From a423a43b67bce63a24d7d6249ac74afc35136e0c Mon Sep 17 00:00:00 2001
From: Tom Yu <tlyu@mit.edu>
Date: Tue, 8 Aug 2006 00:17:15 +0000
Subject: [PATCH] pull up r18417 from trunk

 r18417@cathode-dark-space:  tlyu | 2006-08-07 19:33:39 -0400
 ticket: 4063
 tags: pullup

 	* src/lib/gssapi/mechglue/mglueP.h: Add loopback field to opaque
 	structs of gss_ctx_id_t, gss_name_t, gss_cred_id_t to catch some
 	application programming errors.  Add new macro GSSINT_CHK_LOOP()
 	which returns non-zero if loopback field doesn't point to itself.

 	* src/lib/gssapi/mechglue/g_accept_sec_context.c
 	(gss_accept_sec_context):
 	* src/lib/gssapi/mechglue/g_acquire_cred.c (gss_add_cred)
 	(gss_acquire_cred):
 	* src/lib/gssapi/mechglue/g_delete_sec_context.c
 	(gss_delete_sec_context):
 	* src/lib/gssapi/mechglue/g_glue.c
 	(gssint_convert_name_to_union_name):
 	* src/lib/gssapi/mechglue/g_imp_name.c (gss_import_name):
 	* src/lib/gssapi/mechglue/g_imp_sec_context.c
 	(gss_import_sec_context):
 	* src/lib/gssapi/mechglue/g_init_sec_context.c
 	(gss_init_sec_context): Set loopback pointers.

 	* src/lib/gssapi/mechglue/g_delete_sec_context.c
 	(gss_delete_sec_context):
 	* src/lib/gssapi/mechglue/g_rel_cred.c (gss_release_cred):
 	* src/lib/gssapi/mechglue/g_rel_name.c (gss_release_name): Call
 	GSSINT_CHK_LOOP() to validate loopback pointer.


ticket: 4063
version_fixed: 1.5.1

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@18418 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/gssapi/mechglue/g_accept_sec_context.c |  2 ++
 src/lib/gssapi/mechglue/g_acquire_cred.c       |  3 +++
 src/lib/gssapi/mechglue/g_delete_sec_context.c |  2 ++
 src/lib/gssapi/mechglue/g_dup_name.c           |  2 ++
 src/lib/gssapi/mechglue/g_imp_name.c           |  2 ++
 src/lib/gssapi/mechglue/g_imp_sec_context.c    |  1 +
 src/lib/gssapi/mechglue/g_init_sec_context.c   |  4 +++-
 src/lib/gssapi/mechglue/g_rel_cred.c           |  2 ++
 src/lib/gssapi/mechglue/g_rel_name.c           |  2 ++
 src/lib/gssapi/mechglue/mglueP.h               | 12 ++++++++++++
 10 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/src/lib/gssapi/mechglue/g_accept_sec_context.c b/src/lib/gssapi/mechglue/g_accept_sec_context.c
index e0be15093..23ec2869d 100644
--- a/src/lib/gssapi/mechglue/g_accept_sec_context.c
+++ b/src/lib/gssapi/mechglue/g_accept_sec_context.c
@@ -112,6 +112,7 @@ gss_cred_id_t *		d_cred;
 	if (!union_ctx_id)
 	    return (GSS_S_FAILURE);
 
+	union_ctx_id->loopback = union_ctx_id;
 	union_ctx_id->internal_ctx_id = GSS_C_NO_CONTEXT;
 	status = generic_gss_copy_oid(&temp_minor_status,
 				      token_mech_type,
@@ -239,6 +240,7 @@ gss_cred_id_t *		d_cred;
 
 		d_u_cred->auxinfo.creation_time = time(0);
 		d_u_cred->auxinfo.time_rec = 0;
+		d_u_cred->loopback = d_u_cred;
 
 		if (mech->gss_inquire_cred) {
 		    status = mech->gss_inquire_cred(mech->context,
diff --git a/src/lib/gssapi/mechglue/g_acquire_cred.c b/src/lib/gssapi/mechglue/g_acquire_cred.c
index ca3060791..d13650c82 100644
--- a/src/lib/gssapi/mechglue/g_acquire_cred.c
+++ b/src/lib/gssapi/mechglue/g_acquire_cred.c
@@ -147,6 +147,7 @@ OM_uint32 *		time_rec;
 
     /* initialize to 0s */
     (void) memset(creds, 0, sizeof (gss_union_cred_desc));
+    creds->loopback = creds;
 
     /* for each requested mech attempt to obtain a credential */
     for (i = 0; i < mechs->count; i++) {
@@ -202,6 +203,7 @@ OM_uint32 *		time_rec;
 	*time_rec = outTime;
 
 
+    creds->loopback = creds;
     *output_cred_handle = (gss_cred_id_t)creds;
     return (GSS_S_COMPLETE);
 }
@@ -405,6 +407,7 @@ gss_add_cred(minor_status, input_cred_handle,
     new_union_cred->mechs_array = new_mechs_array;
     new_union_cred->cred_array = new_cred_array;
     new_union_cred->count++;
+    new_union_cred->loopback = new_union_cred;
 
     /* We're done with the internal name. Free it if we allocated it. */
 
diff --git a/src/lib/gssapi/mechglue/g_delete_sec_context.c b/src/lib/gssapi/mechglue/g_delete_sec_context.c
index de70b8fb7..5d1e8626d 100644
--- a/src/lib/gssapi/mechglue/g_delete_sec_context.c
+++ b/src/lib/gssapi/mechglue/g_delete_sec_context.c
@@ -64,6 +64,8 @@ gss_buffer_t		output_token;
      */
     
     ctx = (gss_union_ctx_id_t) *context_handle;
+    if (GSSINT_CHK_LOOP(ctx))
+	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT);
     mech = gssint_get_mechanism (ctx->mech_type);
     
     if (mech) {
diff --git a/src/lib/gssapi/mechglue/g_dup_name.c b/src/lib/gssapi/mechglue/g_dup_name.c
index 1f8815f9d..6d15e25bd 100644
--- a/src/lib/gssapi/mechglue/g_dup_name.c
+++ b/src/lib/gssapi/mechglue/g_dup_name.c
@@ -55,6 +55,7 @@ gss_name_t *dest_name;
 	if (!dest_union)
 		goto allocation_failure;
 
+	dest_union->loopback = 0;
 	dest_union->mech_type = 0;
 	dest_union->mech_name = 0;
 	dest_union->name_type = 0;
@@ -92,6 +93,7 @@ gss_name_t *dest_name;
 	}
 
 
+	dest_union->loopback = dest_union;
 	*dest_name = (gss_name_t)dest_union;
 	return (GSS_S_COMPLETE);
 
diff --git a/src/lib/gssapi/mechglue/g_imp_name.c b/src/lib/gssapi/mechglue/g_imp_name.c
index 48815b361..a82aaaf5a 100644
--- a/src/lib/gssapi/mechglue/g_imp_name.c
+++ b/src/lib/gssapi/mechglue/g_imp_name.c
@@ -78,6 +78,7 @@ gss_name_t *		output_name;
     if (!union_name)
 	return (GSS_S_FAILURE);
 
+    union_name->loopback = 0;
     union_name->mech_type = 0;
     union_name->mech_name = 0;
     union_name->name_type = 0;
@@ -121,6 +122,7 @@ gss_name_t *		output_name;
 	    goto allocation_failure;
     }
 
+    union_name->loopback = union_name;
     *output_name = (gss_name_t)union_name;
     return (GSS_S_COMPLETE);
 
diff --git a/src/lib/gssapi/mechglue/g_imp_sec_context.c b/src/lib/gssapi/mechglue/g_imp_sec_context.c
index 533b0175c..b316f8199 100644
--- a/src/lib/gssapi/mechglue/g_imp_sec_context.c
+++ b/src/lib/gssapi/mechglue/g_imp_sec_context.c
@@ -118,6 +118,7 @@ gss_ctx_id_t *		context_handle;
 					  &token, &ctx->internal_ctx_id);
 
     if (status == GSS_S_COMPLETE) {
+	ctx->loopback = ctx;
 	*context_handle = ctx;
 	return (GSS_S_COMPLETE);
     }
diff --git a/src/lib/gssapi/mechglue/g_init_sec_context.c b/src/lib/gssapi/mechglue/g_init_sec_context.c
index f5937fe8e..65c6d05b2 100644
--- a/src/lib/gssapi/mechglue/g_init_sec_context.c
+++ b/src/lib/gssapi/mechglue/g_init_sec_context.c
@@ -197,8 +197,10 @@ OM_uint32 *		time_rec;
 	    free(union_ctx_id->mech_type);
 	    free(union_ctx_id);
 	}
-    } else if (*context_handle == GSS_C_NO_CONTEXT)
+    } else if (*context_handle == GSS_C_NO_CONTEXT) {
+	union_ctx_id->loopback = union_ctx_id;
 	*context_handle = (gss_ctx_id_t)union_ctx_id;
+    }
 
 end:
     if (union_name->mech_name == NULL ||
diff --git a/src/lib/gssapi/mechglue/g_rel_cred.c b/src/lib/gssapi/mechglue/g_rel_cred.c
index ffcce2d7e..6f58d6592 100644
--- a/src/lib/gssapi/mechglue/g_rel_cred.c
+++ b/src/lib/gssapi/mechglue/g_rel_cred.c
@@ -60,6 +60,8 @@ gss_cred_id_t *		cred_handle;
      */
     
     union_cred = (gss_union_cred_t) *cred_handle;
+    if (GSSINT_CHK_LOOP(union_cred))
+	return (GSS_S_NO_CRED | GSS_S_CALL_INACCESSIBLE_READ);
     *cred_handle = NULL;
 
     if (union_cred == (gss_union_cred_t)GSS_C_NO_CREDENTIAL)
diff --git a/src/lib/gssapi/mechglue/g_rel_name.c b/src/lib/gssapi/mechglue/g_rel_name.c
index ff3c4a10a..a6615b707 100644
--- a/src/lib/gssapi/mechglue/g_rel_name.c
+++ b/src/lib/gssapi/mechglue/g_rel_name.c
@@ -60,6 +60,8 @@ gss_name_t *		input_name;
      */
     
     union_name = (gss_union_name_t) *input_name;
+    if (GSSINT_CHK_LOOP(union_name))
+	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME);
     *input_name = 0;
     *minor_status = 0;
 
diff --git a/src/lib/gssapi/mechglue/mglueP.h b/src/lib/gssapi/mechglue/mglueP.h
index 2becac960..73e48efd7 100644
--- a/src/lib/gssapi/mechglue/mglueP.h
+++ b/src/lib/gssapi/mechglue/mglueP.h
@@ -27,6 +27,7 @@ do {								\
  * Array of context IDs typed by mechanism OID
  */
 typedef struct gss_union_ctx_id_t {
+	struct gss_ctx_id_struct *loopback;
 	gss_OID			mech_type;
 	gss_ctx_id_t		internal_ctx_id;
 } gss_union_ctx_id_desc, *gss_union_ctx_id_t;
@@ -36,6 +37,7 @@ typedef struct gss_union_ctx_id_t {
  * mechanism specific name....
  */
 typedef struct gss_union_name_t {
+	struct gss_name_struct *loopback;
 	gss_OID			name_type;
 	gss_buffer_t		external_name;
 	/*
@@ -70,12 +72,22 @@ typedef struct gss_union_cred_auxinfo {
  * Set of Credentials typed on mechanism OID
  */
 typedef struct gss_union_cred_t {
+	struct gss_cred_id_struct *loopback;
 	int			count;
 	gss_OID			mechs_array;
 	gss_cred_id_t		*cred_array;
 	gss_union_cred_auxinfo	auxinfo;
 } gss_union_cred_desc, *gss_union_cred_t;
  
+/*
+ * Rudimentary pointer validation macro to check whether the
+ * "loopback" field of an opaque struct points back to itself.  This
+ * field also catches some programming errors where an opaque pointer
+ * is passed to a function expecting the address of the opaque
+ * pointer.
+ */
+#define GSSINT_CHK_LOOP(p) (!((p) != NULL && (p)->loopback == (p)))
+
 /********************************************************/
 /* The Mechanism Dispatch Table -- a mechanism needs to */
 /* define one of these and provide a function to return */
-- 
2.26.2