diff --git a/CHANGES b/CHANGES index 4311f15c39..db3dd178e3 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,5 @@ +2352. [bug] Various GSS_API fixups. [RT #17729] + 2351. [bug] convertxsl.pl generated very long lines. [RT #17906] 2350. [port] win32: IPv6 support. [RT #17797] diff --git a/lib/dns/gssapi_link.c b/lib/dns/gssapi_link.c index b37b39e9ca..65812d8641 100644 --- a/lib/dns/gssapi_link.c +++ b/lib/dns/gssapi_link.c @@ -16,7 +16,7 @@ */ /* - * $Id: gssapi_link.c,v 1.7 2007/06/19 23:47:16 tbox Exp $ + * $Id: gssapi_link.c,v 1.8 2008/04/03 00:45:23 marka Exp $ */ #include @@ -174,7 +174,8 @@ gssapi_sign(dst_context_t *dctx, isc_buffer_t *sig) { * allocated space. */ isc_buffer_putmem(sig, gsig.value, gsig.length); - gss_release_buffer(&minor, &gsig); + if (gsig.length != 0) + gss_release_buffer(&minor, &gsig); return (ISC_R_SUCCESS); } diff --git a/lib/dns/gssapictx.c b/lib/dns/gssapictx.c index 8cfd082168..22762e8945 100644 --- a/lib/dns/gssapictx.c +++ b/lib/dns/gssapictx.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: gssapictx.c,v 1.10 2008/01/22 23:28:04 tbox Exp $ */ +/* $Id: gssapictx.c,v 1.11 2008/04/03 00:45:23 marka Exp $ */ #include @@ -175,11 +175,13 @@ log_cred(const gss_cred_id_t cred) { } if (gret == GSS_S_COMPLETE) { - gret = gss_release_buffer(&minor, &gbuffer); - if (gret != GSS_S_COMPLETE) - gss_log(3, "failed gss_release_buffer: %s", - gss_error_tostring(gret, minor, buf, - sizeof(buf))); + if (gbuffer.length != 0) { + gret = gss_release_buffer(&minor, &gbuffer); + if (gret != GSS_S_COMPLETE) + gss_log(3, "failed gss_release_buffer: %s", + gss_error_tostring(gret, minor, buf, + sizeof(buf))); + } } gret = gss_release_name(&minor, &gname); @@ -459,7 +461,7 @@ dst_gssapi_initctx(dns_name_t *name, isc_buffer_t *intoken, isc_buffer_t namebuf; gss_name_t gname; OM_uint32 gret, minor, ret_flags, flags; - gss_buffer_desc gintoken, *gintokenp, gouttoken; + gss_buffer_desc gintoken, *gintokenp, gouttoken = GSS_C_EMPTY_BUFFER; isc_result_t result; gss_buffer_desc gnamebuf; unsigned char array[DNS_NAME_MAXTEXT + 1]; @@ -507,11 +509,15 @@ dst_gssapi_initctx(dns_name_t *name, isc_buffer_t *intoken, * MUTUAL and INTEG flags, fail if either not set. */ - GBUFFER_TO_REGION(gouttoken, r); - RETERR(isc_buffer_copyregion(outtoken, &r)); - + /* + * RFC 2744 states the a valid output token has a non-zero length. + */ + if (gouttoken.length != 0) { + GBUFFER_TO_REGION(gouttoken, r); + RETERR(isc_buffer_copyregion(outtoken, &r)); + (void)gss_release_buffer(&minor, &gouttoken); + } (void)gss_release_name(&minor, &gname); - (void)gss_release_buffer(&minor, &gouttoken); if (gret == GSS_S_COMPLETE) result = ISC_R_SUCCESS; @@ -539,7 +545,8 @@ dst_gssapi_acceptctx(gss_cred_id_t cred, #ifdef GSSAPI isc_region_t r; isc_buffer_t namebuf; - gss_buffer_desc gnamebuf, gintoken, gouttoken; + gss_buffer_desc gnamebuf = GSS_C_EMPTY_BUFFER, gintoken, + gouttoken = GSS_C_EMPTY_BUFFER; OM_uint32 gret, minor; gss_ctx_id_t context = GSS_C_NO_CONTEXT; gss_name_t gname = NULL; @@ -593,6 +600,7 @@ dst_gssapi_acceptctx(gss_cred_id_t cred, RETERR(isc_buffer_allocate(mctx, outtoken, gouttoken.length)); GBUFFER_TO_REGION(gouttoken, r); RETERR(isc_buffer_copyregion(*outtoken, &r)); + (void)gss_release_buffer(&minor, &gouttoken); } if (gret == GSS_S_COMPLETE) { @@ -624,11 +632,13 @@ dst_gssapi_acceptctx(gss_cred_id_t cred, RETERR(dns_name_fromtext(principal, &namebuf, dns_rootname, ISC_FALSE, NULL)); - gret = gss_release_buffer(&minor, &gnamebuf); - if (gret != GSS_S_COMPLETE) - gss_log(3, "failed gss_release_buffer: %s", - gss_error_tostring(gret, minor, buf, - sizeof(buf))); + if (gnamebuf.length != 0) { + gret = gss_release_buffer(&minor, &gnamebuf); + if (gret != GSS_S_COMPLETE) + gss_log(3, "failed gss_release_buffer: %s", + gss_error_tostring(gret, minor, buf, + sizeof(buf))); + } } *ctxout = context; @@ -685,7 +695,8 @@ char * gss_error_tostring(isc_uint32_t major, isc_uint32_t minor, char *buf, size_t buflen) { #ifdef GSSAPI - gss_buffer_desc msg_minor, msg_major; + gss_buffer_desc msg_minor = GSS_C_EMPTY_BUFFER, + msg_major = GSS_C_EMPTY_BUFFER; OM_uint32 msg_ctx, minor_stat; /* Handle major status */ @@ -701,8 +712,10 @@ gss_error_tostring(isc_uint32_t major, isc_uint32_t minor, snprintf(buf, buflen, "GSSAPI error: Major = %s, Minor = %s.", (char *)msg_major.value, (char *)msg_minor.value); - (void)gss_release_buffer(&minor_stat, &msg_major); - (void)gss_release_buffer(&minor_stat, &msg_minor); + if (msg_major.length != 0) + (void)gss_release_buffer(&minor_stat, &msg_major); + if (msg_minor.length != 0) + (void)gss_release_buffer(&minor_stat, &msg_minor); return(buf); #else snprintf(buf, buflen, "GSSAPI error: Major = %u, Minor = %u.", diff --git a/lib/dns/spnego.c b/lib/dns/spnego.c index 279d945f1d..9a0db4ca10 100644 --- a/lib/dns/spnego.c +++ b/lib/dns/spnego.c @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: spnego.c,v 1.5 2007/06/19 23:47:16 tbox Exp $ */ +/* $Id: spnego.c,v 1.6 2008/04/03 00:45:23 marka Exp $ */ /*! \file * \brief @@ -169,88 +169,6 @@ */ #include "spnego.h" -/* - * The isc_mem function keep track of allocation sizes, but we can't - * get at that information, and we need to know sizes to implement a - * realloc() clone. So we use a little more memory to keep track of - * sizes allocated here. - * - * These functions follow Harbison & Steele, 4th edition, particularly - * with regard to realloc()'s behavior. - */ - -static void * -spnego_malloc(size_t size, const char *file, int line) -{ - char *p; - - if (size == 0) - return (NULL); - p = isc_mem_allocate(dst__memory_pool, size + sizeof(size_t)); - if (p == NULL) - return NULL; - *(size_t *)p = size; - p += sizeof(size_t); -#ifdef SPNEGO_ALLOC_DEBUG - printf("spnego_malloc(%lu) %lx %s %u\n", - (unsigned long) size, (unsigned long) p, file, line); -#else - (void)file; - (void)line; -#endif - return (p); -} - -static void -spnego_free(void *ptr, const char *file, int line) -{ - char *p = ptr; - - if (p == NULL) - return; -#ifdef SPNEGO_ALLOC_DEBUG - printf("spnego_free(%lx) %s %u\n", - (unsigned long) p, file, line); -#else - (void)file; - (void)line; -#endif - p -= sizeof(size_t); - isc_mem_free(dst__memory_pool, p); -} - -static void * -spnego_realloc(void *old_ptr, size_t new_size, const char *file, int line) -{ - size_t *old_size; - void *new_ptr; - - if (old_ptr == NULL) - return (spnego_malloc(new_size, file, line)); - - if (new_size == 0) { - spnego_free(old_ptr, file, line); - return (NULL); - } - - old_size = old_ptr; - old_size--; - if (*old_size >= new_size) - return (old_ptr); - - new_ptr = spnego_malloc(new_size, file, line); - if (new_ptr == NULL) - return (NULL); - - memcpy(new_ptr, old_ptr, *old_size); - spnego_free(old_ptr, file, line); - return (new_ptr); -} - -#define malloc(x) spnego_malloc(x, __FILE__, __LINE__) -#define free(x) spnego_free(x, __FILE__, __LINE__) -#define realloc(x,y) spnego_realloc(x, y, __FILE__, __LINE__) - /* asn1_err.h */ /* Generated from ../../../lib/asn1/asn1_err.et */ @@ -756,7 +674,7 @@ gss_accept_sec_context_spnego(OM_uint32 *minor_status, ot = &obuf; } ret = send_accept(&minor_status2, output_token, ot, pref); - if (ot != NULL) + if (ot != NULL && ot->length != 0) gss_release_buffer(&minor_status2, ot); return (ret); @@ -1485,8 +1403,11 @@ gssapi_spnego_encapsulate(OM_uint32 * minor_status, return (GSS_S_FAILURE); } p = gssapi_mech_make_header(output_token->value, len, mech); - if (p == NULL) + if (p == NULL) { + if (output_token->length != 0) + gss_release_buffer(&minor_status, output_token); return (GSS_S_FAILURE); + } memcpy(p, buf, buf_size); return (GSS_S_COMPLETE); } @@ -1659,8 +1580,8 @@ spnego_initial(OM_uint32 *minor_status, ret = gssapi_spnego_encapsulate(minor_status, buf + buf_size - len, len, output_token, GSS_SPNEGO_MECH); - - ret = major_status; + if (ret == GSS_S_COMPLETE) + ret = major_status; end: if (token_init.mechToken != NULL) { @@ -1668,7 +1589,7 @@ end: token_init.mechToken = NULL; } free_NegTokenInit(&token_init); - if (krb5_output_token.length > 0) + if (krb5_output_token.length != 0) gss_release_buffer(&minor_status2, &krb5_output_token); if (buf) free(buf); diff --git a/lib/dns/tkey.c b/lib/dns/tkey.c index baf78ae348..9e59dfaf8e 100644 --- a/lib/dns/tkey.c +++ b/lib/dns/tkey.c @@ -16,7 +16,7 @@ */ /* - * $Id: tkey.c,v 1.89 2008/01/18 23:46:58 tbox Exp $ + * $Id: tkey.c,v 1.90 2008/04/03 00:45:23 marka Exp $ */ /*! \file */ #include @@ -69,7 +69,7 @@ tkey_log(const char *fmt, ...) { static void _dns_tkey_dumpmessage(dns_message_t *msg) { isc_buffer_t outbuf; - unsigned char output[2048]; + unsigned char output[4096]; isc_result_t result; isc_buffer_init(&outbuf, output, sizeof(output)); @@ -846,7 +846,7 @@ buildquery(dns_message_t *msg, dns_name_t *name, dns_rdataset_makequestion(question, dns_rdataclass_any, dns_rdatatype_tkey); - RETERR(isc_buffer_allocate(msg->mctx, &dynbuf, 2048)); + RETERR(isc_buffer_allocate(msg->mctx, &dynbuf, 4096)); RETERR(dns_message_gettemprdata(msg, &rdata)); RETERR(dns_rdata_fromstruct(rdata, dns_rdataclass_any, @@ -984,7 +984,7 @@ dns_tkey_buildgssquery(dns_message_t *msg, dns_name_t *name, dns_name_t *gname, isc_result_t result; isc_stdtime_t now; isc_buffer_t token; - unsigned char array[2048]; + unsigned char array[4096]; UNUSED(intoken);