Fix braino in previous change to xdr_bytes. New test case for
authorTom Yu <tlyu@mit.edu>
Fri, 14 Jan 2005 21:52:15 +0000 (21:52 +0000)
committerTom Yu <tlyu@mit.edu>
Fri, 14 Jan 2005 21:52:15 +0000 (21:52 +0000)
RPCSEC_GSS fixed-size buffers.

ticket: 2877
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17039 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/rpc/ChangeLog
src/lib/rpc/authgss_prot.c
src/lib/rpc/xdr.c
src/tests/dejagnu/krb-standalone/ChangeLog
src/tests/dejagnu/krb-standalone/kadmin.exp

index 23d6b8b75cce6a59aa8fd48ffe75a5bdc97e05ba..def5183a367f5df3825d43d36dd568fa1442982d 100644 (file)
@@ -1,9 +1,13 @@
 2005-01-14  Tom Yu  <tlyu@mit.edu>
 
+       * xdr.c (xdr_bytes): Revert previous; the problem was actually in
+       xdr_rpc_gss_buf.
+
        * authgss_prot.c (xdr_rpc_gss_wrap_data): Use xdr_alloc to avoid
        size limit issues.  Use (unsigned int)-1 instead of MAX_NETOBJ_SZ.
        (xdr_rpc_gss_unwrap_data): Use (unsigned int)-1 instead of
        MAX_NETOBJ_SZ.
+       (xdr_rpc_gss_buf): Set tmplen even if doing XDR_FREE.
 
        * xdr.c (xdr_bytes): Don't assign from *sizep if XDR_FREE, since
        it'll be uninitialized then.  Shuts up Purify.
index e648f47f7273afc8c486c86cc11f9e3086628cd5..ab6e7fea077cc7832580c3e3da6cc85ba84e7431 100644 (file)
@@ -52,7 +52,7 @@ xdr_rpc_gss_buf(XDR *xdrs, gss_buffer_t buf, u_int maxsize)
        bool_t xdr_stat;
        u_int tmplen;
 
-       if (xdrs->x_op == XDR_ENCODE) {
+       if (xdrs->x_op != XDR_DECODE) {
                if (buf->length > UINT_MAX)
                        return (FALSE);
                else
index 7e13fd631c7f3b639b8d7bc6aa428427d211f2f2..ec0d27717ff6cf71de7ce5b9c1eed03e74bb7830 100644 (file)
@@ -409,10 +409,9 @@ xdr_bytes(
        if (! xdr_u_int(xdrs, sizep)) {
                return (FALSE);
        }
-       if ((xdrs->x_op != XDR_FREE) && (*sizep > maxsize)) {
+       nodesize = *sizep;
+       if ((nodesize > maxsize) && (xdrs->x_op != XDR_FREE)) {
                return (FALSE);
-       } else {
-               nodesize = *sizep;
        }
 
        /*
index 0372fe0987c8846faf17a06837a7933e672c738a..8e0e4470d9b757abfec804633ba11799a15a0eac 100644 (file)
@@ -1,3 +1,10 @@
+2005-01-14  Tom Yu  <tlyu@mit.edu>
+
+       * kadmin.exp (kadmin_list): Check for communication failure.
+       (kadmin_test): Create a large number of principals, then attempt
+       to list, in order to check for fixed-size buffer problems in
+       RPCSEC_GSS.
+
 2005-01-11  Ken Raeburn  <raeburn@mit.edu>
 
        * gssftp.exp (start_ftp_daemon): Use built-in sleep command.
index ded386d3de1c67dd00338adc305ea499ba32fb9a..c72548114fdd5c4bc4d99894fd016da915c5b1c3 100644 (file)
@@ -402,6 +402,11 @@ proc kadmin_list {  } {
            catch "expect_after"
            return 0
        }
+       "Communication failure" {
+           fail "kadmin ldb got RPC error"
+           catch "expect_after"
+           return 0
+       }
        timeout {
            fail "kadmin ldb"
            catch "expect_after"
@@ -416,7 +421,7 @@ proc kadmin_list {  } {
     expect -re "assword\[^\r\n\]*: *" {
        send "adminpass$KEY\r"
     }
-    expect -re "\(.*@$REALMNAME\r\n\)*"
+    expect -re "\(.*@$REALMNAME\r\n\)+"
     expect_after
     expect eof
     set k_stat [wait -i $spawn_id]
@@ -1033,6 +1038,17 @@ proc kadmin_test { } {
        return
     }
 
+    # test retrieval of large number of principals
+    # bug [2877]
+    for { set i 0 } { $i < 200 } { incr i } {
+       if { ![kadmin_add "foo$i" foopass] } {
+           return
+       }
+    }
+
+    if { ![kadmin_list] } {
+       return
+    }
     verbose "kadmin_test succeeded"
 }