packages/sssd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!142 backport upstream patches

Browse Source 
From: @wangjiang37 
Reviewed-by: @HuaxinLuGitee 
Signed-off-by: @HuaxinLuGitee
This commit is contained in:
openeuler-ci-bot 2024-06-19 01:12:08 +00:00 committed by Gitee
commit 0a8e8c7bd7
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
3 changed files with 118 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
backport-RESPONDER-use-proper-context-for-getDomains.patch Normal file
View File

@ -0,0 +1,55 @@
From 18f378921ed95dfd6a5e373c87712f7935247d71 Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Fri, 26 Apr 2024 14:04:50 +0200
Subject: [PATCH] RESPONDER: use proper context for getDomains()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Request was created on a long term responder context, but a callback
for this request tries to access memory that is allocated on a short
term client context. So if client disconnects before request is
completed, then callback dereferences already freed memory.
Resolves: https://github.com/SSSD/sssd/issues/7319
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reference:https://github.com/SSSD/sssd/commit/dc637c9730d0ba04a0d8aa2645ee537224cd4b19
Conflict:NA
---
src/responder/pac/pacsrv_cmd.c | 2 +-
src/responder/pam/pamsrv_cmd.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/responder/pac/pacsrv_cmd.c b/src/responder/pac/pacsrv_cmd.c
index e3aab88..29d5574 100644
--- a/src/responder/pac/pacsrv_cmd.c
+++ b/src/responder/pac/pacsrv_cmd.c
@@ -140,7 +140,7 @@ static errno_t pac_add_pac_user(struct cli_ctx *cctx)
ret = responder_get_domain_by_id(cctx->rctx, pr_ctx->user_dom_sid_str,
&pr_ctx->dom);
if (ret == EAGAIN || ret == ENOENT) {
- req = sss_dp_get_domains_send(cctx->rctx, cctx->rctx, true,
+ req = sss_dp_get_domains_send(cctx, cctx->rctx, true,
pr_ctx->domain_name);
if (req == NULL) {
ret = ENOMEM;
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
index 20c332b..1570304 100644
--- a/src/responder/pam/pamsrv_cmd.c
+++ b/src/responder/pam/pamsrv_cmd.c
@@ -1416,7 +1416,7 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd)
ret = pam_forwarder_parse_data(cctx, pd);
if (ret == EAGAIN) {
- req = sss_dp_get_domains_send(cctx->rctx, cctx->rctx, true, pd->domain);
+ req = sss_dp_get_domains_send(cctx, cctx->rctx, true, pd->domain);
if (req == NULL) {
ret = ENOMEM;
} else {
--
2.33.0

57
backport-UTILS-inotify-avoid-potential-NULL-deref.patch Normal file
View File

@ -0,0 +1,57 @@
From d24073823fa7d82726f631628923e9a5378d529d Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Mon, 18 Mar 2024 12:15:21 +0100
Subject: [PATCH] UTILS: inotify: avoid potential NULL deref
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Fixes following error:
```
Error: STRING_NULL (CWE-170):
sssd-2.9.1/src/util/inotify.c:298: string_null_source: Function ""read"" does not terminate string ""ev_buf"". [Note: The source code implementation of the function has been overridden by a builtin model.]
sssd-2.9.1/src/util/inotify.c:316: var_assign_var: Assigning: ""ptr"" = ""ev_buf"". Both now point to the same unterminated string.
sssd-2.9.1/src/util/inotify.c:320: var_assign_var: Assigning: ""in_event"" = ""ptr"". Both now point to the same unterminated string.
sssd-2.9.1/src/util/inotify.c:327: string_null: Passing unterminated string ""in_event->name"" to ""process_dir_event"", which expects a null-terminated string.
# 325|
# 326| if (snctx->wctx->dir_wd == in_event->wd) {
# 327|-> ret = process_dir_event(snctx, in_event);
# 328| } else if (snctx->wctx->file_wd == in_event->wd) {
# 329| ret = process_file_event(snctx, in_event);
```
-- it might be unsafe to dereference `in_event->name`
if `in_event->len == 0`
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reference:https://github.com/SSSD/sssd/commit/4085ee07926303aa26e46dfcc6dec87776432c62
Conflict:NA
---
src/util/inotify.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/util/inotify.c b/src/util/inotify.c
index a3c33ed..8192cfd 100644
--- a/src/util/inotify.c
+++ b/src/util/inotify.c
@@ -233,9 +233,13 @@ static errno_t process_dir_event(struct snotify_ctx *snctx,
{
errno_t ret;
+ if (in_event->len == 0) {
+ DEBUG(SSSDBG_TRACE_FUNC, "Not interested in nameless event\n");
+ return EOK;
+ }
+
DEBUG(SSSDBG_TRACE_ALL, "inotify name: %s\n", in_event->name);
- if (in_event->len == 0 \
- || strcmp(in_event->name, snctx->base_name) != 0) {
+ if (strcmp(in_event->name, snctx->base_name) != 0) {
DEBUG(SSSDBG_TRACE_FUNC, "Not interested in %s\n", in_event->name);
return EOK;
}
--
2.33.0

7
sssd.spec
View File

@ -1,6 +1,6 @@
Name: sssd
Version: 2.2.2
Release: 17
Release: 18
Summary: System Security Services Daemon
License: GPLv3+ and LGPLv3+
URL: https://pagure.io/SSSD/sssd/
@ -18,6 +18,8 @@ Patch8: backport-sssctl-sssctl_domains.c-null-dereference-fixed.patch
Patch9: backport-MONITOR-fix-socket_activated-flag-initialization.patch
Patch10: backport-CVE-2023-3758.patch
Patch11: backport-avoid-NULL-deref-in-monitor_service_shutdow.patch
Patch12: backport-UTILS-inotify-avoid-potential-NULL-deref.patch
Patch13: backport-RESPONDER-use-proper-context-for-getDomains.patch
Requires: python3-sssd = %{version}-%{release}
Requires: libldb
@ -591,6 +593,9 @@ fi
%{_libdir}/%{name}/modules/libwbclient.so
%changelog
* Tue Jun 18 2024 wangjiang <wangjiang37@h-partners.com> - 2.2.2-18
- backport upstream patches
* Mon May 27 2024 cenhuilin <cenhuilin@kylinos.cn> - 2.2.2-17
- monitor: avoid NULL deref in monitor_service_shutdown()