ldap_child: make sure invalid krb5 context is not used
This commit is contained in:
wjiang
parent
56658fd288
commit
b8cb2f3eef
33
backport-Make-sure-invalid-krb5-context-is-not-used.patch
Normal file
33
backport-Make-sure-invalid-krb5-context-is-not-used.patch
Normal file
@ -0,0 +1,33 @@
|
||||
From bdfb92012d6dec2999469d483ba67d6c2521a078 Mon Sep 17 00:00:00 2001
|
||||
From: Sumit Bose <sbose@redhat.com>
|
||||
Date: Thu, 21 Nov 2024 09:23:36 +0100
|
||||
Subject: [PATCH] ldap_child: make sure invalid krb5 context is not used -
|
||||
2.9.4
|
||||
|
||||
Resolves: https://github.com/SSSD/sssd/issues/7715
|
||||
---
|
||||
src/util/sss_krb5.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c
|
||||
index 3f57e5b268f..0b83142ddfc 100644
|
||||
--- a/src/util/sss_krb5.c
|
||||
+++ b/src/util/sss_krb5.c
|
||||
@@ -115,6 +115,7 @@ errno_t select_principal_from_keytab(TALLOC_CTX *mem_ctx,
|
||||
|
||||
kerr = sss_krb5_init_context(&krb_ctx);
|
||||
if (kerr) {
|
||||
+ krb_ctx = NULL;
|
||||
DEBUG(SSSDBG_OP_FAILURE, "Failed to init Kerberos context\n");
|
||||
ret = EFAULT;
|
||||
goto done;
|
||||
@@ -248,7 +249,7 @@ errno_t select_principal_from_keytab(TALLOC_CTX *mem_ctx,
|
||||
}
|
||||
|
||||
done:
|
||||
- if (ret != EOK) {
|
||||
+ if (ret != EOK && krb_ctx != NULL) {
|
||||
DEBUG(SSSDBG_FATAL_FAILURE, "Failed to read keytab [%s]: %s\n",
|
||||
KEYTAB_CLEAN_NAME, strerror(ret));
|
||||
sss_log(SSS_LOG_ERR, "Failed to read keytab [%s]: %s\n",
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
Name: sssd
|
||||
Version: 2.2.2
|
||||
Release: 19
|
||||
Release: 20
|
||||
Summary: System Security Services Daemon
|
||||
License: GPLv3+ and LGPLv3+
|
||||
URL: https://pagure.io/SSSD/sssd/
|
||||
@ -21,6 +21,7 @@ Patch11: backport-avoid-NULL-deref-in-monitor_service_shutdow.patch
|
||||
Patch12: backport-UTILS-inotify-avoid-potential-NULL-deref.patch
|
||||
Patch13: backport-RESPONDER-use-proper-context-for-getDomains.patch
|
||||
Patch14: backport-TOOLS-mistype-fix.patch
|
||||
Patch15: backport-Make-sure-invalid-krb5-context-is-not-used.patch
|
||||
|
||||
Requires: python3-sssd = %{version}-%{release}
|
||||
Requires: libldb
|
||||
@ -594,6 +595,9 @@ fi
|
||||
%{_libdir}/%{name}/modules/libwbclient.so
|
||||
|
||||
%changelog
|
||||
* Thu Dec 05 2024 wangjiang <app@cameyan.com> - 2.2.2-20
|
||||
- backport make sure invalid krb5 context is not used
|
||||
|
||||
* Tue Dec 03 2024 wangjiang <app@cameyan.com> - 2.2.2-19
|
||||
- backport upstream patches
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user