gss-proxy.git/proxy/src/client, branch review Work on gss-proxy before it lands upstream Suppress warning: use after free 2015-03-29T21:34:42+00:00 Lukas Slebodnik lslebodn@redhat.com 2015-03-28T15:49:17+00:00 00c6b95f7f10bd0b1897f8384d7ff985a9633c81 gssx_ctx is released in case of error. After the latest changes, the old ctx is always replaced to new one and output argument is set. Although it would not be used because return code would not be success it's safer to set NULL to the pointer and avoid warnings from static analyzers. src/client/gpm_init_sec_context.c:108: alias: Assigning: "ctx" = "res->context_handle". Now both point to the same storage. src/client/gpm_init_sec_context.c:156: freed_arg: "free" frees "ctx". src/client/gpm_init_sec_context.c:173: use_after_free: Using freed pointer "ctx". Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
gssx_ctx is released in case of error. After the latest changes,
the old ctx is always replaced to new one and output argument is set.

Although it would not be used because return code would not be success
it's safer to set NULL to the pointer and avoid warnings from static analyzers.

src/client/gpm_init_sec_context.c:108:
    alias: Assigning: "ctx" = "res->context_handle".
    Now both point to the same storage.
src/client/gpm_init_sec_context.c:156: freed_arg: "free" frees "ctx".
src/client/gpm_init_sec_context.c:173: use_after_free: Using freed pointer "ctx".

Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Remove unused parameter from get_pipe_name 2015-03-29T21:32:01+00:00 Lukas Slebodnik lslebodn@redhat.com 2015-03-28T13:14:04+00:00 ff6e3a3f259a5e55ccf92a1b8ec60fb264ac3425 Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Properly handle security contexts on error 2015-03-24T15:49:25+00:00 Simo Sorce simo@redhat.com 2015-02-26T20:49:59+00:00 ab69b71fcf9187269058b4e1ff7b394cc37f19da On error we need to make sure we do not return a pointer to a security context that may have been already freed. So make sure to always unconditionally return the context that we've been returned by our callees. Also reorganize the code so we do not accidently wipe the context and leak memoy on error. This fixed a double-free bug found by NFS folks @ Red Hat Fixes: https://fedorahosted.org/gss-proxy/ticket/137 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Nathaniel McCallum <npmccallum@redhat.com> 
On error we need to make sure we do not return a pointer to a
security context that may have been already freed.
So make sure to always unconditionally return the context that we've
been returned by our callees.
Also reorganize the code so we do not accidently wipe the context
and leak memoy on error.

This fixed a double-free bug found by NFS folks @ Red Hat

Fixes: https://fedorahosted.org/gss-proxy/ticket/137

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Nathaniel McCallum <npmccallum@redhat.com>
Properly cleanup mutex on failure. 2014-03-12T13:03:44+00:00 Simo Sorce simo@redhat.com 2014-03-11T22:16:32+00:00 f39b471f34b381784a1bd1906bf8335ac2c7ef5e If the call to create socket fails we leave a dangling lock and the client enters into a deadlock on the next call. Fixes: https://fedorahosted.org/gss-proxy/ticket/121 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com> 
If the call to create socket fails we leave a dangling lock and the client
enters into a deadlock on the next call.

Fixes: https://fedorahosted.org/gss-proxy/ticket/121

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
Add zero termination when the buffer is a string 2014-01-15T14:00:03+00:00 Simo Sorce simo@redhat.com 2013-12-27T16:38:10+00:00 d78ad1fc906d1e03b8232e4c9aab831899c26b31 This shouldn't be needed but apaprently there are a number of applications like mod_auth_kerb that just blindly assume the out buffer returned by gss_diplay_name() is a zero terminated string even though there is no guarantee it is in the API. To avoid annoying misbehavior we forcibly zero terminate strings copied and returned by the interposer. Fixes: https://fedorahosted.org/gss-proxy/ticket/101 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com> 
This shouldn't be needed but apaprently there are a number of applications
like mod_auth_kerb that just blindly assume the out buffer returned by
gss_diplay_name() is a zero terminated string even though there is no
guarantee it is in the API. To avoid annoying misbehavior we forcibly zero
terminate strings copied and returned by the interposer.

Fixes: https://fedorahosted.org/gss-proxy/ticket/101

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
Use gp_strerror() everywhere instead of strerror() 2013-11-22T13:41:24+00:00 Simo Sorce simo@redhat.com 2013-11-21T17:14:36+00:00 db8099da53167ca4ebf3b9f5ef0c702ddfe8b366 https://fedorahosted.org/gss-proxy/ticket/111 Reviewed-by: Günther Deschner <gdeschner@redhat.com> 
https://fedorahosted.org/gss-proxy/ticket/111

Reviewed-by: Günther Deschner <gdeschner@redhat.com>
Use secure_getenv in client and mechglue module 2013-11-21T12:48:25+00:00 Simo Sorce simo@redhat.com 2013-11-20T16:58:22+00:00 23f4ee4359d10f66e1938ce6b1d92d3cc77865ff proxymehc.so may be used in setuid binaries so follow best security practices and use secure_getenv() if available. Fallback to poorman emulation when secure_getenv() is not available. Resolves: https://fedorahosted.org/gss-proxy/ticket/110 Reviewed-by: Günther Deschner <gdeschner@redhat.com> 
proxymehc.so may be used in setuid binaries so follow best security
practices and use secure_getenv() if available.
Fallback to poorman emulation when secure_getenv() is not available.

Resolves: https://fedorahosted.org/gss-proxy/ticket/110

Reviewed-by: Günther Deschner <gdeschner@redhat.com>
Fix continuations in context establishment calls 2013-11-19T13:34:47+00:00 Simo Sorce simo@redhat.com 2013-11-15T15:33:52+00:00 556ea844a5783f9876ee748e1c686bb268f54e8a Properly support continuations, including returning the rigth error code and exporting partial contexts. Fixes multistep authentications in particular for the initialization case which always uses continuations. Resolves: https://fedorahosted.org/gss-proxy/ticket/108 Reviewed-by: Günther Deschner <gdeschner@redhat.com> 
Properly support continuations, including returning the rigth error code
and exporting partial contexts.

Fixes multistep authentications in particular for the initialization case
which always uses continuations.

Resolves: https://fedorahosted.org/gss-proxy/ticket/108

Reviewed-by: Günther Deschner <gdeschner@redhat.com>
Preserve requested flags and lifetime 2013-11-19T13:02:42+00:00 Simo Sorce simo@redhat.com 2013-11-13T22:57:06+00:00 cc538c36ca32850e0b3280b7d8524d23345eed9e These arguments have been accidentally forgotten causing failures for applications that specify non default flags and non indefinite lifetime. https://fedorahosted.org/gss-proxy/ticket/106 Reviewed-by: Günther Deschner <gdeschner@redhat.com> 
These arguments have been accidentally forgotten causing failures for
applications that specify non default flags and non indefinite lifetime.

https://fedorahosted.org/gss-proxy/ticket/106

Reviewed-by: Günther Deschner <gdeschner@redhat.com>
Fix resource leak in gpm_accept_sec_context(). 2013-10-15T11:48:20+00:00 Günther Deschner gdeschner@redhat.com 2013-10-14T15:30:22+00:00 39ea56ce5d2cdfe08ed137c5262a709bbb08f151 Resolves Coverity CID #12027. Signed-off-by: Günther Deschner <gdeschner@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Resolves Coverity CID #12027.

Signed-off-by: Günther Deschner <gdeschner@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>