packages/krb5
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix uncommon PKINIT memory leak

Browse Source
This commit is contained in:
yanshuai01 2024-08-28 10:08:35 +08:00
parent 43ec96937c
commit 02466bccfe
2 changed files with 63 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
backport-Fix-uncommon-PKINIT-memory-leak.patch Normal file
View File

@ -0,0 +1,58 @@
From 441736872285e6538e6b6c78eab60862d3b6dcaa Mon Sep 17 00:00:00 2001
From: sashan <anedvedicky@gmail.com>
Date: Sun, 29 May 2022 10:32:57 +0200
Subject: [PATCH] Fix uncommon PKINIT memory leak
PKINIT per-request module data objects are normally created by
pkinit_server_verify_padata() and freed by
pkinit_server_return_padata(). In some unusual circumstances, the KDC
may not call the return_padata method after verification succeeds.
Add a free_modreq method and free the object there instead.
[ghudson@mit.edu: rewrote commit message]
(cherry picked from commit 883415036a4b4e0372b84a5a6e46c10b3a67aba0)
ticket: 9065
version_fixed: 1.19.4
---
src/plugins/preauth/pkinit/pkinit_srv.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/plugins/preauth/pkinit/pkinit_srv.c b/src/plugins/preauth/pkinit/pkinit_srv.c
index 3ae56c0..26fcccc 100644
--- a/src/plugins/preauth/pkinit/pkinit_srv.c
+++ b/src/plugins/preauth/pkinit/pkinit_srv.c
@@ -1026,7 +1026,6 @@ pkinit_server_return_padata(krb5_context context,
(*send_pa)->contents = (krb5_octet *) out_data->data;
cleanup:
- pkinit_fini_kdc_req_context(context, reqctx);
free(scratch.data);
free(out_data);
if (encoded_dhkey_info != NULL)
@@ -1615,6 +1614,13 @@ pkinit_fini_kdc_req_context(krb5_context context, void *ctx)
free(reqctx);
}
+static void
+pkinit_free_modreq(krb5_context context, krb5_kdcpreauth_moddata moddata,
+ krb5_kdcpreauth_modreq modreq)
+{
+ pkinit_fini_kdc_req_context(context, modreq);
+}
+
krb5_error_code
kdcpreauth_pkinit_initvt(krb5_context context, int maj_ver, int min_ver,
krb5_plugin_vtable vtable);
@@ -1636,5 +1642,6 @@ kdcpreauth_pkinit_initvt(krb5_context context, int maj_ver, int min_ver,
vt->edata = pkinit_server_get_edata;
vt->verify = pkinit_server_verify_padata;
vt->return_padata = pkinit_server_return_padata;
+ vt->free_modreq = pkinit_free_modreq;
return 0;
}
--
2.27.0

6
krb5.spec
View File

@ -3,7 +3,7 @@
Name: krb5 Name: krb5
Version: 1.19.2 Version: 1.19.2
Release: 19 Release: 20
Summary: The Kerberos network authentication protocol Summary: The Kerberos network authentication protocol
License: MIT License: MIT
URL: http://web.mit.edu/kerberos/www/ URL: http://web.mit.edu/kerberos/www/
@ -57,6 +57,7 @@ Patch33: backport-Add-a-simple-DER-support-header.patch
Patch34: backport-CVE-2024-37370-CVE-2024-37371-Fix-vulnerabilities-in-GSS-message-token-handling.patch Patch34: backport-CVE-2024-37370-CVE-2024-37371-Fix-vulnerabilities-in-GSS-message-token-handling.patch
Patch35: Fix-memory-leak-in-OTP-kdcpreauth-module.patch Patch35: Fix-memory-leak-in-OTP-kdcpreauth-module.patch
Patch36: backport-Change-krb5_get_credentials-endtime-behavior.patch Patch36: backport-Change-krb5_get_credentials-endtime-behavior.patch
Patch37: backport-Fix-uncommon-PKINIT-memory-leak.patch
BuildRequires: gettext BuildRequires: gettext
BuildRequires: gcc make automake autoconf pkgconfig pam-devel libselinux-devel byacc BuildRequires: gcc make automake autoconf pkgconfig pam-devel libselinux-devel byacc
@ -349,6 +350,9 @@ make -C src check || :
%changelog %changelog
* Wed Aug 28 2024 yanshuai <yanshuai01@kylinos.cn> - 1.19.2-20
- Fix uncommon PKINIT memory leak
* Thu Aug 15 2024 yixiangzhike <yixiangzhike007@163.com> - 1.19.2-19 * Thu Aug 15 2024 yixiangzhike <yixiangzhike007@163.com> - 1.19.2-19
- Change krb5_get_credentials() endtime behavior - Change krb5_get_credentials() endtime behavior