Bug 1043962

Summary: Backport fixes from upstream
Product: Red Hat Enterprise Linux 7 Reporter: Simo Sorce <ssorce>
Component: krb5Assignee: Nalin Dahyabhai <nalin>
Status: CLOSED CURRENTRELEASE QA Contact: Patrik Kis <pkis>
Severity: high Docs Contact:
Priority: high    
Version: 7.0CC: dpal, ksrot, pkis, ssorce
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: krb5-1.11.3-40.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-13 11:40:39 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Simo Sorce 2013-12-17 14:09:10 UTC 
A couple of memleaks and interoperability issues were recently fixed upstream that affect spnego (and therefore HTTP Negotiate) code.

Please backport the following commits:

Interop issue:
- 13fd26e1863c79f616653f6a10a58c01f65fceff
    Avoid malloc(0) in SPNEGO get_input_token

- 37af638b742dbd642eb70092e4f7781c3f69d86d
    Fix SPNEGO one-hop interop against old IIS

Memleaks:
- 1cda48a7ed4069cfc052f974ec3d76a9137c8c5a
    Fix memory leak in SPNEGO initiator 

- decccbcb5075f8fbc28a535a9b337afc84a15dee
    Fix GSS krb5 acceptor acquire_cred error handling
Comment 3 Simo Sorce 2013-12-18 13:35:37 UTC 
Check for presence will suffice
Comment 4 Nalin Dahyabhai 2013-12-18 22:12:53 UTC 
I'd like to add https://github.com/krb5/krb5/commit/c452644d91d57d8b05ef396a029e34d0c7a48920 to this list, if that's still an option.  From out-of-band conversations, I'm given to understand that the freeradius package uses the function that it fixes.
Comment 5 Nalin Dahyabhai 2013-12-18 22:25:20 UTC 
(In reply to Nalin Dahyabhai from comment #4)
> I'd like to add
> https://github.com/krb5/krb5/commit/c452644d91d57d8b05ef396a029e34d0c7a48920
> to this list, if that's still an option.  From out-of-band conversations,
> I'm given to understand that the freeradius package uses the function that
> it fixes.

Never mind this bit; we now have bug #1044739 to track it.
Comment 6 Simo Sorce 2013-12-18 22:35:43 UTC 
I would like to add this to the list:
https://github.com/krb5/krb5/commit/d160bc733a3dbeb6d84f4e175234ff18738d9f66

It is not really amemleak, but it is yet another issue I fixed in the spnego code after I spent 2 hours diagnosing a problem that would have been obvious if spnego actually did report mechanism errors.

I can open a separate bug if that's better.
Comment 9 Nalin Dahyabhai 2013-12-19 14:45:23 UTC 
(In reply to Simo Sorce from comment #6)
> I would like to add this to the list:
> https://github.com/krb5/krb5/commit/d160bc733a3dbeb6d84f4e175234ff18738d9f66

Okay, I think we'll add that to the set.
Comment 12 Ludek Smid 2014-06-13 11:40:39 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.