www/nginx-devel: fix segfaults in the third-party spnego module

Reported by: pluknet Patch from: pluknet Bump PORTREVISION.
2022-07-14 08:41:20 -04:00 · 2022-07-14 08:41:20 -04:00 · 0019e69cb9
commit 0019e69cb9
parent 0cfe47b4ce
3 changed files with 55 additions and 2 deletions
--- a/www/nginx-devel/Makefile
+++ b/www/nginx-devel/Makefile
@ -2,7 +2,7 @@

 PORTNAME?=	nginx
 PORTVERSION=	1.23.0
-PORTREVISION=	13
+PORTREVISION=	14
 CATEGORIES=	www
 MASTER_SITES=	https://nginx.org/download/ \
 		LOCAL/osa
--- a/www/nginx-devel/Makefile.extmod
+++ b/www/nginx-devel/Makefile.extmod
@ -93,7 +93,8 @@ HTTP_AUTH_DIGEST_VARS=		DSO_EXTMODS+=auth_digest

 HTTP_AUTH_KRB5_GH_TUPLE=	stnoonan:spnego-http-auth-nginx-module:c626163:auth_krb5
 HTTP_AUTH_KRB5_VARS=		DSO_EXTMODS+=auth_krb5
-HTTP_AUTH_KRB5_EXTRA_PATCHES=	${PATCHDIR}/extra-patch-spnego-http-auth-nginx-module-config
+HTTP_AUTH_KRB5_EXTRA_PATCHES=	${PATCHDIR}/extra-patch-spnego-http-auth-nginx-module-config \
+				${PATCHDIR}/extra-patch-ngx_http_auth_spnego_module.c
 HTTP_AUTH_KRB5_USES=		gssapi:mit

 HTTP_AUTH_LDAP_GH_TUPLE=	kvspb:nginx-auth-ldap:83c059b:http_auth_ldap
--- a/www/nginx-devel/files/extra-patch-ngx_http_auth_spnego_module.c
+++ b/www/nginx-devel/files/extra-patch-ngx_http_auth_spnego_module.c
@ -0,0 +1,52 @@
+--- ../spnego-http-auth-nginx-module-c626163/ngx_http_auth_spnego_module.c.orig
+++ ../spnego-http-auth-nginx-module-c626163/ngx_http_auth_spnego_module.c
+@@ -502,6 +502,7 @@ ngx_http_auth_spnego_headers_basic_only(ngx_http_request_t *r,
+     }
+ 
+     r->headers_out.www_authenticate->hash = 1;
+    r->headers_out.www_authenticate->next = NULL;
+     r->headers_out.www_authenticate->key.len = sizeof("WWW-Authenticate") - 1;
+     r->headers_out.www_authenticate->key.data = (u_char *)"WWW-Authenticate";
+     r->headers_out.www_authenticate->value.len = value.len;
+@@ -538,6 +539,7 @@ ngx_http_auth_spnego_headers(ngx_http_request_t *r,
+     }
+ 
+     r->headers_out.www_authenticate->hash = 1;
+    r->headers_out.www_authenticate->next = NULL;
+     r->headers_out.www_authenticate->key.len = sizeof("WWW-Authenticate") - 1;
+     r->headers_out.www_authenticate->key.data = (u_char *)"WWW-Authenticate";
+     r->headers_out.www_authenticate->value.len = value.len;
+@@ -559,6 +561,7 @@ ngx_http_auth_spnego_headers(ngx_http_request_t *r,
+         }
+ 
+         r->headers_out.www_authenticate->hash = 2;
+        r->headers_out.www_authenticate->next = NULL;
+         r->headers_out.www_authenticate->key.len =
+             sizeof("WWW-Authenticate") - 1;
+         r->headers_out.www_authenticate->key.data =
+@@ -758,6 +761,12 @@ ngx_http_auth_spnego_store_delegated_creds(ngx_http_request_t *r,
+     char *ccname = NULL;
+     char *escaped = NULL;
+ 
+    if ((kerr = krb5_init_context(&kcontext))) {
+        spnego_log_error("Kerberos error: Cannot initialize kerberos context");
+        spnego_log_krb5_error(kcontext, kerr);
+        goto done;
+    }
+
+     if (!delegated_creds.data) {
+         spnego_log_error(
+             "ngx_http_auth_spnego_store_delegated_creds() NULL credentials");
+@@ -766,12 +775,6 @@ ngx_http_auth_spnego_store_delegated_creds(ngx_http_request_t *r,
+         goto done;
+     }
+ 
+-    if ((kerr = krb5_init_context(&kcontext))) {
+-        spnego_log_error("Kerberos error: Cannot initialize kerberos context");
+-        spnego_log_krb5_error(kcontext, kerr);
+-        goto done;
+-    }
+-
+     if ((kerr = krb5_parse_name(kcontext, (char *)principal_name->data,
+                                 &principal))) {
+         spnego_log_error("Kerberos error: Cannot parse principal %s",