Adjusted for 1.11.3, which still had vtbl, locate_fptrs, and (vestigial)
profile_in_memory fields, but didn't have localauth_handles,
hostrealm_handles, or dns_canonicalize_hostname, and drop the hunk that
touched .gitignore.
commit c452644d91d57d8b05ef396a029e34d0c7a48920
Author: Greg Hudson <ghudson@mit.edu>
Date: Wed Dec 18 15:03:03 2013 -0500
Fix krb5_copy_context
krb5_copy_context has been broken since 1.8 (it broke in r22456)
because k5_copy_etypes crashes on null enctype lists. Subsequent
additions to the context structure were not reflected in
krb5_copy_context, creating double-free bugs. Make k5_copy_etypes
handle null input and account for all new fields in krb5_copy_context.
Reported by Arran Cudbard-Bell.
ticket: 7807 (new)
target_version: 1.12.1
tags: pullup
diff --git a/src/lib/krb5/krb/copy_ctx.c b/src/lib/krb5/krb/copy_ctx.c
index 0bc92f8..4237023 100644
--- a/src/lib/krb5/krb/copy_ctx.c
+++ b/src/lib/krb5/krb/copy_ctx.c
@@ -77,13 +77,24 @@ krb5_copy_context(krb5_context ctx, krb5_context *nctx_out)
nctx->ser_ctx_count = 0;
nctx->ser_ctx = NULL;
nctx->prompt_types = NULL;
+ nctx->preauth_context = NULL;
+ nctx->ccselect_handles = NULL;
+ nctx->kdblog_context = NULL;
+ nctx->trace_callback = NULL;
+ nctx->trace_callback_data = NULL;
+ nctx->plugin_base_dir = NULL;
nctx->os_context.default_ccname = NULL;
+#ifdef KRB5_DNS_LOOKUP
+ nctx->profile_in_memory = 0;
+#endif /* KRB5_DNS_LOOKUP */
+
memset(&nctx->libkrb5_plugins, 0, sizeof(nctx->libkrb5_plugins));
nctx->vtbl = NULL;
nctx->locate_fptrs = NULL;
memset(&nctx->err, 0, sizeof(nctx->err));
+ memset(&nctx->plugins, 0, sizeof(nctx->plugins));
ret = k5_copy_etypes(ctx->in_tkt_etypes, &nctx->in_tkt_etypes);
if (ret)
@@ -101,6 +109,11 @@ krb5_copy_context(krb5_context ctx, krb5_context *nctx_out)
ret = krb5_get_profile(ctx, &nctx->profile);
if (ret)
goto errout;
+ nctx->plugin_base_dir = strdup(ctx->plugin_base_dir);
+ if (nctx->plugin_base_dir == NULL) {
+ ret = ENOMEM;
+ goto errout;
+ }
errout:
if (ret) {
diff --git a/src/lib/krb5/krb/etype_list.c b/src/lib/krb5/krb/etype_list.c
index 9efe2e0..71f664f 100644
--- a/src/lib/krb5/krb/etype_list.c
+++ b/src/lib/krb5/krb/etype_list.c
@@ -49,6 +49,8 @@ k5_copy_etypes(const krb5_enctype *old_list, krb5_enctype **new_list)
krb5_enctype *list;
*new_list = NULL;
+ if (old_list == NULL)
+ return 0;
count = k5_count_etypes(old_list);
list = malloc(sizeof(krb5_enctype) * (count + 1));
if (list == NULL)
commit b78c3c8c5025aec870d20472f80d4a652062f921
Author: Greg Hudson <ghudson@mit.edu>
Date: Wed Dec 18 13:08:25 2013 -0500
Add a test program for krb5_copy_context
This test program isn't completely proof against the kind of mistakes
we've made with krb5_copy_context in the past, but it at least
exercises krb5_copy_context and can detect some kinds of bugs.
ticket: 7807
diff --git a/src/lib/krb5/krb/Makefile.in b/src/lib/krb5/krb/Makefile.in
index 7d1682d..3b58219 100644
--- a/src/lib/krb5/krb/Makefile.in
+++ b/src/lib/krb5/krb/Makefile.in
@@ -349,6 +349,7 @@ SRCS= $(srcdir)/addr_comp.c \
$(srcdir)/t_expire_warn.c \
$(srcdir)/t_authdata.c \
$(srcdir)/t_cc_config.c \
+ $(srcdir)/t_copy_context.c \
$(srcdir)/t_in_ccache.c \
$(srcdir)/t_response_items.c \
$(srcdir)/t_vfy_increds.c
@@ -429,11 +430,14 @@ t_in_ccache: t_in_ccache.o $(KRB5_BASE_DEPLIBS)
t_cc_config: t_cc_config.o $(KRB5_BASE_DEPLIBS)
$(CC_LINK) -o $@ t_cc_config.o $(KRB5_BASE_LIBS)
+t_copy_context: t_copy_context.o $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o $@ t_copy_context.o $(KRB5_BASE_LIBS)
+
t_response_items: t_response_items.o response_items.o $(KRB5_BASE_DEPLIBS)
$(CC_LINK) -o $@ t_response_items.o response_items.o $(KRB5_BASE_LIBS)
TEST_PROGS= t_walk_rtree t_kerb t_ser t_deltat t_expand t_authdata t_pac \
- t_in_ccache t_cc_config \
+ t_in_ccache t_cc_config t_copy_context \
t_princ t_etypes t_vfy_increds t_response_items
check-unix:: $(TEST_PROGS)
@@ -473,6 +477,8 @@ check-unix:: $(TEST_PROGS)
$(RUN_SETUP) $(VALGRIND) ./t_princ
$(RUN_SETUP) $(VALGRIND) ./t_etypes
$(RUN_SETUP) $(VALGRIND) ./t_response_items
+ KRB5_CONFIG=$(srcdir)/t_krb5.conf ; export KRB5_CONFIG ;\
+ $(RUN_SETUP) $(VALGRIND) ./t_copy_context
check-pytests:: t_expire_warn t_vfy_increds
$(RUNPYTEST) $(srcdir)/t_expire_warn.py $(PYTESTFLAGS)
@@ -491,6 +497,7 @@ clean::
$(OUTPRE)t_pac$(EXEEXT) $(OUTPRE)t_pac.$(OBJEXT) \
$(OUTPRE)t_princ$(EXEEXT) $(OUTPRE)t_princ.$(OBJEXT) \
$(OUTPRE)t_authdata$(EXEEXT) $(OUTPRE)t_authdata.$(OBJEXT) \
+ $(OUTPRE)t_copy_context(EXEEXT) $(OUTPRE)t_copy_context.$(OBJEXT) \
$(OUTPRE)t_vfy_increds$(EXEEXT) $(OUTPRE)t_vfy_increds.$(OBJEXT) \
$(OUTPRE)t_response_items$(EXEEXT) $(OUTPRE)t_response_items.$(OBJEXT)
diff --git a/src/lib/krb5/krb/t_copy_context.c b/src/lib/krb5/krb/t_copy_context.c
new file mode 100644
index 0000000..522fa0c
--- /dev/null
+++ b/src/lib/krb5/krb/t_copy_context.c
@@ -0,0 +1,162 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/t_copy_context.C - Test program for krb5_copy_context */
+/*
+ * Copyright (C) 2013 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <k5-int.h>
+
+static void
+trace(krb5_context ctx, const krb5_trace_info *info, void *data)
+{
+}
+
+static void
+check(int cond)
+{
+ if (!cond)
+ abort();
+}
+
+static void
+compare_string(const char *str1, const char *str2)
+{
+ check((str1 == NULL) == (str2 == NULL));
+ if (str1 != NULL)
+ check(strcmp(str1, str2) == 0);
+}
+
+static void
+compare_etypes(krb5_enctype *list1, krb5_enctype *list2)
+{
+ check((list1 == NULL) == (list2 == NULL));
+ if (list1 == NULL)
+ return;
+ while (*list1 != ENCTYPE_NULL && *list1 == *list2)
+ list1++, list2++;
+ check(*list1 == *list2);
+}
+
+/* Check that the context c is a valid copy of the reference context r. */
+static void
+check_context(krb5_context c, krb5_context r)
+{
+ int i;
+
+ /* Check fields which should have been propagated from r. */
+ compare_etypes(c->in_tkt_etypes, r->in_tkt_etypes);
+ compare_etypes(c->tgs_etypes, r->tgs_etypes);
+ check(c->os_context.time_offset == r->os_context.time_offset);
+ check(c->os_context.usec_offset == r->os_context.usec_offset);
+ check(c->os_context.os_flags == r->os_context.os_flags);
+ compare_string(c->os_context.default_ccname, r->os_context.default_ccname);
+ check(c->clockskew == r->clockskew);
+ check(c->kdc_req_sumtype == r->kdc_req_sumtype);
+ check(c->default_ap_req_sumtype == r->default_ap_req_sumtype);
+ check(c->default_safe_sumtype == r->default_safe_sumtype);
+ check(c->kdc_default_options == r->kdc_default_options);
+ check(c->library_options == r->library_options);
+ check(c->profile_secure == r->profile_secure);
+ check(c->fcc_default_format == r->fcc_default_format);
+ check(c->udp_pref_limit == r->udp_pref_limit);
+ check(c->use_conf_ktypes == r->use_conf_ktypes);
+ check(c->allow_weak_crypto == r->allow_weak_crypto);
+ check(c->ignore_acceptor_hostname == r->ignore_acceptor_hostname);
+ compare_string(c->plugin_base_dir, r->plugin_base_dir);
+
+ /* Check fields which don't propagate. */
+ check(c->dal_handle == NULL);
+ check(c->ser_ctx_count == 0);
+ check(c->ser_ctx == NULL);
+ check(c->prompt_types == NULL);
+ check(c->libkrb5_plugins.files == NULL);
+ check(c->preauth_context == NULL);
+ check(c->ccselect_handles == NULL);
+ check(c->err.code == 0);
+ check(c->err.msg == NULL);
+ check(c->kdblog_context == NULL);
+ check(c->trace_callback == NULL);
+ check(c->trace_callback_data == NULL);
+ for (i = 0; i < PLUGIN_NUM_INTERFACES; i++) {
+ check(c->plugins[i].modules == NULL);
+ check(!c->plugins[i].configured);
+ }
+}
+
+int
+main(int argc, char **argv)
+{
+ krb5_context ctx, ctx2;
+ krb5_plugin_initvt_fn *mods;
+ const krb5_enctype etypes1[] = { ENCTYPE_DES3_CBC_SHA1, 0 };
+ const krb5_enctype etypes2[] = { ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+ ENCTYPE_AES256_CTS_HMAC_SHA1_96, 0 };
+ krb5_prompt_type ptypes[] = { KRB5_PROMPT_TYPE_PASSWORD };
+
+ /* Copy a default context and verify the result. */
+ check(krb5_init_context(&ctx) == 0);
+ check(krb5_copy_context(ctx, &ctx2) == 0);
+ check_context(ctx2, ctx);
+ krb5_free_context(ctx2);
+
+ /* Set non-default values for all of the propagated fields in ctx. */
+ ctx->allow_weak_crypto = TRUE;
+ check(krb5_set_default_in_tkt_ktypes(ctx, etypes1) == 0);
+ check(krb5_set_default_tgs_enctypes(ctx, etypes2) == 0);
+ check(krb5_set_debugging_time(ctx, 1234, 5678) == 0);
+ check(krb5_cc_set_default_name(ctx, "defccname") == 0);
+ check(krb5_set_default_realm(ctx, "defrealm") == 0);
+ ctx->clockskew = 18;
+ ctx->kdc_req_sumtype = CKSUMTYPE_NIST_SHA;
+ ctx->default_ap_req_sumtype = CKSUMTYPE_HMAC_SHA1_96_AES128;
+ ctx->default_safe_sumtype = CKSUMTYPE_HMAC_SHA1_96_AES256;
+ ctx->kdc_default_options = KDC_OPT_FORWARDABLE;
+ ctx->library_options = 0;
+ ctx->profile_secure = TRUE;
+ ctx->udp_pref_limit = 2345;
+ ctx->use_conf_ktypes = TRUE;
+ ctx->ignore_acceptor_hostname = TRUE;
+ free(ctx->plugin_base_dir);
+ check((ctx->plugin_base_dir = strdup("/a/b/c/d")) != NULL);
+
+ /* Also set some of the non-propagated fields. */
+ ctx->prompt_types = ptypes;
+ check(k5_plugin_load_all(ctx, PLUGIN_INTERFACE_PWQUAL, &mods) == 0);
+ k5_plugin_free_modules(ctx, mods);
+ krb5_set_error_message(ctx, ENOMEM, "nooooooooo");
+ krb5_set_trace_callback(ctx, trace, ctx);
+
+ /* Copy the intentionally messy context and verify the result. */
+ check(krb5_copy_context(ctx, &ctx2) == 0);
+ check_context(ctx2, ctx);
+ krb5_free_context(ctx2);
+
+ krb5_free_context(ctx);
+ return 0;
+}