From 02466bccfeda756f5b0a20dcc02c02a37fff09c6 Mon Sep 17 00:00:00 2001 From: yanshuai01 Date: Wed, 28 Aug 2024 10:08:35 +0800 Subject: [PATCH] fix uncommon PKINIT memory leak --- ...port-Fix-uncommon-PKINIT-memory-leak.patch | 58 +++++++++++++++++++ krb5.spec | 6 +- 2 files changed, 63 insertions(+), 1 deletion(-) create mode 100644 backport-Fix-uncommon-PKINIT-memory-leak.patch diff --git a/backport-Fix-uncommon-PKINIT-memory-leak.patch b/backport-Fix-uncommon-PKINIT-memory-leak.patch new file mode 100644 index 0000000..fa60b63 --- /dev/null +++ b/backport-Fix-uncommon-PKINIT-memory-leak.patch @@ -0,0 +1,58 @@ +From 441736872285e6538e6b6c78eab60862d3b6dcaa Mon Sep 17 00:00:00 2001 +From: sashan +Date: Sun, 29 May 2022 10:32:57 +0200 +Subject: [PATCH] Fix uncommon PKINIT memory leak + +PKINIT per-request module data objects are normally created by +pkinit_server_verify_padata() and freed by +pkinit_server_return_padata(). In some unusual circumstances, the KDC +may not call the return_padata method after verification succeeds. +Add a free_modreq method and free the object there instead. + +[ghudson@mit.edu: rewrote commit message] + +(cherry picked from commit 883415036a4b4e0372b84a5a6e46c10b3a67aba0) + +ticket: 9065 +version_fixed: 1.19.4 + +--- + src/plugins/preauth/pkinit/pkinit_srv.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/src/plugins/preauth/pkinit/pkinit_srv.c b/src/plugins/preauth/pkinit/pkinit_srv.c +index 3ae56c0..26fcccc 100644 +--- a/src/plugins/preauth/pkinit/pkinit_srv.c ++++ b/src/plugins/preauth/pkinit/pkinit_srv.c +@@ -1026,7 +1026,6 @@ pkinit_server_return_padata(krb5_context context, + (*send_pa)->contents = (krb5_octet *) out_data->data; + + cleanup: +- pkinit_fini_kdc_req_context(context, reqctx); + free(scratch.data); + free(out_data); + if (encoded_dhkey_info != NULL) +@@ -1615,6 +1614,13 @@ pkinit_fini_kdc_req_context(krb5_context context, void *ctx) + free(reqctx); + } + ++static void ++pkinit_free_modreq(krb5_context context, krb5_kdcpreauth_moddata moddata, ++ krb5_kdcpreauth_modreq modreq) ++{ ++ pkinit_fini_kdc_req_context(context, modreq); ++} ++ + krb5_error_code + kdcpreauth_pkinit_initvt(krb5_context context, int maj_ver, int min_ver, + krb5_plugin_vtable vtable); +@@ -1636,5 +1642,6 @@ kdcpreauth_pkinit_initvt(krb5_context context, int maj_ver, int min_ver, + vt->edata = pkinit_server_get_edata; + vt->verify = pkinit_server_verify_padata; + vt->return_padata = pkinit_server_return_padata; ++ vt->free_modreq = pkinit_free_modreq; + return 0; + } +-- +2.27.0 + diff --git a/krb5.spec b/krb5.spec index 633274c..e5441b1 100644 --- a/krb5.spec +++ b/krb5.spec @@ -3,7 +3,7 @@ Name: krb5 Version: 1.19.2 -Release: 19 +Release: 20 Summary: The Kerberos network authentication protocol License: MIT URL: http://web.mit.edu/kerberos/www/ @@ -57,6 +57,7 @@ Patch33: backport-Add-a-simple-DER-support-header.patch Patch34: backport-CVE-2024-37370-CVE-2024-37371-Fix-vulnerabilities-in-GSS-message-token-handling.patch Patch35: Fix-memory-leak-in-OTP-kdcpreauth-module.patch Patch36: backport-Change-krb5_get_credentials-endtime-behavior.patch +Patch37: backport-Fix-uncommon-PKINIT-memory-leak.patch BuildRequires: gettext BuildRequires: gcc make automake autoconf pkgconfig pam-devel libselinux-devel byacc @@ -349,6 +350,9 @@ make -C src check || : %changelog +* Wed Aug 28 2024 yanshuai - 1.19.2-20 +- Fix uncommon PKINIT memory leak + * Thu Aug 15 2024 yixiangzhike - 1.19.2-19 - Change krb5_get_credentials() endtime behavior -- Gitee