From 222449e0037bb71a4eaa4efde12105657f157df6 Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@dahyabhai.net>
Date: Nov 18 2013 22:18:38 +0000
Subject: Backport client loop fix from RT#7508


- backport fix to not spin on a short read when reading the length of a
  response over TCP (RT#7508, #1029674)

---

diff --git a/krb5-1.11.3-client-loop.patch b/krb5-1.11.3-client-loop.patch
new file mode 100644
index 0000000..f9b7c13
--- /dev/null
+++ b/krb5-1.11.3-client-loop.patch
@@ -0,0 +1,34 @@
+Tweaked for 1.11.3.
+
+commit 53e5c850e05f011e9e7f25c2032aec51d8b352a9
+Author: Viktor Dukhovni <viktor@twosigma.com>
+Date:   Tue Jun 25 12:27:42 2013 -0400
+
+    Fix spin loop reading from KDC TCP socket
+    
+    In the k5_sendto code for reading from a TCP socket, detect
+    end-of-stream when reading the length.  Otherwise we can get stuck in
+    an infinite loop of poll() and read().
+    
+    [ghudson@mit.edu: commit message]
+    
+    ticket: 7508
+    target_version: 1.11.4
+    tags: pullup
+
+diff --git a/src/lib/krb5/os/sendto_kdc.c b/src/lib/krb5/os/sendto_kdc.c
+index 3e4ec7e..3c31d9f 100644
+--- a/src/lib/krb5/os/sendto_kdc.c
++++ b/src/lib/krb5/os/sendto_kdc.c
+@@ -853,9 +853,9 @@ service_tcp_fd(krb5_context context, struct conn_state *conn,
+             nread = SOCKET_READ(conn->fd,
+                                 conn->x.in.bufsizebytes + conn->x.in.bufsizebytes_read,
+                                 4 - conn->x.in.bufsizebytes_read);
+-            if (nread < 0) {
++            if (nread <= 0) {
++                e = nread ? SOCKET_ERRNO : ECONNRESET;
+                 TRACE_SENDTO_KDC_TCP_ERROR_RECV_LEN(context, conn, e);
+-                e = SOCKET_ERRNO;
+                 goto kill_conn;
+             }
+             conn->x.in.bufsizebytes_read += nread;
diff --git a/krb5.spec b/krb5.spec
index 54718e3..2c6819d 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -32,7 +32,7 @@
 Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.11.3
-Release: 12%{?dist}
+Release: 13%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-1.11.3-signed.tar
 Source0: krb5-%{version}.tar.gz
@@ -102,6 +102,7 @@ Patch137: krb5-1.11.3-prompter2.patch
 Patch138: krb5-1.11.3-gss-ccache-import.patch
 Patch139: krb5-CVE-2013-1418.patch
 Patch140: krb5-CVE-2013-1417.patch
+Patch141: krb5-1.11.3-client-loop.patch
 
 # Patches for otp plugin backport
 Patch201: krb5-1.11.2-keycheck.patch
@@ -337,6 +338,7 @@ ln -s NOTICE LICENSE
 %patch138 -p1 -b .gss-ccache-import
 %patch139 -p1 -b .CVE-2013-1418
 %patch140 -p1 -b .CVE-2013-1417
+%patch141 -p1 -b .client-loop
 
 %patch201 -p1 -b .keycheck
 %patch202 -p1 -b .otp
@@ -930,6 +932,10 @@ exit 0
 %{_sbindir}/uuserver
 
 %changelog
+* Mon Nov 18 2013 Nalin Dahyabhai <nalin@redhat.com> - 1.11.3-13
+- backport fix to not spin on a short read when reading the length of a
+  response over TCP (RT#7508, #1029674)
+
 * Fri Nov 15 2013 Nalin Dahyabhai <nalin@redhat.com> - 1.11.3-12
 - incorporate fix for a KDC NULL pointer dereference while handling referrals
   (CVE-2013-1417, #1030744)