,28 @@ int sss_nss_getgrouplist_timeout(const char *name, gid_t group,
|
||||
}
|
||||
|
||||
new_ngroups = MAX(1, *ngroups);
|
||||
- new_groups = malloc(new_ngroups * sizeof(gid_t));
|
||||
- if (new_groups == NULL) {
|
||||
+ inp.result.initgrrep.groups = malloc(new_ngroups * sizeof(gid_t));
|
||||
+ if (inp.result.initgrrep.groups == NULL) {
|
||||
free(discard_const(inp.rd.data));
|
||||
return ENOMEM;
|
||||
}
|
||||
- new_groups[0] = group;
|
||||
+ inp.result.initgrrep.groups[0] = group;
|
||||
|
||||
- inp.result.initgrrep.groups = new_groups,
|
||||
inp.result.initgrrep.ngroups = &new_ngroups;
|
||||
inp.result.initgrrep.start = &start;
|
||||
|
||||
-
|
||||
+ /* inp.result.initgrrep.groups, inp.result.initgrrep.ngroups and
|
||||
+ * inp.result.initgrrep.start might be modified by sss_get_ex() */
|
||||
ret = sss_get_ex(&inp, flags, timeout);
|
||||
free(discard_const(inp.rd.data));
|
||||
if (ret != 0) {
|
||||
- free(new_groups);
|
||||
+ free(inp.result.initgrrep.groups);
|
||||
return ret;
|
||||
}
|
||||
|
||||
- memcpy(groups, new_groups, MIN(*ngroups, start) * sizeof(gid_t));
|
||||
- free(new_groups);
|
||||
+ memcpy(groups, inp.result.initgrrep.groups,
|
||||
+ MIN(*ngroups, start) * sizeof(gid_t));
|
||||
+ free(inp.result.initgrrep.groups);
|
||||
|
||||
if (start > *ngroups) {
|
||||
ret = ERANGE;
|
||||
--
|
||||
2.14.3
|
||||
|
||||
@ -76,6 +76,8 @@ Patch0031: 0031-sssctl-move-check-for-version-error-to-correct-place.patch
|
||||
Patch0032: 0032-MAN-Add-sss-certmap-man-page-regarding-priority-proc.patch
|
||||
Patch0033: 0033-SDAP-Improve-a-DEBUG-message-about-GC-detection.patch
|
||||
Patch0034: 0034-MAN-Improve-docs-about-GC-detection.patch
|
||||
Patch0035: 0035-nss-idmap-do-not-set-a-limit.patch
|
||||
Patch0036: 0036-nss-idmap-use-right-group-list-pointer-after-sss_get.patch
|
||||
|
||||
Patch0502: 0502-SYSTEMD-Use-capabilities.patch
|
||||
Patch0503: 0503-Disable-stopping-idle-socket-activated-responders.patch
|
||||
@ -1293,6 +1295,8 @@ fi
|
||||
- Resolves: upstream#3469 - extend sss-certmap man page regarding priority
|
||||
processing
|
||||
- Improve docs/debug message about GC detection
|
||||
- Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes
|
||||
list out of bound?
|
||||
|
||||
* Fri Mar 30 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-2
|
||||
- Resolves: upstream#3573 - sssd won't show netgroups with blank domain
|
||||
|
||||
Loading…
Reference in New Issue
Block a user