Bug 983563 - neon-0.29.6 use of unintialised data prevents client certificate authentication
Summary: neon-0.29.6 use of unintialised data prevents client certificate authentication
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: neon
Version: 19
Hardware: Unspecified
OS: Unspecified
unspecified
urgent
Target Milestone: ---
Assignee: Joe Orton
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 981431 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-07-11 13:28 UTC by Simon
Modified: 2013-08-15 02:30 UTC (History)
2 users (show)

Fixed In Version: neon-0.30.0-2.fc19
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-08-15 02:30:45 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)
Patch against neon-0.29.6 to fix use of uninitialised size_t (426 bytes, patch)
2013-07-11 13:28 UTC, Simon 		no flags Details | Diff
View All

Description Simon 2013-07-11 13:28:02 UTC 
Created attachment 772220 [details]
Patch against neon-0.29.6 to fix use of uninitialised size_t

Description of problem:
x509_crt_copy function passes uninitialized data to subroutine, resulting in failure to authenticate with client certificates

Version-Release number of selected component (if applicable):
0.29.6

How reproducible:
Always on F19, probably varies with compiler/memory initialisation/etc

Steps to Reproduce:
1. "svn ls https://server.requiring.client.certificate"
2.
3.

Actual results:
No handshake

Expected results:
Subversion provides client certificate to Neon to use during handshake

Additional info:
Patch provided. See also bug 981431 and possibly 577976
Comment 1 Simon 2013-07-11 13:32:29 UTC 
See full description in bug 981431, comment 3
Comment 2 Simon 2013-07-16 09:02:38 UTC 
This bug was reported to the neon mailing list in November by someone else:
http://lists.manyfish.co.uk/pipermail/neon/2012-November/001518.html
Comment 3 Mattias Ellert 2013-07-28 17:12:32 UTC 
Any progress?
Comment 4 Simon 2013-07-30 14:47:47 UTC 
(In reply to Mattias Ellert from comment #3)
> Any progress?

Nope. The mailing list seems like a ghost town. I posted a query here: http://lists.manyfish.co.uk/pipermail/neon/2013-July/001550.html

Can Red Hat maintain their own patch to the neon RPM and issue an errata update?
Comment 5 Fedora Update System 2013-07-31 17:10:40 UTC 
neon-0.30.0-2.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/neon-0.30.0-2.fc19
Comment 6 Joe Orton 2013-07-31 17:12:28 UTC 
Sorry for the delay and thanks for the nags - can you test this build?

https://koji.fedoraproject.org/koji/buildinfo?buildID=439962
Comment 7 Joe Orton 2013-07-31 20:09:15 UTC 
*** Bug 981431 has been marked as a duplicate of this bug. ***
Comment 8 Simon 2013-08-01 09:05:22 UTC 
(In reply to Joe Orton from comment #6)
> Sorry for the delay and thanks for the nags - can you test this build?
> 
> https://koji.fedoraproject.org/koji/buildinfo?buildID=439962

Glad to help. This Koji build works fine on my Fedora 19 install; I can now access SVN repos via SSL client certificates...

Thanks.
Comment 9 Joe Orton 2013-08-01 10:30:40 UTC 
Thanks, Simon.
Comment 10 Fedora Update System 2013-08-02 22:07:33 UTC 
Package neon-0.30.0-2.fc19:
* should fix your issue,
* was pushed to the Fedora 19 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing neon-0.30.0-2.fc19'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-14149/neon-0.30.0-2.fc19
then log in and leave karma (feedback).
Comment 11 Fedora Update System 2013-08-15 02:30:45 UTC 
neon-0.30.0-2.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.