Commit 21c7ecb9 authored by Mark Andrews's avatar Mark Andrews
Browse files

better mcxt handling. remove buffer handling layer violation

parent 377231eb
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: gssapictx.c,v 1.5 2006/12/05 00:13:48 marka Exp $ */
/* $Id: gssapictx.c,v 1.6 2006/12/05 21:59:12 marka Exp $ */
#include <config.h>
......@@ -531,7 +531,7 @@ dst_gssapi_initctx(dns_name_t *name, isc_buffer_t *intoken,
isc_result_t
dst_gssapi_acceptctx(gss_cred_id_t cred,
isc_region_t *intoken, isc_buffer_t *outtoken,
isc_region_t *intoken, isc_buffer_t **outtoken,
gss_ctx_id_t *ctxout, dns_name_t *principal,
isc_mem_t *mctx)
{
......@@ -545,6 +545,8 @@ dst_gssapi_acceptctx(gss_cred_id_t cred,
isc_result_t result;
char buf[1024];
REQUIRE(outtoken != NULL && *outtoken == NULL);
log_cred(cred);
REGION_TO_GBUFFER(*intoken, gintoken);
......@@ -586,15 +588,10 @@ dst_gssapi_acceptctx(gss_cred_id_t cred,
return (result);
}
INSIST(outtoken != NULL && !ISC_BUFFER_VALID(outtoken));
if (gouttoken.length > 0) {
void *o = isc_mem_get(mctx, gouttoken.length);
if (o == NULL)
RETERR(ISC_R_NOMEMORY);
isc_buffer_init(outtoken, o, gouttoken.length);
RETERR(isc_buffer_allocate(mctx, outtoken, gouttoken.length));
GBUFFER_TO_REGION(gouttoken, r);
RETERR(isc_buffer_copyregion(outtoken, &r));
RETERR(isc_buffer_copyregion(*outtoken, &r));
}
if (gret == GSS_S_COMPLETE) {
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: gssapi.h,v 1.5 2006/12/05 00:13:48 marka Exp $ */
/* $Id: gssapi.h,v 1.6 2006/12/05 21:59:12 marka Exp $ */
#ifndef DST_GSSAPI_H
#define DST_GSSAPI_H 1
......@@ -112,7 +112,7 @@ dst_gssapi_initctx(dns_name_t *name, isc_buffer_t *intoken,
isc_result_t
dst_gssapi_acceptctx(gss_cred_id_t cred,
isc_region_t *intoken, isc_buffer_t *outtoken,
isc_region_t *intoken, isc_buffer_t **outtoken,
gss_ctx_id_t *context, dns_name_t *principal,
isc_mem_t *mctx);
/*
......@@ -122,8 +122,9 @@ dst_gssapi_acceptctx(gss_cred_id_t cred,
* 'mctx' is a valid memory context
* 'cred' is the acceptor's valid GSS credential handle
* 'intoken' is a token received from the initiator
* 'outtoken' is a buffer to receive the token generated by
* gss_accept_sec_context() to be sent to the initiator
* 'outtoken' is a pointer a buffer pointer used to return the token
* generated by gss_accept_sec_context() to be sent to the
* initiator
* 'context' is a valid pointer to receive the generated context handle.
* On the initial call, it should be a pointer to NULL, which
* will be allocated as a gss_ctx_id_t. Subsequent calls
......@@ -131,6 +132,9 @@ dst_gssapi_acceptctx(gss_cred_id_t cred,
* Call dst_gssapi_releasecred to delete the context and free
* the memory.
*
* Requires:
* 'outtoken' to != NULL && *outtoken == NULL.
*
* Returns:
* ISC_R_SUCCESS msg was successfully updated to include the
* query to be sent
......
......@@ -16,7 +16,7 @@
*/
/*
* $Id: tkey.c,v 1.83 2006/12/05 00:13:48 marka Exp $
* $Id: tkey.c,v 1.84 2006/12/05 21:59:12 marka Exp $
*/
/*! \file */
#include <config.h>
......@@ -428,8 +428,7 @@ process_gsstkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name,
dns_fixedname_t principal;
isc_stdtime_t now;
isc_region_t intoken;
isc_buffer_t outtoken;
isc_buffer_t *outtoken_p = &outtoken;
isc_buffer_t *outtoken = NULL;
gss_ctx_id_t gss_ctx = NULL;
UNUSED(namelist);
......@@ -457,7 +456,6 @@ process_gsstkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name,
if (result == ISC_R_SUCCESS)
gss_ctx = dst_key_getgssctx(tsigkey->key);
memset(&outtoken, 0, sizeof(outtoken));
dns_fixedname_init(&principal);
......@@ -494,12 +492,19 @@ process_gsstkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name,
tkeyout->inception = tkeyin->inception;
tkeyout->expire = tkeyin->expire;
if (ISC_BUFFER_VALID(outtoken_p)) {
tkeyout->key = isc_buffer_base(&outtoken);
tkeyout->keylen = isc_buffer_usedlength(&outtoken);
isc_buffer_invalidate(&outtoken);
if (outtoken) {
tkeyout->key = isc_mem_get(tkeyout->mctx,
isc_buffer_usedlength(outtoken));
if (tkeyout->key == NULL) {
result = ISC_R_NOMEMORY;
goto failure;
}
tkeyout->keylen = isc_buffer_usedlength(outtoken);
memcpy(tkeyout->key, isc_buffer_base(outtoken),
isc_buffer_usedlength(outtoken));
isc_buffer_free(&outtoken);
} else {
tkeyout->key = isc_mem_get(msg->mctx, tkeyin->keylen);
tkeyout->key = isc_mem_get(tkeyout->mctx, tkeyin->keylen);
if (tkeyout->key == NULL) {
result = ISC_R_NOMEMORY;
goto failure;
......@@ -518,9 +523,8 @@ failure:
if (dstkey != NULL)
dst_key_free(&dstkey);
if (ISC_BUFFER_VALID(outtoken_p))
isc_mem_put(tctx->mctx, isc_buffer_base(&outtoken),
isc_buffer_length(&outtoken));
if (outtoken != NULL)
isc_buffer_free(&outtoken);
tkey_log("process_gsstkey(): %s",
isc_result_totext(result)); /* XXXSRA */
......@@ -791,9 +795,9 @@ dns_tkey_processquery(dns_message_t *msg, dns_tkeyctx_t *tctx,
}
if (tkeyout.key != NULL)
isc_mem_put(msg->mctx, tkeyout.key, tkeyout.keylen);
isc_mem_put(tkeyout.mctx, tkeyout.key, tkeyout.keylen);
if (tkeyout.other != NULL)
isc_mem_put(msg->mctx, tkeyout.other, tkeyout.otherlen);
isc_mem_put(tkeyout.mctx, tkeyout.other, tkeyout.otherlen);
if (result != ISC_R_SUCCESS)
goto failure;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment