add better JSON type checking to RADIUS decoder

[mech_eap.orig] / util_attr.cpp

diff --git a/util_attr.cpp b/util_attr.cpp
index 9973a00..384769f 100644 (file)
--- a/util_attr.cpp
+++ b/util_attr.cpp
@@ -55,11 +55,17 @@ gssEapAttrProvidersInitInternal(void)
     assert(gssEapAttrProvidersInitStatus == GSS_S_UNAVAILABLE);
 
     major = gssEapRadiusAttrProviderInit(&minor);
-    if (major == GSS_S_COMPLETE)
-        major = gssEapSamlAttrProvidersInit(&minor);
-    if (major == GSS_S_COMPLETE)
-        major = gssEapLocalAttrProviderInit(&minor);
+    if (GSS_ERROR(major))
+        goto cleanup;
+
+    major = gssEapSamlAttrProvidersInit(&minor);
+    if (GSS_ERROR(major))
+        goto cleanup;
+
+    /* Allow Shibboleth initialization failure to be non-fatal */
+    gssEapLocalAttrProviderInit(&minor);
 
+cleanup:
 #ifdef GSSEAP_DEBUG
     assert(major == GSS_S_COMPLETE);
 #endif
@@ -308,7 +314,7 @@ gss_eap_attr_ctx::initWithJsonObject(JSONObject &obj)
             continue;
 
         JSONObject source = sources.get(key);
-        if (!source.isnull() &&
+        if (!source.isNull() &&
             !provider->initWithJsonObject(this, source)) {
             releaseProvider(type);
             return false;
@@ -384,7 +390,7 @@ gss_eap_attr_ctx::initFromBuffer(const gss_buffer_t buffer)
         return false;
 
     JSONObject obj = JSONObject::load(s, 0, &error);
-    if (!obj.isnull()) {
+    if (!obj.isNull()) {
         ret = initWithJsonObject(obj);
     } else
         ret = false;
@@ -630,7 +636,7 @@ gss_eap_attr_ctx::exportToBuffer(gss_buffer_t buffer) const
     JSONObject obj = jsonRepresentation();
 
 #if 0
-    obj.dump(stdout, JSON_INDENT(3));
+    obj.dump(stdout);
 #endif
 
     s = obj.dump(JSON_COMPACT);
@@ -673,11 +679,16 @@ gss_eap_attr_ctx::mapException(OM_uint32 *minor, std::exception &e) const
     OM_uint32 major;
 
     /* Errors we handle ourselves */
-    major = GSS_S_FAILURE;
-
     if (typeid(e) == typeid(std::bad_alloc)) {
         *minor = ENOMEM;
         goto cleanup;
+    } else if (typeid(e) == typeid(std::runtime_error)) {
+        major = GSS_S_BAD_NAME;
+        *minor = GSSEAP_BAD_ATTR_TOKEN;
+        goto cleanup;
+    } else if (this == NULL) {
+        major = GSS_S_FAILURE;
+        goto cleanup;
     }
 
     /* Errors we delegate to providers */
@@ -872,8 +883,10 @@ gssEapGetNameAttribute(OM_uint32 *minor,
                        gss_buffer_t display_value,
                        int *more)
 {
-    *authenticated = 0;
-    *complete = 0;
+    if (authenticated != NULL)
+        *authenticated = 0;
+    if (complete != NULL)
+        *complete = 0;
 
     if (value != NULL) {
         value->length = 0;
@@ -1008,7 +1021,7 @@ gssEapImportAttrContext(OM_uint32 *minor,
             if (!ctx->initFromBuffer(buffer)) {
                 delete ctx;
                 *minor = GSSEAP_BAD_ATTR_TOKEN;
-                return GSS_S_DEFECTIVE_TOKEN;
+                return GSS_S_BAD_NAME;
             }
             name->attrCtx = ctx;
         } catch (std::exception &e) {
@@ -1134,12 +1147,10 @@ gssEapCreateAttrContext(OM_uint32 *minor,
     major = GSS_S_FAILURE;
 
     try {
-        ctx = new gss_eap_attr_ctx();
+        *pAttrContext = ctx = new gss_eap_attr_ctx();
         if (ctx->initFromGssContext(gssCred, gssCtx)) {
             *minor = 0;
             major = GSS_S_COMPLETE;
-        } else {
-            delete ctx;
         }
     } catch (std::exception &e) {
         if (ctx != NULL)
@@ -1147,8 +1158,10 @@ gssEapCreateAttrContext(OM_uint32 *minor,
     }
 
     if (major == GSS_S_COMPLETE) {
-        *pAttrContext = ctx;
         *pExpiryTime = ctx->getExpiryTime();
+    } else {
+        delete ctx;
+        *pAttrContext = NULL;
     }
 
     return major;