rpms/gssproxy
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Code hygeine fixes

Browse Source 
Re-order patches to match el7
This commit is contained in:
Robbie Harwood 2017-12-12 12:54:58 -05:00
parent 3f4a754576
commit 3a1e8d7501
32 changed files with 1208 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Add-Client-ID-to-debug-messages.patch
View File

@ -1,4 +1,4 @@
From b617bf0274de43abb2592ba11568f10d3e8535bf Mon Sep 17 00:00:00 2001
From 69ea98209aa691adec6fae5eb9287b96031094af Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Thu, 25 May 2017 15:22:37 -0400
Subject: [PATCH] Add Client ID to debug messages
@ -92,7 +92,7 @@ index 971a7b6..55ab83c 100644
bool gp_conn_check_selinux(struct gp_conn *conn, SELINUX_CTX ctx);
diff --git a/proxy/src/gp_socket.c b/proxy/src/gp_socket.c
index e07789c..133db9c 100644
index 29b6a44..5064e51 100644
--- a/proxy/src/gp_socket.c
+++ b/proxy/src/gp_socket.c
@@ -103,6 +103,11 @@ const char *gp_conn_get_socket(struct gp_conn *conn)
@ -132,12 +132,12 @@ index c089b54..d37e57c 100644
gp_handle_query(t->pool, q);
diff --git a/proxy/src/gssproxy.c b/proxy/src/gssproxy.c
index a020218..9ffec5e 100644
index 5c5937d..94a6a61 100644
--- a/proxy/src/gssproxy.c
+++ b/proxy/src/gssproxy.c
@@ -159,6 +159,10 @@ int main(int argc, const char *argv[])
int wait_fd;
int ret;
int ret = -1;
+ /* initialize debug client id to 0 in the main thread */
+ /* we do this early, before any code starts using debug statements */

27
Appease-gcc-7-s-fallthrough-detection.patch Normal file
View File

@ -0,0 +1,27 @@
From f62ece3a9655c6507f40e03a36e28ecbba16f744 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Fri, 19 May 2017 12:18:03 -0400
Subject: [PATCH] Appease gcc-7's fallthrough detection
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Merges: #188
(cherry picked from commit fdb56f8a0b6a5fd6a2072a525e228596c264883e)
---
proxy/src/gp_export.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/proxy/src/gp_export.c b/proxy/src/gp_export.c
index 3a927c9..f44da50 100644
--- a/proxy/src/gp_export.c
+++ b/proxy/src/gp_export.c
@@ -888,7 +888,8 @@ static uint32_t gp_export_creds_linux(uint32_t *min, gss_name_t name,
if (res != NULL) {
break;
}
- /* fall through as ret == NULL is equivalent to ENOENT */
+ /* ret == NULL is equivalent to ENOENT */
+ /* fall through */
case ENOENT:
case ESRCH:
free(pwbuf);

8
Do-not-call-gpm_grab_sock-twice.patch
View File

@ -1,4 +1,4 @@
From 99062c344b7dba58ab8db0fad5520a754d9a6841 Mon Sep 17 00:00:00 2001
From 73d0fc64966c553848a01f76894d33d9fc64cf20 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Thu, 26 Oct 2017 16:59:18 -0400
Subject: [PATCH] Do not call gpm_grab_sock() twice
@ -31,10 +31,10 @@ Merges: #218
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/proxy/src/client/gpm_common.c b/proxy/src/client/gpm_common.c
index 994bd80..8837add 100644
index 69f4741..2133618 100644
--- a/proxy/src/client/gpm_common.c
+++ b/proxy/src/client/gpm_common.c
@@ -163,7 +163,9 @@ static int gpm_grab_sock(struct gpm_ctx *gpmctx)
@@ -152,7 +152,9 @@ static int gpm_grab_sock(struct gpm_ctx *gpmctx)
ret = gpm_open_socket(gpmctx);
}
@ -45,7 +45,7 @@ index 994bd80..8837add 100644
return ret;
}
@@ -512,11 +514,6 @@ static struct gpm_ctx *gpm_get_ctx(void)
@@ -304,11 +306,6 @@ static struct gpm_ctx *gpm_get_ctx(void)
pthread_once(&gpm_init_once_control, gpm_init_once);

2
Emit-debug-on-queue-errors.patch
View File

@ -1,4 +1,4 @@
From d5f22a1c2ad70ff1e7922c91086a04f0dc31db58 Mon Sep 17 00:00:00 2001
From d7923c5f4c6e93fa0e7440b1c8e6fcff40578a76 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Thu, 26 Oct 2017 11:47:54 -0400
Subject: [PATCH] Emit debug on queue errors

28
Fix-error-checking-on-get_impersonator_fallback.patch Normal file
View File

@ -0,0 +1,28 @@
From f21071fb3662824698b61d384b1144657a508043 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Wed, 15 Mar 2017 14:57:57 -0400
Subject: [PATCH] Fix error checking on get_impersonator_fallback()
Separate commit to ease backporting.
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Merges: #173
(cherry picked from commit 25e31ebccde7f0d98480b6a99962fef61dd251b4)
---
proxy/src/gp_creds.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/proxy/src/gp_creds.c b/proxy/src/gp_creds.c
index e05ad01..fdc6bdf 100644
--- a/proxy/src/gp_creds.c
+++ b/proxy/src/gp_creds.c
@@ -885,7 +885,7 @@ static uint32_t get_impersonator_name(uint32_t *min, gss_cred_id_t cred,
* release that supports this call */
ret_maj = get_impersonator_fallback(&ret_min, cred, impersonator);
if (ret_maj == GSS_S_FAILURE) {
- if (ret_min == KRB5_CC_NOTFOUND) {
+ if (ret_min == (uint32_t)KRB5_CC_NOTFOUND) {
ret_min = ENOENT;
ret_maj = GSS_S_COMPLETE;
}

6
Fix-error-handling-in-gp_config_from_dir.patch
View File

@ -1,4 +1,4 @@
From b4660370dabc3be1282459d0ff22cbfcbbc2fd39 Mon Sep 17 00:00:00 2001
From 18050b40df25bb3486d0f12d6a830a15cb307298 Mon Sep 17 00:00:00 2001
From: Alexander Scheel <ascheel@redhat.com>
Date: Wed, 12 Jul 2017 09:26:52 -0400
Subject: [PATCH] Fix error handling in gp_config_from_dir
@ -13,10 +13,10 @@ Merges: #204
1 file changed, 14 insertions(+), 10 deletions(-)
diff --git a/proxy/src/gp_config.c b/proxy/src/gp_config.c
index 409cd74..c507472 100644
index efd97e4..2e9806d 100644
--- a/proxy/src/gp_config.c
+++ b/proxy/src/gp_config.c
@@ -800,17 +800,21 @@ static int gp_config_from_dir(const char *config_dir,
@@ -799,17 +799,21 @@ static int gp_config_from_dir(const char *config_dir,
&error_list,
NULL);
if (ret) {

10
Fix-error-handling-in-gpm_send_buffer-gpm_recv_buffe.patch
View File

@ -1,4 +1,4 @@
From c947c161c6aba71322429fd28a42880c96055de4 Mon Sep 17 00:00:00 2001
From bbfb9a81f3bd7f3d6739c7eb24e08189fde6142f Mon Sep 17 00:00:00 2001
From: Alexander Scheel <alexander.m.scheel@gmail.com>
Date: Thu, 14 Sep 2017 11:24:39 -0500
Subject: [PATCH] Fix error handling in gpm_send_buffer/gpm_recv_buffer
@ -13,7 +13,7 @@ Merges: #213
1 file changed, 6 insertions(+), 12 deletions(-)
diff --git a/proxy/src/client/gpm_common.c b/proxy/src/client/gpm_common.c
index c91c099..994bd80 100644
index b14e846..0d314fa 100644
--- a/proxy/src/client/gpm_common.c
+++ b/proxy/src/client/gpm_common.c
@@ -1,4 +1,4 @@
@ -22,7 +22,7 @@ index c91c099..994bd80 100644
#include "gssapi_gpm.h"
#include <sys/types.h>
@@ -413,10 +413,7 @@ static int gpm_send_buffer(struct gpm_ctx *gpmctx,
@@ -415,10 +415,7 @@ static int gpm_send_buffer(struct gpm_ctx *gpmctx,
ret = 0;
done:
@ -34,7 +34,7 @@ index c91c099..994bd80 100644
return ret;
}
@@ -486,9 +483,10 @@ static int gpm_recv_buffer(struct gpm_ctx *gpmctx,
@@ -488,9 +485,10 @@ static int gpm_recv_buffer(struct gpm_ctx *gpmctx,
done:
if (ret) {
@ -48,7 +48,7 @@ index c91c099..994bd80 100644
}
return ret;
}
@@ -563,10 +561,6 @@ static int gpm_send_recv_loop(struct gpm_ctx *gpmctx, char *send_buffer,
@@ -560,10 +558,6 @@ static int gpm_send_recv_loop(struct gpm_ctx *gpmctx, char *send_buffer,
/* Close and reopen socket before trying again */
ret = gpm_retry_socket(gpmctx);

6
Fix-error-message-handling-in-gp_config_from_dir.patch
View File

@ -1,4 +1,4 @@
From 05d65d68d0103ab4bc4b1bc64e4962dce6847c3e Mon Sep 17 00:00:00 2001
From 3e4c98d74352fe3a08b23e438c950af55eb4f30e Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Fri, 27 Oct 2017 14:39:35 -0400
Subject: [PATCH] Fix error message handling in gp_config_from_dir()
@ -17,10 +17,10 @@ Signed-off-by: Robbie Harwood <rharwood@redhat.com>
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/proxy/src/gp_config.c b/proxy/src/gp_config.c
index f3ff1fd..d5db76a 100644
index 3ec4b82..aa108ca 100644
--- a/proxy/src/gp_config.c
+++ b/proxy/src/gp_config.c
@@ -800,20 +800,23 @@ static int gp_config_from_dir(const char *config_dir,
@@ -799,20 +799,23 @@ static int gp_config_from_dir(const char *config_dir,
&error_list,
NULL);
if (error_list) {

6
Fix-handling-of-non-EPOLLIN-EPOLLOUT-events.patch
View File

@ -1,4 +1,4 @@
From 94861421d2ba7bd910d53c088d0d9065aaa05708 Mon Sep 17 00:00:00 2001
From 29be3e629bafb3bd796455b34c2de16492ad9521 Mon Sep 17 00:00:00 2001
From: Alexander Scheel <alexander.m.scheel@gmail.com>
Date: Thu, 14 Sep 2017 11:16:42 -0500
Subject: [PATCH] Fix handling of non-EPOLLIN/EPOLLOUT events
@ -12,10 +12,10 @@ Merges: #213
1 file changed, 35 insertions(+), 14 deletions(-)
diff --git a/proxy/src/client/gpm_common.c b/proxy/src/client/gpm_common.c
index c3ef96e..c91c099 100644
index 7d1158e..b14e846 100644
--- a/proxy/src/client/gpm_common.c
+++ b/proxy/src/client/gpm_common.c
@@ -281,26 +281,47 @@ static int gpm_epoll_wait(struct gpm_ctx *gpmctx, uint32_t event_flags) {
@@ -283,26 +283,47 @@ static int gpm_epoll_wait(struct gpm_ctx *gpmctx, uint32_t event_flags) {
gpm_epoll_close(gpmctx);
} else if (epoll_ret == 1 && events[0].data.fd == gpmctx->timerfd) {
/* Got an event which is only our timer */

25
Fix-memory-leak.patch Normal file
View File

@ -0,0 +1,25 @@
From abcd9ae04b1c3f9f0ebb72bd48737b08d5d7fe65 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Thu, 25 May 2017 21:35:37 -0400
Subject: [PATCH] Fix memory leak
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
Related-to: #176
(cherry picked from commit 69a73d85eb3e70fdc7501794d5fd11a73a1d20fa)
---
proxy/src/gp_export.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/proxy/src/gp_export.c b/proxy/src/gp_export.c
index f44da50..4e081df 100644
--- a/proxy/src/gp_export.c
+++ b/proxy/src/gp_export.c
@@ -381,6 +381,7 @@ uint32_t gp_export_gssx_cred(uint32_t *min, struct gp_call_ctx *gpcall,
done:
*min = ret_min;
+ gss_release_buffer(&ret_min, &token);
gss_release_name(&ret_min, &name);
gss_release_oid_set(&ret_min, &mechanisms);
return ret_maj;

741
Fix-mismatched-sign-comparisons.patch Normal file
View File

@ -0,0 +1,741 @@
From a68b8b418bfc42c628fee605cc52dca92ab410c9 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Wed, 15 Mar 2017 14:52:08 -0400
Subject: [PATCH] Fix mismatched sign comparisons
We are c99, so also migrate to `for`-loop initializers where possible for
clarity.
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Merges: #173
(cherry picked from commit 377e92c7ead312c530b233a1e023493ecde033d6)
---
proxy/src/client/gpm_acquire_cred.c | 11 +++-------
proxy/src/client/gpm_common.c | 4 ++--
proxy/src/client/gpm_import_and_canon_name.c | 7 +++---
proxy/src/client/gpm_indicate_mechs.c | 33 ++++++++++++----------------
proxy/src/gp_common.h | 3 +--
proxy/src/gp_config.c | 9 +++-----
proxy/src/gp_conv.c | 6 ++---
proxy/src/gp_creds.c | 3 +--
proxy/src/gp_export.c | 9 +++-----
proxy/src/gp_rpc_acquire_cred.c | 5 ++---
proxy/src/gp_rpc_debug.c | 26 +++++++++++-----------
proxy/src/gp_rpc_indicate_mechs.c | 15 +++++--------
proxy/src/gp_socket.c | 4 ++--
proxy/src/gp_util.c | 4 ++--
proxy/tests/t_utils.c | 4 ++--
15 files changed, 58 insertions(+), 85 deletions(-)
diff --git a/proxy/src/client/gpm_acquire_cred.c b/proxy/src/client/gpm_acquire_cred.c
index 632973d..8e30e1d 100644
--- a/proxy/src/client/gpm_acquire_cred.c
+++ b/proxy/src/client/gpm_acquire_cred.c
@@ -6,8 +6,6 @@ static int gpmint_cred_to_actual_mechs(gssx_cred *c, gss_OID_set *a)
{
gssx_cred_element *e;
gss_OID_set m = GSS_C_NO_OID_SET;
- int i;
-
if (c->elements.elements_len) {
@@ -22,7 +20,7 @@ static int gpmint_cred_to_actual_mechs(gssx_cred *c, gss_OID_set *a)
return ENOMEM;
}
- for (i = 0; i < c->elements.elements_len; i++) {
+ for (unsigned i = 0; i < c->elements.elements_len; i++) {
e = &c->elements.elements_val[i];
m->elements[i].elements = gp_memdup(e->mech.octet_string_val,
@@ -280,7 +278,6 @@ OM_uint32 gpm_inquire_cred(OM_uint32 *minor_status,
uint32_t ret_maj = GSS_S_COMPLETE;
uint32_t life;
int cu;
- int i;
if (!cred) {
*minor_status = 0;
@@ -308,8 +305,7 @@ OM_uint32 gpm_inquire_cred(OM_uint32 *minor_status,
life = GSS_C_INDEFINITE;
cu = -1;
- for (i = 0; i < cred->elements.elements_len; i++) {
-
+ for (unsigned i = 0; i < cred->elements.elements_len; i++) {
e = &cred->elements.elements_val[i];
switch (e->cred_usage) {
@@ -402,7 +398,7 @@ OM_uint32 gpm_inquire_cred_by_mech(OM_uint32 *minor_status,
gss_OID_desc tmp_oid;
uint32_t ret_min = 0;
uint32_t ret_maj = GSS_S_COMPLETE;
- int i;
+ unsigned i;
if (!cred) {
*minor_status = 0;
@@ -414,7 +410,6 @@ OM_uint32 gpm_inquire_cred_by_mech(OM_uint32 *minor_status,
}
for (i = 0; i < cred->elements.elements_len; i++) {
-
e = &cred->elements.elements_val[i];
gp_conv_gssx_to_oid(&e->mech, &tmp_oid);
if (!gss_oid_equal(&tmp_oid, mech_type)) {
diff --git a/proxy/src/client/gpm_common.c b/proxy/src/client/gpm_common.c
index 030765a..8c96986 100644
--- a/proxy/src/client/gpm_common.c
+++ b/proxy/src/client/gpm_common.c
@@ -166,7 +166,7 @@ static int gpm_send_buffer(struct gpm_ctx *gpmctx,
char *buffer, uint32_t length)
{
uint32_t size;
- size_t wn;
+ ssize_t wn;
size_t pos;
bool retry;
int ret;
@@ -232,7 +232,7 @@ static int gpm_recv_buffer(struct gpm_ctx *gpmctx,
char *buffer, uint32_t *length)
{
uint32_t size;
- size_t rn;
+ ssize_t rn;
size_t pos;
int ret;
diff --git a/proxy/src/client/gpm_import_and_canon_name.c b/proxy/src/client/gpm_import_and_canon_name.c
index 83d0736..70149a3 100644
--- a/proxy/src/client/gpm_import_and_canon_name.c
+++ b/proxy/src/client/gpm_import_and_canon_name.c
@@ -275,7 +275,6 @@ OM_uint32 gpm_inquire_name(OM_uint32 *minor_status,
{
gss_buffer_set_t xattrs = GSS_C_NO_BUFFER_SET;
int ret;
- int i;
*minor_status = 0;
@@ -306,13 +305,13 @@ OM_uint32 gpm_inquire_name(OM_uint32 *minor_status,
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
- for (i = 0; i < xattrs->count; i++) {
+ for (unsigned i = 0; i < xattrs->count; i++) {
ret = gp_copy_gssx_to_buffer(
&name->name_attributes.name_attributes_val[i].attr,
&xattrs->elements[i]);
if (ret) {
- for (--i; i >= 0; i--) {
- free(xattrs->elements[i].value);
+ for (; i > 0; i--) {
+ free(xattrs->elements[i-1].value);
}
free(xattrs->elements);
free(xattrs);
diff --git a/proxy/src/client/gpm_indicate_mechs.c b/proxy/src/client/gpm_indicate_mechs.c
index d4df923..b019a96 100644
--- a/proxy/src/client/gpm_indicate_mechs.c
+++ b/proxy/src/client/gpm_indicate_mechs.c
@@ -51,7 +51,6 @@ static uint32_t gpm_copy_gss_OID_set(uint32_t *minor_status,
gss_OID_set n;
uint32_t ret_maj;
uint32_t ret_min;
- int i;
ret_maj = gss_create_empty_oid_set(&ret_min, &n);
if (ret_maj) {
@@ -59,7 +58,7 @@ static uint32_t gpm_copy_gss_OID_set(uint32_t *minor_status,
return ret_maj;
}
- for (i = 0; i < oldset->count; i++) {
+ for (size_t i = 0; i < oldset->count; i++) {
ret_maj = gss_add_oid_set_member(&ret_min, &oldset->elements[i], &n);
if (ret_maj) {
*minor_status = ret_min;
@@ -124,7 +123,6 @@ static void gpmint_indicate_mechs(void)
uint32_t ret_min;
uint32_t ret_maj = 0;
int ret = 0;
- int i;
memset(arg, 0, sizeof(gssx_arg_indicate_mechs));
memset(res, 0, sizeof(gssx_res_indicate_mechs));
@@ -158,7 +156,7 @@ static void gpmint_indicate_mechs(void)
goto done;
}
- for (i = 0; i < res->mechs.mechs_len; i++) {
+ for (unsigned i = 0; i < res->mechs.mechs_len; i++) {
mi = &res->mechs.mechs_val[i];
gi = &global_mechs.info[i];
@@ -222,7 +220,7 @@ static void gpmint_indicate_mechs(void)
goto done;
}
- for (i = 0; i < res->mech_attr_descs.mech_attr_descs_len; i++) {
+ for (unsigned i = 0; i < res->mech_attr_descs.mech_attr_descs_len; i++) {
ma = &res->mech_attr_descs.mech_attr_descs_val[i];
ga = &global_mechs.desc[i];
@@ -249,7 +247,7 @@ static void gpmint_indicate_mechs(void)
done:
if (ret || ret_maj) {
- for (i = 0; i < global_mechs.desc_len; i++) {
+ for (unsigned i = 0; i < global_mechs.desc_len; i++) {
ga = &global_mechs.desc[i];
gss_release_oid(&discard, &ga->attr);
gss_release_buffer(&discard, ga->name);
@@ -258,7 +256,7 @@ done:
}
free(global_mechs.desc);
global_mechs.desc = NULL;
- for (i = 0; i < global_mechs.info_len; i++) {
+ for (unsigned i = 0; i < global_mechs.info_len; i++) {
gi = &global_mechs.info[i];
gss_release_oid(&discard, &gi->mech);
gss_release_oid_set(&discard, &gi->name_types);
@@ -335,7 +333,6 @@ OM_uint32 gpm_inquire_names_for_mech(OM_uint32 *minor_status,
{
uint32_t ret_min;
uint32_t ret_maj;
- int i;
if (!minor_status) {
return GSS_S_CALL_INACCESSIBLE_WRITE;
@@ -351,7 +348,7 @@ OM_uint32 gpm_inquire_names_for_mech(OM_uint32 *minor_status,
return GSS_S_FAILURE;
}
- for (i = 0; i < global_mechs.info_len; i++) {
+ for (unsigned i = 0; i < global_mechs.info_len; i++) {
if (!gpm_equal_oids(global_mechs.info[i].mech, mech_type)) {
continue;
}
@@ -375,7 +372,6 @@ OM_uint32 gpm_inquire_mechs_for_name(OM_uint32 *minor_status,
uint32_t discard;
gss_OID name_type = GSS_C_NO_OID;
int present;
- int i;
if (!minor_status) {
return GSS_S_CALL_INACCESSIBLE_WRITE;
@@ -402,7 +398,7 @@ OM_uint32 gpm_inquire_mechs_for_name(OM_uint32 *minor_status,
goto done;
}
- for (i = 0; i < global_mechs.info_len; i++) {
+ for (unsigned i = 0; i < global_mechs.info_len; i++) {
ret_maj = gss_test_oid_set_member(&ret_min, name_type,
global_mechs.info[i].name_types,
&present);
@@ -439,7 +435,6 @@ OM_uint32 gpm_inquire_attrs_for_mech(OM_uint32 *minor_status,
uint32_t ret_min;
uint32_t ret_maj;
uint32_t discard;
- int i;
if (!minor_status) {
return GSS_S_CALL_INACCESSIBLE_WRITE;
@@ -451,7 +446,7 @@ OM_uint32 gpm_inquire_attrs_for_mech(OM_uint32 *minor_status,
return GSS_S_FAILURE;
}
- for (i = 0; i < global_mechs.info_len; i++) {
+ for (unsigned i = 0; i < global_mechs.info_len; i++) {
if (!gpm_equal_oids(global_mechs.info[i].mech, mech)) {
continue;
}
@@ -495,7 +490,6 @@ OM_uint32 gpm_inquire_saslname_for_mech(OM_uint32 *minor_status,
uint32_t ret_min;
uint32_t ret_maj;
uint32_t discard;
- int i;
if (!minor_status) {
return GSS_S_CALL_INACCESSIBLE_WRITE;
@@ -511,7 +505,7 @@ OM_uint32 gpm_inquire_saslname_for_mech(OM_uint32 *minor_status,
return GSS_S_FAILURE;
}
- for (i = 0; i < global_mechs.info_len; i++) {
+ for (unsigned i = 0; i < global_mechs.info_len; i++) {
if (!gpm_equal_oids(global_mechs.info[i].mech, desired_mech)) {
continue;
}
@@ -554,7 +548,6 @@ OM_uint32 gpm_display_mech_attr(OM_uint32 *minor_status,
uint32_t ret_min;
uint32_t ret_maj;
uint32_t discard;
- int i;
if (!minor_status) {
return GSS_S_CALL_INACCESSIBLE_WRITE;
@@ -570,7 +563,7 @@ OM_uint32 gpm_display_mech_attr(OM_uint32 *minor_status,
return GSS_S_FAILURE;
}
- for (i = 0; i < global_mechs.desc_len; i++) {
+ for (unsigned i = 0; i < global_mechs.desc_len; i++) {
if (!gpm_equal_oids(global_mechs.desc[i].attr, mech_attr)) {
continue;
}
@@ -614,7 +607,6 @@ OM_uint32 gpm_indicate_mechs_by_attrs(OM_uint32 *minor_status,
uint32_t ret_maj;
uint32_t discard;
int present;
- int i, j;
if (!minor_status) {
return GSS_S_CALL_INACCESSIBLE_WRITE;
@@ -636,8 +628,9 @@ OM_uint32 gpm_indicate_mechs_by_attrs(OM_uint32 *minor_status,
return ret_maj;
}
- for (i = 0; i < global_mechs.info_len; i++) {
+ for (unsigned i = 0; i < global_mechs.info_len; i++) {
if (desired_mech_attrs != GSS_C_NO_OID_SET) {
+ unsigned j;
for (j = 0; j < desired_mech_attrs->count; j++) {
ret_maj = gss_test_oid_set_member(&ret_min,
&desired_mech_attrs->elements[j],
@@ -657,6 +650,7 @@ OM_uint32 gpm_indicate_mechs_by_attrs(OM_uint32 *minor_status,
}
}
if (except_mech_attrs != GSS_C_NO_OID_SET) {
+ unsigned j;
for (j = 0; j < except_mech_attrs->count; j++) {
ret_maj = gss_test_oid_set_member(&ret_min,
&except_mech_attrs->elements[j],
@@ -676,6 +670,7 @@ OM_uint32 gpm_indicate_mechs_by_attrs(OM_uint32 *minor_status,
}
}
if (critical_mech_attrs != GSS_C_NO_OID_SET) {
+ unsigned j;
for (j = 0; j < critical_mech_attrs->count; j++) {
ret_maj = gss_test_oid_set_member(&ret_min,
&critical_mech_attrs->elements[j],
diff --git a/proxy/src/gp_common.h b/proxy/src/gp_common.h
index edc23b4..4f76e58 100644
--- a/proxy/src/gp_common.h
+++ b/proxy/src/gp_common.h
@@ -104,9 +104,8 @@ union gp_rpc_res {
#define gp_options_find(res, opts, name, len) \
do { \
struct gssx_option *_v; \
- int _o; \
res = NULL; \
- for (_o = 0; _o < opts.options_len; _o++) { \
+ for (unsigned _o = 0; _o < opts.options_len; _o++) { \
_v = &opts.options_val[_o]; \
if (gp_option_name_match(_v, name, len)) { \
res = _v; \
diff --git a/proxy/src/gp_config.c b/proxy/src/gp_config.c
index 5c1ca02..a671333 100644
--- a/proxy/src/gp_config.c
+++ b/proxy/src/gp_config.c
@@ -57,11 +57,9 @@ static void free_str_array(const char ***a, int *count)
void free_cred_store_elements(gss_key_value_set_desc *cs)
{
- int i;
-
if (!cs->elements) return;
- for (i = 0; i < cs->count; i++) {
+ for (unsigned i = 0; i < cs->count; i++) {
safefree(cs->elements[i].key);
safefree(cs->elements[i].value);
}
@@ -146,7 +144,7 @@ static int get_krb5_mech_cfg(struct gp_service *svc,
&count, &strings);
if (ret == 0) {
const char *p;
- size_t len;
+ ssize_t len;
char *key;
svc->krb5.store.elements =
@@ -698,7 +696,6 @@ struct gp_creds_handle *gp_service_get_creds_handle(struct gp_service *svc)
void free_config(struct gp_config **cfg)
{
struct gp_config *config = *cfg;
- uint32_t i;
if (!config) {
return;
@@ -709,7 +706,7 @@ void free_config(struct gp_config **cfg)
free(config->socket_name);
free(config->proxy_user);
- for (i=0; i < config->num_svcs; i++) {
+ for (int i = 0; i < config->num_svcs; i++) {
gp_service_free(config->svcs[i]);
safefree(config->svcs[i]);
}
diff --git a/proxy/src/gp_conv.c b/proxy/src/gp_conv.c
index 71d6d9d..b874b06 100644
--- a/proxy/src/gp_conv.c
+++ b/proxy/src/gp_conv.c
@@ -599,7 +599,6 @@ done:
int gp_conv_gssx_to_oid_set(gssx_OID_set *in, gss_OID_set *out)
{
gss_OID_set o;
- int i;
if (in->gssx_OID_set_len == 0) {
*out = GSS_C_NO_OID_SET;
@@ -618,7 +617,7 @@ int gp_conv_gssx_to_oid_set(gssx_OID_set *in, gss_OID_set *out)
return ENOMEM;
}
- for (i = 0; i < o->count; i++) {
+ for (size_t i = 0; i < o->count; i++) {
o->elements[i].elements =
gp_memdup(in->gssx_OID_set_val[i].octet_string_val,
in->gssx_OID_set_val[i].octet_string_len);
@@ -641,7 +640,6 @@ int gp_conv_gssx_to_oid_set(gssx_OID_set *in, gss_OID_set *out)
int gp_conv_oid_set_to_gssx(gss_OID_set in, gssx_OID_set *out)
{
int ret;
- int i;
if (in->count == 0) {
return 0;
@@ -653,7 +651,7 @@ int gp_conv_oid_set_to_gssx(gss_OID_set in, gssx_OID_set *out)
return ENOMEM;
}
- for (i = 0; i < in->count; i++) {
+ for (size_t i = 0; i < in->count; i++) {
ret = gp_conv_octet_string(in->elements[i].length,
in->elements[i].elements,
&out->gssx_OID_set_val[i]);
diff --git a/proxy/src/gp_creds.c b/proxy/src/gp_creds.c
index 6570b06..e05ad01 100644
--- a/proxy/src/gp_creds.c
+++ b/proxy/src/gp_creds.c
@@ -312,7 +312,6 @@ static int gp_get_cred_environment(struct gp_call_ctx *gpcall,
int k_num = -1;
int ck_num = -1;
int cc_num = -1;
- int d;
memset(cs, 0, sizeof(gss_key_value_set_desc));
@@ -419,7 +418,7 @@ static int gp_get_cred_environment(struct gp_call_ctx *gpcall,
ret = ENOMEM;
goto done;
}
- for (d = 0; d < svc->krb5.store.count; d++) {
+ for (unsigned d = 0; d < svc->krb5.store.count; d++) {
if (strcmp(svc->krb5.store.elements[d].key, "client_keytab") == 0) {
ck_num = cs->count;
} else if (strcmp(svc->krb5.store.elements[d].key, "keytab") == 0) {
diff --git a/proxy/src/gp_export.c b/proxy/src/gp_export.c
index 12b8d5f..3a927c9 100644
--- a/proxy/src/gp_export.c
+++ b/proxy/src/gp_export.c
@@ -288,7 +288,6 @@ uint32_t gp_export_gssx_cred(uint32_t *min, struct gp_call_ctx *gpcall,
uint32_t acceptor_lifetime = 0;
struct gssx_cred_element *el;
int ret;
- int i, j;
struct gp_creds_handle *handle = NULL;
gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
@@ -314,8 +313,7 @@ uint32_t gp_export_gssx_cred(uint32_t *min, struct gp_call_ctx *gpcall,
}
out->elements.elements_len = mechanisms->count;
- for (i = 0, j = 0; i < mechanisms->count; i++, j++) {
-
+ for (unsigned i = 0, j = 0; i < mechanisms->count; i++, j++) {
el = &out->elements.elements_val[j];
ret_maj = gss_inquire_cred_by_mech(&ret_min, *in,
@@ -399,11 +397,10 @@ static void gp_set_cred_options(gssx_cred *cred, gss_cred_id_t gss_cred)
krb5_enctype *ktypes;
bool no_ci_flags = false;
uint32_t maj, min;
- int i, j;
- for (i = 0; i < cred->elements.elements_len; i++) {
+ for (unsigned i = 0; i < cred->elements.elements_len; i++) {
ce = &cred->elements.elements_val[i];
- for (j = 0; j < ce->options.options_len; j++) {
+ for (unsigned j = 0; j < ce->options.options_len; j++) {
op = &ce->options.options_val[j];
if ((op->option.octet_string_len ==
sizeof(KRB5_SET_ALLOWED_ENCTYPE)) &&
diff --git a/proxy/src/gp_rpc_acquire_cred.c b/proxy/src/gp_rpc_acquire_cred.c
index e9c7d56..fcb4fbe 100644
--- a/proxy/src/gp_rpc_acquire_cred.c
+++ b/proxy/src/gp_rpc_acquire_cred.c
@@ -20,7 +20,6 @@ int gp_acquire_cred(struct gp_call_ctx *gpcall,
gss_cred_id_t *add_out_cred = NULL;
int acquire_type = ACQ_NORMAL;
int ret;
- int i;
aca = &arg->acquire_cred;
acr = &res->acquire_cred;
@@ -63,7 +62,7 @@ int gp_acquire_cred(struct gp_call_ctx *gpcall,
goto done;
}
- for (i = 0; i < desired_mechs->count; i++) {
+ for (unsigned i = 0; i < desired_mechs->count; i++) {
desired_mech = &desired_mechs->elements[i];
if (!gp_creds_allowed_mech(gpcall, desired_mech)) {
@@ -93,7 +92,7 @@ int gp_acquire_cred(struct gp_call_ctx *gpcall,
cred_usage = gp_conv_gssx_to_cred_usage(aca->cred_usage);
- for (i = 0; i < use_mechs->count; i++) {
+ for (unsigned i = 0; i < use_mechs->count; i++) {
desired_mech = &use_mechs->elements[i];
/* this should really be folded into an extended
* gss_add_cred in gssapi that can accept a set of URIs
diff --git a/proxy/src/gp_rpc_debug.c b/proxy/src/gp_rpc_debug.c
index 2e2c050..a814448 100644
--- a/proxy/src/gp_rpc_debug.c
+++ b/proxy/src/gp_rpc_debug.c
@@ -19,7 +19,7 @@ void gpdbg_octet_string(octet_string *x)
}
fprintf(stderr, "... ] ");
} else {
- for (int i = 0; i < x->octet_string_len; i++) {
+ for (unsigned i = 0; i < x->octet_string_len; i++) {
fprintf(stderr, "%x", x->octet_string_val[i]);
}
fprintf(stderr, " ] ");
@@ -55,7 +55,7 @@ void gpdbg_gssx_OID(gssx_OID *x)
void gpdbg_gssx_OID_set(gssx_OID_set *x)
{
gp_debug_printf("{ ");
- for (int i = 0; i < x->gssx_OID_set_len; i++) {
+ for (unsigned i = 0; i < x->gssx_OID_set_len; i++) {
gpdbg_gssx_OID(&x->gssx_OID_set_val[i]);
}
gp_debug_printf("} ");
@@ -90,7 +90,7 @@ void gpdbg_gssx_option(gssx_option *x)
#define gpdbg_extensions(x) do { \
if ((x)->extensions.extensions_len > 0) { \
gp_debug_printf("[ "); \
- for (int i = 0; i < (x)->extensions.extensions_len; i++) { \
+ for (unsigned i = 0; i < (x)->extensions.extensions_len; i++) { \
gpdbg_gssx_option(&(x)->extensions.extensions_val[i]); \
} \
gp_debug_printf("] "); \
@@ -100,7 +100,7 @@ void gpdbg_gssx_option(gssx_option *x)
#define gpdbg_options(x) do { \
if ((x)->options.options_len > 0) { \
gp_debug_printf("[ "); \
- for (int i = 0; i < (x)->options.options_len; i++) { \
+ for (unsigned i = 0; i < (x)->options.options_len; i++) { \
gpdbg_gssx_option(&(x)->options.options_val[i]); \
} \
gp_debug_printf("] "); \
@@ -168,7 +168,7 @@ void gpdbg_gssx_call_ctx(gssx_call_ctx *x)
#define gpdbg_name_attributes(X) do { \
gp_debug_printf("[ "); \
if (x->name_attributes.name_attributes_len > 0) { \
- for (int i = 0; i < x->name_attributes.name_attributes_len; i++) { \
+ for (unsigned i = 0; i < x->name_attributes.name_attributes_len; i++) { \
gpdbg_gssx_name_attr( \
&x->name_attributes.name_attributes_val[i]); \
} \
@@ -209,7 +209,7 @@ void gpdbg_gssx_cred(gssx_cred *x)
gp_debug_printf("{ ");
gpdbg_gssx_name(&x->desired_name);
gp_debug_printf("[ ");
- for (int i = 0; i < x->elements.elements_len; i++) {
+ for (unsigned i = 0; i < x->elements.elements_len; i++) {
gpdbg_gssx_cred_element(&x->elements.elements_val[i]);
}
gp_debug_printf("] ");
@@ -289,17 +289,17 @@ void gpdbg_gssx_res_indicate_mechs(gssx_res_indicate_mechs *x)
gp_debug_printf(" GSSX_RES_INDICATE_MECHS( status: ");
gpdbg_gssx_status(&x->status);
gp_debug_printf("mechs: [ ");
- for (int i = 0; i < x->mechs.mechs_len; i++) {
+ for (unsigned i = 0; i < x->mechs.mechs_len; i++) {
gpdbg_gssx_mech_info(&x->mechs.mechs_val[i]);
}
gp_debug_printf("] ");
gp_debug_printf("mech_attr_descs: [ ");
- for (int i = 0; i < x->mech_attr_descs.mech_attr_descs_len; i++) {
+ for (unsigned i = 0; i < x->mech_attr_descs.mech_attr_descs_len; i++) {
gpdbg_gssx_mech_attr(&x->mech_attr_descs.mech_attr_descs_val[i]);
}
gp_debug_printf("] ");
gp_debug_printf("supported_extensions: [ ");
- for (int i = 0;
+ for (unsigned i = 0;
i < x->supported_extensions.supported_extensions_len; i++) {
gpdbg_gssx_buffer(
&x->supported_extensions.supported_extensions_val[i]);
@@ -602,7 +602,7 @@ void gpdbg_gssx_arg_wrap(gssx_arg_wrap *x)
gp_debug_printf("conf_req: ");
gp_debug_printf("%d ", (int)x->conf_req);
gp_debug_printf("message_buffer: [ ");
- for (int i = 0; i < x->message_buffer.message_buffer_len; i++) {
+ for (unsigned i = 0; i < x->message_buffer.message_buffer_len; i++) {
gpdbg_octet_string(&x->message_buffer.message_buffer_val[i]);
}
gp_debug_printf("] ");
@@ -618,7 +618,7 @@ void gpdbg_gssx_res_wrap(gssx_res_wrap *x)
gp_debug_printf("context_handle: ");
GPRPCDEBUG(gssx_ctx, x->context_handle);
gp_debug_printf("token_buffer: [ ");
- for (int i = 0; i < x->token_buffer.token_buffer_len; i++) {
+ for (unsigned i = 0; i < x->token_buffer.token_buffer_len; i++) {
gpdbg_octet_string(&x->token_buffer.token_buffer_val[i]);
}
gp_debug_printf("] ");
@@ -640,7 +640,7 @@ void gpdbg_gssx_arg_unwrap(gssx_arg_unwrap *x)
gp_debug_printf("context_handle: ");
gpdbg_gssx_ctx(&x->context_handle);
gp_debug_printf("token_buffer: [ ");
- for (int i = 0; i < x->token_buffer.token_buffer_len; i++) {
+ for (unsigned i = 0; i < x->token_buffer.token_buffer_len; i++) {
gpdbg_octet_string(&x->token_buffer.token_buffer_val[i]);
}
gp_debug_printf("] ");
@@ -656,7 +656,7 @@ void gpdbg_gssx_res_unwrap(gssx_res_unwrap *x)
gp_debug_printf("context_handle: ");
GPRPCDEBUG(gssx_ctx, x->context_handle);
gp_debug_printf("message_buffer: [ ");
- for (int i = 0; i < x->message_buffer.message_buffer_len; i++) {
+ for (unsigned i = 0; i < x->message_buffer.message_buffer_len; i++) {
gpdbg_octet_string(&x->message_buffer.message_buffer_val[i]);
}
gp_debug_printf("] ");
diff --git a/proxy/src/gp_rpc_indicate_mechs.c b/proxy/src/gp_rpc_indicate_mechs.c
index 8abbc7f..6ae6756 100644
--- a/proxy/src/gp_rpc_indicate_mechs.c
+++ b/proxy/src/gp_rpc_indicate_mechs.c
@@ -25,8 +25,7 @@ int gp_indicate_mechs(struct gp_call_ctx *gpcall UNUSED,
uint32_t ret_maj;
uint32_t ret_min;
int present;
- int h, i, j;
- int ret;
+ int ret;
ima = &arg->indicate_mechs;
imr = &res->indicate_mechs;
@@ -53,8 +52,7 @@ int gp_indicate_mechs(struct gp_call_ctx *gpcall UNUSED,
}
imr->mechs.mechs_len = mech_set->count;
- for (i = 0, h = 0; i < mech_set->count; i++, h++) {
-
+ for (unsigned i = 0, h = 0; i < mech_set->count; i++, h++) {
mi = &imr->mechs.mechs_val[h];
ret = gp_conv_oid_to_gssx(&mech_set->elements[i], &mi->mech);
@@ -104,8 +102,7 @@ int gp_indicate_mechs(struct gp_call_ctx *gpcall UNUSED,
ret_min = ret;
goto done;
}
- for (j = 0; j < mech_attrs->count; j++) {
-
+ for (unsigned j = 0; j < mech_attrs->count; j++) {
ret_maj = gss_test_oid_set_member(&ret_min,
&mech_attrs->elements[j],
attr_set,
@@ -136,8 +133,7 @@ int gp_indicate_mechs(struct gp_call_ctx *gpcall UNUSED,
goto done;
}
- for (j = 0; j < known_mech_attrs->count; j++) {
-
+ for (unsigned j = 0; j < known_mech_attrs->count; j++) {
ret_maj = gss_test_oid_set_member(&ret_min,
&known_mech_attrs->elements[j],
attr_set,
@@ -205,8 +201,7 @@ int gp_indicate_mechs(struct gp_call_ctx *gpcall UNUSED,
}
imr->mech_attr_descs.mech_attr_descs_len = attr_set->count;
- for (i = 0; i < attr_set->count; i++) {
-
+ for (unsigned i = 0; i < attr_set->count; i++) {
ma = &imr->mech_attr_descs.mech_attr_descs_val[i];
ret = gp_conv_oid_to_gssx(&attr_set->elements[i], &ma->attr);
diff --git a/proxy/src/gp_socket.c b/proxy/src/gp_socket.c
index 829ff21..17ecf7c 100644
--- a/proxy/src/gp_socket.c
+++ b/proxy/src/gp_socket.c
@@ -303,7 +303,7 @@ static void gp_socket_read(verto_ctx *vctx, verto_ev *ev)
struct gp_buffer *rbuf;
uint32_t size;
bool header = false;
- size_t rn;
+ ssize_t rn;
int ret;
int fd;
@@ -487,7 +487,7 @@ static void gp_socket_write(verto_ctx *vctx, verto_ev *ev)
return;
}
if (vecs == 2) {
- if (wn < sizeof(size)) {
+ if (wn < (ssize_t) sizeof(size)) {
/* don't bother trying to handle sockets that can't
* buffer even 4 bytes */
gp_conn_free(wbuf->conn);
diff --git a/proxy/src/gp_util.c b/proxy/src/gp_util.c
index ca83eb3..f158b84 100644
--- a/proxy/src/gp_util.c
+++ b/proxy/src/gp_util.c
@@ -109,7 +109,7 @@ char *gp_strerror(int errnum)
ssize_t gp_safe_read(int fd, void *buf, size_t count)
{
char *b = (char *)buf;
- ssize_t len = 0;
+ size_t len = 0;
ssize_t ret;
do {
@@ -128,7 +128,7 @@ ssize_t gp_safe_read(int fd, void *buf, size_t count)
ssize_t gp_safe_write(int fd, const void *buf, size_t count)
{
const char *b = (const char *)buf;
- ssize_t len = 0;
+ size_t len = 0;
ssize_t ret;
do {
diff --git a/proxy/tests/t_utils.c b/proxy/tests/t_utils.c
index 6af9a16..36f7bd1 100644
--- a/proxy/tests/t_utils.c
+++ b/proxy/tests/t_utils.c
@@ -8,7 +8,7 @@
int t_send_buffer(int fd, char *buf, uint32_t len)
{
uint32_t size;
- size_t wn;
+ ssize_t wn;
size_t pos;
size = htonl(len);
@@ -36,7 +36,7 @@ int t_send_buffer(int fd, char *buf, uint32_t len)
int t_recv_buffer(int fd, char *buf, uint32_t *len)
{
uint32_t size;
- size_t rn;
+ ssize_t rn;
size_t pos;
rn = read(fd, &size, sizeof(uint32_t));

250
Fix-most-memory-leaks.patch Normal file
View File

@ -0,0 +1,250 @@
From fae905d25a24dd360c5ae3e50bd3bfcf71c5f3bb Mon Sep 17 00:00:00 2001
From: Alexander Scheel <ascheel@redhat.com>
Date: Thu, 29 Jun 2017 10:59:46 -0400
Subject: [PATCH] Fix most memory leaks
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
[rharwood@redhat.com: commit message, whitespace]
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
Merges: #203
Related: #176
(cherry picked from commit 470cf4d745d57f0597124a35b2faf86ba1107bb5)
---
proxy/src/gp_config.c | 2 ++
proxy/src/gp_creds.c | 2 ++
proxy/src/gp_export.c | 3 ++-
proxy/src/gp_rpc_acquire_cred.c | 17 ++++++++++------
proxy/src/gssproxy.c | 42 ++++++++++++++++++++++++++++------------
proxy/src/mechglue/gpp_context.c | 2 ++
proxy/tests/t_acquire.c | 3 +++
7 files changed, 52 insertions(+), 19 deletions(-)
diff --git a/proxy/src/gp_config.c b/proxy/src/gp_config.c
index a671333..754edf5 100644
--- a/proxy/src/gp_config.c
+++ b/proxy/src/gp_config.c
@@ -75,6 +75,8 @@ static void gp_service_free(struct gp_service *svc)
free_cred_store_elements(&svc->krb5.store);
gp_free_creds_handle(&svc->krb5.creds_handle);
}
+ free(svc->socket);
+ free(svc->program);
SELINUX_context_free(svc->selinux_ctx);
memset(svc, 0, sizeof(struct gp_service));
}
diff --git a/proxy/src/gp_creds.c b/proxy/src/gp_creds.c
index fdc6bdf..2cb4ce7 100644
--- a/proxy/src/gp_creds.c
+++ b/proxy/src/gp_creds.c
@@ -1049,6 +1049,8 @@ uint32_t gp_count_tickets(uint32_t *min, gss_cred_id_t cred, uint32_t *ccsum)
goto done;
}
+ krb5_free_cred_contents(context, &creds);
+
/* TODO: Should we do a real checksum over all creds->ticket data and
* flags in future ? */
(*ccsum)++;
diff --git a/proxy/src/gp_export.c b/proxy/src/gp_export.c
index 4e081df..ab08bb7 100644
--- a/proxy/src/gp_export.c
+++ b/proxy/src/gp_export.c
@@ -47,7 +47,7 @@ uint32_t gp_init_creds_with_keytab(uint32_t *min, const char *svc_name,
krb5_keytab ktid = NULL;
krb5_kt_cursor cursor;
krb5_keytab_entry entry;
- krb5_enctype *permitted;
+ krb5_enctype *permitted = NULL;
uint32_t ret_maj = 0;
uint32_t ret_min = 0;
int ret;
@@ -127,6 +127,7 @@ uint32_t gp_init_creds_with_keytab(uint32_t *min, const char *svc_name,
ret_maj = GSS_S_COMPLETE;
done:
+ krb5_free_enctypes(handle->context, permitted);
if (ktid) {
(void)krb5_kt_close(handle->context, ktid);
}
diff --git a/proxy/src/gp_rpc_acquire_cred.c b/proxy/src/gp_rpc_acquire_cred.c
index fcb4fbe..7ddb427 100644
--- a/proxy/src/gp_rpc_acquire_cred.c
+++ b/proxy/src/gp_rpc_acquire_cred.c
@@ -130,17 +130,18 @@ int gp_acquire_cred(struct gp_call_ctx *gpcall,
}
}
- acr->output_cred_handle = calloc(1, sizeof(gssx_cred));
- if (!acr->output_cred_handle) {
- ret_maj = GSS_S_FAILURE;
- ret_min = ENOMEM;
- goto done;
- }
if (out_cred == in_cred) {
acr->output_cred_handle = aca->input_cred_handle;
aca->input_cred_handle = NULL;
} else {
+ acr->output_cred_handle = calloc(1, sizeof(gssx_cred));
+ if (!acr->output_cred_handle) {
+ ret_maj = GSS_S_FAILURE;
+ ret_min = ENOMEM;
+ goto done;
+ }
+
ret_maj = gp_export_gssx_cred(&ret_min, gpcall,
&out_cred, acr->output_cred_handle);
if (ret_maj) {
@@ -154,6 +155,10 @@ done:
GPRPCDEBUG(gssx_res_acquire_cred, acr);
+ if (add_out_cred != &in_cred && add_out_cred != &out_cred)
+ gss_release_cred(&ret_min, add_out_cred);
+ if (in_cred != out_cred)
+ gss_release_cred(&ret_min, &in_cred);
gss_release_cred(&ret_min, &out_cred);
gss_release_oid_set(&ret_min, &use_mechs);
gss_release_oid_set(&ret_min, &desired_mechs);
diff --git a/proxy/src/gssproxy.c b/proxy/src/gssproxy.c
index a020218..5c5937d 100644
--- a/proxy/src/gssproxy.c
+++ b/proxy/src/gssproxy.c
@@ -157,7 +157,7 @@ int main(int argc, const char *argv[])
verto_ctx *vctx;
verto_ev *ev;
int wait_fd;
- int ret;
+ int ret = -1;
struct poptOption long_options[] = {
POPT_AUTOHELP
@@ -187,13 +187,17 @@ int main(int argc, const char *argv[])
fprintf(stderr, "\nInvalid option %s: %s\n\n",
poptBadOption(pc, 0), poptStrerror(opt));
poptPrintUsage(pc, stderr, 0);
- return 1;
+
+ ret = 1;
+ goto cleanup;
}
}
if (opt_version) {
puts(VERSION""DISTRO_VERSION""PRERELEASE_VERSION);
- return 0;
+ poptFreeContext(pc);
+ ret = 0;
+ goto cleanup;
}
if (opt_debug || opt_debug_level > 0) {
@@ -204,7 +208,8 @@ int main(int argc, const char *argv[])
if (opt_daemon && opt_interactive) {
fprintf(stderr, "Option -i|--interactive is not allowed together with -D|--daemon\n");
poptPrintUsage(pc, stderr, 0);
- return 1;
+ ret = 0;
+ goto cleanup;
}
if (opt_interactive) {
@@ -218,7 +223,8 @@ int main(int argc, const char *argv[])
opt_config_socket,
opt_daemon);
if (!gpctx->config) {
- exit(EXIT_FAILURE);
+ ret = EXIT_FAILURE;
+ goto cleanup;
}
init_server(gpctx->config->daemonize, &wait_fd);
@@ -229,7 +235,8 @@ int main(int argc, const char *argv[])
if (!vctx) {
fprintf(stderr, "Failed to initialize event loop. "
"Is there at least one libverto backend installed?\n");
- return 1;
+ ret = 1;
+ goto cleanup;
}
gpctx->vctx = vctx;
@@ -237,12 +244,13 @@ int main(int argc, const char *argv[])
ev = verto_add_signal(vctx, VERTO_EV_FLAG_PERSIST, hup_handler, SIGHUP);
if (!ev) {
fprintf(stderr, "Failed to register SIGHUP handler with verto!\n");
- return 1;
+ ret = 1;
+ goto cleanup;
}
ret = init_sockets(vctx, NULL);
if (ret != 0) {
- return ret;
+ goto cleanup;
}
/* We need to tell nfsd that GSS-Proxy is available before it starts,
@@ -256,12 +264,14 @@ int main(int argc, const char *argv[])
ret = drop_privs(gpctx->config);
if (ret) {
- exit(EXIT_FAILURE);
+ ret = EXIT_FAILURE;
+ goto cleanup;
}
ret = gp_workers_init(gpctx);
if (ret) {
- exit(EXIT_FAILURE);
+ ret = EXIT_FAILURE;
+ goto cleanup;
}
verto_run(vctx);
@@ -271,9 +281,17 @@ int main(int argc, const char *argv[])
fini_server();
- poptFreeContext(pc);
free_config(&gpctx->config);
+ free(gpctx);
- return 0;
+ ret = 0;
+
+cleanup:
+ poptFreeContext(pc);
+ free(opt_config_file);
+ free(opt_config_dir);
+ free(opt_config_socket);
+
+ return ret;
}
diff --git a/proxy/src/mechglue/gpp_context.c b/proxy/src/mechglue/gpp_context.c
index 2f41e4f..69e69e0 100644
--- a/proxy/src/mechglue/gpp_context.c
+++ b/proxy/src/mechglue/gpp_context.c
@@ -362,6 +362,8 @@ OM_uint32 gssi_delete_sec_context(OM_uint32 *minor_status,
}
}
+ free(ctx);
+
return rmaj;
}
diff --git a/proxy/tests/t_acquire.c b/proxy/tests/t_acquire.c
index 2bb7706..5334565 100644
--- a/proxy/tests/t_acquire.c
+++ b/proxy/tests/t_acquire.c
@@ -132,5 +132,8 @@ done:
gss_release_buffer(&ret_min, &in_token);
gss_release_buffer(&ret_min, &out_token);
gss_release_cred(&ret_min, &cred_handle);
+ gss_release_name(&ret_min, &target_name);
+ gss_delete_sec_context(&ret_min, &init_ctx, GSS_C_NO_BUFFER);
+ gss_delete_sec_context(&ret_min, &accept_ctx, GSS_C_NO_BUFFER);
return ret;
}

6
Fix-potential-free-of-non-heap-address.patch
View File

@ -1,4 +1,4 @@
From d5e838b8b752ea8039fe174c8944a41aed7034a2 Mon Sep 17 00:00:00 2001
From ab123e89f29965a9cb0ca40a4dcdd538b6feb285 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Mon, 11 Sep 2017 10:52:03 -0400
Subject: [PATCH] Fix potential free of non-heap address
@ -12,10 +12,10 @@ Merges: #211
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/proxy/src/client/gpm_common.c b/proxy/src/client/gpm_common.c
index 9a10c2f..340da2f 100644
index dba23a6..c65c69d 100644
--- a/proxy/src/client/gpm_common.c
+++ b/proxy/src/client/gpm_common.c
@@ -556,8 +556,8 @@ static int gpm_send_recv_loop(struct gpm_ctx *gpmctx, char *send_buffer,
@@ -553,8 +553,8 @@ static int gpm_send_recv_loop(struct gpm_ctx *gpmctx, char *send_buffer,
ret = gpm_retry_socket(gpmctx);
/* Free buffer and set it to NULL to prevent free(xdr_reply_ctx) */

6
Fix-segfault-when-no-config-files-are-present.patch
View File

@ -1,4 +1,4 @@
From cefc08b686697e3e11ec3f0c2d42e0ee2b3c90b3 Mon Sep 17 00:00:00 2001
From 43033ca39d12d5e4884736cca46fec894f7cb1e9 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Tue, 16 May 2017 14:16:23 -0400
Subject: [PATCH] Fix segfault when no config files are present
@ -13,10 +13,10 @@ Merges: #185
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/proxy/src/gp_config.c b/proxy/src/gp_config.c
index 5c1ca02..409cd74 100644
index 754edf5..efd97e4 100644
--- a/proxy/src/gp_config.c
+++ b/proxy/src/gp_config.c
@@ -846,16 +846,17 @@ int gp_config_init(const char *config_file, const char *config_dir,
@@ -845,16 +845,17 @@ int gp_config_init(const char *config_file, const char *config_dir,
if (config_file) {
ret = gp_config_from_file(config_file, ini_config, collision_flags);

12
Fix-silent-crash-with-duplicate-config-sections.patch
View File

@ -1,4 +1,4 @@
From 2c44a2ded88990de44665ed297c135bec844d016 Mon Sep 17 00:00:00 2001
From 11c8ef2857810116fe04cf2a5de643af0fa9c475 Mon Sep 17 00:00:00 2001
From: Alexander Scheel <ascheel@redhat.com>
Date: Wed, 9 Aug 2017 15:00:26 -0400
Subject: [PATCH] Fix silent crash with duplicate config sections
@ -150,10 +150,10 @@ index c52dbb6..9e01f7d 100644
LIBS="$PTHREAD_LIBS $LIBS"
diff --git a/proxy/src/gp_config.c b/proxy/src/gp_config.c
index c507472..f3ff1fd 100644
index 2e9806d..3ec4b82 100644
--- a/proxy/src/gp_config.c
+++ b/proxy/src/gp_config.c
@@ -730,7 +730,7 @@ static int gp_config_from_file(const char *config_file,
@@ -729,7 +729,7 @@ static int gp_config_from_file(const char *config_file,
0, /* metadata_flags, FIXME */
&file_ctx);
if (ret) {
@ -162,7 +162,7 @@ index c507472..f3ff1fd 100644
ret, gp_strerror(ret));
ini_config_destroy(ini_config);
return ret;
@@ -744,7 +744,7 @@ static int gp_config_from_file(const char *config_file,
@@ -743,7 +743,7 @@ static int gp_config_from_file(const char *config_file,
if (ret) {
char **errors = NULL;
/* we had a parsing failure */
@ -171,7 +171,7 @@ index c507472..f3ff1fd 100644
ret, gp_strerror(ret));
if (ini_config_error_count(ini_config)) {
ini_config_get_errors(ini_config, &errors);
@@ -793,26 +793,25 @@ static int gp_config_from_dir(const char *config_dir,
@@ -792,26 +792,25 @@ static int gp_config_from_dir(const char *config_dir,
INI_STOP_ON_ANY, /* error_level */
collision_flags,
INI_PARSE_NOWRAP,
@ -207,7 +207,7 @@ index c507472..f3ff1fd 100644
ref_array_destroy(error_list);
return ret;
@@ -823,9 +822,7 @@ static int gp_config_from_dir(const char *config_dir,
@@ -822,9 +821,7 @@ static int gp_config_from_dir(const char *config_dir,
ini_config_destroy(*ini_config);
*ini_config = result_cfg;
}

8
Fix-unused-variables.patch
View File

@ -1,4 +1,4 @@
From 08e753072cc06ca11b14d6c742260a422c9f5ae1 Mon Sep 17 00:00:00 2001
From a3c9d87924455448cf3bcb20d34f1bd4e6b915d8 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Wed, 15 Mar 2017 13:52:36 -0400
Subject: [PATCH] Fix unused variables
@ -35,10 +35,10 @@ Merges: #173
24 files changed, 44 insertions(+), 64 deletions(-)
diff --git a/proxy/src/client/gpm_common.c b/proxy/src/client/gpm_common.c
index 1366463..12b14ae 100644
index 0a54dbc..030765a 100644
--- a/proxy/src/client/gpm_common.c
+++ b/proxy/src/client/gpm_common.c
@@ -315,6 +315,7 @@ static struct gpm_ctx *gpm_get_ctx(void)
@@ -320,6 +320,7 @@ static void gpm_release_ctx(struct gpm_ctx *gpmctx)
OM_uint32 gpm_release_buffer(OM_uint32 *minor_status,
gss_buffer_t buffer)
{
@ -193,7 +193,7 @@ index 7d89b06..6570b06 100644
gss_OID_set *actual_mechs,
uint32_t *initiator_time_rec,
diff --git a/proxy/src/gp_init.c b/proxy/src/gp_init.c
index bb7ba6b..4673f02 100644
index d367f92..e69934d 100644
--- a/proxy/src/gp_init.c
+++ b/proxy/src/gp_init.c
@@ -96,7 +96,7 @@ void fini_server(void)

10
Handle-outdated-encrypted-ccaches.patch
View File

@ -1,4 +1,4 @@
From c649c02b3889cc0b777d314c3ba6b295bd394820 Mon Sep 17 00:00:00 2001
From d78394bcdee27ee2ec00822871a7688585d6e9ed Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Fri, 15 Sep 2017 18:07:28 -0400
Subject: [PATCH] Handle outdated encrypted ccaches
@ -18,10 +18,10 @@ Merges: #214
3 files changed, 35 insertions(+), 6 deletions(-)
diff --git a/proxy/src/gp_export.c b/proxy/src/gp_export.c
index 12b8d5f..e231100 100644
index ab08bb7..0c39045 100644
--- a/proxy/src/gp_export.c
+++ b/proxy/src/gp_export.c
@@ -267,7 +267,7 @@ static int gp_decrypt_buffer(krb5_context context, krb5_keyblock *key,
@@ -268,7 +268,7 @@ static int gp_decrypt_buffer(krb5_context context, krb5_keyblock *key,
&enc_handle,
&data_out);
if (ret) {
@ -30,7 +30,7 @@ index 12b8d5f..e231100 100644
}
*len = data_out.length;
@@ -447,8 +447,8 @@ uint32_t gp_import_gssx_cred(uint32_t *min, struct gp_call_ctx *gpcall,
@@ -446,8 +446,8 @@ uint32_t gp_import_gssx_cred(uint32_t *min, struct gp_call_ctx *gpcall,
{
gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
struct gp_creds_handle *handle = NULL;
@ -41,7 +41,7 @@ index 12b8d5f..e231100 100644
int ret;
handle = gp_service_get_creds_handle(gpcall->service);
@@ -470,8 +470,9 @@ uint32_t gp_import_gssx_cred(uint32_t *min, struct gp_call_ctx *gpcall,
@@ -469,8 +469,9 @@ uint32_t gp_import_gssx_cred(uint32_t *min, struct gp_call_ctx *gpcall,
&cred->cred_handle_reference,
&token.length, token.value);
if (ret) {

4
Include-header-for-writev.patch
View File

@ -1,4 +1,4 @@
From 5597edf7a2289a54a1bd6a95a55422e40e9e1e6f Mon Sep 17 00:00:00 2001
From 2e09eacffcf9750010b4d4a9aa7a518cdd267cfc Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Wed, 17 May 2017 12:21:37 -0400
Subject: [PATCH] Include header for writev()
@ -12,7 +12,7 @@ Merges: #186
1 file changed, 12 insertions(+), 9 deletions(-)
diff --git a/proxy/src/gp_socket.c b/proxy/src/gp_socket.c
index 829ff21..e07789c 100644
index 17ecf7c..29b6a44 100644
--- a/proxy/src/gp_socket.c
+++ b/proxy/src/gp_socket.c
@@ -1,19 +1,22 @@

4
Make-proc-file-failure-loud-but-nonfatal.patch
View File

@ -1,4 +1,4 @@
From bc4c8a61c0615ca76b930a22e3602d0e1ec900f1 Mon Sep 17 00:00:00 2001
From 938bd1adc15342e8ebed3d4e135d862e362a619e Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Thu, 25 May 2017 13:06:17 -0400
Subject: [PATCH] Make proc file failure loud but nonfatal
@ -12,7 +12,7 @@ Resolves: #190
1 file changed, 15 insertions(+), 19 deletions(-)
diff --git a/proxy/src/gp_init.c b/proxy/src/gp_init.c
index 4673f02..e69934d 100644
index bb7ba6b..d367f92 100644
--- a/proxy/src/gp_init.c
+++ b/proxy/src/gp_init.c
@@ -144,11 +144,11 @@ void init_proc_nfsd(struct gp_config *cfg)

2
Only-empty-FILE-ccaches-when-storing-remote-creds.patch
View File

@ -1,4 +1,4 @@
From b03095e656ae083e078829a87e00d60f405c3cf4 Mon Sep 17 00:00:00 2001
From dc8697b0c43007167c7054ceff84b6cc9c10fccf Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Tue, 10 Oct 2017 18:00:45 -0400
Subject: [PATCH] Only empty FILE ccaches when storing remote creds

6
Prevent-uninitialized-read-in-error-path-of-XDR-cont.patch
View File

@ -1,4 +1,4 @@
From 427c50c9b350e52a1c7aec444e383badc4fc5485 Mon Sep 17 00:00:00 2001
From b7a3229b3314a58076c9ab6ce72a47fb16b9e162 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Tue, 12 Sep 2017 12:40:27 -0400
Subject: [PATCH] Prevent uninitialized read in error path of XDR contexts
@ -12,10 +12,10 @@ Merges: #211
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/proxy/src/client/gpm_common.c b/proxy/src/client/gpm_common.c
index 340da2f..5e097ce 100644
index c65c69d..d0f99d6 100644
--- a/proxy/src/client/gpm_common.c
+++ b/proxy/src/client/gpm_common.c
@@ -659,8 +659,8 @@ int gpm_make_call(int proc, union gp_rpc_arg *arg, union gp_rpc_res *res)
@@ -656,8 +656,8 @@ int gpm_make_call(int proc, union gp_rpc_arg *arg, union gp_rpc_res *res)
{
struct gpm_ctx *gpmctx;
gp_rpc_msg msg;

2
Properly-initialize-ccaches-before-storing-into-them.patch
View File

@ -1,4 +1,4 @@
From 0c5e9a662010a37f013fd3e517a5aec0bb592964 Mon Sep 17 00:00:00 2001
From 573f03013df1673ba2e31180ab28a86564e02da5 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Tue, 5 Dec 2017 13:14:29 -0500
Subject: [PATCH] Properly initialize ccaches before storing into them

2
Properly-locate-credentials-in-collection-caches-in-.patch
View File

@ -1,4 +1,4 @@
From 0bd013108403f9cbdccc34d24ea8c188bd6fd13a Mon Sep 17 00:00:00 2001
From 87c96790b127cdcd90d61cdd0d638780d28035c8 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Mon, 20 Nov 2017 14:09:04 -0500
Subject: [PATCH] Properly locate credentials in collection caches in mechglue

6
Remove-gpm_release_ctx-to-fix-double-unlock.patch
View File

@ -1,4 +1,4 @@
From 74b537ecc4ce7115869658749bed5a9b43ead093 Mon Sep 17 00:00:00 2001
From 9e2bdfeee30331254d21eaf9e9c000fb9e642fe9 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Thu, 23 Mar 2017 13:42:55 -0400
Subject: [PATCH] Remove gpm_release_ctx() to fix double unlock
@ -12,7 +12,7 @@ Merges: #173
1 file changed, 6 deletions(-)
diff --git a/proxy/src/client/gpm_common.c b/proxy/src/client/gpm_common.c
index 0a54dbc..1366463 100644
index 8c96986..69f4741 100644
--- a/proxy/src/client/gpm_common.c
+++ b/proxy/src/client/gpm_common.c
@@ -312,11 +312,6 @@ static struct gpm_ctx *gpm_get_ctx(void)
@ -27,7 +27,7 @@ index 0a54dbc..1366463 100644
OM_uint32 gpm_release_buffer(OM_uint32 *minor_status,
gss_buffer_t buffer)
{
@@ -502,7 +497,6 @@ done:
@@ -503,7 +498,6 @@ done:
xdr_free((xdrproc_t)xdr_gp_rpc_msg, (char *)&msg);
xdr_destroy(&xdr_call_ctx);
xdr_destroy(&xdr_reply_ctx);

2
Separate-cred-and-ccache-manipulation-in-gpp_store_r.patch
View File

@ -1,4 +1,4 @@
From 47637312e566d7fecf2bf9c60efe85faab0945cc Mon Sep 17 00:00:00 2001
From 12383b4f01cfa8551d35ba9f483290c2861a5822 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Fri, 17 Nov 2017 13:53:37 -0500
Subject: [PATCH] Separate cred and ccache manipulation in

4
Simplify-setting-NONBLOCK-on-socket.patch
View File

@ -1,4 +1,4 @@
From 2d60f4ab0c74115877df00d23836e7d970eda7c4 Mon Sep 17 00:00:00 2001
From 47702eef23a4a6b97d326a76f6569bd571b4abdf Mon Sep 17 00:00:00 2001
From: Alexander Scheel <alexander.m.scheel@gmail.com>
Date: Thu, 14 Sep 2017 10:57:12 -0500
Subject: [PATCH] Simplify setting NONBLOCK on socket
@ -14,7 +14,7 @@ Merges: #213
1 file changed, 1 insertion(+), 14 deletions(-)
diff --git a/proxy/src/client/gpm_common.c b/proxy/src/client/gpm_common.c
index 5e097ce..c3ef96e 100644
index d0f99d6..7d1158e 100644
--- a/proxy/src/client/gpm_common.c
+++ b/proxy/src/client/gpm_common.c
@@ -80,7 +80,6 @@ static int gpm_open_socket(struct gpm_ctx *gpmctx)

4
Tolerate-NULL-pointers-in-gp_same.patch
View File

@ -1,4 +1,4 @@
From 2f206673bed2acea306a1313b8158e126bbfecee Mon Sep 17 00:00:00 2001
From f5d3edc57941ed2e10b9e4458c19772577dc2aa8 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Tue, 13 Jun 2017 14:22:44 -0400
Subject: [PATCH] Tolerate NULL pointers in gp_same
@ -14,7 +14,7 @@ Merges: #195
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/proxy/src/gp_util.c b/proxy/src/gp_util.c
index ca83eb3..aab56ba 100644
index f158b84..5442992 100644
--- a/proxy/src/gp_util.c
+++ b/proxy/src/gp_util.c
@@ -12,10 +12,9 @@

26
Turn-on-Wextra.patch Normal file
View File

@ -0,0 +1,26 @@
From a50ea0aa3dfd39ab4a3c39dde35c12fc51fe40d5 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Wed, 15 Mar 2017 13:28:26 -0400
Subject: [PATCH] Turn on -Wextra
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Merges: #173
(cherry picked from commit 85bc3d794efa52aba4c32f6109e7e7741521ec5f)
---
proxy/Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/proxy/Makefile.am b/proxy/Makefile.am
index e1fbac1..5cd2255 100644
--- a/proxy/Makefile.am
+++ b/proxy/Makefile.am
@@ -44,7 +44,7 @@ AM_CFLAGS += -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith \
-Wcast-qual -Wcast-align -Wwrite-strings \
-fstrict-aliasing -Wstrict-aliasing -Werror=strict-aliasing \
-Werror-implicit-function-declaration \
- -Werror=format-security
+ -Werror=format-security -Wextra
if BUILD_HARDENING
AM_CPPFLAGS += -D_FORTIFY_SOURCE=2 -Wdate-time
AM_CFLAGS += -fPIE -fstack-protector-strong

2
Update-systemd-file.patch
View File

@ -1,4 +1,4 @@
From 88eccbb8ab00ee73c9f483d621e05cd57c41ceae Mon Sep 17 00:00:00 2001
From 08d63fdf7c305965579a2fea2db63597690f38d9 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Wed, 26 Apr 2017 21:02:47 -0400
Subject: [PATCH] Update systemd file

30
client-Switch-to-non-blocking-sockets.patch
View File

@ -1,4 +1,4 @@
From 8a453fde5c655ef19663a01f3d1a017a247c3c85 Mon Sep 17 00:00:00 2001
From 4e551526d3400b09bfb8a16457c715378cb34edb Mon Sep 17 00:00:00 2001
From: Alexander Scheel <ascheel@redhat.com>
Date: Wed, 2 Aug 2017 15:11:49 -0400
Subject: [PATCH] [client] Switch to non-blocking sockets
@ -19,7 +19,7 @@ Reviewed-by: Robbie Harwood <rharwood@redhat.com>
1 file changed, 295 insertions(+), 22 deletions(-)
diff --git a/proxy/src/client/gpm_common.c b/proxy/src/client/gpm_common.c
index 12b14ae..9a10c2f 100644
index 2133618..dba23a6 100644
--- a/proxy/src/client/gpm_common.c
+++ b/proxy/src/client/gpm_common.c
@@ -7,9 +7,15 @@
@ -84,7 +84,7 @@ index 12b14ae..9a10c2f 100644
ret = connect(fd, (struct sockaddr *)&addr, sizeof(addr));
if (ret == -1) {
ret = errno;
@@ -161,6 +185,158 @@ static int gpm_release_sock(struct gpm_ctx *gpmctx)
@@ -163,6 +187,158 @@ static int gpm_release_sock(struct gpm_ctx *gpmctx)
return pthread_mutex_unlock(&gpmctx->lock);
}
@ -243,7 +243,7 @@ index 12b14ae..9a10c2f 100644
/* must be called after the lock has been grabbed */
static int gpm_send_buffer(struct gpm_ctx *gpmctx,
char *buffer, uint32_t length)
@@ -181,8 +357,13 @@ static int gpm_send_buffer(struct gpm_ctx *gpmctx,
@@ -183,8 +359,13 @@ static int gpm_send_buffer(struct gpm_ctx *gpmctx,
retry = false;
do {
do {
@ -258,7 +258,7 @@ index 12b14ae..9a10c2f 100644
if (wn == -1) {
ret = errno;
}
@@ -190,8 +371,7 @@ static int gpm_send_buffer(struct gpm_ctx *gpmctx,
@@ -192,8 +373,7 @@ static int gpm_send_buffer(struct gpm_ctx *gpmctx,
if (wn != 4) {
/* reopen and retry once */
if (retry == false) {
@ -268,7 +268,7 @@ index 12b14ae..9a10c2f 100644
if (ret == 0) {
retry = true;
continue;
@@ -206,9 +386,14 @@ static int gpm_send_buffer(struct gpm_ctx *gpmctx,
@@ -208,9 +388,14 @@ static int gpm_send_buffer(struct gpm_ctx *gpmctx,
pos = 0;
while (length > pos) {
@ -285,7 +285,7 @@ index 12b14ae..9a10c2f 100644
continue;
}
ret = errno;
@@ -229,7 +414,7 @@ done:
@@ -231,7 +416,7 @@ done:
/* must be called after the lock has been grabbed */
static int gpm_recv_buffer(struct gpm_ctx *gpmctx,
@ -293,8 +293,8 @@ index 12b14ae..9a10c2f 100644
+ char **buffer, uint32_t *length)
{
uint32_t size;
size_t rn;
@@ -237,6 +422,11 @@ static int gpm_recv_buffer(struct gpm_ctx *gpmctx,
ssize_t rn;
@@ -239,6 +424,11 @@ static int gpm_recv_buffer(struct gpm_ctx *gpmctx,
int ret;
do {
@ -306,7 +306,7 @@ index 12b14ae..9a10c2f 100644
ret = 0;
rn = read(gpmctx->fd, &size, sizeof(uint32_t));
if (rn == -1) {
@@ -256,11 +446,22 @@ static int gpm_recv_buffer(struct gpm_ctx *gpmctx,
@@ -258,11 +448,22 @@ static int gpm_recv_buffer(struct gpm_ctx *gpmctx,
goto done;
}
@ -331,7 +331,7 @@ index 12b14ae..9a10c2f 100644
continue;
}
ret = errno;
@@ -279,6 +480,7 @@ done:
@@ -281,6 +482,7 @@ done:
if (ret) {
/* on errors we can only close the fd and return */
gpm_close_socket(gpmctx);
@ -339,7 +339,7 @@ index 12b14ae..9a10c2f 100644
}
return ret;
}
@@ -312,6 +514,63 @@ static struct gpm_ctx *gpm_get_ctx(void)
@@ -309,6 +511,63 @@ static struct gpm_ctx *gpm_get_ctx(void)
return &gpm_global_ctx;
}
@ -403,7 +403,7 @@ index 12b14ae..9a10c2f 100644
OM_uint32 gpm_release_buffer(OM_uint32 *minor_status,
gss_buffer_t buffer)
{
@@ -402,15 +661,20 @@ int gpm_make_call(int proc, union gp_rpc_arg *arg, union gp_rpc_res *res)
@@ -399,15 +658,20 @@ int gpm_make_call(int proc, union gp_rpc_arg *arg, union gp_rpc_res *res)
gp_rpc_msg msg;
XDR xdr_call_ctx;
XDR xdr_reply_ctx;
@ -428,7 +428,7 @@ index 12b14ae..9a10c2f 100644
memset(&msg, 0, sizeof(gp_rpc_msg));
msg.header.type = GP_RPC_CALL;
@@ -453,22 +717,22 @@ int gpm_make_call(int proc, union gp_rpc_arg *arg, union gp_rpc_res *res)
@@ -450,22 +714,22 @@ int gpm_make_call(int proc, union gp_rpc_arg *arg, union gp_rpc_res *res)
goto done;
}
@ -460,7 +460,7 @@ index 12b14ae..9a10c2f 100644
/* decode header */
memset(&msg, 0, sizeof(gp_rpc_msg));
xdrok = xdr_gp_rpc_msg(&xdr_reply_ctx, &msg);
@@ -492,12 +756,21 @@ int gpm_make_call(int proc, union gp_rpc_arg *arg, union gp_rpc_res *res)
@@ -489,12 +753,21 @@ int gpm_make_call(int proc, union gp_rpc_arg *arg, union gp_rpc_res *res)
}
done:

50
gssproxy.spec
View File

@ -1,6 +1,6 @@
Name: gssproxy
Version: 0.7.0
Release: 26%{?dist}
Release: 27%{?dist}
Summary: GSSAPI Proxy
Group: System Environment/Libraries
@ -17,31 +17,37 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
Patch0: Properly-renew-expired-credentials.patch
Patch1: Change-impersonator-check-code.patch
Patch2: Allow-connection-to-self-when-impersonator-set.patch
Patch3: Remove-gpm_release_ctx-to-fix-double-unlock.patch
Patch4: Update-systemd-file.patch
Patch5: Fix-unused-variables.patch
Patch6: Fix-segfault-when-no-config-files-are-present.patch
Patch7: Include-header-for-writev.patch
Patch8: Make-proc-file-failure-loud-but-nonfatal.patch
Patch9: Tolerate-NULL-pointers-in-gp_same.patch
Patch10: Add-Client-ID-to-debug-messages.patch
Patch11: client-Switch-to-non-blocking-sockets.patch
Patch12: server-Add-detailed-request-logging.patch
Patch13: Fix-potential-free-of-non-heap-address.patch
Patch14: Prevent-uninitialized-read-in-error-path-of-XDR-cont.patch
Patch15: Simplify-setting-NONBLOCK-on-socket.patch
Patch16: Fix-handling-of-non-EPOLLIN-EPOLLOUT-events.patch
Patch17: Fix-error-handling-in-gpm_send_buffer-gpm_recv_buffe.patch
Patch18: Handle-outdated-encrypted-ccaches.patch
Patch9: Turn-on-Wextra.patch
Patch10: Fix-unused-variables.patch
Patch11: Fix-mismatched-sign-comparisons.patch
Patch12: Fix-error-checking-on-get_impersonator_fallback.patch
Patch13: Remove-gpm_release_ctx-to-fix-double-unlock.patch
Patch14: Appease-gcc-7-s-fallthrough-detection.patch
Patch15: Fix-memory-leak.patch
Patch16: Fix-most-memory-leaks.patch
Patch17: Fix-segfault-when-no-config-files-are-present.patch
Patch18: Update-systemd-file.patch
Patch19: Fix-error-handling-in-gp_config_from_dir.patch
Patch20: Fix-silent-crash-with-duplicate-config-sections.patch
Patch21: Emit-debug-on-queue-errors.patch
Patch22: Do-not-call-gpm_grab_sock-twice.patch
Patch23: Fix-error-message-handling-in-gp_config_from_dir.patch
Patch24: Only-empty-FILE-ccaches-when-storing-remote-creds.patch
Patch21: Do-not-call-gpm_grab_sock-twice.patch
Patch22: Fix-error-message-handling-in-gp_config_from_dir.patch
Patch23: Only-empty-FILE-ccaches-when-storing-remote-creds.patch
Patch24: Handle-outdated-encrypted-ccaches.patch
Patch25: Separate-cred-and-ccache-manipulation-in-gpp_store_r.patch
Patch26: Properly-locate-credentials-in-collection-caches-in-.patch
Patch27: Properly-initialize-ccaches-before-storing-into-them.patch
Patch28: Include-header-for-writev.patch
Patch29: Tolerate-NULL-pointers-in-gp_same.patch
Patch30: Add-Client-ID-to-debug-messages.patch
Patch31: client-Switch-to-non-blocking-sockets.patch
Patch32: server-Add-detailed-request-logging.patch
Patch33: Fix-potential-free-of-non-heap-address.patch
Patch34: Prevent-uninitialized-read-in-error-path-of-XDR-cont.patch
Patch35: Simplify-setting-NONBLOCK-on-socket.patch
Patch36: Fix-handling-of-non-EPOLLIN-EPOLLOUT-events.patch
Patch37: Fix-error-handling-in-gpm_send_buffer-gpm_recv_buffe.patch
Patch38: Emit-debug-on-queue-errors.patch
### Dependencies ###
Requires: krb5-libs >= 1.12.0
@ -139,6 +145,10 @@ rm -rf %{buildroot}
%systemd_postun_with_restart gssproxy.service
%changelog
* Tue Dec 12 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-27
- More code hygeine fixes from upstream
- Reorder patches to match el7
* Tue Dec 05 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-26
- Properly initialize ccaches before storing into them

6
server-Add-detailed-request-logging.patch
View File

@ -1,4 +1,4 @@
From fa32378a02d8d8f95e1d3942c7cfc151e0018d4a Mon Sep 17 00:00:00 2001
From 0311d4c0a4305d6e85d937f5ba2b83c8cf5e53e3 Mon Sep 17 00:00:00 2001
From: Alexander Scheel <ascheel@redhat.com>
Date: Fri, 4 Aug 2017 16:09:20 -0400
Subject: [PATCH] [server] Add detailed request logging
@ -47,7 +47,7 @@ index 0ea17f0..eaffc55 100644
/* free resources */
gp_rpc_free_xdrs(proc, &arg, &res);
diff --git a/proxy/src/gp_socket.c b/proxy/src/gp_socket.c
index 133db9c..1974a28 100644
index 5064e51..8675a0e 100644
--- a/proxy/src/gp_socket.c
+++ b/proxy/src/gp_socket.c
@@ -441,6 +441,8 @@ void gp_socket_send_data(verto_ctx *vctx, struct gp_conn *conn,
@ -79,7 +79,7 @@ index 133db9c..1974a28 100644
gp_buffer_free(wbuf);
}
@@ -498,6 +505,8 @@ static void gp_socket_write(verto_ctx *vctx, verto_ev *ev)
if (wn < sizeof(size)) {
if (wn < (ssize_t) sizeof(size)) {
/* don't bother trying to handle sockets that can't
* buffer even 4 bytes */
+ GPDEBUGN(3, "[status] Sending data [%p (%zu)]: failed with short "