Attachment #379434 for bug #614293

View | Details | Raw Unified | Return to bug 614293
Collapse All | Expand All




#include <rpc/rpc.h>
#include <gssapi/gssapi.h>

/* additional space needed for encoding */
#define RPC_SLACK_SPACE 1024

bool_t
xdr_rpc_gss_buf(XDR *xdrs, gss_buffer_t buf, u_int maxsize)
{
	bool_t xdr_stat;
	u_int tmplen;

	if (xdrs->x_op != XDR_DECODE) {
		if (buf->length > UINT_MAX)
			return FALSE;
		else
			tmplen = buf->length;
	}
	xdr_stat = xdr_bytes(xdrs, (char **)&buf->value, &tmplen, maxsize);

	if (xdr_stat && xdrs->x_op == XDR_DECODE)
		buf->length = tmplen;

	log_debug("xdr_rpc_gss_buf: %s %s (%p:%d)",
		  (xdrs->x_op == XDR_ENCODE) ? "encode" : "decode",
		  (xdr_stat == TRUE) ? "success" : "failure",
		  buf->value, buf->length);

	return xdr_stat;
}

bool_t
xdr_rpc_gss_cred(XDR *xdrs, struct rpc_gss_cred *p)
{

		    xdr_enum(xdrs, (enum_t *)&p->gc_proc) &&
		    xdr_u_int(xdrs, &p->gc_seq) &&
		    xdr_enum(xdrs, (enum_t *)&p->gc_svc) &&
		    xdr_rpc_gss_buf(xdrs, &p->gc_ctx, MAX_AUTH_BYTES));
			      (u_int *)&p->gc_ctx.length, MAX_AUTH_BYTES));

	log_debug("xdr_rpc_gss_cred: %s %s "
		  "(v %d, proc %d, seq %d, svc %d, ctx %p:%d)",

xdr_rpc_gss_init_args(XDR *xdrs, gss_buffer_desc *p)
{
	bool_t xdr_stat;
	u_int maxlen = (u_int)(p->length + RPC_SLACK_SPACE);

	xdr_stat = xdr_rpc_gss_buf(xdrs, p, maxlen);
			      (u_int *)&p->length, MAX_NETOBJ_SZ);

	log_debug("xdr_rpc_gss_init_args: %s %s (token %p:%d)",
		  (xdrs->x_op == XDR_ENCODE) ? "encode" : "decode",

{
	bool_t xdr_stat;

	u_int ctx_maxlen = (u_int)(p->gr_ctx.length + RPC_SLACK_SPACE);
	u_int tok_maxlen = (u_int)(p->gr_token.length + RPC_SLACK_SPACE);

	xdr_stat = (xdr_rpc_gss_buf(xdrs, &p->gr_ctx, ctx_maxlen) &&
		    xdr_u_int(xdrs, &p->gr_major) &&
		    xdr_u_int(xdrs, &p->gr_minor) &&
		    xdr_u_int(xdrs, &p->gr_win) &&
		    xdr_rpc_gss_buf(xdrs, &p->gr_token, tok_maxlen));
			      (u_int *)&p->gr_token.length, MAX_NETOBJ_SZ));

	log_debug("xdr_rpc_gss_init_res %s %s "
		  "(ctx %p:%d, maj %d, min %d, win %d, token %p:%d)",

	OM_uint32	maj_stat, min_stat;
	int		start, end, conf_state;
	bool_t		xdr_stat;
	u_int		databuflen, maxwrapsz;

	/* Skip databody length. */
	start = XDR_GETPOS(xdrs);
	XDR_SETPOS(xdrs, start + 4);

	memset(&databuf, 0, sizeof(databuf));
	memset(&wrapbuf, 0, sizeof(wrapbuf));

	/* Marshal rpc_gss_data_t (sequence number + arguments). */
	if (!xdr_u_int(xdrs, &seq) || !(*xdr_func)(xdrs, xdr_ptr))
		return (FALSE);
	end = XDR_GETPOS(xdrs);

	/* Set databuf to marshalled rpc_gss_data_t. */
	databuflen = end - start - 4;
	XDR_SETPOS(xdrs, start + 4);
	databuf.value = XDR_INLINE(xdrs, databuflen);

	xdr_stat = FALSE;

	if (svc == RPCSEC_GSS_SVC_INTEGRITY) {
		/* Marshal databody_integ length. */
		XDR_SETPOS(xdrs, start);
		if (!xdr_u_int(xdrs, (u_int *)&databuflen))
			return (FALSE);
		databuf.length = databuflen;

		/* Checksum rpc_gss_data_t. */
		maj_stat = gss_get_mic(&min_stat, ctx, qop,

		}
		/* Marshal checksum. */
		XDR_SETPOS(xdrs, end);
		maxwrapsz = (u_int)(wrapbuf.length + RPC_SLACK_SPACE);
		xdr_stat = xdr_rpc_gss_buf(xdrs, &wrapbuf, maxwrapsz);
		gss_release_buffer(&min_stat, &wrapbuf);
	}
	else if (svc == RPCSEC_GSS_SVC_PRIVACY) {

		}
		/* Marshal databody_priv. */
		XDR_SETPOS(xdrs, start);
		maxwrapsz = (u_int)(wrapbuf.length + RPC_SLACK_SPACE);
		xdr_stat = xdr_rpc_gss_buf(xdrs, &wrapbuf, maxwrapsz);
		gss_release_buffer(&min_stat, &wrapbuf);
	}
	return (xdr_stat);


	if (svc == RPCSEC_GSS_SVC_INTEGRITY) {
		/* Decode databody_integ. */
		if (!xdr_rpc_gss_buf(xdrs, &databuf, (u_int)-1)) {
			       MAX_NETOBJ_SZ)) {
			log_debug("xdr decode databody_integ failed");
			return (FALSE);
		}
		/* Decode checksum. */
		if (!xdr_rpc_gss_buf(xdrs, &wrapbuf, (u_int)-1)) {
			       MAX_NETOBJ_SZ)) {
			gss_release_buffer(&min_stat, &databuf);
			log_debug("xdr decode checksum failed");
			return (FALSE);

	}
	else if (svc == RPCSEC_GSS_SVC_PRIVACY) {
		/* Decode databody_priv. */
		if (!xdr_rpc_gss_buf(xdrs, &wrapbuf, (u_int)-1)) {
			       MAX_NETOBJ_SZ)) {
			log_debug("xdr decode databody_priv failed");
			return (FALSE);
		}

Return to bug 614293

Lines 44-49 Link Here

(-)a/src/authgss_prot.c (-21 / +51 lines)
44	#include <rpc/rpc.h>	44	#include <rpc/rpc.h>
45	#include <gssapi/gssapi.h>	45	#include <gssapi/gssapi.h>
46		46
		47	/* additional space needed for encoding */
		48	#define RPC_SLACK_SPACE 1024
		49
		50	bool_t
		51	xdr_rpc_gss_buf(XDR *xdrs, gss_buffer_t buf, u_int maxsize)
		52	{
		53	bool_t xdr_stat;
		54	u_int tmplen;
		55
		56	if (xdrs->x_op != XDR_DECODE) {
		57	if (buf->length > UINT_MAX)
		58	return FALSE;
		59	else
		60	tmplen = buf->length;
		61	}
		62	xdr_stat = xdr_bytes(xdrs, (char **)&buf->value, &tmplen, maxsize);
		63
		64	if (xdr_stat && xdrs->x_op == XDR_DECODE)
		65	buf->length = tmplen;
		66
		67	log_debug("xdr_rpc_gss_buf: %s %s (%p:%d)",
		68	(xdrs->x_op == XDR_ENCODE) ? "encode" : "decode",
		69	(xdr_stat == TRUE) ? "success" : "failure",
		70	buf->value, buf->length);
		71
		72	return xdr_stat;
		73	}
		74
47	bool_t	75	bool_t
48	xdr_rpc_gss_cred(XDR xdrs, struct rpc_gss_cred p)	76	xdr_rpc_gss_cred(XDR xdrs, struct rpc_gss_cred p)
49	{	77	{
Lines 53-60 xdr_rpc_gss_cred(XDR xdrs, struct rpc_gss_cred p) Link Here
53	xdr_enum(xdrs, (enum_t *)&p->gc_proc) &&	81	xdr_enum(xdrs, (enum_t *)&p->gc_proc) &&
54	xdr_u_int(xdrs, &p->gc_seq) &&	82	xdr_u_int(xdrs, &p->gc_seq) &&
55	xdr_enum(xdrs, (enum_t *)&p->gc_svc) &&	83	xdr_enum(xdrs, (enum_t *)&p->gc_svc) &&
56	xdr_bytes(xdrs, (char **)&p->gc_ctx.value,	84	xdr_rpc_gss_buf(xdrs, &p->gc_ctx, MAX_AUTH_BYTES));
57	(u_int *)&p->gc_ctx.length, MAX_AUTH_BYTES));
58		85
59	log_debug("xdr_rpc_gss_cred: %s %s "	86	log_debug("xdr_rpc_gss_cred: %s %s "
60	"(v %d, proc %d, seq %d, svc %d, ctx %p:%d)",	87	"(v %d, proc %d, seq %d, svc %d, ctx %p:%d)",
Lines 70-78 bool_t Link Here
70	xdr_rpc_gss_init_args(XDR xdrs, gss_buffer_desc p)	97	xdr_rpc_gss_init_args(XDR xdrs, gss_buffer_desc p)
71	{	98	{
72	bool_t xdr_stat;	99	bool_t xdr_stat;
		100	u_int maxlen = (u_int)(p->length + RPC_SLACK_SPACE);
73		101
74	xdr_stat = xdr_bytes(xdrs, (char **)&p->value,	102	xdr_stat = xdr_rpc_gss_buf(xdrs, p, maxlen);
75	(u_int *)&p->length, MAX_NETOBJ_SZ);
76		103
77	log_debug("xdr_rpc_gss_init_args: %s %s (token %p:%d)",	104	log_debug("xdr_rpc_gss_init_args: %s %s (token %p:%d)",
78	(xdrs->x_op == XDR_ENCODE) ? "encode" : "decode",	105	(xdrs->x_op == XDR_ENCODE) ? "encode" : "decode",
Lines 87-99 xdr_rpc_gss_init_res(XDR xdrs, struct rpc_gss_init_res p) Link Here
87	{	114	{
88	bool_t xdr_stat;	115	bool_t xdr_stat;
89		116
90	xdr_stat = (xdr_bytes(xdrs, (char **)&p->gr_ctx.value,	117	u_int ctx_maxlen = (u_int)(p->gr_ctx.length + RPC_SLACK_SPACE);
91	(u_int *)&p->gr_ctx.length, MAX_NETOBJ_SZ) &&	118	u_int tok_maxlen = (u_int)(p->gr_token.length + RPC_SLACK_SPACE);
		119
		120	xdr_stat = (xdr_rpc_gss_buf(xdrs, &p->gr_ctx, ctx_maxlen) &&
92	xdr_u_int(xdrs, &p->gr_major) &&	121	xdr_u_int(xdrs, &p->gr_major) &&
93	xdr_u_int(xdrs, &p->gr_minor) &&	122	xdr_u_int(xdrs, &p->gr_minor) &&
94	xdr_u_int(xdrs, &p->gr_win) &&	123	xdr_u_int(xdrs, &p->gr_win) &&
95	xdr_bytes(xdrs, (char **)&p->gr_token.value,	124	xdr_rpc_gss_buf(xdrs, &p->gr_token, tok_maxlen));
96	(u_int *)&p->gr_token.length, MAX_NETOBJ_SZ));
97		125
98	log_debug("xdr_rpc_gss_init_res %s %s "	126	log_debug("xdr_rpc_gss_init_res %s %s "
99	"(ctx %p:%d, maj %d, min %d, win %d, token %p:%d)",	127	"(ctx %p:%d, maj %d, min %d, win %d, token %p:%d)",
Lines 115-142 xdr_rpc_gss_wrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr, Link Here
115	OM_uint32 maj_stat, min_stat;	143	OM_uint32 maj_stat, min_stat;
116	int start, end, conf_state;	144	int start, end, conf_state;
117	bool_t xdr_stat;	145	bool_t xdr_stat;
		146	u_int databuflen, maxwrapsz;
118		147
119	/* Skip databody length. */	148	/* Skip databody length. */
120	start = XDR_GETPOS(xdrs);	149	start = XDR_GETPOS(xdrs);
121	XDR_SETPOS(xdrs, start + 4);	150	XDR_SETPOS(xdrs, start + 4);
122		151
		152	memset(&databuf, 0, sizeof(databuf));
		153	memset(&wrapbuf, 0, sizeof(wrapbuf));
		154
123	/* Marshal rpc_gss_data_t (sequence number + arguments). */	155	/* Marshal rpc_gss_data_t (sequence number + arguments). */
124	if (!xdr_u_int(xdrs, &seq) \|\| !(*xdr_func)(xdrs, xdr_ptr))	156	if (!xdr_u_int(xdrs, &seq) \|\| !(*xdr_func)(xdrs, xdr_ptr))
125	return (FALSE);	157	return (FALSE);
126	end = XDR_GETPOS(xdrs);	158	end = XDR_GETPOS(xdrs);
127		159
128	/* Set databuf to marshalled rpc_gss_data_t. */	160	/* Set databuf to marshalled rpc_gss_data_t. */
129	databuf.length = end - start - 4;	161	databuflen = end - start - 4;
130	XDR_SETPOS(xdrs, start + 4);	162	XDR_SETPOS(xdrs, start + 4);
131	databuf.value = XDR_INLINE(xdrs, databuf.length);	163	databuf.value = XDR_INLINE(xdrs, databuflen);
132		164
133	xdr_stat = FALSE;	165	xdr_stat = FALSE;
134		166
135	if (svc == RPCSEC_GSS_SVC_INTEGRITY) {	167	if (svc == RPCSEC_GSS_SVC_INTEGRITY) {
136	/* Marshal databody_integ length. */	168	/* Marshal databody_integ length. */
137	XDR_SETPOS(xdrs, start);	169	XDR_SETPOS(xdrs, start);
138	if (!xdr_u_int(xdrs, (u_int *)&databuf.length))	170	if (!xdr_u_int(xdrs, (u_int *)&databuflen))
139	return (FALSE);	171	return (FALSE);
		172	databuf.length = databuflen;
140		173
141	/* Checksum rpc_gss_data_t. */	174	/* Checksum rpc_gss_data_t. */
142	maj_stat = gss_get_mic(&min_stat, ctx, qop,	175	maj_stat = gss_get_mic(&min_stat, ctx, qop,
Lines 147-154 xdr_rpc_gss_wrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr, Link Here
147	}	180	}
148	/* Marshal checksum. */	181	/* Marshal checksum. */
149	XDR_SETPOS(xdrs, end);	182	XDR_SETPOS(xdrs, end);
150	xdr_stat = xdr_bytes(xdrs, (char **)&wrapbuf.value,	183	maxwrapsz = (u_int)(wrapbuf.length + RPC_SLACK_SPACE);
151	(u_int *)&wrapbuf.length, MAX_NETOBJ_SZ);	184	xdr_stat = xdr_rpc_gss_buf(xdrs, &wrapbuf, maxwrapsz);
152	gss_release_buffer(&min_stat, &wrapbuf);	185	gss_release_buffer(&min_stat, &wrapbuf);
153	}	186	}
154	else if (svc == RPCSEC_GSS_SVC_PRIVACY) {	187	else if (svc == RPCSEC_GSS_SVC_PRIVACY) {
Lines 161-168 xdr_rpc_gss_wrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr, Link Here
161	}	194	}
162	/* Marshal databody_priv. */	195	/* Marshal databody_priv. */
163	XDR_SETPOS(xdrs, start);	196	XDR_SETPOS(xdrs, start);
164	xdr_stat = xdr_bytes(xdrs, (char **)&wrapbuf.value,	197	maxwrapsz = (u_int)(wrapbuf.length + RPC_SLACK_SPACE);
165	(u_int *)&wrapbuf.length, MAX_NETOBJ_SZ);	198	xdr_stat = xdr_rpc_gss_buf(xdrs, &wrapbuf, maxwrapsz);
166	gss_release_buffer(&min_stat, &wrapbuf);	199	gss_release_buffer(&min_stat, &wrapbuf);
167	}	200	}
168	return (xdr_stat);	201	return (xdr_stat);
Lines 188-201 xdr_rpc_gss_unwrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr, Link Here
188		221
189	if (svc == RPCSEC_GSS_SVC_INTEGRITY) {	222	if (svc == RPCSEC_GSS_SVC_INTEGRITY) {
190	/* Decode databody_integ. */	223	/* Decode databody_integ. */
191	if (!xdr_bytes(xdrs, (char *)&databuf.value, (u_int )&databuf.length,	224	if (!xdr_rpc_gss_buf(xdrs, &databuf, (u_int)-1)) {
192	MAX_NETOBJ_SZ)) {
193	log_debug("xdr decode databody_integ failed");	225	log_debug("xdr decode databody_integ failed");
194	return (FALSE);	226	return (FALSE);
195	}	227	}
196	/* Decode checksum. */	228	/* Decode checksum. */
197	if (!xdr_bytes(xdrs, (char *)&wrapbuf.value, (u_int )&wrapbuf.length,	229	if (!xdr_rpc_gss_buf(xdrs, &wrapbuf, (u_int)-1)) {
198	MAX_NETOBJ_SZ)) {
199	gss_release_buffer(&min_stat, &databuf);	230	gss_release_buffer(&min_stat, &databuf);
200	log_debug("xdr decode checksum failed");	231	log_debug("xdr decode checksum failed");
201	return (FALSE);	232	return (FALSE);
Lines 213-220 xdr_rpc_gss_unwrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr, Link Here
213	}	244	}
214	else if (svc == RPCSEC_GSS_SVC_PRIVACY) {	245	else if (svc == RPCSEC_GSS_SVC_PRIVACY) {
215	/* Decode databody_priv. */	246	/* Decode databody_priv. */
216	if (!xdr_bytes(xdrs, (char *)&wrapbuf.value, (u_int )&wrapbuf.length,	247	if (!xdr_rpc_gss_buf(xdrs, &wrapbuf, (u_int)-1)) {
217	MAX_NETOBJ_SZ)) {
218	log_debug("xdr decode databody_priv failed");	248	log_debug("xdr decode databody_priv failed");
219	return (FALSE);	249	return (FALSE);
220	}	250	}