314651 – gss_init_sec_context() mechglue wrapper doesn't handle ret_flags right

Bug 314651 - gss_init_sec_context() mechglue wrapper doesn't handle ret_flags right

Summary: gss_init_sec_context() mechglue wrapper doesn't handle ret_flags right

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	krb5
Sub Component:
Version:	5.1
Hardware:	All
OS:	Linux
Priority:	urgent
Severity:	low
Target Milestone:	rc
Target Release:	---
Assignee:	Nalin Dahyabhai
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:	GSSApproved
Depends On:
Blocks:	301061 436465
TreeView+	depends on / blocked

Reported:	2007-10-01 19:56 UTC by Nalin Dahyabhai
Modified:	2008-03-07 13:09 UTC (History)
CC List:	1 user (show)
Fixed In Version:	1.6.2-11.fc8
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-02-13 05:06:47 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
currently-proposed fix (1.46 KB, patch) 2007-10-01 21:50 UTC, Nalin Dahyabhai	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2008:0381	0	normal	SHIPPED_LIVE	krb5 bug fix update	2008-05-20 12:36:36 UTC

Description Nalin Dahyabhai 2007-10-01 19:56:03 UTC

If the application calling gss_accept_sec_context() doesn't pass a value
for ret_flags, we'd never be able to check if credentials had been delegated.

The passed-in ret_flags value is a pointer to a bitfield, so the comparision
as-written was not likely to work as expected.

I've got a patch for this, but would like to hold for feedback from upstream,
because there are potentially more corner cases here.

Comment 1 Nalin Dahyabhai 2007-10-01 21:50:30 UTC

Created attachment 212921 [details]
currently-proposed fix

Comment 2 RHEL Program Management 2007-10-16 03:36:42 UTC

This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.

Comment 6 Fedora Update System 2007-12-06 17:39:52 UTC

krb5-1.6.1-6.fc7 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update krb5'

Comment 7 Fedora Update System 2007-12-06 20:54:43 UTC

krb5-1.6.2-11.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update krb5'

Comment 11 Fedora Update System 2008-02-13 05:06:43 UTC

krb5-1.6.2-11.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 12 Fedora Update System 2008-02-13 05:15:25 UTC

krb5-1.6.1-6.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.