[Pkg-freeipa-devel] certmonger: Changes to 'master'

Timo Aaltonen tjaalton at moszumanska.debian.org
Wed Dec 9 18:39:03 UTC 2015


 certmonger.spec  |    6 +++++-
 configure.ac     |    2 +-
 debian/changelog |    6 ++++++
 src/certext.c    |   12 ++++++++++--
 src/submit-e.c   |    5 +++++
 5 files changed, 27 insertions(+), 4 deletions(-)

New commits:
commit 3379b42c3c76f72d1c4eefa93cb36127442c41c0
Author: Timo Aaltonen <tjaalton at debian.org>
Date:   Wed Dec 9 20:03:52 2015 +0200

    releasing package certmonger version 0.78.5-1

diff --git a/debian/changelog b/debian/changelog
index 31d0435..e35609a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+certmonger (0.78.5-1) unstable; urgency=medium
+
+  * New upstream release.
+
+ -- Timo Aaltonen <tjaalton at debian.org>  Wed, 09 Dec 2015 15:09:24 +0200
+
 certmonger (0.78.4-1) unstable; urgency=medium
 
   * New upstream release.

commit 2a248fd3170ee684e6e0d6fe93516c4cd02f3b04
Author: Nalin Dahyabhai <nalin at redhat.com>
Date:   Thu Nov 12 17:52:50 2015 -0500

    tag 0.78.5

diff --git a/certmonger.spec b/certmonger.spec
index 2850554..1038ec0 100644
--- a/certmonger.spec
+++ b/certmonger.spec
@@ -25,7 +25,7 @@
 %endif
 
 Name:		certmonger
-Version:	0.78.4
+Version:	0.78.5
 Release:	1%{?dist}
 Summary:	Certificate status monitor and PKI enrollment client
 
@@ -242,6 +242,10 @@ exit 0
 %endif
 
 %changelog
+* Thu Nov 12 2015 Nalin Dahyabhai <nalin at redhat.com> 0.78.5-1
+- fix a possible uninitialized memory read (possibly #1260871)
+- log a diagnostic error when we fail to initialize libkrb5
+
 * Tue Aug  4 2015 Nalin Dahyabhai <nalin at redhat.com> 0.78.4-1
 - fix the "getcert start-tracking" -L and -l options (#1249753)
 - output diagnostics about the second request when scep-submit encounters an
diff --git a/configure.ac b/configure.ac
index 986169b..91e71f0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-AC_INIT(certmonger,0.78.4)
+AC_INIT(certmonger,0.78.5)
 AM_INIT_AUTOMAKE([foreign subdir-objects])
 AC_CONFIG_MACRO_DIR(m4)
 AM_MAINTAINER_MODE([enable])

commit 5216e4b21f86654512a24fea5e51730293359194
Author: Nalin Dahyabhai <nalin at redhat.com>
Date:   Wed Sep 30 10:08:57 2015 -0400

    Log a diagnostic when we fail to initialize krb5
    
    Add a log message in the places where we previously didn't log anything
    when we had a problem initializing the Kerberos library.

diff --git a/src/certext.c b/src/certext.c
index 64ae05a..be610da 100644
--- a/src/certext.c
+++ b/src/certext.c
@@ -740,16 +740,18 @@ static char *
 cm_certext_parse_principal(void *parent, struct kerberos_principal_name *p)
 {
 	SECItem **comps;
+	krb5_error_code err;
 	krb5_context ctx;
 	krb5_principal_data princ;
 	char *unparsed, *ret;
 	int i, j;
 	unsigned long name_type;
 	void *tctx;
+
 	ret = NULL;
 	ctx = NULL;
 	tctx = talloc_new(parent);
-	if (krb5_init_context(&ctx) == 0) {
+	if ((err = krb5_init_context(&ctx)) == 0) {
 		memset(&princ, 0, sizeof(princ));
 		/* Copy the realm over. */
 		cm_certext_princ_set_realm(ctx, tctx, &princ,
@@ -783,6 +785,9 @@ cm_certext_parse_principal(void *parent, struct kerberos_principal_name *p)
 		}
 		talloc_free(tctx);
 		krb5_free_context(ctx);
+	} else {
+		cm_log(1, "Error %ld initializing Kerberos.\n",
+		       (long) err);
 	}
 	return ret;
 }
@@ -1026,6 +1031,7 @@ cm_certext_build_principal(struct cm_store_entry *entry, PLArenaPool *arena,
 {
 	SECItem *comp, **comps, encoded;
 	struct kerberos_principal_name p;
+	krb5_error_code err;
 	krb5_context ctx;
 	krb5_principal princ;
 	int i;
@@ -1034,7 +1040,9 @@ cm_certext_build_principal(struct cm_store_entry *entry, PLArenaPool *arena,
 		return NULL;
 	}
 	ctx = NULL;
-	if (krb5_init_context(&ctx) != 0) {
+	if ((err = krb5_init_context(&ctx)) != 0) {
+		cm_log(1, "Error %ld initializing Kerberos.\n",
+		       (long) err);
 		return NULL;
 	}
 	princ = NULL;

commit bc9dff88f1ffeeeb6141d7fa017e2a2fd9e2f2f7
Author: Nalin Dahyabhai <nalin at redhat.com>
Date:   Tue Sep 8 14:45:27 2015 -0400

    Fix a possible uninitialized memory read
    
    Fix an error where we might try to read from an uninitialized pointer
    when trying to determine if a CA helper produced any useful data.  This
    might be the root cause of Red Hat bug #1260871.

diff --git a/src/submit-e.c b/src/submit-e.c
index 6997b43..991e580 100644
--- a/src/submit-e.c
+++ b/src/submit-e.c
@@ -963,6 +963,11 @@ cm_submit_e_start_or_resume(struct cm_store_ca *ca,
 		state->done = cm_submit_e_done;
 		state->delay = -1;
 		estate = talloc_ptrtype(state, estate);
+		if (estate == NULL) {
+			talloc_free(state);
+			return NULL;
+		}
+		memset(estate, 0, sizeof(*estate));
 		estate->phase = running_helper;
 		estate->ca = ca;
 		estate->entry = entry;



More information about the Pkg-freeipa-devel mailing list