rpms/sssd
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
68ef824a5f
sssd/0002-krb5-locator-fix-IPv6-support.patch
Fabiano Fidêncio 68ef824a5f Resolves: upstream#3766 - CVE-2018-10852: information leak from the sssd-sudo responder 
And also ...

- Related: upstream#941 - return multiple server addresses to the Kerberos
                          locator plugin
- Related: upstream#3652 - kdcinfo doesn't get populated for other domains
- Resolves: upstream#3747 - sss_ssh_authorizedkeys exits abruptly if SSHD
                            closes its end of the pipe before reading all the
                            SSH keys
- Resolves: upstream#3607 - Handle conflicting e-mail addresses more gracefully
- Resolves: upstream#3754 - SSSD AD uses LDAP filter to detect POSIX attributes
                            stored in AD GC also for regular AD DC queries
- Related: upstream#3219 - [RFE] Regular expression used in sssd.conf not being
                           able to consume an @-sign in the user/group name.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-06-25 09:38:16 +02:00

66 lines
2.3 KiB
Diff
Raw Blame History

From 45a48b9a73f39e9ef9e622dbcf87cc05a2a54e40 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Tue, 22 May 2018 17:59:52 +0200
Subject: [PATCH] krb5 locator: fix IPv6 support
IPv6 addresses are added with surrounding '[' and ']' to the kdcinfo
file to be able to specify a port number properly. The Kerberos location
plugin didn't handle those entries properly.
Related to https://pagure.io/SSSD/sssd/issue/941
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 9f683246228848173c57ad02bde241bd761481ea)
---
src/krb5_plugin/sssd_krb5_locator_plugin.c | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
diff --git a/src/krb5_plugin/sssd_krb5_locator_plugin.c b/src/krb5_plugin/sssd_krb5_locator_plugin.c
index 82fb5c7b2ffa319ed250e54cdf9a0b6798d4ff51..58cac7f4b244903347e6f1811cd8de2d61281c4f 100644
--- a/src/krb5_plugin/sssd_krb5_locator_plugin.c
+++ b/src/krb5_plugin/sssd_krb5_locator_plugin.c
@@ -159,6 +159,8 @@ static int buf_to_addr_port_list(struct sssd_ctx *ctx,
uint8_t *pn;
size_t c;
size_t len;
+ size_t addr_len;
+ char *addr_str = NULL;
char *tmp = NULL;
char *port_str;
long port;
@@ -206,6 +208,9 @@ static int buf_to_addr_port_list(struct sssd_ctx *ctx,
port_str = strrchr(tmp, ':');
if (port_str == NULL) {
port = 0;
+ } else if (tmp[0] == '[' && *(port_str - 1) != ']') {
+ /* IPv6 address without port number */
+ port = 0;
} else {
*port_str = '\0';
++port_str;
@@ -239,9 +244,19 @@ static int buf_to_addr_port_list(struct sssd_ctx *ctx,
}
}
- PLUGIN_DEBUG(("Found [%s][%d].\n", tmp, port));
+ /* make sure tmp is not modified so that it can be freed later */
+ addr_str = tmp;
+ /* strip leading '[' and trailing ']' from IPv6 addresses */
+ if (addr_str[0] == '['
+ && (addr_len = strlen(addr_str))
+ && addr_str[addr_len - 1] == ']') {
+ addr_str[addr_len -1] = '\0';
+ addr_str++;
+ }
- l[c].addr = strdup(tmp);
+ PLUGIN_DEBUG(("Found [%s][%d].\n", addr_str, port));
+
+ l[c].addr = strdup(addr_str);
if (l[c].addr == NULL) {
ret = ENOMEM;
goto done;
--
2.17.1
Reference in New Issue View Git Blame Copy Permalink