rpms/krb5/FC-3 krb5-1.3.3-rcp-markus.patch, NONE, 1.1 krb5-1.4.1-fclose.patch, NONE, 1.1 krb5.spec, 1.36, 1.37
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Jun 24 20:28:25 UTC 2005
- Previous message (by thread): rpms/krb5/FC-4 krb5-1.3.3-rcp-markus.patch, NONE, 1.1 krb5-1.4.1-fclose.patch, NONE, 1.1 krb5.spec, 1.52, 1.53
- Next message (by thread): rpms/krb5/devel krb5-1.3.3-rcp-markus.patch, NONE, 1.1 krb5-1.4.1-fclose.patch, NONE, 1.1 krb5.spec, 1.52, 1.53
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: nalin
Update of /cvs/dist/rpms/krb5/FC-3
In directory cvs.devel.redhat.com:/tmp/cvs-serv26108/FC-3
Modified Files:
krb5.spec
Added Files:
krb5-1.3.3-rcp-markus.patch krb5-1.4.1-fclose.patch
Log Message:
- fix double-close in keytab handling
- add port of fixes for CAN-2004-0175 to krb5-aware rcp
krb5-1.3.3-rcp-markus.patch:
krcp.c | 6 ++++++
v4rcp.c | 6 ++++++
2 files changed, 12 insertions(+)
--- NEW FILE krb5-1.3.3-rcp-markus.patch ---
Fix for CAN-2004-0175, based on Markus Friedl's fix for OpenSSH scp.
--- krb5-1.3.3/src/appl/bsd/krcp.c 2003-05-12 18:20:15.000000000 -0400
+++ krb5-1.3.3/src/appl/bsd/krcp.c 2004-04-13 12:01:31.000000000 -0400
@@ -1088,6 +1088,10 @@
size = size * 10 + (*cp++ - '0');
if (*cp++ != ' ')
SCREWUP("size not delimited");
+ if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) {
+ error("error: unexpected filename: %s", cp);
+ exit(1);
+ }
if (targisdir) {
if(strlen(targ) + strlen(cp) + 2 >= sizeof(nambuf))
SCREWUP("target name too long");
@@ -1101,6 +1105,8 @@
nambuf[sizeof(nambuf) - 1] = '\0';
exists = stat(nambuf, &stb) == 0;
if (cmdbuf[0] == 'D') {
+ if (!iamrecursive)
+ SCREWUP("received directory without -r");
if (exists) {
if ((stb.st_mode&S_IFMT) != S_IFDIR) {
errno = ENOTDIR;
--- krb5-1.3.3/src/appl/bsd/v4rcp.c 2002-07-12 16:21:31.000000000 -0400
+++ krb5-1.3.3/src/appl/bsd/v4rcp.c 2004-04-13 12:01:53.000000000 -0400
@@ -801,6 +801,10 @@
size = size * 10 + (*cp++ - '0');
if (*cp++ != ' ')
SCREWUP("size not delimited");
+ if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) {
+ error("error: unexpected filename: %s", cp);
+ exit(1);
+ }
if (targisdir) {
if (strlen(targ) + strlen(cp) + 1 < sizeof(nambuf)) {
(void) sprintf(nambuf, "%s%s%s", targ,
@@ -817,6 +821,8 @@
nambuf[sizeof(nambuf)-1] = '\0';
exists = stat(nambuf, &stb) == 0;
if (cmdbuf[0] == 'D') {
+ if (!iamrecursive)
+ SCREWUP("received directory without -r");
if (exists) {
if ((stb.st_mode&S_IFMT) != S_IFDIR) {
errno = ENOTDIR;
krb5-1.4.1-fclose.patch:
kt_file.c | 7 +++++--
1 files changed, 5 insertions(+), 2 deletions(-)
--- NEW FILE krb5-1.4.1-fclose.patch ---
Ensure that we don't accidentally attempt to use or fclose() a file which we
have already fclose()d.
--- krb5-1.4.1/src/lib/krb5/keytab/kt_file.c 2004-12-03 20:42:57.000000000 -0500
+++ krb5-1.4.1/src/lib/krb5/keytab/kt_file.c 2005-06-15 17:48:20.000000000 -0400
@@ -1099,17 +1099,19 @@
kt_vno = htons(krb5_kt_default_vno);
KTVERSION(id) = krb5_kt_default_vno;
if (!xfwrite(&kt_vno, sizeof(kt_vno), 1, KTFILEP(id))) {
- kerror = errno;
+ kerror = errno ? errno : EIO;
(void) krb5_unlock_file(context, fileno(KTFILEP(id)));
(void) fclose(KTFILEP(id));
+ KTFILEP(id) = 0;
return kerror;
}
} else {
/* gotta verify it instead... */
if (!xfread(&kt_vno, sizeof(kt_vno), 1, KTFILEP(id))) {
- kerror = errno;
+ kerror = errno ? errno : EIO;
(void) krb5_unlock_file(context, fileno(KTFILEP(id)));
(void) fclose(KTFILEP(id));
+ KTFILEP(id) = 0;
return kerror;
}
kt_vno = KTVERSION(id) = ntohs(kt_vno);
@@ -1117,6 +1119,7 @@
(kt_vno != KRB5_KT_VNO_1)) {
(void) krb5_unlock_file(context, fileno(KTFILEP(id)));
(void) fclose(KTFILEP(id));
+ KTFILEP(id) = 0;
return KRB5_KEYTAB_BADVNO;
}
}
Index: krb5.spec
===================================================================
RCS file: /cvs/dist/rpms/krb5/FC-3/krb5.spec,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -r1.36 -r1.37
--- krb5.spec 28 Mar 2005 18:33:46 -0000 1.36
+++ krb5.spec 24 Jun 2005 20:28:22 -0000 1.37
@@ -7,7 +7,7 @@
Summary: The Kerberos network authentication system.
Name: krb5
Version: 1.3.6
-Release: 5
+Release: 6
# Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/www/dist/krb5/1.3/krb5-1.3.5.tar
Source0: krb5-%{version}.tar.gz
@@ -59,6 +59,8 @@
Patch30: krb5-1.3.4-send-pr-tempfile.patch
Patch32: krb5-MITKRB5SA-2005-001.patch
Patch33: krb5-1.3.6-gcc4.patch
+Patch34: krb5-1.3.3-rcp-markus.patch
+Patch35: krb5-1.4.1-fclose.patch
License: MIT, freely distributable.
URL: http://web.mit.edu/kerberos/www/
Group: System Environment/Libraries
@@ -123,6 +125,10 @@
workstation.
%changelog
+* Fri Jun 24 2005 Nalin Dahyabhai <nalin at redhat.com> 1.3.6-6
+- fix double-close in keytab handling
+- add port of fixes for CAN-2004-0175 to krb5-aware rcp
+
* Mon Mar 28 2005 Nalin Dahyabhai <nalin at redhat.com> 1.3.6-5
- rebuild
@@ -797,6 +803,8 @@
%patch32 -p0 -b .MITKRB5SA-2005-001
popd
%patch33 -p1 -b .gcc4
+%patch34 -p1 -b .rcp-markus
+%patch35 -p1 -b .fclose
cp src/krb524/README README.krb524
find . -type f -name "*.info-dir" -exec rm -fv "{}" ";"
gzip doc/*.ps
- Previous message (by thread): rpms/krb5/FC-4 krb5-1.3.3-rcp-markus.patch, NONE, 1.1 krb5-1.4.1-fclose.patch, NONE, 1.1 krb5.spec, 1.52, 1.53
- Next message (by thread): rpms/krb5/devel krb5-1.3.3-rcp-markus.patch, NONE, 1.1 krb5-1.4.1-fclose.patch, NONE, 1.1 krb5.spec, 1.52, 1.53
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list