2352. [bug] Various GSS_API fixups. [RT #17729]

2026-05-28 04:34:54 -04:00 · 2008-04-03 00:45:23 +00:00 · 2008-04-03 00:45:23 +00:00 · 887ef2682c
commit 887ef2682c
parent a687db7ce8
5 changed files with 51 additions and 114 deletions
--- a/2
+++ b/2
@ -1,3 +1,5 @@
+2352.	[bug]		Various GSS_API fixups. [RT #17729]
+
 2351.	[bug]		convertxsl.pl generated very long lines. [RT #17906]

 2350.	[port]		win32: IPv6 support. [RT #17797]
--- a/lib/dns/gssapi_link.c
+++ b/lib/dns/gssapi_link.c
@ -16,7 +16,7 @@
 */

 /*
- * $Id: gssapi_link.c,v 1.7 2007/06/19 23:47:16 tbox Exp $
+ * $Id: gssapi_link.c,v 1.8 2008/04/03 00:45:23 marka Exp $
 */

 #include <config.h>
@ -174,7 +174,8 @@ gssapi_sign(dst_context_t *dctx, isc_buffer_t *sig) {
 	 * allocated space.
 	 */
 	isc_buffer_putmem(sig, gsig.value, gsig.length);
-	gss_release_buffer(&minor, &gsig);
+	if (gsig.length != 0)
+		gss_release_buffer(&minor, &gsig);

 	return (ISC_R_SUCCESS);
 }
--- a/lib/dns/gssapictx.c
+++ b/lib/dns/gssapictx.c
@ -15,7 +15,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: gssapictx.c,v 1.10 2008/01/22 23:28:04 tbox Exp $ */
+/* $Id: gssapictx.c,v 1.11 2008/04/03 00:45:23 marka Exp $ */

 #include <config.h>

@ -175,11 +175,13 @@ log_cred(const gss_cred_id_t cred) {
 	}

 	if (gret == GSS_S_COMPLETE) {
-		gret = gss_release_buffer(&minor, &gbuffer);
-		if (gret != GSS_S_COMPLETE)
-			gss_log(3, "failed gss_release_buffer: %s",
-				gss_error_tostring(gret, minor, buf,
-						   sizeof(buf)));
+		if (gbuffer.length != 0) {
+			gret = gss_release_buffer(&minor, &gbuffer);
+			if (gret != GSS_S_COMPLETE)
+				gss_log(3, "failed gss_release_buffer: %s",
+					gss_error_tostring(gret, minor, buf,
+							   sizeof(buf)));
+		}
 	}

 	gret = gss_release_name(&minor, &gname);
@ -459,7 +461,7 @@ dst_gssapi_initctx(dns_name_t *name, isc_buffer_t *intoken,
 	isc_buffer_t namebuf;
 	gss_name_t gname;
 	OM_uint32 gret, minor, ret_flags, flags;
-	gss_buffer_desc gintoken, *gintokenp, gouttoken;
+	gss_buffer_desc gintoken, *gintokenp, gouttoken = GSS_C_EMPTY_BUFFER;
 	isc_result_t result;
 	gss_buffer_desc gnamebuf;
 	unsigned char array[DNS_NAME_MAXTEXT + 1];
@ -507,11 +509,15 @@ dst_gssapi_initctx(dns_name_t *name, isc_buffer_t *intoken,
 	 * MUTUAL and INTEG flags, fail if either not set.
 	 */

-	GBUFFER_TO_REGION(gouttoken, r);
-	RETERR(isc_buffer_copyregion(outtoken, &r));
-
+	/*
+	 * RFC 2744 states the a valid output token has a non-zero length.
+	 */
+	if (gouttoken.length != 0) {
+		GBUFFER_TO_REGION(gouttoken, r);
+		RETERR(isc_buffer_copyregion(outtoken, &r));
+		(void)gss_release_buffer(&minor, &gouttoken);
+	}
 	(void)gss_release_name(&minor, &gname);
-	(void)gss_release_buffer(&minor, &gouttoken);

 	if (gret == GSS_S_COMPLETE)
 		result = ISC_R_SUCCESS;
@ -539,7 +545,8 @@ dst_gssapi_acceptctx(gss_cred_id_t cred,
 #ifdef GSSAPI
 	isc_region_t r;
 	isc_buffer_t namebuf;
-	gss_buffer_desc gnamebuf, gintoken, gouttoken;
+	gss_buffer_desc gnamebuf = GSS_C_EMPTY_BUFFER, gintoken,
+		        gouttoken = GSS_C_EMPTY_BUFFER;
 	OM_uint32 gret, minor;
 	gss_ctx_id_t context = GSS_C_NO_CONTEXT;
 	gss_name_t gname = NULL;
@ -593,6 +600,7 @@ dst_gssapi_acceptctx(gss_cred_id_t cred,
 		RETERR(isc_buffer_allocate(mctx, outtoken, gouttoken.length));
 		GBUFFER_TO_REGION(gouttoken, r);
 		RETERR(isc_buffer_copyregion(*outtoken, &r));
+		(void)gss_release_buffer(&minor, &gouttoken);
 	}

 	if (gret == GSS_S_COMPLETE) {
@ -624,11 +632,13 @@ dst_gssapi_acceptctx(gss_cred_id_t cred,
 		RETERR(dns_name_fromtext(principal, &namebuf, dns_rootname,
 					 ISC_FALSE, NULL));

-		gret = gss_release_buffer(&minor, &gnamebuf);
-		if (gret != GSS_S_COMPLETE)
-			gss_log(3, "failed gss_release_buffer: %s",
-				gss_error_tostring(gret, minor, buf,
-						   sizeof(buf)));
+		if (gnamebuf.length != 0) {
+			gret = gss_release_buffer(&minor, &gnamebuf);
+			if (gret != GSS_S_COMPLETE)
+				gss_log(3, "failed gss_release_buffer: %s",
+					gss_error_tostring(gret, minor, buf,
+							   sizeof(buf)));
+		}
 	}

 	*ctxout = context;
@ -685,7 +695,8 @@ char *
 gss_error_tostring(isc_uint32_t major, isc_uint32_t minor,
 		   char *buf, size_t buflen) {
 #ifdef GSSAPI
-	gss_buffer_desc msg_minor, msg_major;
+	gss_buffer_desc msg_minor = GSS_C_EMPTY_BUFFER,
+		        msg_major = GSS_C_EMPTY_BUFFER;
 	OM_uint32 msg_ctx, minor_stat;

 	/* Handle major status */
@ -701,8 +712,10 @@ gss_error_tostring(isc_uint32_t major, isc_uint32_t minor,
 	snprintf(buf, buflen, "GSSAPI error: Major = %s, Minor = %s.",
 		(char *)msg_major.value, (char *)msg_minor.value);

-	(void)gss_release_buffer(&minor_stat, &msg_major);
-	(void)gss_release_buffer(&minor_stat, &msg_minor);
+	if (msg_major.length != 0)
+		(void)gss_release_buffer(&minor_stat, &msg_major);
+	if (msg_minor.length != 0)
+		(void)gss_release_buffer(&minor_stat, &msg_minor);
 	return(buf);
 #else
 	snprintf(buf, buflen, "GSSAPI error: Major = %u, Minor = %u.",
--- a/lib/dns/spnego.c
+++ b/lib/dns/spnego.c
@ -14,7 +14,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: spnego.c,v 1.5 2007/06/19 23:47:16 tbox Exp $ */
+/* $Id: spnego.c,v 1.6 2008/04/03 00:45:23 marka Exp $ */

 /*! \file
 * \brief
@ -169,88 +169,6 @@
 */
 #include "spnego.h"

-/*
- * The isc_mem function keep track of allocation sizes, but we can't
- * get at that information, and we need to know sizes to implement a
- * realloc() clone.  So we use a little more memory to keep track of
- * sizes allocated here.
- *
- * These functions follow Harbison & Steele, 4th edition, particularly
- * with regard to realloc()'s behavior.
- */
-
-static void *
-spnego_malloc(size_t size, const char *file, int line)
-{
-	char *p;
-
-	if (size == 0)
-		return (NULL);
-	p = isc_mem_allocate(dst__memory_pool, size + sizeof(size_t));
-	if (p == NULL)
-		return NULL;
-	*(size_t *)p = size;
-	p += sizeof(size_t);
-#ifdef SPNEGO_ALLOC_DEBUG
-	printf("spnego_malloc(%lu) %lx %s %u\n",
-	       (unsigned long) size, (unsigned long) p, file, line);
-#else
-	(void)file;
-	(void)line;
-#endif
-	return (p);
-}
-	
-static void
-spnego_free(void *ptr, const char *file, int line)
-{
-	char *p = ptr;
-
-	if (p == NULL)
-		return;
-#ifdef SPNEGO_ALLOC_DEBUG
-	printf("spnego_free(%lx) %s %u\n",
-	       (unsigned long) p, file, line);
-#else
-	(void)file;
-	(void)line;
-#endif
-	p -= sizeof(size_t);
-	isc_mem_free(dst__memory_pool, p);
-}
-
-static void *
-spnego_realloc(void *old_ptr, size_t new_size, const char *file, int line)
-{
-	size_t *old_size;
-	void *new_ptr;
-
-	if (old_ptr == NULL)
-		return (spnego_malloc(new_size, file, line));
-
-	if (new_size == 0) {
-		spnego_free(old_ptr, file, line);
-		return (NULL);
-	}
-
-	old_size = old_ptr;
-	old_size--;
-	if (*old_size >= new_size)
-		return (old_ptr);
-
-	new_ptr = spnego_malloc(new_size, file, line);
-	if (new_ptr == NULL)
-		return (NULL);
-
-	memcpy(new_ptr, old_ptr, *old_size);
-	spnego_free(old_ptr, file, line);
-	return (new_ptr);
-}
-
-#define	malloc(x)	spnego_malloc(x,	__FILE__, __LINE__)
-#define	free(x)		spnego_free(x,		__FILE__, __LINE__)
-#define	realloc(x,y)	spnego_realloc(x, y,	__FILE__, __LINE__)
-
 /* asn1_err.h */
 /* Generated from ../../../lib/asn1/asn1_err.et */

@ -756,7 +674,7 @@ gss_accept_sec_context_spnego(OM_uint32 *minor_status,
 		ot = &obuf;
 	}
 	ret = send_accept(&minor_status2, output_token, ot, pref);
-	if (ot != NULL)
+	if (ot != NULL && ot->length != 0)
 		gss_release_buffer(&minor_status2, ot);

 	return (ret);
@ -1485,8 +1403,11 @@ gssapi_spnego_encapsulate(OM_uint32 * minor_status,
 		return (GSS_S_FAILURE);
 	}
 	p = gssapi_mech_make_header(output_token->value, len, mech);
-	if (p == NULL)
+	if (p == NULL) {
+		if (output_token->length != 0)
+			gss_release_buffer(&minor_status, output_token);
 		return (GSS_S_FAILURE);
+	}
 	memcpy(p, buf, buf_size);
 	return (GSS_S_COMPLETE);
 }
@ -1659,8 +1580,8 @@ spnego_initial(OM_uint32 *minor_status,
 	ret = gssapi_spnego_encapsulate(minor_status,
 					buf + buf_size - len, len,
 					output_token, GSS_SPNEGO_MECH);
-
-	ret = major_status;
+	if (ret == GSS_S_COMPLETE)
+		ret = major_status;

 end:
 	if (token_init.mechToken != NULL) {
@ -1668,7 +1589,7 @@ end:
 		token_init.mechToken = NULL;
 	}
 	free_NegTokenInit(&token_init);
-	if (krb5_output_token.length > 0)
+	if (krb5_output_token.length != 0)
 		gss_release_buffer(&minor_status2, &krb5_output_token);
 	if (buf)
 		free(buf);
--- a/lib/dns/tkey.c
+++ b/lib/dns/tkey.c
@ -16,7 +16,7 @@
 */

 /*
- * $Id: tkey.c,v 1.89 2008/01/18 23:46:58 tbox Exp $
+ * $Id: tkey.c,v 1.90 2008/04/03 00:45:23 marka Exp $
 */
 /*! \file */
 #include <config.h>
@ -69,7 +69,7 @@ tkey_log(const char *fmt, ...) {
 static void
 _dns_tkey_dumpmessage(dns_message_t *msg) {
 	isc_buffer_t outbuf;
-	unsigned char output[2048];
+	unsigned char output[4096];
 	isc_result_t result;

 	isc_buffer_init(&outbuf, output, sizeof(output));
@ -846,7 +846,7 @@ buildquery(dns_message_t *msg, dns_name_t *name,
 	dns_rdataset_makequestion(question, dns_rdataclass_any,
 				  dns_rdatatype_tkey);

-	RETERR(isc_buffer_allocate(msg->mctx, &dynbuf, 2048));
+	RETERR(isc_buffer_allocate(msg->mctx, &dynbuf, 4096));
 	RETERR(dns_message_gettemprdata(msg, &rdata));

 	RETERR(dns_rdata_fromstruct(rdata, dns_rdataclass_any,
@ -984,7 +984,7 @@ dns_tkey_buildgssquery(dns_message_t *msg, dns_name_t *name, dns_name_t *gname,
 	isc_result_t result;
 	isc_stdtime_t now;
 	isc_buffer_t token;
-	unsigned char array[2048];
+	unsigned char array[4096];

 	UNUSED(intoken);