packages/librdkafka
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!23 Missing return on error causes use-after-free in SASL code

Browse Source 
From: @lb1107039128 
Reviewed-by: @Charlie_li 
Signed-off-by: @Charlie_li
This commit is contained in:
openeuler-ci-bot 2023-12-27 08:41:55 +00:00 committed by Gitee
commit 7e77f7a2ef
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 29 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
0001-Missing-return-on-error-causes-use-after-free-in-SAS.patch Normal file
View File

@ -0,0 +1,24 @@
From 0c3840e614e49090785ae8b33ff00c59d354c188 Mon Sep 17 00:00:00 2001
From: Huzaifa Sidhpurwala <huzaifas@redhat.com>
Date: Wed, 16 May 2018 09:16:19 +0530
Subject: [PATCH] Missing return on error causes use-after-free in SASL code
---
src/rdkafka_sasl_scram.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/rdkafka_sasl_scram.c b/src/rdkafka_sasl_scram.c
index 968d8791..6d955452 100644
--- a/src/rdkafka_sasl_scram.c
+++ b/src/rdkafka_sasl_scram.c
@@ -602,6 +602,7 @@ rd_kafka_sasl_scram_handle_server_first_message (rd_kafka_transport_t *rktrans,
"Invalid Base64 Salt in server-first-message");
rd_free(server_nonce);
rd_free(salt_b64.ptr);
+ return -1;
}
rd_free(salt_b64.ptr);
--
2.42.0.windows.2

6
librdkafka.spec
View File

@ -1,6 +1,6 @@
Name: librdkafka Name: librdkafka
Version: 0.11.4 Version: 0.11.4
Release: 4 Release: 5
Summary: C library implementation of the Apache Kafka protocol Summary: C library implementation of the Apache Kafka protocol
License: BSD License: BSD
URL: https://github.com/edenhill/librdkafka URL: https://github.com/edenhill/librdkafka
@ -9,6 +9,7 @@ Source0: https://github.com/edenhill/librdkafka/archive/v%{version}.tar.g
BuildRequires: gcc-c++ python2 openssl-devel cyrus-sasl-devel lz4-devel BuildRequires: gcc-c++ python2 openssl-devel cyrus-sasl-devel lz4-devel
Patch0001: 0001-tests-skip-tests-on-Win32-that-rely-on-kafka-topics.patch Patch0001: 0001-tests-skip-tests-on-Win32-that-rely-on-kafka-topics.patch
Patch0002: 0001-Missing-return-on-error-causes-use-after-free-in-SAS.patch
%description %description
ibrdkafka is a C library implementation of the Apache Kafka protocol, providing Producer, Consumer ibrdkafka is a C library implementation of the Apache Kafka protocol, providing Producer, Consumer
@ -55,6 +56,9 @@ make check
%{_libdir}/pkgconfig/* %{_libdir}/pkgconfig/*
%changelog %changelog
* Wed Dec 27 2023 liubo <liubo1@xfusion.com> - 0.11.4-5
- Missing return on error causes use-after-free in SASL code
* Mon Dec 25 2023 liubo <liubo1@xfusion.com> - 0.11.4-4 * Mon Dec 25 2023 liubo <liubo1@xfusion.com> - 0.11.4-4
- tests: skip tests on Win32 that rely on kafka-topics.sh - tests: skip tests on Win32 that rely on kafka-topics.sh