Bug 2928 - [UPDATE REQUEST] [UPSTREAM UPDATE] sssd
: [UPDATE REQUEST] [UPSTREAM UPDATE] sssd
Status: RESOLVED FIXED
Product: Server Bugs
Classification: ROSA Server
Component: Main Packages
: unspecified
: All Linux
: Normal normal
: ---
Assigned To: Andrew Lukoshko
: ROSA Server Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-18 14:52 MSD by Andrew Lukoshko
Modified: 2013-11-19 12:28 MSK (History)
1 user (show)

See Also:
RPM Package:
ISO-related:
Bad POT generating:
Upstream:
vladimir.potapov: qa_verified+
andrew.lukoshko: published_server+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Lukoshko 2013-10-18 14:52:49 MSD
* In case the processing of an LDAP request took longer than the client timeout
(60 seconds by default), upon completing the request, the PAM client could have
accessed memory that was previously freed due to the client timeout being
reached. As a result, the sssd_pam process terminated unexpectedly with a
segmentation fault. With this update, SSSD ignores an LDAP request result when
it detects that the set timeout of this request has been reached. The sssd_pam
process no longer crashes in the aforementioned scenario.

* In case SSSD could not save a sudo rule to the cache, it returned an error and
stopped processing the rest of the sudo rules. Consequently, none of the rules
from the related provider were saved because the error canceled the entire
transaction. With this update, in case a sudo rule cannot be saved to the cache,
a message is appended to the logs and the rules is skipped; processing of the
remaining rules continues and works as expected. As a result, all but the
defective sudo rule are saved to the cache.

* If a large amount of sudo rules with a combined size that exceeded 265 KB was
configured on the system, due to the way the sss_packet_grow() function computed
the total length of a response packet, SSSD failed with a "Unable to create
response: Invalid argument" error message. With this update, the
sss_package_grow() function code has been fixed to properly compute the response
packet length, and SSSD no longer fails in the aforementioned scenario.

http://rhn.redhat.com/errata/RHBA-2013-1271.html
Comment 2 Vladimir Potapov 2013-10-25 10:07:58 MSD
Error 404
Page not found
Comment 4 Vladimir Potapov 2013-11-16 12:51:17 MSK
sssd-1.9.2-82.10.res6
************************* RHEL Advisory ************************
* In case the processing of an LDAP request took longer than the client timeout
(60 seconds by default), upon completing the request, the PAM client could have
accessed memory that was previously freed due to the client timeout being
reached. As a result, the sssd_pam process terminated unexpectedly with a
segmentation fault. With this update, SSSD ignores an LDAP request result when
it detects that the set timeout of this request has been reached. The sssd_pam
process no longer crashes in the aforementioned scenario.

* In case SSSD could not save a sudo rule to the cache, it returned an error and
stopped processing the rest of the sudo rules. Consequently, none of the rules
from the related provider were saved because the error canceled the entire
transaction. With this update, in case a sudo rule cannot be saved to the cache,
a message is appended to the logs and the rules is skipped; processing of the
remaining rules continues and works as expected. As a result, all but the
defective sudo rule are saved to the cache.

* If a large amount of sudo rules with a combined size that exceeded 265 KB was
configured on the system, due to the way the sss_packet_grow() function computed
the total length of a response packet, SSSD failed with a "Unable to create
response: Invalid argument" error message. With this update, the
sss_package_grow() function code has been fixed to properly compute the response
packet length, and SSSD no longer fails in the aforementioned scenario.
*********************************************************************
QA Verified