diff options
| author | Tom Yu <tlyu@mit.edu> | 2005-01-14 21:52:15 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2005-01-14 21:52:15 +0000 |
| commit | 54f662cf9abca6885831158e35cf0784074fc68d (patch) | |
| tree | a5e8040e7a6e8c69cbe8f72e7d1367dce2c47284 | |
| parent | 5fa85954e49406f5d9c05391f9f6774f8d04624d (diff) | |
| download | krb5-54f662cf9abca6885831158e35cf0784074fc68d.tar.gz krb5-54f662cf9abca6885831158e35cf0784074fc68d.tar.xz krb5-54f662cf9abca6885831158e35cf0784074fc68d.zip | |
Fix braino in previous change to xdr_bytes. New test case for
RPCSEC_GSS fixed-size buffers.
ticket: 2877
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17039 dc483132-0cff-0310-8789-dd5450dbe970
| -rw-r--r-- | src/lib/rpc/ChangeLog | 4 | ||||
| -rw-r--r-- | src/lib/rpc/authgss_prot.c | 2 | ||||
| -rw-r--r-- | src/lib/rpc/xdr.c | 5 | ||||
| -rw-r--r-- | src/tests/dejagnu/krb-standalone/ChangeLog | 7 | ||||
| -rw-r--r-- | src/tests/dejagnu/krb-standalone/kadmin.exp | 18 |
5 files changed, 31 insertions, 5 deletions
diff --git a/src/lib/rpc/ChangeLog b/src/lib/rpc/ChangeLog index 23d6b8b75c..def5183a36 100644 --- a/src/lib/rpc/ChangeLog +++ b/src/lib/rpc/ChangeLog @@ -1,9 +1,13 @@ 2005-01-14 Tom Yu <tlyu@mit.edu> + * xdr.c (xdr_bytes): Revert previous; the problem was actually in + xdr_rpc_gss_buf. + * authgss_prot.c (xdr_rpc_gss_wrap_data): Use xdr_alloc to avoid size limit issues. Use (unsigned int)-1 instead of MAX_NETOBJ_SZ. (xdr_rpc_gss_unwrap_data): Use (unsigned int)-1 instead of MAX_NETOBJ_SZ. + (xdr_rpc_gss_buf): Set tmplen even if doing XDR_FREE. * xdr.c (xdr_bytes): Don't assign from *sizep if XDR_FREE, since it'll be uninitialized then. Shuts up Purify. diff --git a/src/lib/rpc/authgss_prot.c b/src/lib/rpc/authgss_prot.c index e648f47f72..ab6e7fea07 100644 --- a/src/lib/rpc/authgss_prot.c +++ b/src/lib/rpc/authgss_prot.c @@ -52,7 +52,7 @@ xdr_rpc_gss_buf(XDR *xdrs, gss_buffer_t buf, u_int maxsize) bool_t xdr_stat; u_int tmplen; - if (xdrs->x_op == XDR_ENCODE) { + if (xdrs->x_op != XDR_DECODE) { if (buf->length > UINT_MAX) return (FALSE); else diff --git a/src/lib/rpc/xdr.c b/src/lib/rpc/xdr.c index 7e13fd631c..ec0d27717f 100644 --- a/src/lib/rpc/xdr.c +++ b/src/lib/rpc/xdr.c @@ -409,10 +409,9 @@ xdr_bytes( if (! xdr_u_int(xdrs, sizep)) { return (FALSE); } - if ((xdrs->x_op != XDR_FREE) && (*sizep > maxsize)) { + nodesize = *sizep; + if ((nodesize > maxsize) && (xdrs->x_op != XDR_FREE)) { return (FALSE); - } else { - nodesize = *sizep; } /* diff --git a/src/tests/dejagnu/krb-standalone/ChangeLog b/src/tests/dejagnu/krb-standalone/ChangeLog index 0372fe0987..8e0e4470d9 100644 --- a/src/tests/dejagnu/krb-standalone/ChangeLog +++ b/src/tests/dejagnu/krb-standalone/ChangeLog @@ -1,3 +1,10 @@ +2005-01-14 Tom Yu <tlyu@mit.edu> + + * kadmin.exp (kadmin_list): Check for communication failure. + (kadmin_test): Create a large number of principals, then attempt + to list, in order to check for fixed-size buffer problems in + RPCSEC_GSS. + 2005-01-11 Ken Raeburn <raeburn@mit.edu> * gssftp.exp (start_ftp_daemon): Use built-in sleep command. diff --git a/src/tests/dejagnu/krb-standalone/kadmin.exp b/src/tests/dejagnu/krb-standalone/kadmin.exp index ded386d3de..c72548114f 100644 --- a/src/tests/dejagnu/krb-standalone/kadmin.exp +++ b/src/tests/dejagnu/krb-standalone/kadmin.exp @@ -402,6 +402,11 @@ proc kadmin_list { } { catch "expect_after" return 0 } + "Communication failure" { + fail "kadmin ldb got RPC error" + catch "expect_after" + return 0 + } timeout { fail "kadmin ldb" catch "expect_after" @@ -416,7 +421,7 @@ proc kadmin_list { } { expect -re "assword\[^\r\n\]*: *" { send "adminpass$KEY\r" } - expect -re "\(.*@$REALMNAME\r\n\)*" + expect -re "\(.*@$REALMNAME\r\n\)+" expect_after expect eof set k_stat [wait -i $spawn_id] @@ -1033,6 +1038,17 @@ proc kadmin_test { } { return } + # test retrieval of large number of principals + # bug [2877] + for { set i 0 } { $i < 200 } { incr i } { + if { ![kadmin_add "foo$i" foopass] } { + return + } + } + + if { ![kadmin_list] } { + return + } verbose "kadmin_test succeeded" } |