From 54f662cf9abca6885831158e35cf0784074fc68d Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Fri, 14 Jan 2005 21:52:15 +0000 Subject: [PATCH] Fix braino in previous change to xdr_bytes. New test case for RPCSEC_GSS fixed-size buffers. ticket: 2877 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17039 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/rpc/ChangeLog | 4 ++++ src/lib/rpc/authgss_prot.c | 2 +- src/lib/rpc/xdr.c | 5 ++--- src/tests/dejagnu/krb-standalone/ChangeLog | 7 +++++++ src/tests/dejagnu/krb-standalone/kadmin.exp | 18 +++++++++++++++++- 5 files changed, 31 insertions(+), 5 deletions(-) diff --git a/src/lib/rpc/ChangeLog b/src/lib/rpc/ChangeLog index 23d6b8b75..def5183a3 100644 --- a/src/lib/rpc/ChangeLog +++ b/src/lib/rpc/ChangeLog @@ -1,9 +1,13 @@ 2005-01-14 Tom Yu + * xdr.c (xdr_bytes): Revert previous; the problem was actually in + xdr_rpc_gss_buf. + * authgss_prot.c (xdr_rpc_gss_wrap_data): Use xdr_alloc to avoid size limit issues. Use (unsigned int)-1 instead of MAX_NETOBJ_SZ. (xdr_rpc_gss_unwrap_data): Use (unsigned int)-1 instead of MAX_NETOBJ_SZ. + (xdr_rpc_gss_buf): Set tmplen even if doing XDR_FREE. * xdr.c (xdr_bytes): Don't assign from *sizep if XDR_FREE, since it'll be uninitialized then. Shuts up Purify. diff --git a/src/lib/rpc/authgss_prot.c b/src/lib/rpc/authgss_prot.c index e648f47f7..ab6e7fea0 100644 --- a/src/lib/rpc/authgss_prot.c +++ b/src/lib/rpc/authgss_prot.c @@ -52,7 +52,7 @@ xdr_rpc_gss_buf(XDR *xdrs, gss_buffer_t buf, u_int maxsize) bool_t xdr_stat; u_int tmplen; - if (xdrs->x_op == XDR_ENCODE) { + if (xdrs->x_op != XDR_DECODE) { if (buf->length > UINT_MAX) return (FALSE); else diff --git a/src/lib/rpc/xdr.c b/src/lib/rpc/xdr.c index 7e13fd631..ec0d27717 100644 --- a/src/lib/rpc/xdr.c +++ b/src/lib/rpc/xdr.c @@ -409,10 +409,9 @@ xdr_bytes( if (! xdr_u_int(xdrs, sizep)) { return (FALSE); } - if ((xdrs->x_op != XDR_FREE) && (*sizep > maxsize)) { + nodesize = *sizep; + if ((nodesize > maxsize) && (xdrs->x_op != XDR_FREE)) { return (FALSE); - } else { - nodesize = *sizep; } /* diff --git a/src/tests/dejagnu/krb-standalone/ChangeLog b/src/tests/dejagnu/krb-standalone/ChangeLog index 0372fe098..8e0e4470d 100644 --- a/src/tests/dejagnu/krb-standalone/ChangeLog +++ b/src/tests/dejagnu/krb-standalone/ChangeLog @@ -1,3 +1,10 @@ +2005-01-14 Tom Yu + + * kadmin.exp (kadmin_list): Check for communication failure. + (kadmin_test): Create a large number of principals, then attempt + to list, in order to check for fixed-size buffer problems in + RPCSEC_GSS. + 2005-01-11 Ken Raeburn * gssftp.exp (start_ftp_daemon): Use built-in sleep command. diff --git a/src/tests/dejagnu/krb-standalone/kadmin.exp b/src/tests/dejagnu/krb-standalone/kadmin.exp index ded386d3d..c72548114 100644 --- a/src/tests/dejagnu/krb-standalone/kadmin.exp +++ b/src/tests/dejagnu/krb-standalone/kadmin.exp @@ -402,6 +402,11 @@ proc kadmin_list { } { catch "expect_after" return 0 } + "Communication failure" { + fail "kadmin ldb got RPC error" + catch "expect_after" + return 0 + } timeout { fail "kadmin ldb" catch "expect_after" @@ -416,7 +421,7 @@ proc kadmin_list { } { expect -re "assword\[^\r\n\]*: *" { send "adminpass$KEY\r" } - expect -re "\(.*@$REALMNAME\r\n\)*" + expect -re "\(.*@$REALMNAME\r\n\)+" expect_after expect eof set k_stat [wait -i $spawn_id] @@ -1033,6 +1038,17 @@ proc kadmin_test { } { return } + # test retrieval of large number of principals + # bug [2877] + for { set i 0 } { $i < 200 } { incr i } { + if { ![kadmin_add "foo$i" foopass] } { + return + } + } + + if { ![kadmin_list] } { + return + } verbose "kadmin_test succeeded" } -- 2.26.2