From 3a1e8d7501f1f13b20bdff8534ea57151428d455 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 12 Dec 2017 12:54:58 -0500 Subject: [PATCH] Code hygeine fixes Re-order patches to match el7 --- Add-Client-ID-to-debug-messages.patch | 8 +- Appease-gcc-7-s-fallthrough-detection.patch | 27 + Do-not-call-gpm_grab_sock-twice.patch | 8 +- Emit-debug-on-queue-errors.patch | 2 +- ...hecking-on-get_impersonator_fallback.patch | 28 + ...error-handling-in-gp_config_from_dir.patch | 6 +- ...ng-in-gpm_send_buffer-gpm_recv_buffe.patch | 10 +- ...ssage-handling-in-gp_config_from_dir.patch | 6 +- ...dling-of-non-EPOLLIN-EPOLLOUT-events.patch | 6 +- Fix-memory-leak.patch | 25 + Fix-mismatched-sign-comparisons.patch | 741 ++++++++++++++++++ Fix-most-memory-leaks.patch | 250 ++++++ Fix-potential-free-of-non-heap-address.patch | 6 +- ...ult-when-no-config-files-are-present.patch | 6 +- ...crash-with-duplicate-config-sections.patch | 12 +- Fix-unused-variables.patch | 8 +- Handle-outdated-encrypted-ccaches.patch | 10 +- Include-header-for-writev.patch | 4 +- ...-proc-file-failure-loud-but-nonfatal.patch | 4 +- ...LE-ccaches-when-storing-remote-creds.patch | 2 +- ...lized-read-in-error-path-of-XDR-cont.patch | 6 +- ...ize-ccaches-before-storing-into-them.patch | 2 +- ...credentials-in-collection-caches-in-.patch | 2 +- ...gpm_release_ctx-to-fix-double-unlock.patch | 6 +- ...d-ccache-manipulation-in-gpp_store_r.patch | 2 +- Simplify-setting-NONBLOCK-on-socket.patch | 4 +- Tolerate-NULL-pointers-in-gp_same.patch | 4 +- Turn-on-Wextra.patch | 26 + Update-systemd-file.patch | 2 +- client-Switch-to-non-blocking-sockets.patch | 30 +- gssproxy.spec | 50 +- server-Add-detailed-request-logging.patch | 6 +- 32 files changed, 1208 insertions(+), 101 deletions(-) create mode 100644 Appease-gcc-7-s-fallthrough-detection.patch create mode 100644 Fix-error-checking-on-get_impersonator_fallback.patch create mode 100644 Fix-memory-leak.patch create mode 100644 Fix-mismatched-sign-comparisons.patch create mode 100644 Fix-most-memory-leaks.patch create mode 100644 Turn-on-Wextra.patch diff --git a/Add-Client-ID-to-debug-messages.patch b/Add-Client-ID-to-debug-messages.patch index f7150e1..66edf33 100644 --- a/Add-Client-ID-to-debug-messages.patch +++ b/Add-Client-ID-to-debug-messages.patch @@ -1,4 +1,4 @@ -From b617bf0274de43abb2592ba11568f10d3e8535bf Mon Sep 17 00:00:00 2001 +From 69ea98209aa691adec6fae5eb9287b96031094af Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 25 May 2017 15:22:37 -0400 Subject: [PATCH] Add Client ID to debug messages @@ -92,7 +92,7 @@ index 971a7b6..55ab83c 100644 bool gp_conn_check_selinux(struct gp_conn *conn, SELINUX_CTX ctx); diff --git a/proxy/src/gp_socket.c b/proxy/src/gp_socket.c -index e07789c..133db9c 100644 +index 29b6a44..5064e51 100644 --- a/proxy/src/gp_socket.c +++ b/proxy/src/gp_socket.c @@ -103,6 +103,11 @@ const char *gp_conn_get_socket(struct gp_conn *conn) @@ -132,12 +132,12 @@ index c089b54..d37e57c 100644 gp_handle_query(t->pool, q); diff --git a/proxy/src/gssproxy.c b/proxy/src/gssproxy.c -index a020218..9ffec5e 100644 +index 5c5937d..94a6a61 100644 --- a/proxy/src/gssproxy.c +++ b/proxy/src/gssproxy.c @@ -159,6 +159,10 @@ int main(int argc, const char *argv[]) int wait_fd; - int ret; + int ret = -1; + /* initialize debug client id to 0 in the main thread */ + /* we do this early, before any code starts using debug statements */ diff --git a/Appease-gcc-7-s-fallthrough-detection.patch b/Appease-gcc-7-s-fallthrough-detection.patch new file mode 100644 index 0000000..024c200 --- /dev/null +++ b/Appease-gcc-7-s-fallthrough-detection.patch @@ -0,0 +1,27 @@ +From f62ece3a9655c6507f40e03a36e28ecbba16f744 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Fri, 19 May 2017 12:18:03 -0400 +Subject: [PATCH] Appease gcc-7's fallthrough detection + +Signed-off-by: Robbie Harwood +Reviewed-by: Simo Sorce +Merges: #188 +(cherry picked from commit fdb56f8a0b6a5fd6a2072a525e228596c264883e) +--- + proxy/src/gp_export.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/proxy/src/gp_export.c b/proxy/src/gp_export.c +index 3a927c9..f44da50 100644 +--- a/proxy/src/gp_export.c ++++ b/proxy/src/gp_export.c +@@ -888,7 +888,8 @@ static uint32_t gp_export_creds_linux(uint32_t *min, gss_name_t name, + if (res != NULL) { + break; + } +- /* fall through as ret == NULL is equivalent to ENOENT */ ++ /* ret == NULL is equivalent to ENOENT */ ++ /* fall through */ + case ENOENT: + case ESRCH: + free(pwbuf); diff --git a/Do-not-call-gpm_grab_sock-twice.patch b/Do-not-call-gpm_grab_sock-twice.patch index cb6e01b..db17510 100644 --- a/Do-not-call-gpm_grab_sock-twice.patch +++ b/Do-not-call-gpm_grab_sock-twice.patch @@ -1,4 +1,4 @@ -From 99062c344b7dba58ab8db0fad5520a754d9a6841 Mon Sep 17 00:00:00 2001 +From 73d0fc64966c553848a01f76894d33d9fc64cf20 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 26 Oct 2017 16:59:18 -0400 Subject: [PATCH] Do not call gpm_grab_sock() twice @@ -31,10 +31,10 @@ Merges: #218 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/proxy/src/client/gpm_common.c b/proxy/src/client/gpm_common.c -index 994bd80..8837add 100644 +index 69f4741..2133618 100644 --- a/proxy/src/client/gpm_common.c +++ b/proxy/src/client/gpm_common.c -@@ -163,7 +163,9 @@ static int gpm_grab_sock(struct gpm_ctx *gpmctx) +@@ -152,7 +152,9 @@ static int gpm_grab_sock(struct gpm_ctx *gpmctx) ret = gpm_open_socket(gpmctx); } @@ -45,7 +45,7 @@ index 994bd80..8837add 100644 return ret; } -@@ -512,11 +514,6 @@ static struct gpm_ctx *gpm_get_ctx(void) +@@ -304,11 +306,6 @@ static struct gpm_ctx *gpm_get_ctx(void) pthread_once(&gpm_init_once_control, gpm_init_once); diff --git a/Emit-debug-on-queue-errors.patch b/Emit-debug-on-queue-errors.patch index e1c0081..5c5d7db 100644 --- a/Emit-debug-on-queue-errors.patch +++ b/Emit-debug-on-queue-errors.patch @@ -1,4 +1,4 @@ -From d5f22a1c2ad70ff1e7922c91086a04f0dc31db58 Mon Sep 17 00:00:00 2001 +From d7923c5f4c6e93fa0e7440b1c8e6fcff40578a76 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 26 Oct 2017 11:47:54 -0400 Subject: [PATCH] Emit debug on queue errors diff --git a/Fix-error-checking-on-get_impersonator_fallback.patch b/Fix-error-checking-on-get_impersonator_fallback.patch new file mode 100644 index 0000000..7e17ad5 --- /dev/null +++ b/Fix-error-checking-on-get_impersonator_fallback.patch @@ -0,0 +1,28 @@ +From f21071fb3662824698b61d384b1144657a508043 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Wed, 15 Mar 2017 14:57:57 -0400 +Subject: [PATCH] Fix error checking on get_impersonator_fallback() + +Separate commit to ease backporting. + +Signed-off-by: Robbie Harwood +Reviewed-by: Simo Sorce +Merges: #173 +(cherry picked from commit 25e31ebccde7f0d98480b6a99962fef61dd251b4) +--- + proxy/src/gp_creds.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/proxy/src/gp_creds.c b/proxy/src/gp_creds.c +index e05ad01..fdc6bdf 100644 +--- a/proxy/src/gp_creds.c ++++ b/proxy/src/gp_creds.c +@@ -885,7 +885,7 @@ static uint32_t get_impersonator_name(uint32_t *min, gss_cred_id_t cred, + * release that supports this call */ + ret_maj = get_impersonator_fallback(&ret_min, cred, impersonator); + if (ret_maj == GSS_S_FAILURE) { +- if (ret_min == KRB5_CC_NOTFOUND) { ++ if (ret_min == (uint32_t)KRB5_CC_NOTFOUND) { + ret_min = ENOENT; + ret_maj = GSS_S_COMPLETE; + } diff --git a/Fix-error-handling-in-gp_config_from_dir.patch b/Fix-error-handling-in-gp_config_from_dir.patch index 5c881be..2ed4e7a 100644 --- a/Fix-error-handling-in-gp_config_from_dir.patch +++ b/Fix-error-handling-in-gp_config_from_dir.patch @@ -1,4 +1,4 @@ -From b4660370dabc3be1282459d0ff22cbfcbbc2fd39 Mon Sep 17 00:00:00 2001 +From 18050b40df25bb3486d0f12d6a830a15cb307298 Mon Sep 17 00:00:00 2001 From: Alexander Scheel Date: Wed, 12 Jul 2017 09:26:52 -0400 Subject: [PATCH] Fix error handling in gp_config_from_dir @@ -13,10 +13,10 @@ Merges: #204 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/proxy/src/gp_config.c b/proxy/src/gp_config.c -index 409cd74..c507472 100644 +index efd97e4..2e9806d 100644 --- a/proxy/src/gp_config.c +++ b/proxy/src/gp_config.c -@@ -800,17 +800,21 @@ static int gp_config_from_dir(const char *config_dir, +@@ -799,17 +799,21 @@ static int gp_config_from_dir(const char *config_dir, &error_list, NULL); if (ret) { diff --git a/Fix-error-handling-in-gpm_send_buffer-gpm_recv_buffe.patch b/Fix-error-handling-in-gpm_send_buffer-gpm_recv_buffe.patch index a7f59c7..a8a8454 100644 --- a/Fix-error-handling-in-gpm_send_buffer-gpm_recv_buffe.patch +++ b/Fix-error-handling-in-gpm_send_buffer-gpm_recv_buffe.patch @@ -1,4 +1,4 @@ -From c947c161c6aba71322429fd28a42880c96055de4 Mon Sep 17 00:00:00 2001 +From bbfb9a81f3bd7f3d6739c7eb24e08189fde6142f Mon Sep 17 00:00:00 2001 From: Alexander Scheel Date: Thu, 14 Sep 2017 11:24:39 -0500 Subject: [PATCH] Fix error handling in gpm_send_buffer/gpm_recv_buffer @@ -13,7 +13,7 @@ Merges: #213 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/proxy/src/client/gpm_common.c b/proxy/src/client/gpm_common.c -index c91c099..994bd80 100644 +index b14e846..0d314fa 100644 --- a/proxy/src/client/gpm_common.c +++ b/proxy/src/client/gpm_common.c @@ -1,4 +1,4 @@ @@ -22,7 +22,7 @@ index c91c099..994bd80 100644 #include "gssapi_gpm.h" #include -@@ -413,10 +413,7 @@ static int gpm_send_buffer(struct gpm_ctx *gpmctx, +@@ -415,10 +415,7 @@ static int gpm_send_buffer(struct gpm_ctx *gpmctx, ret = 0; done: @@ -34,7 +34,7 @@ index c91c099..994bd80 100644 return ret; } -@@ -486,9 +483,10 @@ static int gpm_recv_buffer(struct gpm_ctx *gpmctx, +@@ -488,9 +485,10 @@ static int gpm_recv_buffer(struct gpm_ctx *gpmctx, done: if (ret) { @@ -48,7 +48,7 @@ index c91c099..994bd80 100644 } return ret; } -@@ -563,10 +561,6 @@ static int gpm_send_recv_loop(struct gpm_ctx *gpmctx, char *send_buffer, +@@ -560,10 +558,6 @@ static int gpm_send_recv_loop(struct gpm_ctx *gpmctx, char *send_buffer, /* Close and reopen socket before trying again */ ret = gpm_retry_socket(gpmctx); diff --git a/Fix-error-message-handling-in-gp_config_from_dir.patch b/Fix-error-message-handling-in-gp_config_from_dir.patch index 0a863a8..f4138be 100644 --- a/Fix-error-message-handling-in-gp_config_from_dir.patch +++ b/Fix-error-message-handling-in-gp_config_from_dir.patch @@ -1,4 +1,4 @@ -From 05d65d68d0103ab4bc4b1bc64e4962dce6847c3e Mon Sep 17 00:00:00 2001 +From 3e4c98d74352fe3a08b23e438c950af55eb4f30e Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Fri, 27 Oct 2017 14:39:35 -0400 Subject: [PATCH] Fix error message handling in gp_config_from_dir() @@ -17,10 +17,10 @@ Signed-off-by: Robbie Harwood 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/proxy/src/gp_config.c b/proxy/src/gp_config.c -index f3ff1fd..d5db76a 100644 +index 3ec4b82..aa108ca 100644 --- a/proxy/src/gp_config.c +++ b/proxy/src/gp_config.c -@@ -800,20 +800,23 @@ static int gp_config_from_dir(const char *config_dir, +@@ -799,20 +799,23 @@ static int gp_config_from_dir(const char *config_dir, &error_list, NULL); if (error_list) { diff --git a/Fix-handling-of-non-EPOLLIN-EPOLLOUT-events.patch b/Fix-handling-of-non-EPOLLIN-EPOLLOUT-events.patch index 8a4bb0a..1b743c3 100644 --- a/Fix-handling-of-non-EPOLLIN-EPOLLOUT-events.patch +++ b/Fix-handling-of-non-EPOLLIN-EPOLLOUT-events.patch @@ -1,4 +1,4 @@ -From 94861421d2ba7bd910d53c088d0d9065aaa05708 Mon Sep 17 00:00:00 2001 +From 29be3e629bafb3bd796455b34c2de16492ad9521 Mon Sep 17 00:00:00 2001 From: Alexander Scheel Date: Thu, 14 Sep 2017 11:16:42 -0500 Subject: [PATCH] Fix handling of non-EPOLLIN/EPOLLOUT events @@ -12,10 +12,10 @@ Merges: #213 1 file changed, 35 insertions(+), 14 deletions(-) diff --git a/proxy/src/client/gpm_common.c b/proxy/src/client/gpm_common.c -index c3ef96e..c91c099 100644 +index 7d1158e..b14e846 100644 --- a/proxy/src/client/gpm_common.c +++ b/proxy/src/client/gpm_common.c -@@ -281,26 +281,47 @@ static int gpm_epoll_wait(struct gpm_ctx *gpmctx, uint32_t event_flags) { +@@ -283,26 +283,47 @@ static int gpm_epoll_wait(struct gpm_ctx *gpmctx, uint32_t event_flags) { gpm_epoll_close(gpmctx); } else if (epoll_ret == 1 && events[0].data.fd == gpmctx->timerfd) { /* Got an event which is only our timer */ diff --git a/Fix-memory-leak.patch b/Fix-memory-leak.patch new file mode 100644 index 0000000..540c1ef --- /dev/null +++ b/Fix-memory-leak.patch @@ -0,0 +1,25 @@ +From abcd9ae04b1c3f9f0ebb72bd48737b08d5d7fe65 Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Thu, 25 May 2017 21:35:37 -0400 +Subject: [PATCH] Fix memory leak + +Signed-off-by: Simo Sorce +Reviewed-by: Robbie Harwood +Related-to: #176 +(cherry picked from commit 69a73d85eb3e70fdc7501794d5fd11a73a1d20fa) +--- + proxy/src/gp_export.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/proxy/src/gp_export.c b/proxy/src/gp_export.c +index f44da50..4e081df 100644 +--- a/proxy/src/gp_export.c ++++ b/proxy/src/gp_export.c +@@ -381,6 +381,7 @@ uint32_t gp_export_gssx_cred(uint32_t *min, struct gp_call_ctx *gpcall, + + done: + *min = ret_min; ++ gss_release_buffer(&ret_min, &token); + gss_release_name(&ret_min, &name); + gss_release_oid_set(&ret_min, &mechanisms); + return ret_maj; diff --git a/Fix-mismatched-sign-comparisons.patch b/Fix-mismatched-sign-comparisons.patch new file mode 100644 index 0000000..675b7e7 --- /dev/null +++ b/Fix-mismatched-sign-comparisons.patch @@ -0,0 +1,741 @@ +From a68b8b418bfc42c628fee605cc52dca92ab410c9 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Wed, 15 Mar 2017 14:52:08 -0400 +Subject: [PATCH] Fix mismatched sign comparisons + +We are c99, so also migrate to `for`-loop initializers where possible for +clarity. + +Signed-off-by: Robbie Harwood +Reviewed-by: Simo Sorce +Merges: #173 +(cherry picked from commit 377e92c7ead312c530b233a1e023493ecde033d6) +--- + proxy/src/client/gpm_acquire_cred.c | 11 +++------- + proxy/src/client/gpm_common.c | 4 ++-- + proxy/src/client/gpm_import_and_canon_name.c | 7 +++--- + proxy/src/client/gpm_indicate_mechs.c | 33 ++++++++++++---------------- + proxy/src/gp_common.h | 3 +-- + proxy/src/gp_config.c | 9 +++----- + proxy/src/gp_conv.c | 6 ++--- + proxy/src/gp_creds.c | 3 +-- + proxy/src/gp_export.c | 9 +++----- + proxy/src/gp_rpc_acquire_cred.c | 5 ++--- + proxy/src/gp_rpc_debug.c | 26 +++++++++++----------- + proxy/src/gp_rpc_indicate_mechs.c | 15 +++++-------- + proxy/src/gp_socket.c | 4 ++-- + proxy/src/gp_util.c | 4 ++-- + proxy/tests/t_utils.c | 4 ++-- + 15 files changed, 58 insertions(+), 85 deletions(-) + +diff --git a/proxy/src/client/gpm_acquire_cred.c b/proxy/src/client/gpm_acquire_cred.c +index 632973d..8e30e1d 100644 +--- a/proxy/src/client/gpm_acquire_cred.c ++++ b/proxy/src/client/gpm_acquire_cred.c +@@ -6,8 +6,6 @@ static int gpmint_cred_to_actual_mechs(gssx_cred *c, gss_OID_set *a) + { + gssx_cred_element *e; + gss_OID_set m = GSS_C_NO_OID_SET; +- int i; +- + + if (c->elements.elements_len) { + +@@ -22,7 +20,7 @@ static int gpmint_cred_to_actual_mechs(gssx_cred *c, gss_OID_set *a) + return ENOMEM; + } + +- for (i = 0; i < c->elements.elements_len; i++) { ++ for (unsigned i = 0; i < c->elements.elements_len; i++) { + e = &c->elements.elements_val[i]; + + m->elements[i].elements = gp_memdup(e->mech.octet_string_val, +@@ -280,7 +278,6 @@ OM_uint32 gpm_inquire_cred(OM_uint32 *minor_status, + uint32_t ret_maj = GSS_S_COMPLETE; + uint32_t life; + int cu; +- int i; + + if (!cred) { + *minor_status = 0; +@@ -308,8 +305,7 @@ OM_uint32 gpm_inquire_cred(OM_uint32 *minor_status, + life = GSS_C_INDEFINITE; + cu = -1; + +- for (i = 0; i < cred->elements.elements_len; i++) { +- ++ for (unsigned i = 0; i < cred->elements.elements_len; i++) { + e = &cred->elements.elements_val[i]; + + switch (e->cred_usage) { +@@ -402,7 +398,7 @@ OM_uint32 gpm_inquire_cred_by_mech(OM_uint32 *minor_status, + gss_OID_desc tmp_oid; + uint32_t ret_min = 0; + uint32_t ret_maj = GSS_S_COMPLETE; +- int i; ++ unsigned i; + + if (!cred) { + *minor_status = 0; +@@ -414,7 +410,6 @@ OM_uint32 gpm_inquire_cred_by_mech(OM_uint32 *minor_status, + } + + for (i = 0; i < cred->elements.elements_len; i++) { +- + e = &cred->elements.elements_val[i]; + gp_conv_gssx_to_oid(&e->mech, &tmp_oid); + if (!gss_oid_equal(&tmp_oid, mech_type)) { +diff --git a/proxy/src/client/gpm_common.c b/proxy/src/client/gpm_common.c +index 030765a..8c96986 100644 +--- a/proxy/src/client/gpm_common.c ++++ b/proxy/src/client/gpm_common.c +@@ -166,7 +166,7 @@ static int gpm_send_buffer(struct gpm_ctx *gpmctx, + char *buffer, uint32_t length) + { + uint32_t size; +- size_t wn; ++ ssize_t wn; + size_t pos; + bool retry; + int ret; +@@ -232,7 +232,7 @@ static int gpm_recv_buffer(struct gpm_ctx *gpmctx, + char *buffer, uint32_t *length) + { + uint32_t size; +- size_t rn; ++ ssize_t rn; + size_t pos; + int ret; + +diff --git a/proxy/src/client/gpm_import_and_canon_name.c b/proxy/src/client/gpm_import_and_canon_name.c +index 83d0736..70149a3 100644 +--- a/proxy/src/client/gpm_import_and_canon_name.c ++++ b/proxy/src/client/gpm_import_and_canon_name.c +@@ -275,7 +275,6 @@ OM_uint32 gpm_inquire_name(OM_uint32 *minor_status, + { + gss_buffer_set_t xattrs = GSS_C_NO_BUFFER_SET; + int ret; +- int i; + + *minor_status = 0; + +@@ -306,13 +305,13 @@ OM_uint32 gpm_inquire_name(OM_uint32 *minor_status, + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } +- for (i = 0; i < xattrs->count; i++) { ++ for (unsigned i = 0; i < xattrs->count; i++) { + ret = gp_copy_gssx_to_buffer( + &name->name_attributes.name_attributes_val[i].attr, + &xattrs->elements[i]); + if (ret) { +- for (--i; i >= 0; i--) { +- free(xattrs->elements[i].value); ++ for (; i > 0; i--) { ++ free(xattrs->elements[i-1].value); + } + free(xattrs->elements); + free(xattrs); +diff --git a/proxy/src/client/gpm_indicate_mechs.c b/proxy/src/client/gpm_indicate_mechs.c +index d4df923..b019a96 100644 +--- a/proxy/src/client/gpm_indicate_mechs.c ++++ b/proxy/src/client/gpm_indicate_mechs.c +@@ -51,7 +51,6 @@ static uint32_t gpm_copy_gss_OID_set(uint32_t *minor_status, + gss_OID_set n; + uint32_t ret_maj; + uint32_t ret_min; +- int i; + + ret_maj = gss_create_empty_oid_set(&ret_min, &n); + if (ret_maj) { +@@ -59,7 +58,7 @@ static uint32_t gpm_copy_gss_OID_set(uint32_t *minor_status, + return ret_maj; + } + +- for (i = 0; i < oldset->count; i++) { ++ for (size_t i = 0; i < oldset->count; i++) { + ret_maj = gss_add_oid_set_member(&ret_min, &oldset->elements[i], &n); + if (ret_maj) { + *minor_status = ret_min; +@@ -124,7 +123,6 @@ static void gpmint_indicate_mechs(void) + uint32_t ret_min; + uint32_t ret_maj = 0; + int ret = 0; +- int i; + + memset(arg, 0, sizeof(gssx_arg_indicate_mechs)); + memset(res, 0, sizeof(gssx_res_indicate_mechs)); +@@ -158,7 +156,7 @@ static void gpmint_indicate_mechs(void) + goto done; + } + +- for (i = 0; i < res->mechs.mechs_len; i++) { ++ for (unsigned i = 0; i < res->mechs.mechs_len; i++) { + mi = &res->mechs.mechs_val[i]; + gi = &global_mechs.info[i]; + +@@ -222,7 +220,7 @@ static void gpmint_indicate_mechs(void) + goto done; + } + +- for (i = 0; i < res->mech_attr_descs.mech_attr_descs_len; i++) { ++ for (unsigned i = 0; i < res->mech_attr_descs.mech_attr_descs_len; i++) { + ma = &res->mech_attr_descs.mech_attr_descs_val[i]; + ga = &global_mechs.desc[i]; + +@@ -249,7 +247,7 @@ static void gpmint_indicate_mechs(void) + + done: + if (ret || ret_maj) { +- for (i = 0; i < global_mechs.desc_len; i++) { ++ for (unsigned i = 0; i < global_mechs.desc_len; i++) { + ga = &global_mechs.desc[i]; + gss_release_oid(&discard, &ga->attr); + gss_release_buffer(&discard, ga->name); +@@ -258,7 +256,7 @@ done: + } + free(global_mechs.desc); + global_mechs.desc = NULL; +- for (i = 0; i < global_mechs.info_len; i++) { ++ for (unsigned i = 0; i < global_mechs.info_len; i++) { + gi = &global_mechs.info[i]; + gss_release_oid(&discard, &gi->mech); + gss_release_oid_set(&discard, &gi->name_types); +@@ -335,7 +333,6 @@ OM_uint32 gpm_inquire_names_for_mech(OM_uint32 *minor_status, + { + uint32_t ret_min; + uint32_t ret_maj; +- int i; + + if (!minor_status) { + return GSS_S_CALL_INACCESSIBLE_WRITE; +@@ -351,7 +348,7 @@ OM_uint32 gpm_inquire_names_for_mech(OM_uint32 *minor_status, + return GSS_S_FAILURE; + } + +- for (i = 0; i < global_mechs.info_len; i++) { ++ for (unsigned i = 0; i < global_mechs.info_len; i++) { + if (!gpm_equal_oids(global_mechs.info[i].mech, mech_type)) { + continue; + } +@@ -375,7 +372,6 @@ OM_uint32 gpm_inquire_mechs_for_name(OM_uint32 *minor_status, + uint32_t discard; + gss_OID name_type = GSS_C_NO_OID; + int present; +- int i; + + if (!minor_status) { + return GSS_S_CALL_INACCESSIBLE_WRITE; +@@ -402,7 +398,7 @@ OM_uint32 gpm_inquire_mechs_for_name(OM_uint32 *minor_status, + goto done; + } + +- for (i = 0; i < global_mechs.info_len; i++) { ++ for (unsigned i = 0; i < global_mechs.info_len; i++) { + ret_maj = gss_test_oid_set_member(&ret_min, name_type, + global_mechs.info[i].name_types, + &present); +@@ -439,7 +435,6 @@ OM_uint32 gpm_inquire_attrs_for_mech(OM_uint32 *minor_status, + uint32_t ret_min; + uint32_t ret_maj; + uint32_t discard; +- int i; + + if (!minor_status) { + return GSS_S_CALL_INACCESSIBLE_WRITE; +@@ -451,7 +446,7 @@ OM_uint32 gpm_inquire_attrs_for_mech(OM_uint32 *minor_status, + return GSS_S_FAILURE; + } + +- for (i = 0; i < global_mechs.info_len; i++) { ++ for (unsigned i = 0; i < global_mechs.info_len; i++) { + if (!gpm_equal_oids(global_mechs.info[i].mech, mech)) { + continue; + } +@@ -495,7 +490,6 @@ OM_uint32 gpm_inquire_saslname_for_mech(OM_uint32 *minor_status, + uint32_t ret_min; + uint32_t ret_maj; + uint32_t discard; +- int i; + + if (!minor_status) { + return GSS_S_CALL_INACCESSIBLE_WRITE; +@@ -511,7 +505,7 @@ OM_uint32 gpm_inquire_saslname_for_mech(OM_uint32 *minor_status, + return GSS_S_FAILURE; + } + +- for (i = 0; i < global_mechs.info_len; i++) { ++ for (unsigned i = 0; i < global_mechs.info_len; i++) { + if (!gpm_equal_oids(global_mechs.info[i].mech, desired_mech)) { + continue; + } +@@ -554,7 +548,6 @@ OM_uint32 gpm_display_mech_attr(OM_uint32 *minor_status, + uint32_t ret_min; + uint32_t ret_maj; + uint32_t discard; +- int i; + + if (!minor_status) { + return GSS_S_CALL_INACCESSIBLE_WRITE; +@@ -570,7 +563,7 @@ OM_uint32 gpm_display_mech_attr(OM_uint32 *minor_status, + return GSS_S_FAILURE; + } + +- for (i = 0; i < global_mechs.desc_len; i++) { ++ for (unsigned i = 0; i < global_mechs.desc_len; i++) { + if (!gpm_equal_oids(global_mechs.desc[i].attr, mech_attr)) { + continue; + } +@@ -614,7 +607,6 @@ OM_uint32 gpm_indicate_mechs_by_attrs(OM_uint32 *minor_status, + uint32_t ret_maj; + uint32_t discard; + int present; +- int i, j; + + if (!minor_status) { + return GSS_S_CALL_INACCESSIBLE_WRITE; +@@ -636,8 +628,9 @@ OM_uint32 gpm_indicate_mechs_by_attrs(OM_uint32 *minor_status, + return ret_maj; + } + +- for (i = 0; i < global_mechs.info_len; i++) { ++ for (unsigned i = 0; i < global_mechs.info_len; i++) { + if (desired_mech_attrs != GSS_C_NO_OID_SET) { ++ unsigned j; + for (j = 0; j < desired_mech_attrs->count; j++) { + ret_maj = gss_test_oid_set_member(&ret_min, + &desired_mech_attrs->elements[j], +@@ -657,6 +650,7 @@ OM_uint32 gpm_indicate_mechs_by_attrs(OM_uint32 *minor_status, + } + } + if (except_mech_attrs != GSS_C_NO_OID_SET) { ++ unsigned j; + for (j = 0; j < except_mech_attrs->count; j++) { + ret_maj = gss_test_oid_set_member(&ret_min, + &except_mech_attrs->elements[j], +@@ -676,6 +670,7 @@ OM_uint32 gpm_indicate_mechs_by_attrs(OM_uint32 *minor_status, + } + } + if (critical_mech_attrs != GSS_C_NO_OID_SET) { ++ unsigned j; + for (j = 0; j < critical_mech_attrs->count; j++) { + ret_maj = gss_test_oid_set_member(&ret_min, + &critical_mech_attrs->elements[j], +diff --git a/proxy/src/gp_common.h b/proxy/src/gp_common.h +index edc23b4..4f76e58 100644 +--- a/proxy/src/gp_common.h ++++ b/proxy/src/gp_common.h +@@ -104,9 +104,8 @@ union gp_rpc_res { + #define gp_options_find(res, opts, name, len) \ + do { \ + struct gssx_option *_v; \ +- int _o; \ + res = NULL; \ +- for (_o = 0; _o < opts.options_len; _o++) { \ ++ for (unsigned _o = 0; _o < opts.options_len; _o++) { \ + _v = &opts.options_val[_o]; \ + if (gp_option_name_match(_v, name, len)) { \ + res = _v; \ +diff --git a/proxy/src/gp_config.c b/proxy/src/gp_config.c +index 5c1ca02..a671333 100644 +--- a/proxy/src/gp_config.c ++++ b/proxy/src/gp_config.c +@@ -57,11 +57,9 @@ static void free_str_array(const char ***a, int *count) + + void free_cred_store_elements(gss_key_value_set_desc *cs) + { +- int i; +- + if (!cs->elements) return; + +- for (i = 0; i < cs->count; i++) { ++ for (unsigned i = 0; i < cs->count; i++) { + safefree(cs->elements[i].key); + safefree(cs->elements[i].value); + } +@@ -146,7 +144,7 @@ static int get_krb5_mech_cfg(struct gp_service *svc, + &count, &strings); + if (ret == 0) { + const char *p; +- size_t len; ++ ssize_t len; + char *key; + + svc->krb5.store.elements = +@@ -698,7 +696,6 @@ struct gp_creds_handle *gp_service_get_creds_handle(struct gp_service *svc) + void free_config(struct gp_config **cfg) + { + struct gp_config *config = *cfg; +- uint32_t i; + + if (!config) { + return; +@@ -709,7 +706,7 @@ void free_config(struct gp_config **cfg) + free(config->socket_name); + free(config->proxy_user); + +- for (i=0; i < config->num_svcs; i++) { ++ for (int i = 0; i < config->num_svcs; i++) { + gp_service_free(config->svcs[i]); + safefree(config->svcs[i]); + } +diff --git a/proxy/src/gp_conv.c b/proxy/src/gp_conv.c +index 71d6d9d..b874b06 100644 +--- a/proxy/src/gp_conv.c ++++ b/proxy/src/gp_conv.c +@@ -599,7 +599,6 @@ done: + int gp_conv_gssx_to_oid_set(gssx_OID_set *in, gss_OID_set *out) + { + gss_OID_set o; +- int i; + + if (in->gssx_OID_set_len == 0) { + *out = GSS_C_NO_OID_SET; +@@ -618,7 +617,7 @@ int gp_conv_gssx_to_oid_set(gssx_OID_set *in, gss_OID_set *out) + return ENOMEM; + } + +- for (i = 0; i < o->count; i++) { ++ for (size_t i = 0; i < o->count; i++) { + o->elements[i].elements = + gp_memdup(in->gssx_OID_set_val[i].octet_string_val, + in->gssx_OID_set_val[i].octet_string_len); +@@ -641,7 +640,6 @@ int gp_conv_gssx_to_oid_set(gssx_OID_set *in, gss_OID_set *out) + int gp_conv_oid_set_to_gssx(gss_OID_set in, gssx_OID_set *out) + { + int ret; +- int i; + + if (in->count == 0) { + return 0; +@@ -653,7 +651,7 @@ int gp_conv_oid_set_to_gssx(gss_OID_set in, gssx_OID_set *out) + return ENOMEM; + } + +- for (i = 0; i < in->count; i++) { ++ for (size_t i = 0; i < in->count; i++) { + ret = gp_conv_octet_string(in->elements[i].length, + in->elements[i].elements, + &out->gssx_OID_set_val[i]); +diff --git a/proxy/src/gp_creds.c b/proxy/src/gp_creds.c +index 6570b06..e05ad01 100644 +--- a/proxy/src/gp_creds.c ++++ b/proxy/src/gp_creds.c +@@ -312,7 +312,6 @@ static int gp_get_cred_environment(struct gp_call_ctx *gpcall, + int k_num = -1; + int ck_num = -1; + int cc_num = -1; +- int d; + + memset(cs, 0, sizeof(gss_key_value_set_desc)); + +@@ -419,7 +418,7 @@ static int gp_get_cred_environment(struct gp_call_ctx *gpcall, + ret = ENOMEM; + goto done; + } +- for (d = 0; d < svc->krb5.store.count; d++) { ++ for (unsigned d = 0; d < svc->krb5.store.count; d++) { + if (strcmp(svc->krb5.store.elements[d].key, "client_keytab") == 0) { + ck_num = cs->count; + } else if (strcmp(svc->krb5.store.elements[d].key, "keytab") == 0) { +diff --git a/proxy/src/gp_export.c b/proxy/src/gp_export.c +index 12b8d5f..3a927c9 100644 +--- a/proxy/src/gp_export.c ++++ b/proxy/src/gp_export.c +@@ -288,7 +288,6 @@ uint32_t gp_export_gssx_cred(uint32_t *min, struct gp_call_ctx *gpcall, + uint32_t acceptor_lifetime = 0; + struct gssx_cred_element *el; + int ret; +- int i, j; + struct gp_creds_handle *handle = NULL; + gss_buffer_desc token = GSS_C_EMPTY_BUFFER; + +@@ -314,8 +313,7 @@ uint32_t gp_export_gssx_cred(uint32_t *min, struct gp_call_ctx *gpcall, + } + out->elements.elements_len = mechanisms->count; + +- for (i = 0, j = 0; i < mechanisms->count; i++, j++) { +- ++ for (unsigned i = 0, j = 0; i < mechanisms->count; i++, j++) { + el = &out->elements.elements_val[j]; + + ret_maj = gss_inquire_cred_by_mech(&ret_min, *in, +@@ -399,11 +397,10 @@ static void gp_set_cred_options(gssx_cred *cred, gss_cred_id_t gss_cred) + krb5_enctype *ktypes; + bool no_ci_flags = false; + uint32_t maj, min; +- int i, j; + +- for (i = 0; i < cred->elements.elements_len; i++) { ++ for (unsigned i = 0; i < cred->elements.elements_len; i++) { + ce = &cred->elements.elements_val[i]; +- for (j = 0; j < ce->options.options_len; j++) { ++ for (unsigned j = 0; j < ce->options.options_len; j++) { + op = &ce->options.options_val[j]; + if ((op->option.octet_string_len == + sizeof(KRB5_SET_ALLOWED_ENCTYPE)) && +diff --git a/proxy/src/gp_rpc_acquire_cred.c b/proxy/src/gp_rpc_acquire_cred.c +index e9c7d56..fcb4fbe 100644 +--- a/proxy/src/gp_rpc_acquire_cred.c ++++ b/proxy/src/gp_rpc_acquire_cred.c +@@ -20,7 +20,6 @@ int gp_acquire_cred(struct gp_call_ctx *gpcall, + gss_cred_id_t *add_out_cred = NULL; + int acquire_type = ACQ_NORMAL; + int ret; +- int i; + + aca = &arg->acquire_cred; + acr = &res->acquire_cred; +@@ -63,7 +62,7 @@ int gp_acquire_cred(struct gp_call_ctx *gpcall, + goto done; + } + +- for (i = 0; i < desired_mechs->count; i++) { ++ for (unsigned i = 0; i < desired_mechs->count; i++) { + desired_mech = &desired_mechs->elements[i]; + + if (!gp_creds_allowed_mech(gpcall, desired_mech)) { +@@ -93,7 +92,7 @@ int gp_acquire_cred(struct gp_call_ctx *gpcall, + + cred_usage = gp_conv_gssx_to_cred_usage(aca->cred_usage); + +- for (i = 0; i < use_mechs->count; i++) { ++ for (unsigned i = 0; i < use_mechs->count; i++) { + desired_mech = &use_mechs->elements[i]; + /* this should really be folded into an extended + * gss_add_cred in gssapi that can accept a set of URIs +diff --git a/proxy/src/gp_rpc_debug.c b/proxy/src/gp_rpc_debug.c +index 2e2c050..a814448 100644 +--- a/proxy/src/gp_rpc_debug.c ++++ b/proxy/src/gp_rpc_debug.c +@@ -19,7 +19,7 @@ void gpdbg_octet_string(octet_string *x) + } + fprintf(stderr, "... ] "); + } else { +- for (int i = 0; i < x->octet_string_len; i++) { ++ for (unsigned i = 0; i < x->octet_string_len; i++) { + fprintf(stderr, "%x", x->octet_string_val[i]); + } + fprintf(stderr, " ] "); +@@ -55,7 +55,7 @@ void gpdbg_gssx_OID(gssx_OID *x) + void gpdbg_gssx_OID_set(gssx_OID_set *x) + { + gp_debug_printf("{ "); +- for (int i = 0; i < x->gssx_OID_set_len; i++) { ++ for (unsigned i = 0; i < x->gssx_OID_set_len; i++) { + gpdbg_gssx_OID(&x->gssx_OID_set_val[i]); + } + gp_debug_printf("} "); +@@ -90,7 +90,7 @@ void gpdbg_gssx_option(gssx_option *x) + #define gpdbg_extensions(x) do { \ + if ((x)->extensions.extensions_len > 0) { \ + gp_debug_printf("[ "); \ +- for (int i = 0; i < (x)->extensions.extensions_len; i++) { \ ++ for (unsigned i = 0; i < (x)->extensions.extensions_len; i++) { \ + gpdbg_gssx_option(&(x)->extensions.extensions_val[i]); \ + } \ + gp_debug_printf("] "); \ +@@ -100,7 +100,7 @@ void gpdbg_gssx_option(gssx_option *x) + #define gpdbg_options(x) do { \ + if ((x)->options.options_len > 0) { \ + gp_debug_printf("[ "); \ +- for (int i = 0; i < (x)->options.options_len; i++) { \ ++ for (unsigned i = 0; i < (x)->options.options_len; i++) { \ + gpdbg_gssx_option(&(x)->options.options_val[i]); \ + } \ + gp_debug_printf("] "); \ +@@ -168,7 +168,7 @@ void gpdbg_gssx_call_ctx(gssx_call_ctx *x) + #define gpdbg_name_attributes(X) do { \ + gp_debug_printf("[ "); \ + if (x->name_attributes.name_attributes_len > 0) { \ +- for (int i = 0; i < x->name_attributes.name_attributes_len; i++) { \ ++ for (unsigned i = 0; i < x->name_attributes.name_attributes_len; i++) { \ + gpdbg_gssx_name_attr( \ + &x->name_attributes.name_attributes_val[i]); \ + } \ +@@ -209,7 +209,7 @@ void gpdbg_gssx_cred(gssx_cred *x) + gp_debug_printf("{ "); + gpdbg_gssx_name(&x->desired_name); + gp_debug_printf("[ "); +- for (int i = 0; i < x->elements.elements_len; i++) { ++ for (unsigned i = 0; i < x->elements.elements_len; i++) { + gpdbg_gssx_cred_element(&x->elements.elements_val[i]); + } + gp_debug_printf("] "); +@@ -289,17 +289,17 @@ void gpdbg_gssx_res_indicate_mechs(gssx_res_indicate_mechs *x) + gp_debug_printf(" GSSX_RES_INDICATE_MECHS( status: "); + gpdbg_gssx_status(&x->status); + gp_debug_printf("mechs: [ "); +- for (int i = 0; i < x->mechs.mechs_len; i++) { ++ for (unsigned i = 0; i < x->mechs.mechs_len; i++) { + gpdbg_gssx_mech_info(&x->mechs.mechs_val[i]); + } + gp_debug_printf("] "); + gp_debug_printf("mech_attr_descs: [ "); +- for (int i = 0; i < x->mech_attr_descs.mech_attr_descs_len; i++) { ++ for (unsigned i = 0; i < x->mech_attr_descs.mech_attr_descs_len; i++) { + gpdbg_gssx_mech_attr(&x->mech_attr_descs.mech_attr_descs_val[i]); + } + gp_debug_printf("] "); + gp_debug_printf("supported_extensions: [ "); +- for (int i = 0; ++ for (unsigned i = 0; + i < x->supported_extensions.supported_extensions_len; i++) { + gpdbg_gssx_buffer( + &x->supported_extensions.supported_extensions_val[i]); +@@ -602,7 +602,7 @@ void gpdbg_gssx_arg_wrap(gssx_arg_wrap *x) + gp_debug_printf("conf_req: "); + gp_debug_printf("%d ", (int)x->conf_req); + gp_debug_printf("message_buffer: [ "); +- for (int i = 0; i < x->message_buffer.message_buffer_len; i++) { ++ for (unsigned i = 0; i < x->message_buffer.message_buffer_len; i++) { + gpdbg_octet_string(&x->message_buffer.message_buffer_val[i]); + } + gp_debug_printf("] "); +@@ -618,7 +618,7 @@ void gpdbg_gssx_res_wrap(gssx_res_wrap *x) + gp_debug_printf("context_handle: "); + GPRPCDEBUG(gssx_ctx, x->context_handle); + gp_debug_printf("token_buffer: [ "); +- for (int i = 0; i < x->token_buffer.token_buffer_len; i++) { ++ for (unsigned i = 0; i < x->token_buffer.token_buffer_len; i++) { + gpdbg_octet_string(&x->token_buffer.token_buffer_val[i]); + } + gp_debug_printf("] "); +@@ -640,7 +640,7 @@ void gpdbg_gssx_arg_unwrap(gssx_arg_unwrap *x) + gp_debug_printf("context_handle: "); + gpdbg_gssx_ctx(&x->context_handle); + gp_debug_printf("token_buffer: [ "); +- for (int i = 0; i < x->token_buffer.token_buffer_len; i++) { ++ for (unsigned i = 0; i < x->token_buffer.token_buffer_len; i++) { + gpdbg_octet_string(&x->token_buffer.token_buffer_val[i]); + } + gp_debug_printf("] "); +@@ -656,7 +656,7 @@ void gpdbg_gssx_res_unwrap(gssx_res_unwrap *x) + gp_debug_printf("context_handle: "); + GPRPCDEBUG(gssx_ctx, x->context_handle); + gp_debug_printf("message_buffer: [ "); +- for (int i = 0; i < x->message_buffer.message_buffer_len; i++) { ++ for (unsigned i = 0; i < x->message_buffer.message_buffer_len; i++) { + gpdbg_octet_string(&x->message_buffer.message_buffer_val[i]); + } + gp_debug_printf("] "); +diff --git a/proxy/src/gp_rpc_indicate_mechs.c b/proxy/src/gp_rpc_indicate_mechs.c +index 8abbc7f..6ae6756 100644 +--- a/proxy/src/gp_rpc_indicate_mechs.c ++++ b/proxy/src/gp_rpc_indicate_mechs.c +@@ -25,8 +25,7 @@ int gp_indicate_mechs(struct gp_call_ctx *gpcall UNUSED, + uint32_t ret_maj; + uint32_t ret_min; + int present; +- int h, i, j; +- int ret; ++ int ret; + + ima = &arg->indicate_mechs; + imr = &res->indicate_mechs; +@@ -53,8 +52,7 @@ int gp_indicate_mechs(struct gp_call_ctx *gpcall UNUSED, + } + imr->mechs.mechs_len = mech_set->count; + +- for (i = 0, h = 0; i < mech_set->count; i++, h++) { +- ++ for (unsigned i = 0, h = 0; i < mech_set->count; i++, h++) { + mi = &imr->mechs.mechs_val[h]; + + ret = gp_conv_oid_to_gssx(&mech_set->elements[i], &mi->mech); +@@ -104,8 +102,7 @@ int gp_indicate_mechs(struct gp_call_ctx *gpcall UNUSED, + ret_min = ret; + goto done; + } +- for (j = 0; j < mech_attrs->count; j++) { +- ++ for (unsigned j = 0; j < mech_attrs->count; j++) { + ret_maj = gss_test_oid_set_member(&ret_min, + &mech_attrs->elements[j], + attr_set, +@@ -136,8 +133,7 @@ int gp_indicate_mechs(struct gp_call_ctx *gpcall UNUSED, + goto done; + } + +- for (j = 0; j < known_mech_attrs->count; j++) { +- ++ for (unsigned j = 0; j < known_mech_attrs->count; j++) { + ret_maj = gss_test_oid_set_member(&ret_min, + &known_mech_attrs->elements[j], + attr_set, +@@ -205,8 +201,7 @@ int gp_indicate_mechs(struct gp_call_ctx *gpcall UNUSED, + } + imr->mech_attr_descs.mech_attr_descs_len = attr_set->count; + +- for (i = 0; i < attr_set->count; i++) { +- ++ for (unsigned i = 0; i < attr_set->count; i++) { + ma = &imr->mech_attr_descs.mech_attr_descs_val[i]; + + ret = gp_conv_oid_to_gssx(&attr_set->elements[i], &ma->attr); +diff --git a/proxy/src/gp_socket.c b/proxy/src/gp_socket.c +index 829ff21..17ecf7c 100644 +--- a/proxy/src/gp_socket.c ++++ b/proxy/src/gp_socket.c +@@ -303,7 +303,7 @@ static void gp_socket_read(verto_ctx *vctx, verto_ev *ev) + struct gp_buffer *rbuf; + uint32_t size; + bool header = false; +- size_t rn; ++ ssize_t rn; + int ret; + int fd; + +@@ -487,7 +487,7 @@ static void gp_socket_write(verto_ctx *vctx, verto_ev *ev) + return; + } + if (vecs == 2) { +- if (wn < sizeof(size)) { ++ if (wn < (ssize_t) sizeof(size)) { + /* don't bother trying to handle sockets that can't + * buffer even 4 bytes */ + gp_conn_free(wbuf->conn); +diff --git a/proxy/src/gp_util.c b/proxy/src/gp_util.c +index ca83eb3..f158b84 100644 +--- a/proxy/src/gp_util.c ++++ b/proxy/src/gp_util.c +@@ -109,7 +109,7 @@ char *gp_strerror(int errnum) + ssize_t gp_safe_read(int fd, void *buf, size_t count) + { + char *b = (char *)buf; +- ssize_t len = 0; ++ size_t len = 0; + ssize_t ret; + + do { +@@ -128,7 +128,7 @@ ssize_t gp_safe_read(int fd, void *buf, size_t count) + ssize_t gp_safe_write(int fd, const void *buf, size_t count) + { + const char *b = (const char *)buf; +- ssize_t len = 0; ++ size_t len = 0; + ssize_t ret; + + do { +diff --git a/proxy/tests/t_utils.c b/proxy/tests/t_utils.c +index 6af9a16..36f7bd1 100644 +--- a/proxy/tests/t_utils.c ++++ b/proxy/tests/t_utils.c +@@ -8,7 +8,7 @@ + int t_send_buffer(int fd, char *buf, uint32_t len) + { + uint32_t size; +- size_t wn; ++ ssize_t wn; + size_t pos; + + size = htonl(len); +@@ -36,7 +36,7 @@ int t_send_buffer(int fd, char *buf, uint32_t len) + int t_recv_buffer(int fd, char *buf, uint32_t *len) + { + uint32_t size; +- size_t rn; ++ ssize_t rn; + size_t pos; + + rn = read(fd, &size, sizeof(uint32_t)); diff --git a/Fix-most-memory-leaks.patch b/Fix-most-memory-leaks.patch new file mode 100644 index 0000000..0b2148a --- /dev/null +++ b/Fix-most-memory-leaks.patch @@ -0,0 +1,250 @@ +From fae905d25a24dd360c5ae3e50bd3bfcf71c5f3bb Mon Sep 17 00:00:00 2001 +From: Alexander Scheel +Date: Thu, 29 Jun 2017 10:59:46 -0400 +Subject: [PATCH] Fix most memory leaks + +Signed-off-by: Alexander Scheel +[rharwood@redhat.com: commit message, whitespace] +Reviewed-by: Robbie Harwood +Merges: #203 +Related: #176 +(cherry picked from commit 470cf4d745d57f0597124a35b2faf86ba1107bb5) +--- + proxy/src/gp_config.c | 2 ++ + proxy/src/gp_creds.c | 2 ++ + proxy/src/gp_export.c | 3 ++- + proxy/src/gp_rpc_acquire_cred.c | 17 ++++++++++------ + proxy/src/gssproxy.c | 42 ++++++++++++++++++++++++++++------------ + proxy/src/mechglue/gpp_context.c | 2 ++ + proxy/tests/t_acquire.c | 3 +++ + 7 files changed, 52 insertions(+), 19 deletions(-) + +diff --git a/proxy/src/gp_config.c b/proxy/src/gp_config.c +index a671333..754edf5 100644 +--- a/proxy/src/gp_config.c ++++ b/proxy/src/gp_config.c +@@ -75,6 +75,8 @@ static void gp_service_free(struct gp_service *svc) + free_cred_store_elements(&svc->krb5.store); + gp_free_creds_handle(&svc->krb5.creds_handle); + } ++ free(svc->socket); ++ free(svc->program); + SELINUX_context_free(svc->selinux_ctx); + memset(svc, 0, sizeof(struct gp_service)); + } +diff --git a/proxy/src/gp_creds.c b/proxy/src/gp_creds.c +index fdc6bdf..2cb4ce7 100644 +--- a/proxy/src/gp_creds.c ++++ b/proxy/src/gp_creds.c +@@ -1049,6 +1049,8 @@ uint32_t gp_count_tickets(uint32_t *min, gss_cred_id_t cred, uint32_t *ccsum) + goto done; + } + ++ krb5_free_cred_contents(context, &creds); ++ + /* TODO: Should we do a real checksum over all creds->ticket data and + * flags in future ? */ + (*ccsum)++; +diff --git a/proxy/src/gp_export.c b/proxy/src/gp_export.c +index 4e081df..ab08bb7 100644 +--- a/proxy/src/gp_export.c ++++ b/proxy/src/gp_export.c +@@ -47,7 +47,7 @@ uint32_t gp_init_creds_with_keytab(uint32_t *min, const char *svc_name, + krb5_keytab ktid = NULL; + krb5_kt_cursor cursor; + krb5_keytab_entry entry; +- krb5_enctype *permitted; ++ krb5_enctype *permitted = NULL; + uint32_t ret_maj = 0; + uint32_t ret_min = 0; + int ret; +@@ -127,6 +127,7 @@ uint32_t gp_init_creds_with_keytab(uint32_t *min, const char *svc_name, + ret_maj = GSS_S_COMPLETE; + + done: ++ krb5_free_enctypes(handle->context, permitted); + if (ktid) { + (void)krb5_kt_close(handle->context, ktid); + } +diff --git a/proxy/src/gp_rpc_acquire_cred.c b/proxy/src/gp_rpc_acquire_cred.c +index fcb4fbe..7ddb427 100644 +--- a/proxy/src/gp_rpc_acquire_cred.c ++++ b/proxy/src/gp_rpc_acquire_cred.c +@@ -130,17 +130,18 @@ int gp_acquire_cred(struct gp_call_ctx *gpcall, + } + } + +- acr->output_cred_handle = calloc(1, sizeof(gssx_cred)); +- if (!acr->output_cred_handle) { +- ret_maj = GSS_S_FAILURE; +- ret_min = ENOMEM; +- goto done; +- } + + if (out_cred == in_cred) { + acr->output_cred_handle = aca->input_cred_handle; + aca->input_cred_handle = NULL; + } else { ++ acr->output_cred_handle = calloc(1, sizeof(gssx_cred)); ++ if (!acr->output_cred_handle) { ++ ret_maj = GSS_S_FAILURE; ++ ret_min = ENOMEM; ++ goto done; ++ } ++ + ret_maj = gp_export_gssx_cred(&ret_min, gpcall, + &out_cred, acr->output_cred_handle); + if (ret_maj) { +@@ -154,6 +155,10 @@ done: + + GPRPCDEBUG(gssx_res_acquire_cred, acr); + ++ if (add_out_cred != &in_cred && add_out_cred != &out_cred) ++ gss_release_cred(&ret_min, add_out_cred); ++ if (in_cred != out_cred) ++ gss_release_cred(&ret_min, &in_cred); + gss_release_cred(&ret_min, &out_cred); + gss_release_oid_set(&ret_min, &use_mechs); + gss_release_oid_set(&ret_min, &desired_mechs); +diff --git a/proxy/src/gssproxy.c b/proxy/src/gssproxy.c +index a020218..5c5937d 100644 +--- a/proxy/src/gssproxy.c ++++ b/proxy/src/gssproxy.c +@@ -157,7 +157,7 @@ int main(int argc, const char *argv[]) + verto_ctx *vctx; + verto_ev *ev; + int wait_fd; +- int ret; ++ int ret = -1; + + struct poptOption long_options[] = { + POPT_AUTOHELP +@@ -187,13 +187,17 @@ int main(int argc, const char *argv[]) + fprintf(stderr, "\nInvalid option %s: %s\n\n", + poptBadOption(pc, 0), poptStrerror(opt)); + poptPrintUsage(pc, stderr, 0); +- return 1; ++ ++ ret = 1; ++ goto cleanup; + } + } + + if (opt_version) { + puts(VERSION""DISTRO_VERSION""PRERELEASE_VERSION); +- return 0; ++ poptFreeContext(pc); ++ ret = 0; ++ goto cleanup; + } + + if (opt_debug || opt_debug_level > 0) { +@@ -204,7 +208,8 @@ int main(int argc, const char *argv[]) + if (opt_daemon && opt_interactive) { + fprintf(stderr, "Option -i|--interactive is not allowed together with -D|--daemon\n"); + poptPrintUsage(pc, stderr, 0); +- return 1; ++ ret = 0; ++ goto cleanup; + } + + if (opt_interactive) { +@@ -218,7 +223,8 @@ int main(int argc, const char *argv[]) + opt_config_socket, + opt_daemon); + if (!gpctx->config) { +- exit(EXIT_FAILURE); ++ ret = EXIT_FAILURE; ++ goto cleanup; + } + + init_server(gpctx->config->daemonize, &wait_fd); +@@ -229,7 +235,8 @@ int main(int argc, const char *argv[]) + if (!vctx) { + fprintf(stderr, "Failed to initialize event loop. " + "Is there at least one libverto backend installed?\n"); +- return 1; ++ ret = 1; ++ goto cleanup; + } + gpctx->vctx = vctx; + +@@ -237,12 +244,13 @@ int main(int argc, const char *argv[]) + ev = verto_add_signal(vctx, VERTO_EV_FLAG_PERSIST, hup_handler, SIGHUP); + if (!ev) { + fprintf(stderr, "Failed to register SIGHUP handler with verto!\n"); +- return 1; ++ ret = 1; ++ goto cleanup; + } + + ret = init_sockets(vctx, NULL); + if (ret != 0) { +- return ret; ++ goto cleanup; + } + + /* We need to tell nfsd that GSS-Proxy is available before it starts, +@@ -256,12 +264,14 @@ int main(int argc, const char *argv[]) + + ret = drop_privs(gpctx->config); + if (ret) { +- exit(EXIT_FAILURE); ++ ret = EXIT_FAILURE; ++ goto cleanup; + } + + ret = gp_workers_init(gpctx); + if (ret) { +- exit(EXIT_FAILURE); ++ ret = EXIT_FAILURE; ++ goto cleanup; + } + + verto_run(vctx); +@@ -271,9 +281,17 @@ int main(int argc, const char *argv[]) + + fini_server(); + +- poptFreeContext(pc); + + free_config(&gpctx->config); ++ free(gpctx); + +- return 0; ++ ret = 0; ++ ++cleanup: ++ poptFreeContext(pc); ++ free(opt_config_file); ++ free(opt_config_dir); ++ free(opt_config_socket); ++ ++ return ret; + } +diff --git a/proxy/src/mechglue/gpp_context.c b/proxy/src/mechglue/gpp_context.c +index 2f41e4f..69e69e0 100644 +--- a/proxy/src/mechglue/gpp_context.c ++++ b/proxy/src/mechglue/gpp_context.c +@@ -362,6 +362,8 @@ OM_uint32 gssi_delete_sec_context(OM_uint32 *minor_status, + } + } + ++ free(ctx); ++ + return rmaj; + } + +diff --git a/proxy/tests/t_acquire.c b/proxy/tests/t_acquire.c +index 2bb7706..5334565 100644 +--- a/proxy/tests/t_acquire.c ++++ b/proxy/tests/t_acquire.c +@@ -132,5 +132,8 @@ done: + gss_release_buffer(&ret_min, &in_token); + gss_release_buffer(&ret_min, &out_token); + gss_release_cred(&ret_min, &cred_handle); ++ gss_release_name(&ret_min, &target_name); ++ gss_delete_sec_context(&ret_min, &init_ctx, GSS_C_NO_BUFFER); ++ gss_delete_sec_context(&ret_min, &accept_ctx, GSS_C_NO_BUFFER); + return ret; + } diff --git a/Fix-potential-free-of-non-heap-address.patch b/Fix-potential-free-of-non-heap-address.patch index be07a50..4cbee0e 100644 --- a/Fix-potential-free-of-non-heap-address.patch +++ b/Fix-potential-free-of-non-heap-address.patch @@ -1,4 +1,4 @@ -From d5e838b8b752ea8039fe174c8944a41aed7034a2 Mon Sep 17 00:00:00 2001 +From ab123e89f29965a9cb0ca40a4dcdd538b6feb285 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Mon, 11 Sep 2017 10:52:03 -0400 Subject: [PATCH] Fix potential free of non-heap address @@ -12,10 +12,10 @@ Merges: #211 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/proxy/src/client/gpm_common.c b/proxy/src/client/gpm_common.c -index 9a10c2f..340da2f 100644 +index dba23a6..c65c69d 100644 --- a/proxy/src/client/gpm_common.c +++ b/proxy/src/client/gpm_common.c -@@ -556,8 +556,8 @@ static int gpm_send_recv_loop(struct gpm_ctx *gpmctx, char *send_buffer, +@@ -553,8 +553,8 @@ static int gpm_send_recv_loop(struct gpm_ctx *gpmctx, char *send_buffer, ret = gpm_retry_socket(gpmctx); /* Free buffer and set it to NULL to prevent free(xdr_reply_ctx) */ diff --git a/Fix-segfault-when-no-config-files-are-present.patch b/Fix-segfault-when-no-config-files-are-present.patch index ee9eb69..1c4326d 100644 --- a/Fix-segfault-when-no-config-files-are-present.patch +++ b/Fix-segfault-when-no-config-files-are-present.patch @@ -1,4 +1,4 @@ -From cefc08b686697e3e11ec3f0c2d42e0ee2b3c90b3 Mon Sep 17 00:00:00 2001 +From 43033ca39d12d5e4884736cca46fec894f7cb1e9 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 16 May 2017 14:16:23 -0400 Subject: [PATCH] Fix segfault when no config files are present @@ -13,10 +13,10 @@ Merges: #185 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/proxy/src/gp_config.c b/proxy/src/gp_config.c -index 5c1ca02..409cd74 100644 +index 754edf5..efd97e4 100644 --- a/proxy/src/gp_config.c +++ b/proxy/src/gp_config.c -@@ -846,16 +846,17 @@ int gp_config_init(const char *config_file, const char *config_dir, +@@ -845,16 +845,17 @@ int gp_config_init(const char *config_file, const char *config_dir, if (config_file) { ret = gp_config_from_file(config_file, ini_config, collision_flags); diff --git a/Fix-silent-crash-with-duplicate-config-sections.patch b/Fix-silent-crash-with-duplicate-config-sections.patch index facb2ae..8b3cb2e 100644 --- a/Fix-silent-crash-with-duplicate-config-sections.patch +++ b/Fix-silent-crash-with-duplicate-config-sections.patch @@ -1,4 +1,4 @@ -From 2c44a2ded88990de44665ed297c135bec844d016 Mon Sep 17 00:00:00 2001 +From 11c8ef2857810116fe04cf2a5de643af0fa9c475 Mon Sep 17 00:00:00 2001 From: Alexander Scheel Date: Wed, 9 Aug 2017 15:00:26 -0400 Subject: [PATCH] Fix silent crash with duplicate config sections @@ -150,10 +150,10 @@ index c52dbb6..9e01f7d 100644 LIBS="$PTHREAD_LIBS $LIBS" diff --git a/proxy/src/gp_config.c b/proxy/src/gp_config.c -index c507472..f3ff1fd 100644 +index 2e9806d..3ec4b82 100644 --- a/proxy/src/gp_config.c +++ b/proxy/src/gp_config.c -@@ -730,7 +730,7 @@ static int gp_config_from_file(const char *config_file, +@@ -729,7 +729,7 @@ static int gp_config_from_file(const char *config_file, 0, /* metadata_flags, FIXME */ &file_ctx); if (ret) { @@ -162,7 +162,7 @@ index c507472..f3ff1fd 100644 ret, gp_strerror(ret)); ini_config_destroy(ini_config); return ret; -@@ -744,7 +744,7 @@ static int gp_config_from_file(const char *config_file, +@@ -743,7 +743,7 @@ static int gp_config_from_file(const char *config_file, if (ret) { char **errors = NULL; /* we had a parsing failure */ @@ -171,7 +171,7 @@ index c507472..f3ff1fd 100644 ret, gp_strerror(ret)); if (ini_config_error_count(ini_config)) { ini_config_get_errors(ini_config, &errors); -@@ -793,26 +793,25 @@ static int gp_config_from_dir(const char *config_dir, +@@ -792,26 +792,25 @@ static int gp_config_from_dir(const char *config_dir, INI_STOP_ON_ANY, /* error_level */ collision_flags, INI_PARSE_NOWRAP, @@ -207,7 +207,7 @@ index c507472..f3ff1fd 100644 ref_array_destroy(error_list); return ret; -@@ -823,9 +822,7 @@ static int gp_config_from_dir(const char *config_dir, +@@ -822,9 +821,7 @@ static int gp_config_from_dir(const char *config_dir, ini_config_destroy(*ini_config); *ini_config = result_cfg; } diff --git a/Fix-unused-variables.patch b/Fix-unused-variables.patch index 7ca0b15..069b942 100644 --- a/Fix-unused-variables.patch +++ b/Fix-unused-variables.patch @@ -1,4 +1,4 @@ -From 08e753072cc06ca11b14d6c742260a422c9f5ae1 Mon Sep 17 00:00:00 2001 +From a3c9d87924455448cf3bcb20d34f1bd4e6b915d8 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Wed, 15 Mar 2017 13:52:36 -0400 Subject: [PATCH] Fix unused variables @@ -35,10 +35,10 @@ Merges: #173 24 files changed, 44 insertions(+), 64 deletions(-) diff --git a/proxy/src/client/gpm_common.c b/proxy/src/client/gpm_common.c -index 1366463..12b14ae 100644 +index 0a54dbc..030765a 100644 --- a/proxy/src/client/gpm_common.c +++ b/proxy/src/client/gpm_common.c -@@ -315,6 +315,7 @@ static struct gpm_ctx *gpm_get_ctx(void) +@@ -320,6 +320,7 @@ static void gpm_release_ctx(struct gpm_ctx *gpmctx) OM_uint32 gpm_release_buffer(OM_uint32 *minor_status, gss_buffer_t buffer) { @@ -193,7 +193,7 @@ index 7d89b06..6570b06 100644 gss_OID_set *actual_mechs, uint32_t *initiator_time_rec, diff --git a/proxy/src/gp_init.c b/proxy/src/gp_init.c -index bb7ba6b..4673f02 100644 +index d367f92..e69934d 100644 --- a/proxy/src/gp_init.c +++ b/proxy/src/gp_init.c @@ -96,7 +96,7 @@ void fini_server(void) diff --git a/Handle-outdated-encrypted-ccaches.patch b/Handle-outdated-encrypted-ccaches.patch index 2c49722..5df24fc 100644 --- a/Handle-outdated-encrypted-ccaches.patch +++ b/Handle-outdated-encrypted-ccaches.patch @@ -1,4 +1,4 @@ -From c649c02b3889cc0b777d314c3ba6b295bd394820 Mon Sep 17 00:00:00 2001 +From d78394bcdee27ee2ec00822871a7688585d6e9ed Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Fri, 15 Sep 2017 18:07:28 -0400 Subject: [PATCH] Handle outdated encrypted ccaches @@ -18,10 +18,10 @@ Merges: #214 3 files changed, 35 insertions(+), 6 deletions(-) diff --git a/proxy/src/gp_export.c b/proxy/src/gp_export.c -index 12b8d5f..e231100 100644 +index ab08bb7..0c39045 100644 --- a/proxy/src/gp_export.c +++ b/proxy/src/gp_export.c -@@ -267,7 +267,7 @@ static int gp_decrypt_buffer(krb5_context context, krb5_keyblock *key, +@@ -268,7 +268,7 @@ static int gp_decrypt_buffer(krb5_context context, krb5_keyblock *key, &enc_handle, &data_out); if (ret) { @@ -30,7 +30,7 @@ index 12b8d5f..e231100 100644 } *len = data_out.length; -@@ -447,8 +447,8 @@ uint32_t gp_import_gssx_cred(uint32_t *min, struct gp_call_ctx *gpcall, +@@ -446,8 +446,8 @@ uint32_t gp_import_gssx_cred(uint32_t *min, struct gp_call_ctx *gpcall, { gss_buffer_desc token = GSS_C_EMPTY_BUFFER; struct gp_creds_handle *handle = NULL; @@ -41,7 +41,7 @@ index 12b8d5f..e231100 100644 int ret; handle = gp_service_get_creds_handle(gpcall->service); -@@ -470,8 +470,9 @@ uint32_t gp_import_gssx_cred(uint32_t *min, struct gp_call_ctx *gpcall, +@@ -469,8 +469,9 @@ uint32_t gp_import_gssx_cred(uint32_t *min, struct gp_call_ctx *gpcall, &cred->cred_handle_reference, &token.length, token.value); if (ret) { diff --git a/Include-header-for-writev.patch b/Include-header-for-writev.patch index fe2da5a..c79991a 100644 --- a/Include-header-for-writev.patch +++ b/Include-header-for-writev.patch @@ -1,4 +1,4 @@ -From 5597edf7a2289a54a1bd6a95a55422e40e9e1e6f Mon Sep 17 00:00:00 2001 +From 2e09eacffcf9750010b4d4a9aa7a518cdd267cfc Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Wed, 17 May 2017 12:21:37 -0400 Subject: [PATCH] Include header for writev() @@ -12,7 +12,7 @@ Merges: #186 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/proxy/src/gp_socket.c b/proxy/src/gp_socket.c -index 829ff21..e07789c 100644 +index 17ecf7c..29b6a44 100644 --- a/proxy/src/gp_socket.c +++ b/proxy/src/gp_socket.c @@ -1,19 +1,22 @@ diff --git a/Make-proc-file-failure-loud-but-nonfatal.patch b/Make-proc-file-failure-loud-but-nonfatal.patch index 3eabb88..18a58df 100644 --- a/Make-proc-file-failure-loud-but-nonfatal.patch +++ b/Make-proc-file-failure-loud-but-nonfatal.patch @@ -1,4 +1,4 @@ -From bc4c8a61c0615ca76b930a22e3602d0e1ec900f1 Mon Sep 17 00:00:00 2001 +From 938bd1adc15342e8ebed3d4e135d862e362a619e Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Thu, 25 May 2017 13:06:17 -0400 Subject: [PATCH] Make proc file failure loud but nonfatal @@ -12,7 +12,7 @@ Resolves: #190 1 file changed, 15 insertions(+), 19 deletions(-) diff --git a/proxy/src/gp_init.c b/proxy/src/gp_init.c -index 4673f02..e69934d 100644 +index bb7ba6b..d367f92 100644 --- a/proxy/src/gp_init.c +++ b/proxy/src/gp_init.c @@ -144,11 +144,11 @@ void init_proc_nfsd(struct gp_config *cfg) diff --git a/Only-empty-FILE-ccaches-when-storing-remote-creds.patch b/Only-empty-FILE-ccaches-when-storing-remote-creds.patch index 17f4da8..a0223e2 100644 --- a/Only-empty-FILE-ccaches-when-storing-remote-creds.patch +++ b/Only-empty-FILE-ccaches-when-storing-remote-creds.patch @@ -1,4 +1,4 @@ -From b03095e656ae083e078829a87e00d60f405c3cf4 Mon Sep 17 00:00:00 2001 +From dc8697b0c43007167c7054ceff84b6cc9c10fccf Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 10 Oct 2017 18:00:45 -0400 Subject: [PATCH] Only empty FILE ccaches when storing remote creds diff --git a/Prevent-uninitialized-read-in-error-path-of-XDR-cont.patch b/Prevent-uninitialized-read-in-error-path-of-XDR-cont.patch index 577e75c..66deb8a 100644 --- a/Prevent-uninitialized-read-in-error-path-of-XDR-cont.patch +++ b/Prevent-uninitialized-read-in-error-path-of-XDR-cont.patch @@ -1,4 +1,4 @@ -From 427c50c9b350e52a1c7aec444e383badc4fc5485 Mon Sep 17 00:00:00 2001 +From b7a3229b3314a58076c9ab6ce72a47fb16b9e162 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 12 Sep 2017 12:40:27 -0400 Subject: [PATCH] Prevent uninitialized read in error path of XDR contexts @@ -12,10 +12,10 @@ Merges: #211 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/proxy/src/client/gpm_common.c b/proxy/src/client/gpm_common.c -index 340da2f..5e097ce 100644 +index c65c69d..d0f99d6 100644 --- a/proxy/src/client/gpm_common.c +++ b/proxy/src/client/gpm_common.c -@@ -659,8 +659,8 @@ int gpm_make_call(int proc, union gp_rpc_arg *arg, union gp_rpc_res *res) +@@ -656,8 +656,8 @@ int gpm_make_call(int proc, union gp_rpc_arg *arg, union gp_rpc_res *res) { struct gpm_ctx *gpmctx; gp_rpc_msg msg; diff --git a/Properly-initialize-ccaches-before-storing-into-them.patch b/Properly-initialize-ccaches-before-storing-into-them.patch index 0817e46..87fd8dd 100644 --- a/Properly-initialize-ccaches-before-storing-into-them.patch +++ b/Properly-initialize-ccaches-before-storing-into-them.patch @@ -1,4 +1,4 @@ -From 0c5e9a662010a37f013fd3e517a5aec0bb592964 Mon Sep 17 00:00:00 2001 +From 573f03013df1673ba2e31180ab28a86564e02da5 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 5 Dec 2017 13:14:29 -0500 Subject: [PATCH] Properly initialize ccaches before storing into them diff --git a/Properly-locate-credentials-in-collection-caches-in-.patch b/Properly-locate-credentials-in-collection-caches-in-.patch index d784863..b7f97ad 100644 --- a/Properly-locate-credentials-in-collection-caches-in-.patch +++ b/Properly-locate-credentials-in-collection-caches-in-.patch @@ -1,4 +1,4 @@ -From 0bd013108403f9cbdccc34d24ea8c188bd6fd13a Mon Sep 17 00:00:00 2001 +From 87c96790b127cdcd90d61cdd0d638780d28035c8 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Mon, 20 Nov 2017 14:09:04 -0500 Subject: [PATCH] Properly locate credentials in collection caches in mechglue diff --git a/Remove-gpm_release_ctx-to-fix-double-unlock.patch b/Remove-gpm_release_ctx-to-fix-double-unlock.patch index 85f5445..cce478c 100644 --- a/Remove-gpm_release_ctx-to-fix-double-unlock.patch +++ b/Remove-gpm_release_ctx-to-fix-double-unlock.patch @@ -1,4 +1,4 @@ -From 74b537ecc4ce7115869658749bed5a9b43ead093 Mon Sep 17 00:00:00 2001 +From 9e2bdfeee30331254d21eaf9e9c000fb9e642fe9 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Thu, 23 Mar 2017 13:42:55 -0400 Subject: [PATCH] Remove gpm_release_ctx() to fix double unlock @@ -12,7 +12,7 @@ Merges: #173 1 file changed, 6 deletions(-) diff --git a/proxy/src/client/gpm_common.c b/proxy/src/client/gpm_common.c -index 0a54dbc..1366463 100644 +index 8c96986..69f4741 100644 --- a/proxy/src/client/gpm_common.c +++ b/proxy/src/client/gpm_common.c @@ -312,11 +312,6 @@ static struct gpm_ctx *gpm_get_ctx(void) @@ -27,7 +27,7 @@ index 0a54dbc..1366463 100644 OM_uint32 gpm_release_buffer(OM_uint32 *minor_status, gss_buffer_t buffer) { -@@ -502,7 +497,6 @@ done: +@@ -503,7 +498,6 @@ done: xdr_free((xdrproc_t)xdr_gp_rpc_msg, (char *)&msg); xdr_destroy(&xdr_call_ctx); xdr_destroy(&xdr_reply_ctx); diff --git a/Separate-cred-and-ccache-manipulation-in-gpp_store_r.patch b/Separate-cred-and-ccache-manipulation-in-gpp_store_r.patch index 7fd7ed4..f03e61a 100644 --- a/Separate-cred-and-ccache-manipulation-in-gpp_store_r.patch +++ b/Separate-cred-and-ccache-manipulation-in-gpp_store_r.patch @@ -1,4 +1,4 @@ -From 47637312e566d7fecf2bf9c60efe85faab0945cc Mon Sep 17 00:00:00 2001 +From 12383b4f01cfa8551d35ba9f483290c2861a5822 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Fri, 17 Nov 2017 13:53:37 -0500 Subject: [PATCH] Separate cred and ccache manipulation in diff --git a/Simplify-setting-NONBLOCK-on-socket.patch b/Simplify-setting-NONBLOCK-on-socket.patch index 322ca40..a7aff2e 100644 --- a/Simplify-setting-NONBLOCK-on-socket.patch +++ b/Simplify-setting-NONBLOCK-on-socket.patch @@ -1,4 +1,4 @@ -From 2d60f4ab0c74115877df00d23836e7d970eda7c4 Mon Sep 17 00:00:00 2001 +From 47702eef23a4a6b97d326a76f6569bd571b4abdf Mon Sep 17 00:00:00 2001 From: Alexander Scheel Date: Thu, 14 Sep 2017 10:57:12 -0500 Subject: [PATCH] Simplify setting NONBLOCK on socket @@ -14,7 +14,7 @@ Merges: #213 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/proxy/src/client/gpm_common.c b/proxy/src/client/gpm_common.c -index 5e097ce..c3ef96e 100644 +index d0f99d6..7d1158e 100644 --- a/proxy/src/client/gpm_common.c +++ b/proxy/src/client/gpm_common.c @@ -80,7 +80,6 @@ static int gpm_open_socket(struct gpm_ctx *gpmctx) diff --git a/Tolerate-NULL-pointers-in-gp_same.patch b/Tolerate-NULL-pointers-in-gp_same.patch index 62e3b28..635e7d6 100644 --- a/Tolerate-NULL-pointers-in-gp_same.patch +++ b/Tolerate-NULL-pointers-in-gp_same.patch @@ -1,4 +1,4 @@ -From 2f206673bed2acea306a1313b8158e126bbfecee Mon Sep 17 00:00:00 2001 +From f5d3edc57941ed2e10b9e4458c19772577dc2aa8 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 13 Jun 2017 14:22:44 -0400 Subject: [PATCH] Tolerate NULL pointers in gp_same @@ -14,7 +14,7 @@ Merges: #195 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/proxy/src/gp_util.c b/proxy/src/gp_util.c -index ca83eb3..aab56ba 100644 +index f158b84..5442992 100644 --- a/proxy/src/gp_util.c +++ b/proxy/src/gp_util.c @@ -12,10 +12,9 @@ diff --git a/Turn-on-Wextra.patch b/Turn-on-Wextra.patch new file mode 100644 index 0000000..bfec8e4 --- /dev/null +++ b/Turn-on-Wextra.patch @@ -0,0 +1,26 @@ +From a50ea0aa3dfd39ab4a3c39dde35c12fc51fe40d5 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Wed, 15 Mar 2017 13:28:26 -0400 +Subject: [PATCH] Turn on -Wextra + +Signed-off-by: Robbie Harwood +Reviewed-by: Simo Sorce +Merges: #173 +(cherry picked from commit 85bc3d794efa52aba4c32f6109e7e7741521ec5f) +--- + proxy/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/proxy/Makefile.am b/proxy/Makefile.am +index e1fbac1..5cd2255 100644 +--- a/proxy/Makefile.am ++++ b/proxy/Makefile.am +@@ -44,7 +44,7 @@ AM_CFLAGS += -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith \ + -Wcast-qual -Wcast-align -Wwrite-strings \ + -fstrict-aliasing -Wstrict-aliasing -Werror=strict-aliasing \ + -Werror-implicit-function-declaration \ +- -Werror=format-security ++ -Werror=format-security -Wextra + if BUILD_HARDENING + AM_CPPFLAGS += -D_FORTIFY_SOURCE=2 -Wdate-time + AM_CFLAGS += -fPIE -fstack-protector-strong diff --git a/Update-systemd-file.patch b/Update-systemd-file.patch index 952dc96..53a3c08 100644 --- a/Update-systemd-file.patch +++ b/Update-systemd-file.patch @@ -1,4 +1,4 @@ -From 88eccbb8ab00ee73c9f483d621e05cd57c41ceae Mon Sep 17 00:00:00 2001 +From 08d63fdf7c305965579a2fea2db63597690f38d9 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Wed, 26 Apr 2017 21:02:47 -0400 Subject: [PATCH] Update systemd file diff --git a/client-Switch-to-non-blocking-sockets.patch b/client-Switch-to-non-blocking-sockets.patch index 52a58bb..bb5889d 100644 --- a/client-Switch-to-non-blocking-sockets.patch +++ b/client-Switch-to-non-blocking-sockets.patch @@ -1,4 +1,4 @@ -From 8a453fde5c655ef19663a01f3d1a017a247c3c85 Mon Sep 17 00:00:00 2001 +From 4e551526d3400b09bfb8a16457c715378cb34edb Mon Sep 17 00:00:00 2001 From: Alexander Scheel Date: Wed, 2 Aug 2017 15:11:49 -0400 Subject: [PATCH] [client] Switch to non-blocking sockets @@ -19,7 +19,7 @@ Reviewed-by: Robbie Harwood 1 file changed, 295 insertions(+), 22 deletions(-) diff --git a/proxy/src/client/gpm_common.c b/proxy/src/client/gpm_common.c -index 12b14ae..9a10c2f 100644 +index 2133618..dba23a6 100644 --- a/proxy/src/client/gpm_common.c +++ b/proxy/src/client/gpm_common.c @@ -7,9 +7,15 @@ @@ -84,7 +84,7 @@ index 12b14ae..9a10c2f 100644 ret = connect(fd, (struct sockaddr *)&addr, sizeof(addr)); if (ret == -1) { ret = errno; -@@ -161,6 +185,158 @@ static int gpm_release_sock(struct gpm_ctx *gpmctx) +@@ -163,6 +187,158 @@ static int gpm_release_sock(struct gpm_ctx *gpmctx) return pthread_mutex_unlock(&gpmctx->lock); } @@ -243,7 +243,7 @@ index 12b14ae..9a10c2f 100644 /* must be called after the lock has been grabbed */ static int gpm_send_buffer(struct gpm_ctx *gpmctx, char *buffer, uint32_t length) -@@ -181,8 +357,13 @@ static int gpm_send_buffer(struct gpm_ctx *gpmctx, +@@ -183,8 +359,13 @@ static int gpm_send_buffer(struct gpm_ctx *gpmctx, retry = false; do { do { @@ -258,7 +258,7 @@ index 12b14ae..9a10c2f 100644 if (wn == -1) { ret = errno; } -@@ -190,8 +371,7 @@ static int gpm_send_buffer(struct gpm_ctx *gpmctx, +@@ -192,8 +373,7 @@ static int gpm_send_buffer(struct gpm_ctx *gpmctx, if (wn != 4) { /* reopen and retry once */ if (retry == false) { @@ -268,7 +268,7 @@ index 12b14ae..9a10c2f 100644 if (ret == 0) { retry = true; continue; -@@ -206,9 +386,14 @@ static int gpm_send_buffer(struct gpm_ctx *gpmctx, +@@ -208,9 +388,14 @@ static int gpm_send_buffer(struct gpm_ctx *gpmctx, pos = 0; while (length > pos) { @@ -285,7 +285,7 @@ index 12b14ae..9a10c2f 100644 continue; } ret = errno; -@@ -229,7 +414,7 @@ done: +@@ -231,7 +416,7 @@ done: /* must be called after the lock has been grabbed */ static int gpm_recv_buffer(struct gpm_ctx *gpmctx, @@ -293,8 +293,8 @@ index 12b14ae..9a10c2f 100644 + char **buffer, uint32_t *length) { uint32_t size; - size_t rn; -@@ -237,6 +422,11 @@ static int gpm_recv_buffer(struct gpm_ctx *gpmctx, + ssize_t rn; +@@ -239,6 +424,11 @@ static int gpm_recv_buffer(struct gpm_ctx *gpmctx, int ret; do { @@ -306,7 +306,7 @@ index 12b14ae..9a10c2f 100644 ret = 0; rn = read(gpmctx->fd, &size, sizeof(uint32_t)); if (rn == -1) { -@@ -256,11 +446,22 @@ static int gpm_recv_buffer(struct gpm_ctx *gpmctx, +@@ -258,11 +448,22 @@ static int gpm_recv_buffer(struct gpm_ctx *gpmctx, goto done; } @@ -331,7 +331,7 @@ index 12b14ae..9a10c2f 100644 continue; } ret = errno; -@@ -279,6 +480,7 @@ done: +@@ -281,6 +482,7 @@ done: if (ret) { /* on errors we can only close the fd and return */ gpm_close_socket(gpmctx); @@ -339,7 +339,7 @@ index 12b14ae..9a10c2f 100644 } return ret; } -@@ -312,6 +514,63 @@ static struct gpm_ctx *gpm_get_ctx(void) +@@ -309,6 +511,63 @@ static struct gpm_ctx *gpm_get_ctx(void) return &gpm_global_ctx; } @@ -403,7 +403,7 @@ index 12b14ae..9a10c2f 100644 OM_uint32 gpm_release_buffer(OM_uint32 *minor_status, gss_buffer_t buffer) { -@@ -402,15 +661,20 @@ int gpm_make_call(int proc, union gp_rpc_arg *arg, union gp_rpc_res *res) +@@ -399,15 +658,20 @@ int gpm_make_call(int proc, union gp_rpc_arg *arg, union gp_rpc_res *res) gp_rpc_msg msg; XDR xdr_call_ctx; XDR xdr_reply_ctx; @@ -428,7 +428,7 @@ index 12b14ae..9a10c2f 100644 memset(&msg, 0, sizeof(gp_rpc_msg)); msg.header.type = GP_RPC_CALL; -@@ -453,22 +717,22 @@ int gpm_make_call(int proc, union gp_rpc_arg *arg, union gp_rpc_res *res) +@@ -450,22 +714,22 @@ int gpm_make_call(int proc, union gp_rpc_arg *arg, union gp_rpc_res *res) goto done; } @@ -460,7 +460,7 @@ index 12b14ae..9a10c2f 100644 /* decode header */ memset(&msg, 0, sizeof(gp_rpc_msg)); xdrok = xdr_gp_rpc_msg(&xdr_reply_ctx, &msg); -@@ -492,12 +756,21 @@ int gpm_make_call(int proc, union gp_rpc_arg *arg, union gp_rpc_res *res) +@@ -489,12 +753,21 @@ int gpm_make_call(int proc, union gp_rpc_arg *arg, union gp_rpc_res *res) } done: diff --git a/gssproxy.spec b/gssproxy.spec index 5fd5edf..7a1f103 100644 --- a/gssproxy.spec +++ b/gssproxy.spec @@ -1,6 +1,6 @@ Name: gssproxy Version: 0.7.0 -Release: 26%{?dist} +Release: 27%{?dist} Summary: GSSAPI Proxy Group: System Environment/Libraries @@ -17,31 +17,37 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) Patch0: Properly-renew-expired-credentials.patch Patch1: Change-impersonator-check-code.patch Patch2: Allow-connection-to-self-when-impersonator-set.patch -Patch3: Remove-gpm_release_ctx-to-fix-double-unlock.patch -Patch4: Update-systemd-file.patch -Patch5: Fix-unused-variables.patch -Patch6: Fix-segfault-when-no-config-files-are-present.patch -Patch7: Include-header-for-writev.patch Patch8: Make-proc-file-failure-loud-but-nonfatal.patch -Patch9: Tolerate-NULL-pointers-in-gp_same.patch -Patch10: Add-Client-ID-to-debug-messages.patch -Patch11: client-Switch-to-non-blocking-sockets.patch -Patch12: server-Add-detailed-request-logging.patch -Patch13: Fix-potential-free-of-non-heap-address.patch -Patch14: Prevent-uninitialized-read-in-error-path-of-XDR-cont.patch -Patch15: Simplify-setting-NONBLOCK-on-socket.patch -Patch16: Fix-handling-of-non-EPOLLIN-EPOLLOUT-events.patch -Patch17: Fix-error-handling-in-gpm_send_buffer-gpm_recv_buffe.patch -Patch18: Handle-outdated-encrypted-ccaches.patch +Patch9: Turn-on-Wextra.patch +Patch10: Fix-unused-variables.patch +Patch11: Fix-mismatched-sign-comparisons.patch +Patch12: Fix-error-checking-on-get_impersonator_fallback.patch +Patch13: Remove-gpm_release_ctx-to-fix-double-unlock.patch +Patch14: Appease-gcc-7-s-fallthrough-detection.patch +Patch15: Fix-memory-leak.patch +Patch16: Fix-most-memory-leaks.patch +Patch17: Fix-segfault-when-no-config-files-are-present.patch +Patch18: Update-systemd-file.patch Patch19: Fix-error-handling-in-gp_config_from_dir.patch Patch20: Fix-silent-crash-with-duplicate-config-sections.patch -Patch21: Emit-debug-on-queue-errors.patch -Patch22: Do-not-call-gpm_grab_sock-twice.patch -Patch23: Fix-error-message-handling-in-gp_config_from_dir.patch -Patch24: Only-empty-FILE-ccaches-when-storing-remote-creds.patch +Patch21: Do-not-call-gpm_grab_sock-twice.patch +Patch22: Fix-error-message-handling-in-gp_config_from_dir.patch +Patch23: Only-empty-FILE-ccaches-when-storing-remote-creds.patch +Patch24: Handle-outdated-encrypted-ccaches.patch Patch25: Separate-cred-and-ccache-manipulation-in-gpp_store_r.patch Patch26: Properly-locate-credentials-in-collection-caches-in-.patch Patch27: Properly-initialize-ccaches-before-storing-into-them.patch +Patch28: Include-header-for-writev.patch +Patch29: Tolerate-NULL-pointers-in-gp_same.patch +Patch30: Add-Client-ID-to-debug-messages.patch +Patch31: client-Switch-to-non-blocking-sockets.patch +Patch32: server-Add-detailed-request-logging.patch +Patch33: Fix-potential-free-of-non-heap-address.patch +Patch34: Prevent-uninitialized-read-in-error-path-of-XDR-cont.patch +Patch35: Simplify-setting-NONBLOCK-on-socket.patch +Patch36: Fix-handling-of-non-EPOLLIN-EPOLLOUT-events.patch +Patch37: Fix-error-handling-in-gpm_send_buffer-gpm_recv_buffe.patch +Patch38: Emit-debug-on-queue-errors.patch ### Dependencies ### Requires: krb5-libs >= 1.12.0 @@ -139,6 +145,10 @@ rm -rf %{buildroot} %systemd_postun_with_restart gssproxy.service %changelog +* Tue Dec 12 2017 Robbie Harwood - 0.7.0-27 +- More code hygeine fixes from upstream +- Reorder patches to match el7 + * Tue Dec 05 2017 Robbie Harwood - 0.7.0-26 - Properly initialize ccaches before storing into them diff --git a/server-Add-detailed-request-logging.patch b/server-Add-detailed-request-logging.patch index 1298093..521a516 100644 --- a/server-Add-detailed-request-logging.patch +++ b/server-Add-detailed-request-logging.patch @@ -1,4 +1,4 @@ -From fa32378a02d8d8f95e1d3942c7cfc151e0018d4a Mon Sep 17 00:00:00 2001 +From 0311d4c0a4305d6e85d937f5ba2b83c8cf5e53e3 Mon Sep 17 00:00:00 2001 From: Alexander Scheel Date: Fri, 4 Aug 2017 16:09:20 -0400 Subject: [PATCH] [server] Add detailed request logging @@ -47,7 +47,7 @@ index 0ea17f0..eaffc55 100644 /* free resources */ gp_rpc_free_xdrs(proc, &arg, &res); diff --git a/proxy/src/gp_socket.c b/proxy/src/gp_socket.c -index 133db9c..1974a28 100644 +index 5064e51..8675a0e 100644 --- a/proxy/src/gp_socket.c +++ b/proxy/src/gp_socket.c @@ -441,6 +441,8 @@ void gp_socket_send_data(verto_ctx *vctx, struct gp_conn *conn, @@ -79,7 +79,7 @@ index 133db9c..1974a28 100644 gp_buffer_free(wbuf); } @@ -498,6 +505,8 @@ static void gp_socket_write(verto_ctx *vctx, verto_ev *ev) - if (wn < sizeof(size)) { + if (wn < (ssize_t) sizeof(size)) { /* don't bother trying to handle sockets that can't * buffer even 4 bytes */ + GPDEBUGN(3, "[status] Sending data [%p (%zu)]: failed with short "