packages/krb5
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!177 【openEuler-20.03-LTS-SP4】Fix memory leak in OTP kdcpreauth module

Browse Source 
From: @yixiangzhike 
Reviewed-by: @HuaxinLuGitee 
Signed-off-by: @HuaxinLuGitee
This commit is contained in:
openeuler-ci-bot 2024-08-20 03:42:23 +00:00 committed by Gitee
commit 751fbbdba2
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 57 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
backport-Fix-memory-leak-in-OTP-kdcpreauth-module.patch Normal file
View File

@ -0,0 +1,52 @@
From 1166f1404c47af54f3d5b2533bb001fdadf6aadc Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Fri, 3 Jun 2022 14:30:42 -0400
Subject: [PATCH] Fix memory leak in OTP kdcpreauth module
In otp_edata(), free the generated nonce.
(cherry picked from commit 5ad465bc8e0d957a4945218bea487b77622bf433)
ticket: 9063
version_fixed: 1.20.1
---
src/plugins/preauth/otp/main.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/plugins/preauth/otp/main.c b/src/plugins/preauth/otp/main.c
index a1b6816..f4eedbe 100644
--- a/src/plugins/preauth/otp/main.c
+++ b/src/plugins/preauth/otp/main.c
@@ -211,7 +211,7 @@ otp_edata(krb5_context context, krb5_kdc_req *request,
krb5_pa_otp_challenge chl;
krb5_pa_data *pa = NULL;
krb5_error_code retval;
- krb5_data *encoding;
+ krb5_data *encoding, nonce = empty_data();
char *config;
/* Determine if otp is enabled for the user. */
@@ -239,9 +239,10 @@ otp_edata(krb5_context context, krb5_kdc_req *request,
ti.iteration_count = -1;
/* Generate the nonce. */
- retval = nonce_generate(context, armor_key->length, &chl.nonce);
+ retval = nonce_generate(context, armor_key->length, &nonce);
if (retval != 0)
goto out;
+ chl.nonce = nonce;
/* Build the output pa-data. */
retval = encode_krb5_pa_otp_challenge(&chl, &encoding);
@@ -258,6 +259,7 @@ otp_edata(krb5_context context, krb5_kdc_req *request,
free(encoding);
out:
+ krb5_free_data_contents(context, &nonce);
(*respond)(arg, retval, pa);
}
--
2.27.0

6
krb5.spec
View File

@ -3,7 +3,7 @@
Name: krb5
Version: 1.18.2
Release: 13
Release: 14
Summary: The Kerberos network authentication protocol
License: MIT
URL: http://web.mit.edu/kerberos/www/
@ -45,6 +45,7 @@ Patch22: backport-Fix-two-unlikely-memory-leaks.patch
Patch23: backport-Allow-modifications-of-empty-profiles.patch
Patch24: backport-Do-not-reload-a-modified-profile-data-object.patch
Patch25: backport-Change-krb5_get_credentials-endtime-behavior.patch
Patch26: backport-Fix-memory-leak-in-OTP-kdcpreauth-module.patch
BuildRequires: gettext
BuildRequires: gcc make automake autoconf pkgconfig pam-devel libselinux-devel byacc
@ -336,6 +337,9 @@ make -C src check || :
%{_mandir}/man8/*
%changelog
* Tue Aug 20 2024 yixiangzhike <yixiangzhike007@163.com> - 1.18.2-14
- Fix memory leak in OTP kdcpreauth module
* Thu Aug 15 2024 yixiangzhike <yixiangzhike007@163.com> - 1.18.2-13
- Change krb5_get_credentials() endtime behavior