Bug 1087350

Summary: [gssd] code defects in gssd_search_krb5_keytab() can not return right return code.
Product: Red Hat Enterprise Linux 7 Reporter: JianHong Yin <jiyin>
Component: nfs-utilsAssignee: Steve Dickson <steved>
Status: CLOSED ERRATA QA Contact: Yongcheng Yang <yoyang>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.1CC: dpal, eguan, fs-qe
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: nfs-utils-1.3.0-0.17.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1249046 (view as bug list) Environment:
Last Closed: 2015-11-19 04:28:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1249046    

Description JianHong Yin 2014-04-14 09:07:53 UTC 
Description of problem:
code defects in gssd_search_krb5_keytab(),
when get_ple_by_princ return NULL, can not return the right return code.
                if (status) {
                        printerr(4, "We WILL use this entry (%s)\n", pname);
                        ple = get_ple_by_princ(context, kte->principal);
                        /*
                         * Return, don't free, keytab entry if
                         * we were successful!
                         */
                        if (ple == NULL) {
                                retval = ENOMEM;
                                k5_free_kt_entry(context, kte);
                        } else {
                                retval = 0;
                                *found = 1;
                        }
                        k5_free_unparsed_name(context, pname);
                        break;
                }
                else {
                        printerr(4, "We will NOT use this entry (%s)\n",
                                pname);
                }
                k5_free_unparsed_name(context, pname);
                k5_free_kt_entry(context, kte);
        }

        if ((code = krb5_kt_end_seq_get(context, kt, &cursor))) {
                k5err = gssd_k5_err_msg(context, code);
                printerr(0, "WARNING: %s while ending keytab scan for "
                            "keytab '%s'\n", k5err, kt_name);
        }

        retval = 0;
        ^^^ cover the  'if (ple == NULL) { retval = ENOMEM;'
  out:
        free(k5err);
        return retval;

Version-Release number of selected component (if applicable):
nfs-utils-1.3.0

How reproducible:
1

Steps to Reproduce:
1. code review.
2.
3.

Actual results:
when ENOMEM fail happen, the function can not return right code to caller.

Expected results:
fix this.

Additional info:
Comment 4 Steve Dickson 2015-07-30 21:16:54 UTC 
The upstream commit:

commit e38711f02f5d51eb051937f06373f018d3def386
Author: Steve Dickson <steved>
Date:   Thu Jul 30 17:06:39 2015 -0400

    rpc.gssd: Only clear the retval if it has not been set
Comment 7 Yongcheng Yang 2015-08-03 01:00:39 UTC 
Verified with nfs-utils-1.3.0-0.17.el7.src.rpm

[yyc@dhcp-12-138 nfs-utils-1.3.0]$ cat utils/gssd/krb5_util.c | grep -A3 -B2 "Only clear the retval if has not been set"
	}

	/* Only clear the retval if has not been set */
	if (retval < 0)
		retval = 0;
  out:
[yyc@dhcp-12-138 nfs-utils-1.3.0]$ 

Move to VERIFIED
Comment 8 errata-xmlrpc 2015-11-19 04:28:10 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2196.html