Commit 887ef268 authored by Mark Andrews's avatar Mark Andrews
Browse files

2352. [bug] Various GSS_API fixups. [RT #17729]

parent a687db7c
2352. [bug] Various GSS_API fixups. [RT #17729]
2351. [bug] convertxsl.pl generated very long lines. [RT #17906]
2350. [port] win32: IPv6 support. [RT #17797]
......
......@@ -16,7 +16,7 @@
*/
/*
* $Id: gssapi_link.c,v 1.7 2007/06/19 23:47:16 tbox Exp $
* $Id: gssapi_link.c,v 1.8 2008/04/03 00:45:23 marka Exp $
*/
#include <config.h>
......@@ -174,7 +174,8 @@ gssapi_sign(dst_context_t *dctx, isc_buffer_t *sig) {
* allocated space.
*/
isc_buffer_putmem(sig, gsig.value, gsig.length);
gss_release_buffer(&minor, &gsig);
if (gsig.length != 0)
gss_release_buffer(&minor, &gsig);
return (ISC_R_SUCCESS);
}
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: gssapictx.c,v 1.10 2008/01/22 23:28:04 tbox Exp $ */
/* $Id: gssapictx.c,v 1.11 2008/04/03 00:45:23 marka Exp $ */
#include <config.h>
......@@ -175,11 +175,13 @@ log_cred(const gss_cred_id_t cred) {
}
if (gret == GSS_S_COMPLETE) {
gret = gss_release_buffer(&minor, &gbuffer);
if (gret != GSS_S_COMPLETE)
gss_log(3, "failed gss_release_buffer: %s",
gss_error_tostring(gret, minor, buf,
sizeof(buf)));
if (gbuffer.length != 0) {
gret = gss_release_buffer(&minor, &gbuffer);
if (gret != GSS_S_COMPLETE)
gss_log(3, "failed gss_release_buffer: %s",
gss_error_tostring(gret, minor, buf,
sizeof(buf)));
}
}
gret = gss_release_name(&minor, &gname);
......@@ -459,7 +461,7 @@ dst_gssapi_initctx(dns_name_t *name, isc_buffer_t *intoken,
isc_buffer_t namebuf;
gss_name_t gname;
OM_uint32 gret, minor, ret_flags, flags;
gss_buffer_desc gintoken, *gintokenp, gouttoken;
gss_buffer_desc gintoken, *gintokenp, gouttoken = GSS_C_EMPTY_BUFFER;
isc_result_t result;
gss_buffer_desc gnamebuf;
unsigned char array[DNS_NAME_MAXTEXT + 1];
......@@ -507,11 +509,15 @@ dst_gssapi_initctx(dns_name_t *name, isc_buffer_t *intoken,
* MUTUAL and INTEG flags, fail if either not set.
*/
GBUFFER_TO_REGION(gouttoken, r);
RETERR(isc_buffer_copyregion(outtoken, &r));
/*
* RFC 2744 states the a valid output token has a non-zero length.
*/
if (gouttoken.length != 0) {
GBUFFER_TO_REGION(gouttoken, r);
RETERR(isc_buffer_copyregion(outtoken, &r));
(void)gss_release_buffer(&minor, &gouttoken);
}
(void)gss_release_name(&minor, &gname);
(void)gss_release_buffer(&minor, &gouttoken);
if (gret == GSS_S_COMPLETE)
result = ISC_R_SUCCESS;
......@@ -539,7 +545,8 @@ dst_gssapi_acceptctx(gss_cred_id_t cred,
#ifdef GSSAPI
isc_region_t r;
isc_buffer_t namebuf;
gss_buffer_desc gnamebuf, gintoken, gouttoken;
gss_buffer_desc gnamebuf = GSS_C_EMPTY_BUFFER, gintoken,
gouttoken = GSS_C_EMPTY_BUFFER;
OM_uint32 gret, minor;
gss_ctx_id_t context = GSS_C_NO_CONTEXT;
gss_name_t gname = NULL;
......@@ -593,6 +600,7 @@ dst_gssapi_acceptctx(gss_cred_id_t cred,
RETERR(isc_buffer_allocate(mctx, outtoken, gouttoken.length));
GBUFFER_TO_REGION(gouttoken, r);
RETERR(isc_buffer_copyregion(*outtoken, &r));
(void)gss_release_buffer(&minor, &gouttoken);
}
if (gret == GSS_S_COMPLETE) {
......@@ -624,11 +632,13 @@ dst_gssapi_acceptctx(gss_cred_id_t cred,
RETERR(dns_name_fromtext(principal, &namebuf, dns_rootname,
ISC_FALSE, NULL));
gret = gss_release_buffer(&minor, &gnamebuf);
if (gret != GSS_S_COMPLETE)
gss_log(3, "failed gss_release_buffer: %s",
gss_error_tostring(gret, minor, buf,
sizeof(buf)));
if (gnamebuf.length != 0) {
gret = gss_release_buffer(&minor, &gnamebuf);
if (gret != GSS_S_COMPLETE)
gss_log(3, "failed gss_release_buffer: %s",
gss_error_tostring(gret, minor, buf,
sizeof(buf)));
}
}
*ctxout = context;
......@@ -685,7 +695,8 @@ char *
gss_error_tostring(isc_uint32_t major, isc_uint32_t minor,
char *buf, size_t buflen) {
#ifdef GSSAPI
gss_buffer_desc msg_minor, msg_major;
gss_buffer_desc msg_minor = GSS_C_EMPTY_BUFFER,
msg_major = GSS_C_EMPTY_BUFFER;
OM_uint32 msg_ctx, minor_stat;
/* Handle major status */
......@@ -701,8 +712,10 @@ gss_error_tostring(isc_uint32_t major, isc_uint32_t minor,
snprintf(buf, buflen, "GSSAPI error: Major = %s, Minor = %s.",
(char *)msg_major.value, (char *)msg_minor.value);
(void)gss_release_buffer(&minor_stat, &msg_major);
(void)gss_release_buffer(&minor_stat, &msg_minor);
if (msg_major.length != 0)
(void)gss_release_buffer(&minor_stat, &msg_major);
if (msg_minor.length != 0)
(void)gss_release_buffer(&minor_stat, &msg_minor);
return(buf);
#else
snprintf(buf, buflen, "GSSAPI error: Major = %u, Minor = %u.",
......
......@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: spnego.c,v 1.5 2007/06/19 23:47:16 tbox Exp $ */
/* $Id: spnego.c,v 1.6 2008/04/03 00:45:23 marka Exp $ */
/*! \file
* \brief
......@@ -169,88 +169,6 @@
*/
#include "spnego.h"
/*
* The isc_mem function keep track of allocation sizes, but we can't
* get at that information, and we need to know sizes to implement a
* realloc() clone. So we use a little more memory to keep track of
* sizes allocated here.
*
* These functions follow Harbison & Steele, 4th edition, particularly
* with regard to realloc()'s behavior.
*/
static void *
spnego_malloc(size_t size, const char *file, int line)
{
char *p;
if (size == 0)
return (NULL);
p = isc_mem_allocate(dst__memory_pool, size + sizeof(size_t));
if (p == NULL)
return NULL;
*(size_t *)p = size;
p += sizeof(size_t);
#ifdef SPNEGO_ALLOC_DEBUG
printf("spnego_malloc(%lu) %lx %s %u\n",
(unsigned long) size, (unsigned long) p, file, line);
#else
(void)file;
(void)line;
#endif
return (p);
}
static void
spnego_free(void *ptr, const char *file, int line)
{
char *p = ptr;
if (p == NULL)
return;
#ifdef SPNEGO_ALLOC_DEBUG
printf("spnego_free(%lx) %s %u\n",
(unsigned long) p, file, line);
#else
(void)file;
(void)line;
#endif
p -= sizeof(size_t);
isc_mem_free(dst__memory_pool, p);
}
static void *
spnego_realloc(void *old_ptr, size_t new_size, const char *file, int line)
{
size_t *old_size;
void *new_ptr;
if (old_ptr == NULL)
return (spnego_malloc(new_size, file, line));
if (new_size == 0) {
spnego_free(old_ptr, file, line);
return (NULL);
}
old_size = old_ptr;
old_size--;
if (*old_size >= new_size)
return (old_ptr);
new_ptr = spnego_malloc(new_size, file, line);
if (new_ptr == NULL)
return (NULL);
memcpy(new_ptr, old_ptr, *old_size);
spnego_free(old_ptr, file, line);
return (new_ptr);
}
#define malloc(x) spnego_malloc(x, __FILE__, __LINE__)
#define free(x) spnego_free(x, __FILE__, __LINE__)
#define realloc(x,y) spnego_realloc(x, y, __FILE__, __LINE__)
/* asn1_err.h */
/* Generated from ../../../lib/asn1/asn1_err.et */
......@@ -756,7 +674,7 @@ gss_accept_sec_context_spnego(OM_uint32 *minor_status,
ot = &obuf;
}
ret = send_accept(&minor_status2, output_token, ot, pref);
if (ot != NULL)
if (ot != NULL && ot->length != 0)
gss_release_buffer(&minor_status2, ot);
return (ret);
......@@ -1485,8 +1403,11 @@ gssapi_spnego_encapsulate(OM_uint32 * minor_status,
return (GSS_S_FAILURE);
}
p = gssapi_mech_make_header(output_token->value, len, mech);
if (p == NULL)
if (p == NULL) {
if (output_token->length != 0)
gss_release_buffer(&minor_status, output_token);
return (GSS_S_FAILURE);
}
memcpy(p, buf, buf_size);
return (GSS_S_COMPLETE);
}
......@@ -1659,8 +1580,8 @@ spnego_initial(OM_uint32 *minor_status,
ret = gssapi_spnego_encapsulate(minor_status,
buf + buf_size - len, len,
output_token, GSS_SPNEGO_MECH);
ret = major_status;
if (ret == GSS_S_COMPLETE)
ret = major_status;
end:
if (token_init.mechToken != NULL) {
......@@ -1668,7 +1589,7 @@ end:
token_init.mechToken = NULL;
}
free_NegTokenInit(&token_init);
if (krb5_output_token.length > 0)
if (krb5_output_token.length != 0)
gss_release_buffer(&minor_status2, &krb5_output_token);
if (buf)
free(buf);
......
......@@ -16,7 +16,7 @@
*/
/*
* $Id: tkey.c,v 1.89 2008/01/18 23:46:58 tbox Exp $
* $Id: tkey.c,v 1.90 2008/04/03 00:45:23 marka Exp $
*/
/*! \file */
#include <config.h>
......@@ -69,7 +69,7 @@ tkey_log(const char *fmt, ...) {
static void
_dns_tkey_dumpmessage(dns_message_t *msg) {
isc_buffer_t outbuf;
unsigned char output[2048];
unsigned char output[4096];
isc_result_t result;
isc_buffer_init(&outbuf, output, sizeof(output));
......@@ -846,7 +846,7 @@ buildquery(dns_message_t *msg, dns_name_t *name,
dns_rdataset_makequestion(question, dns_rdataclass_any,
dns_rdatatype_tkey);
RETERR(isc_buffer_allocate(msg->mctx, &dynbuf, 2048));
RETERR(isc_buffer_allocate(msg->mctx, &dynbuf, 4096));
RETERR(dns_message_gettemprdata(msg, &rdata));
RETERR(dns_rdata_fromstruct(rdata, dns_rdataclass_any,
......@@ -984,7 +984,7 @@ dns_tkey_buildgssquery(dns_message_t *msg, dns_name_t *name, dns_name_t *gname,
isc_result_t result;
isc_stdtime_t now;
isc_buffer_t token;
unsigned char array[2048];
unsigned char array[4096];
UNUSED(intoken);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment