From b34cd8e36155ce0b5083b027ebb078312c37e7ff Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Mon, 13 Sep 2010 17:13:05 +0200 Subject: [PATCH] cleanup --- mech_eap/accept_sec_context.c | 11 +++--- mech_eap/export_sec_context.c | 5 ++- mech_eap/import_sec_context.c | 6 ++-- mech_eap/init_sec_context.c | 12 ++++--- mech_eap/unwrap_iov.c | 4 +-- mech_eap/util.h | 26 +++++++++------ mech_eap/util_context.c | 2 +- mech_eap/util_ordering.c | 78 +++++++++++++++++++++++++++---------------- 8 files changed, 91 insertions(+), 53 deletions(-) diff --git a/mech_eap/accept_sec_context.c b/mech_eap/accept_sec_context.c index 7aea19d..4e01eba 100644 --- a/mech_eap/accept_sec_context.c +++ b/mech_eap/accept_sec_context.c @@ -250,10 +250,13 @@ acceptReady(OM_uint32 *minor, gss_ctx_id_t ctx) ctx->gssFlags &= ~(GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG); } - sequenceInit(&ctx->seqState, ctx->recvSeq, - ((ctx->gssFlags & GSS_C_REPLAY_FLAG) != 0), - ((ctx->gssFlags & GSS_C_SEQUENCE_FLAG) != 0), - TRUE); + major = sequenceInit(minor, + &ctx->seqState, ctx->recvSeq, + ((ctx->gssFlags & GSS_C_REPLAY_FLAG) != 0), + ((ctx->gssFlags & GSS_C_SEQUENCE_FLAG) != 0), + TRUE); + if (GSS_ERROR(major)) + return major; return GSS_S_COMPLETE; } diff --git a/mech_eap/export_sec_context.c b/mech_eap/export_sec_context.c index cf3ffb0..ca35a4f 100644 --- a/mech_eap/export_sec_context.c +++ b/mech_eap/export_sec_context.c @@ -131,7 +131,10 @@ gssEapExportSecContext(OM_uint32 *minor, store_uint64_be(ctx->sendSeq, &p[8]); store_uint64_be(ctx->recvSeq, &p[16]); p += 24; - sequenceExternalize(ctx->seqState, &p, &length); + + major = sequenceExternalize(minor, ctx->seqState, &p, &length); + if (GSS_ERROR(major)) + goto cleanup; if (partialCtx.value != NULL) p = store_buffer(&partialCtx, p, FALSE); diff --git a/mech_eap/import_sec_context.c b/mech_eap/import_sec_context.c index 13f0ae2..fce6cf3 100644 --- a/mech_eap/import_sec_context.c +++ b/mech_eap/import_sec_context.c @@ -249,9 +249,9 @@ gssEapImportContext(OM_uint32 *minor, p += 24; remain -= 24; - *minor = sequenceInternalize(&ctx->seqState, &p, &remain); - if (*minor != 0) - return GSS_S_FAILURE; + major = sequenceInternalize(minor, &ctx->seqState, &p, &remain); + if (GSS_ERROR(major)) + return major; /* * The partial context should only be expected for unestablished diff --git a/mech_eap/init_sec_context.c b/mech_eap/init_sec_context.c index 27d7c06..330d0ae 100644 --- a/mech_eap/init_sec_context.c +++ b/mech_eap/init_sec_context.c @@ -266,10 +266,14 @@ initReady(OM_uint32 *minor, gss_ctx_id_t ctx) ctx->gssFlags &= ~(GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG); } - sequenceInit(&ctx->seqState, ctx->recvSeq, - ((ctx->gssFlags & GSS_C_REPLAY_FLAG) != 0), - ((ctx->gssFlags & GSS_C_SEQUENCE_FLAG) != 0), - TRUE); + major = sequenceInit(minor, + &ctx->seqState, + ctx->recvSeq, + ((ctx->gssFlags & GSS_C_REPLAY_FLAG) != 0), + ((ctx->gssFlags & GSS_C_SEQUENCE_FLAG) != 0), + TRUE); + if (GSS_ERROR(major)) + return major; return GSS_S_COMPLETE; } diff --git a/mech_eap/unwrap_iov.c b/mech_eap/unwrap_iov.c index a1f3dbc..1624308 100644 --- a/mech_eap/unwrap_iov.c +++ b/mech_eap/unwrap_iov.c @@ -218,7 +218,7 @@ unwrapToken(OM_uint32 *minor, } } - code = sequenceCheck(&ctx->seqState, seqnum); + code = sequenceCheck(minor, &ctx->seqState, seqnum); } else if (toktype == TOK_TYPE_MIC || toktype == TOK_TYPE_GSS_CB) { if (load_uint16_be(ptr) != toktype) goto defective; @@ -236,7 +236,7 @@ unwrapToken(OM_uint32 *minor, return GSS_S_BAD_SIG; } if (toktype != TOK_TYPE_GSS_CB) - code = sequenceCheck(&ctx->seqState, seqnum); + code = sequenceCheck(minor, &ctx->seqState, seqnum); } else if (toktype == TOK_TYPE_DELETE_CONTEXT) { if (load_uint16_be(ptr) != TOK_TYPE_DELETE_CONTEXT) goto defective; diff --git a/mech_eap/util.h b/mech_eap/util.h index f2c992a..81e0073 100644 --- a/mech_eap/util.h +++ b/mech_eap/util.h @@ -350,23 +350,29 @@ oidEqual(const gss_OID_desc *o1, const gss_OID_desc *o2) } /* util_ordering.c */ -int -sequenceInternalize(void **vqueue, unsigned char **buf, size_t *lenremain); +OM_uint32 +sequenceInternalize(OM_uint32 *minor, + void **vqueue, + unsigned char **buf, + size_t *lenremain); -int -sequenceExternalize(void *vqueue, unsigned char **buf, size_t *lenremain); +OM_uint32 +sequenceExternalize(OM_uint32 *minor, + void *vqueue, + unsigned char **buf, + size_t *lenremain); size_t sequenceSize(void *vqueue); -void -sequenceFree(void **vqueue); +OM_uint32 +sequenceFree(OM_uint32 *minor, void **vqueue); -int -sequenceCheck(void **vqueue, uint64_t seqnum); +OM_uint32 +sequenceCheck(OM_uint32 *minor, void **vqueue, uint64_t seqnum); -int -sequenceInit(void **vqueue, uint64_t seqnum, +OM_uint32 +sequenceInit(OM_uint32 *minor, void **vqueue, uint64_t seqnum, int do_replay, int do_sequence, int wide_nums); /* util_token.c */ diff --git a/mech_eap/util_context.c b/mech_eap/util_context.c index 6ff5121..a1bd63b 100644 --- a/mech_eap/util_context.c +++ b/mech_eap/util_context.c @@ -110,7 +110,7 @@ gssEapReleaseContext(OM_uint32 *minor, gssEapReleaseName(&tmpMinor, &ctx->initiatorName); gssEapReleaseName(&tmpMinor, &ctx->acceptorName); gss_release_oid(&tmpMinor, &ctx->mechanismUsed); - sequenceFree(&ctx->seqState); + sequenceFree(&tmpMinor, &ctx->seqState); GSSEAP_MUTEX_DESTROY(&ctx->mutex); diff --git a/mech_eap/util_ordering.c b/mech_eap/util_ordering.c index 47c73d4..24c8a9a 100644 --- a/mech_eap/util_ordering.c +++ b/mech_eap/util_ordering.c @@ -117,20 +117,21 @@ queue_insert(queue *q, int after, uint64_t seqnum) } } -int -sequenceInit(void **vqueue, uint64_t seqnum, - int do_replay, int do_sequence, int wide_nums) +OM_uint32 +sequenceInit(OM_uint32 *minor, + void **vqueue, + uint64_t seqnum, + int do_replay, + int do_sequence, + int wide_nums) { queue *q; - if ((q = (queue *) GSSEAP_MALLOC(sizeof(queue))) == NULL) - return(ENOMEM); - - /* This stops valgrind from complaining about writing uninitialized - data if the caller exports the context and writes it to a file. - We don't actually use those bytes at all, but valgrind still - complains. */ - memset(q, 0xfe, sizeof(*q)); + q = (queue *)GSSEAP_CALLOC(1, sizeof(queue)); + if (q == NULL) { + *minor = ENOMEM; + return GSS_S_FAILURE; + } q->do_replay = do_replay; q->do_sequence = do_sequence; @@ -141,12 +142,15 @@ sequenceInit(void **vqueue, uint64_t seqnum, q->firstnum = seqnum; q->elem[q->start] = ((uint64_t)0 - 1) & q->mask; - *vqueue = (void *) q; - return(0); + *vqueue = (void *)q; + + return GSS_S_COMPLETE; } -int -sequenceCheck(void **vqueue, uint64_t seqnum) +OM_uint32 +sequenceCheck(OM_uint32 *minor, + void **vqueue, + uint64_t seqnum) { queue *q; int i; @@ -230,8 +234,8 @@ sequenceCheck(void **vqueue, uint64_t seqnum) return(GSS_S_FAILURE); } -void -sequenceFree(void **vqueue) +OM_uint32 +sequenceFree(OM_uint32 *minor, void **vqueue) { queue *q; @@ -240,6 +244,8 @@ sequenceFree(void **vqueue) GSSEAP_FREE(q); *vqueue = NULL; + + return GSS_S_COMPLETE; } /* @@ -251,11 +257,16 @@ sequenceSize(void *vqueue) return sizeof(queue); } -int -sequenceExternalize(void *vqueue, unsigned char **buf, size_t *lenremain) +OM_uint32 +sequenceExternalize(OM_uint32 *minor, + void *vqueue, + unsigned char **buf, + size_t *lenremain) { - if (*lenremain < sizeof(queue)) - return ERANGE; + if (*lenremain < sizeof(queue)) { + *minor = ERANGE; + return GSS_S_FAILURE; + } memcpy(*buf, vqueue, sizeof(queue)); *buf += sizeof(queue); *lenremain -= sizeof(queue); @@ -263,19 +274,30 @@ sequenceExternalize(void *vqueue, unsigned char **buf, size_t *lenremain) return 0; } -int -sequenceInternalize(void **vqueue, unsigned char **buf, size_t *lenremain) +OM_uint32 +sequenceInternalize(OM_uint32 *minor, + void **vqueue, + unsigned char **buf, + size_t *lenremain) { void *q; - if (*lenremain < sizeof(queue)) - return ERANGE; + if (*lenremain < sizeof(queue)) { + *minor = ERANGE; + return GSS_S_DEFECTIVE_TOKEN; + } + q = GSSEAP_MALLOC(sizeof(queue)); - if (q == NULL) - return ENOMEM; + if (q == NULL) { + *minor = ENOMEM; + return GSS_S_FAILURE; + } + memcpy(q, *buf, sizeof(queue)); *buf += sizeof(queue); *lenremain -= sizeof(queue); *vqueue = q; - return 0; + + *minor = 0; + return GSS_S_COMPLETE; } -- 2.1.4