|
 |
138d55 |
From 4edb8ce82ac530f473a8728bae01d9fc8535c9cb Mon Sep 17 00:00:00 2001
|
|
|
138d55 |
From: Simo Sorce <simo@redhat.com>
|
|
|
138d55 |
Date: Mon, 21 Jun 2021 14:24:18 -0400
|
|
|
138d55 |
Subject: [PATCH] Gracefully handle failed initializations
|
|
|
138d55 |
|
|
|
138d55 |
In OpenSSL 3.0 these algorithms have been moved to the legacy provider
|
|
|
138d55 |
which is not enabled by default. This means allocation can and do fail.
|
|
|
138d55 |
Handle failed allocations by returning an actual error instead of
|
|
|
138d55 |
crashing later with a NULL context.
|
|
|
138d55 |
|
|
|
138d55 |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
138d55 |
---
|
|
|
138d55 |
plugins/digestmd5.c | 16 ++++++++++++++--
|
|
|
138d55 |
1 file changed, 14 insertions(+), 2 deletions(-)
|
|
|
138d55 |
|
|
|
138d55 |
diff --git a/plugins/digestmd5.c b/plugins/digestmd5.c
|
|
|
138d55 |
index c6b54317..b2617536 100644
|
|
|
138d55 |
--- a/plugins/digestmd5.c
|
|
|
138d55 |
+++ b/plugins/digestmd5.c
|
|
|
138d55 |
@@ -254,6 +254,7 @@ typedef struct context {
|
|
|
138d55 |
decode_context_t decode_context;
|
|
|
138d55 |
|
|
|
138d55 |
/* if privacy mode is used use these functions for encode and decode */
|
|
|
138d55 |
+ char *cipher_name;
|
|
|
138d55 |
cipher_function_t *cipher_enc;
|
|
|
138d55 |
cipher_function_t *cipher_dec;
|
|
|
138d55 |
cipher_init_t *cipher_init;
|
|
|
138d55 |
@@ -2821,6 +2822,7 @@ static int digestmd5_server_mech_step2(server_context_t *stext,
|
|
|
138d55 |
}
|
|
|
138d55 |
|
|
|
138d55 |
if (cptr->name) {
|
|
|
138d55 |
+ text->cipher_name = cptr->name;
|
|
|
138d55 |
text->cipher_enc = cptr->cipher_enc;
|
|
|
138d55 |
text->cipher_dec = cptr->cipher_dec;
|
|
|
138d55 |
text->cipher_init = cptr->cipher_init;
|
|
|
138d55 |
@@ -2964,7 +2966,10 @@ static int digestmd5_server_mech_step2(server_context_t *stext,
|
|
|
138d55 |
if (text->cipher_init) {
|
|
|
138d55 |
if (text->cipher_init(text, enckey, deckey) != SASL_OK) {
|
|
|
138d55 |
sparams->utils->seterror(sparams->utils->conn, 0,
|
|
|
138d55 |
- "couldn't init cipher");
|
|
|
138d55 |
+ "couldn't init cipher '%s'",
|
|
|
138d55 |
+ text->cipher_name);
|
|
|
138d55 |
+ result = SASL_FAIL;
|
|
|
138d55 |
+ goto FreeAllMem;
|
|
|
138d55 |
}
|
|
|
138d55 |
}
|
|
|
138d55 |
}
|
|
|
138d55 |
@@ -3515,6 +3520,7 @@ static int make_client_response(context_t *text,
|
|
|
138d55 |
oparams->mech_ssf = ctext->cipher->ssf;
|
|
|
138d55 |
|
|
|
138d55 |
nbits = ctext->cipher->n;
|
|
|
138d55 |
+ text->cipher_name = ctext->cipher->name;
|
|
|
138d55 |
text->cipher_enc = ctext->cipher->cipher_enc;
|
|
|
138d55 |
text->cipher_dec = ctext->cipher->cipher_dec;
|
|
|
138d55 |
text->cipher_free = ctext->cipher->cipher_free;
|
|
|
138d55 |
@@ -3739,7 +3745,13 @@ static int make_client_response(context_t *text,
|
|
|
138d55 |
|
|
|
138d55 |
/* initialize cipher if need be */
|
|
|
138d55 |
if (text->cipher_init) {
|
|
|
138d55 |
- text->cipher_init(text, enckey, deckey);
|
|
|
138d55 |
+ if (text->cipher_init(text, enckey, deckey) != SASL_OK) {
|
|
|
138d55 |
+ params->utils->seterror(params->utils->conn, 0,
|
|
|
138d55 |
+ "internal error: failed to init cipher '%s'",
|
|
|
138d55 |
+ text->cipher_name);
|
|
|
138d55 |
+ result = SASL_FAIL;
|
|
|
138d55 |
+ goto FreeAllocatedMem;
|
|
|
138d55 |
+ }
|
|
|
138d55 |
}
|
|
|
138d55 |
}
|
|
|
138d55 |
|
|
|
138d55 |
--
|
|
|
138d55 |
2.31.1
|
|
|
138d55 |
|