Bug#926548: unblock: nfs-utils/1:1.3.4-2.5
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Hi release-team,
please unblock package nfs-utils.
I've NMUed the package to fix #895381:
[ Micha Lenk ]
* [abaa2ab] handle_gssd_upcall: Fix failure to find uid in upcall string 'mech=krb5'
by adding the suggested upstream commits as
debian/patches/0010-gssd-replace-non-thread-safe-strtok-with-strsep.patch and
debian/patches/0011-gssd-Duplicate-the-upcall-string-for-error-messages.patch.
rpc.gssd: WARNING: handle_gssd_upcall: failed to find uid in upcall string 'mech=krb5'
(Closes: #895381)
Diff is attached.
unblock nfs-utils/1:1.3.4-2.5
Thanks,
Bernd
--
Bernd Zeimetz Debian GNU/Linux Developer
http://bzed.de http://www.debian.org
GPG Fingerprint: ECA1 E3F2 8E11 2432 D485 DD95 EB36 171A 6FF9 435F
diff --git a/debian/changelog b/debian/changelog
index bd57693..f341ef5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,17 @@
+nfs-utils (1:1.3.4-2.5) unstable; urgency=medium
+
+ * Non-maintainer upload.
+
+ [ Micha Lenk ]
+ * [abaa2ab] handle_gssd_upcall: Fix failure to find uid in upcall string 'mech=krb5'
+ by adding the suggested upstream commits as
+ debian/patches/0010-gssd-replace-non-thread-safe-strtok-with-strsep.patch and
+ debian/patches/0011-gssd-Duplicate-the-upcall-string-for-error-messages.patch.
+ rpc.gssd: WARNING: handle_gssd_upcall: failed to find uid in upcall string 'mech=krb5'
+ (Closes: #895381)
+
+ -- Bernd Zeimetz <bzed@debian.org> Sat, 06 Apr 2019 18:30:39 +0200
+
nfs-utils (1:1.3.4-2.4) unstable; urgency=medium
[ Laurent Bigonville ]
diff --git a/debian/patches/0010-gssd-replace-non-thread-safe-strtok-with-strsep.patch b/debian/patches/0010-gssd-replace-non-thread-safe-strtok-with-strsep.patch
new file mode 100644
index 0000000..ee0c376
--- /dev/null
+++ b/debian/patches/0010-gssd-replace-non-thread-safe-strtok-with-strsep.patch
@@ -0,0 +1,41 @@
+From: Frank Sorenson <sorenson@redhat.com>
+Date: Wed, 15 Feb 2017 10:36:47 -0500
+Subject: gssd: replace non-thread-safe strtok with strsep
+
+gssd uses the non-thread-safe strtok() function, which
+can lead to incorrect program behavior.
+
+Replace strtok() with the thread-safe strsep().
+
+Signed-off-by: Frank Sorenson <sorenson@redhat.com>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+
+Origin: upstream, http://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commitdiff;h=5ae8be8
+Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1419280
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895381
+Last-Update: 2019-04-05
+
+---
+ utils/gssd/gssd_proc.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
+index d74d3724..30c6aceb 100644
+--- a/utils/gssd/gssd_proc.c
++++ b/utils/gssd/gssd_proc.c
+@@ -729,10 +729,11 @@ handle_gssd_upcall(struct clnt_upcall_info *info)
+ char *target = NULL;
+ char *service = NULL;
+ char *enctypes = NULL;
++ char *pbuf = info->lbuf;
+
+ printerr(2, "\n%s: '%s' (%s)\n", __func__, info->lbuf, clp->relpath);
+
+- for (p = strtok(info->lbuf, " "); p; p = strtok(NULL, " ")) {
++ while ((p = strsep(&pbuf, " "))) {
+ if (!strncmp(p, "mech=", strlen("mech=")))
+ mech = p + strlen("mech=");
+ else if (!strncmp(p, "uid=", strlen("uid=")))
+--
+2.20.1
+
diff --git a/debian/patches/0011-gssd-Duplicate-the-upcall-string-for-error-messages.patch b/debian/patches/0011-gssd-Duplicate-the-upcall-string-for-error-messages.patch
new file mode 100644
index 0000000..fa42430
--- /dev/null
+++ b/debian/patches/0011-gssd-Duplicate-the-upcall-string-for-error-messages.patch
@@ -0,0 +1,92 @@
+From: Frank Sorenson <sorenson@redhat.com>
+Date: Wed, 15 Feb 2017 10:38:53 -0500
+Subject: gssd: Duplicate the upcall string for error messages
+
+strsep() modifies the input string, so error messages
+may output only part of the upcall string.
+
+Make a copy of the upcall string, and use that in any
+error messages.
+
+Signed-off-by: Frank Sorenson <sorenson@redhat.com>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+
+Origin: upstream, http://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commitdiff;h=0a4f5e4
+Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1419280
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895381
+Last-Update: 2019-04-05
+
+---
+ utils/gssd/gssd_proc.c | 17 +++++++++++++----
+ 1 file changed, 13 insertions(+), 4 deletions(-)
+
+diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
+index 30c6aceb..4fc81c30 100644
+--- a/utils/gssd/gssd_proc.c
++++ b/utils/gssd/gssd_proc.c
+@@ -729,10 +729,17 @@ handle_gssd_upcall(struct clnt_upcall_info *info)
+ char *target = NULL;
+ char *service = NULL;
+ char *enctypes = NULL;
++ char *upcall_str;
+ char *pbuf = info->lbuf;
+
+ printerr(2, "\n%s: '%s' (%s)\n", __func__, info->lbuf, clp->relpath);
+
++ upcall_str = strdup(info->lbuf);
++ if (upcall_str == NULL) {
++ printerr(0, "ERROR: malloc failure\n");
++ goto out_nomem;
++ }
++
+ while ((p = strsep(&pbuf, " "))) {
+ if (!strncmp(p, "mech=", strlen("mech=")))
+ mech = p + strlen("mech=");
+@@ -749,7 +756,7 @@ handle_gssd_upcall(struct clnt_upcall_info *info)
+ if (!mech || strlen(mech) < 1) {
+ printerr(0, "WARNING: handle_gssd_upcall: "
+ "failed to find gss mechanism name "
+- "in upcall string '%s'\n", info->lbuf);
++ "in upcall string '%s'\n", upcall_str);
+ goto out;
+ }
+
+@@ -762,7 +769,7 @@ handle_gssd_upcall(struct clnt_upcall_info *info)
+ if (!uidstr) {
+ printerr(0, "WARNING: handle_gssd_upcall: "
+ "failed to find uid "
+- "in upcall string '%s'\n", info->lbuf);
++ "in upcall string '%s'\n", upcall_str);
+ goto out;
+ }
+
+@@ -775,7 +782,7 @@ handle_gssd_upcall(struct clnt_upcall_info *info)
+ if (target && strlen(target) < 1) {
+ printerr(0, "WARNING: handle_gssd_upcall: "
+ "failed to parse target name "
+- "in upcall string '%s'\n", info->lbuf);
++ "in upcall string '%s'\n", upcall_str);
+ goto out;
+ }
+
+@@ -790,7 +797,7 @@ handle_gssd_upcall(struct clnt_upcall_info *info)
+ if (service && strlen(service) < 1) {
+ printerr(0, "WARNING: handle_gssd_upcall: "
+ "failed to parse service type "
+- "in upcall string '%s'\n", info->lbuf);
++ "in upcall string '%s'\n", upcall_str);
+ goto out;
+ }
+
+@@ -803,6 +810,8 @@ handle_gssd_upcall(struct clnt_upcall_info *info)
+ do_error_downcall(clp->gssd_fd, uid, -EACCES);
+ }
+ out:
++ free(upcall_str);
++out_nomem:
+ free(info);
+ return;
+ }
+--
+2.20.1
+
diff --git a/debian/patches/series b/debian/patches/series
index b1be644..4dbffa9 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -13,3 +13,5 @@ unbreak-gssd-rpc_pipefs-run.patch
0001-rpc.c-added-include-file-so-UINT16_MAX-is-defined.patch
30-remove-whitespace-service.patch
fix-glibc2.28-ftbfs.patch
+0010-gssd-replace-non-thread-safe-strtok-with-strsep.patch
+0011-gssd-Duplicate-the-upcall-string-for-error-messages.patch
Reply to: