[Pkg-freeipa-devel] certmonger: Changes to 'upstream'
Timo Aaltonen
tjaalton at moszumanska.debian.org
Wed Dec 9 18:39:03 UTC 2015
certmonger.spec | 6 +++++-
configure.ac | 2 +-
src/certext.c | 12 ++++++++++--
src/submit-e.c | 5 +++++
4 files changed, 21 insertions(+), 4 deletions(-)
New commits:
commit 2a248fd3170ee684e6e0d6fe93516c4cd02f3b04
Author: Nalin Dahyabhai <nalin at redhat.com>
Date: Thu Nov 12 17:52:50 2015 -0500
tag 0.78.5
diff --git a/certmonger.spec b/certmonger.spec
index 2850554..1038ec0 100644
--- a/certmonger.spec
+++ b/certmonger.spec
@@ -25,7 +25,7 @@
%endif
Name: certmonger
-Version: 0.78.4
+Version: 0.78.5
Release: 1%{?dist}
Summary: Certificate status monitor and PKI enrollment client
@@ -242,6 +242,10 @@ exit 0
%endif
%changelog
+* Thu Nov 12 2015 Nalin Dahyabhai <nalin at redhat.com> 0.78.5-1
+- fix a possible uninitialized memory read (possibly #1260871)
+- log a diagnostic error when we fail to initialize libkrb5
+
* Tue Aug 4 2015 Nalin Dahyabhai <nalin at redhat.com> 0.78.4-1
- fix the "getcert start-tracking" -L and -l options (#1249753)
- output diagnostics about the second request when scep-submit encounters an
diff --git a/configure.ac b/configure.ac
index 986169b..91e71f0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-AC_INIT(certmonger,0.78.4)
+AC_INIT(certmonger,0.78.5)
AM_INIT_AUTOMAKE([foreign subdir-objects])
AC_CONFIG_MACRO_DIR(m4)
AM_MAINTAINER_MODE([enable])
commit 5216e4b21f86654512a24fea5e51730293359194
Author: Nalin Dahyabhai <nalin at redhat.com>
Date: Wed Sep 30 10:08:57 2015 -0400
Log a diagnostic when we fail to initialize krb5
Add a log message in the places where we previously didn't log anything
when we had a problem initializing the Kerberos library.
diff --git a/src/certext.c b/src/certext.c
index 64ae05a..be610da 100644
--- a/src/certext.c
+++ b/src/certext.c
@@ -740,16 +740,18 @@ static char *
cm_certext_parse_principal(void *parent, struct kerberos_principal_name *p)
{
SECItem **comps;
+ krb5_error_code err;
krb5_context ctx;
krb5_principal_data princ;
char *unparsed, *ret;
int i, j;
unsigned long name_type;
void *tctx;
+
ret = NULL;
ctx = NULL;
tctx = talloc_new(parent);
- if (krb5_init_context(&ctx) == 0) {
+ if ((err = krb5_init_context(&ctx)) == 0) {
memset(&princ, 0, sizeof(princ));
/* Copy the realm over. */
cm_certext_princ_set_realm(ctx, tctx, &princ,
@@ -783,6 +785,9 @@ cm_certext_parse_principal(void *parent, struct kerberos_principal_name *p)
}
talloc_free(tctx);
krb5_free_context(ctx);
+ } else {
+ cm_log(1, "Error %ld initializing Kerberos.\n",
+ (long) err);
}
return ret;
}
@@ -1026,6 +1031,7 @@ cm_certext_build_principal(struct cm_store_entry *entry, PLArenaPool *arena,
{
SECItem *comp, **comps, encoded;
struct kerberos_principal_name p;
+ krb5_error_code err;
krb5_context ctx;
krb5_principal princ;
int i;
@@ -1034,7 +1040,9 @@ cm_certext_build_principal(struct cm_store_entry *entry, PLArenaPool *arena,
return NULL;
}
ctx = NULL;
- if (krb5_init_context(&ctx) != 0) {
+ if ((err = krb5_init_context(&ctx)) != 0) {
+ cm_log(1, "Error %ld initializing Kerberos.\n",
+ (long) err);
return NULL;
}
princ = NULL;
commit bc9dff88f1ffeeeb6141d7fa017e2a2fd9e2f2f7
Author: Nalin Dahyabhai <nalin at redhat.com>
Date: Tue Sep 8 14:45:27 2015 -0400
Fix a possible uninitialized memory read
Fix an error where we might try to read from an uninitialized pointer
when trying to determine if a CA helper produced any useful data. This
might be the root cause of Red Hat bug #1260871.
diff --git a/src/submit-e.c b/src/submit-e.c
index 6997b43..991e580 100644
--- a/src/submit-e.c
+++ b/src/submit-e.c
@@ -963,6 +963,11 @@ cm_submit_e_start_or_resume(struct cm_store_ca *ca,
state->done = cm_submit_e_done;
state->delay = -1;
estate = talloc_ptrtype(state, estate);
+ if (estate == NULL) {
+ talloc_free(state);
+ return NULL;
+ }
+ memset(estate, 0, sizeof(*estate));
estate->phase = running_helper;
estate->ca = ca;
estate->entry = entry;
More information about the Pkg-freeipa-devel
mailing list