From 91fb9a120dd90fc486b2190bfc95f181ad168e82 Mon Sep 17 00:00:00 2001 From: David Tardon Date: Jan 08 2024 10:05:29 +0000 Subject: fix possible double free in `klist -A` --- diff --git a/0017-set-defname-to-NULL-after-freeing-it.patch b/0017-set-defname-to-NULL-after-freeing-it.patch new file mode 100644 index 0000000..883bae9 --- /dev/null +++ b/0017-set-defname-to-NULL-after-freeing-it.patch @@ -0,0 +1,34 @@ +From d9686b9da8ae20a771afa59984a6fb4d4462e120 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 8 Jan 2024 10:41:50 +0100 +Subject: [PATCH] set defname to NULL after freeing it + +It's a static variable, hence it will be reused on next call of the +function, leading to double free if krb5_cc_get_principal() fails: + + klist: Credentials cache keyring 'persistent:1000:krb_ccache_xgrbUbg' not found + + klist: Credentials cache keyring 'persistent:1000:krb_ccache_1jASmDA' not found + free(): double free detected in tcache 2 + Aborted (core dumped) + +This is a regression from 0016-Fix-unimportant-memory-leaks.patch . +--- + src/clients/klist/klist.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/clients/klist/klist.c b/src/clients/klist/klist.c +index 43392d2..6c43c0f 100644 +--- a/src/clients/klist/klist.c ++++ b/src/clients/klist/klist.c +@@ -525,6 +525,7 @@ cleanup: + (void)krb5_cc_end_seq_get(context, cache, &cur); + krb5_free_principal(context, princ); + krb5_free_unparsed_name(context, defname); ++ defname = NULL; + return status; + } + +-- +2.43.0 + diff --git a/krb5.spec b/krb5.spec index f86039c..eb4a2d1 100644 --- a/krb5.spec +++ b/krb5.spec @@ -75,6 +75,7 @@ Patch0013: 0013-downstream-Make-PKINIT-CMS-SHA-1-signature-verificat.patch Patch0014: 0014-Enable-PKINIT-if-at-least-one-group-is-available.patch Patch0015: 0015-Replace-ssl.wrap_socket-for-tests.patch Patch0016: 0016-Fix-unimportant-memory-leaks.patch +Patch0017: 0017-set-defname-to-NULL-after-freeing-it.patch License: BSD-2-Clause AND (BSD-2-Clause OR GPL-2.0-or-later) AND BSD-3-Clause AND BSD-4-Clause AND FSFULLRWD AND HPND-export-US AND HPND-export-US-modify AND ISC AND MIT AND MIT-CMU AND OLDAP-2.8 AND RSA-MD URL: https://web.mit.edu/kerberos/www/