From 95bdd67d7857fe6fc15b5f09203b32bde0bbfefc Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Apr 04 2017 19:41:59 +0000 Subject: Fix problem where gss_display_status can infinite loop --- diff --git a/Prevent-GSSError-_display_status-infinite-recursion.patch b/Prevent-GSSError-_display_status-infinite-recursion.patch new file mode 100644 index 0000000..79780da --- /dev/null +++ b/Prevent-GSSError-_display_status-infinite-recursion.patch @@ -0,0 +1,69 @@ +From d7793765e75e2c0db31565903b50bb90bced18ff Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Mon, 27 Mar 2017 13:24:37 -0400 +Subject: [PATCH] Prevent GSSError/_display_status() infinite recursion + +I was unable to reproduce the problem, but this should prevent the issue. + +Resolves: #111 +(cherry picked from commit b7e6c6c5451590f18df965a2a84550a63461d76e) +--- + gssapi/raw/misc.pyx | 20 +++++++++++--------- + 1 file changed, 11 insertions(+), 9 deletions(-) + +diff --git a/gssapi/raw/misc.pyx b/gssapi/raw/misc.pyx +index e278c4b..4ea0c55 100644 +--- a/gssapi/raw/misc.pyx ++++ b/gssapi/raw/misc.pyx +@@ -139,7 +139,7 @@ def _display_status(unsigned int error_code, bint is_major_code, + whether or not to call again for further messages + + Raises: +- GSSError ++ ValueError + """ + + cdef int status_type +@@ -165,13 +165,16 @@ def _display_status(unsigned int error_code, bint is_major_code, + + if maj_stat == GSS_S_COMPLETE: + call_again = bool(msg_ctx_out) +- + msg_out = msg_buff.value[:msg_buff.length] + gss_release_buffer(&min_stat, &msg_buff) + return (msg_out, msg_ctx_out, call_again) + else: +- # NB(directxman12): this is highly unlikely to cause a recursive loop +- raise GSSError(maj_stat, min_stat) ++ # This hides whatever error gss_display_status is complaining about, ++ # but obviates infinite recursion into stack exhaustion. The ++ # exception raised here is handled by get_all_statuses(), which prints ++ # the code. ++ raise ValueError("gss_display_status call returned failure " ++ "(major {0}, minor {1}).".format(maj_stat, min_stat)) + + + class GSSErrorRegistry(type): +@@ -294,8 +297,8 @@ class GSSError(Exception, metaclass=GSSErrorRegistry): + try: + msg, ctx, cont = _display_status(code, is_maj) + res.append(msg.decode(msg_encoding)) +- except GSSError: +- res.append(u'issue decoding code: {0}'.format(code)) ++ except ValueError as e: ++ res.append(u'{0} Decoding code: {1}'.format(e, code)) + cont = False + + while cont: +@@ -303,9 +306,8 @@ class GSSError(Exception, metaclass=GSSErrorRegistry): + msg, ctx, cont = _display_status(code, is_maj, + message_context=ctx) + res.append(msg.decode(msg_encoding)) +- except GSSError: +- res.append(u'issue decoding ' +- u'code: {0}'.format(code)) ++ except ValueError: ++ res.append(u'{0} Decoding code: {1}'.format(e, code)) + cont = False + + return res diff --git a/python-gssapi.spec b/python-gssapi.spec index 073b23d..5ac1c47 100644 --- a/python-gssapi.spec +++ b/python-gssapi.spec @@ -5,13 +5,16 @@ Name: python-gssapi Version: 1.2.0 -Release: 4%{?dist} +Release: 5%{?dist} Summary: Python Bindings for GSSAPI (RFC 2743/2744 and extensions) License: ISC URL: https://github.com/pythongssapi/python-gssapi Source0: https://github.com/pythongssapi/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.gz +# Patches +Patch0: Prevent-GSSError-_display_status-infinite-recursion.patch + BuildRequires: python2-devel BuildRequires: krb5-devel >= 1.10 BuildRequires: krb5-libs >= 1.10 @@ -23,6 +26,9 @@ Requires: python-six Requires: python-enum34 Requires: python-decorator +# For autosetup +BuildRequires: git + %if 0%{?run_tests} BuildRequires: python-nose BuildRequires: python-nose-parameterized @@ -64,7 +70,7 @@ RFC 2743, as well as multiple extensions. %endif %prep -%setup -q +%autosetup -S git -n %{name}-%{version} %if 0%{?with_python3} rm -rf %{py3dir} @@ -128,6 +134,10 @@ popd %changelog +* Tue Apr 04 2017 Robbie Harwood 1.2.0-5 +- Fix problem where gss_display_status can infinite loop +- Move to autosetup and rpm-git-tree + * Sat Feb 11 2017 Fedora Release Engineering - 1.2.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild