回合上游社区补丁,补丁数量：6

待合入补丁列表
1.  **0a23b0cd9466e8a7c6fb82fce185be6e0834ce26** 
Fix krb5_ldap_list_policy() filtering loop

The loop at the end of this function is intended to ignore ticket
policy DNs that can't be converted to names. But it instead leaves a
hole in the output list if that happens, effectively truncating the
list and leaking any subsequent entries. Use the correct index for
the output list.

ticket: 9148 (new)

2.  **aac785e5e050415f8b8cb29059d2f658f755e7e7** 
Fix type violation in libkrad

remote.c uses casts to cover up a signature difference between
iterator() and krad_packet_iter_cb. The difference is unimportant in
typical platform ABIs, but calling the function this way is undefined
behavior (C99 6.3.2.8). Fix iterator() to conform to
krad_packet_iter_cb and remove the casts.

3. **3b57de1b68f31fa297d91e8b00bd91587d71fd02**

Fix various small logic errors

Correct five logic errors (all unlikely to manifest as user-visible
bugs) found by static analysis. Reported by Valery Fedorenko.

4. **d09433aed821d40142b10dc5b4a0aa8110c5a09e** 
Prevent undefined shift in decode_krb5_flags()

In the statement f |= bits[i] << (8 * (3 - i)), bits[i] is
implicitly promoted from uint8_t to int according to the integer
promotion rules (C99 6.3.1.1). If i is 0 and bits[i] >= 128, the
result cannot be represented as an int and the behavior of the shift
is undefined (C99 6.5.7). To ensure that the shift operation is
defined, cast bits[i] to uint32_t.

(f and the function output are int32_t, but the conversion of uint32_t
to int32_t is implementation-defined when the value cannot be
represented, not undefined. We check in configure.ac that the
platform is two's complement.)

(Discovered by OSS-Fuzz.)

5. **85c93922232300b0316546a2fc6dd93c7e2906cd**

Fix LDAP module leak on authentication error

In initialize_server(), unbind the server handle if authenticate()
fails.

[ghudson@mit.edu: rewrote commit message]

ticket: 9153 (new)

6. **e50f46b210ddafe85cc917e2571516ade46bc65f** 
Fix minor logic errors

In k5_externalize_auth_context(), serialize the correct field when
remote_port is set. This is not a reachable bug because the function
is only accessible via gss_export_sec_context(), and the GSS library
does not set a remote port.

In generic_gss_oid_to_str(), remove an inconsistently-applied test for
a null minor_status. Also remove minor_status null checks from
generic_gss_release_oid() and generic_gss_str_to_oid(), but add output
initializations and pointer checks to the API functions in g_oid_ops.c
in a similar manner to other GSSAPI functions. Remove
gssint_copy_oid_set() and replace its one call with a call to
generic_gss_copy_oid_set().

In the checksum functions, avoid crashing if the caller passes a null
key and checksum type 0. An error will be returned instead when
find_cksumtype() can't find the checksum type.
(krb5_k_verify_checksum() already had this check.)

In pkinit_open_session(), remove an unnecessary null check for
ctx->p11_module_name, and add a check for p11name being null due to an
asprintf() failure.

In profile_add_node(), add a check for null ret_node in the duplicate
subsection check. This is not a reachable bug because the function is
currently never called with null ret_node and null value.

In ksu's main(), check for krb5_cc_default_name() returning NULL
(which only happens on allocation failure). Also clean up some
vestiges left behind by commit
9ebae7cb434b9b177c0af85c67a6d6267f46bc68.

In ksu's get_authorized_princ_names(), close login_fp if we fail to
open k5users_path.

In the KDC and kpropd write_pid_file(), avoid briefly leaking the file
handle on write failure.

Reported by Valery Fedorenko.

src-openEuler/krb5

内容风险标识

评论 (6)

src-openEuler/krb5 .gitee-modal { width: 500px !important; }

内容风险标识