This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU gss".
http://git.savannah.gnu.org/cgit/gss.git/commit/?id=ec52111d8aff86cdda5167b4b973702ae225de39 The branch, master has been updated via ec52111d8aff86cdda5167b4b973702ae225de39 (commit) via ead1fa8afbd141074304c28a8dbb3eafb1533c3b (commit) from 760853a2d4f8524a2438d2414f8478e211f24cb9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ec52111d8aff86cdda5167b4b973702ae225de39 Author: Simon Josefsson <[email protected]> Date: Fri Mar 19 12:35:00 2010 +0100 Correctly hash all of channel bindings. commit ead1fa8afbd141074304c28a8dbb3eafb1533c3b Author: Simon Josefsson <[email protected]> Date: Thu Mar 18 13:14:51 2010 +0100 Test channel bindings too, to avoid regressions. ----------------------------------------------------------------------- Summary of changes: lib/krb5/checksum.c | 62 ++++++++++++++++++++++++++++++++++++-------------- tests/krb5context.c | 26 +++++++++++++++++++-- 2 files changed, 67 insertions(+), 21 deletions(-) diff --git a/lib/krb5/checksum.c b/lib/krb5/checksum.c index bf0b86c..b147bbc 100644 --- a/lib/krb5/checksum.c +++ b/lib/krb5/checksum.c @@ -26,6 +26,15 @@ /* Get specification. */ #include "checksum.h" +static void +pack_uint32 (OM_uint32 i, char *buf) +{ + buf[0] = i & 0xFF; + buf[1] = (i >> 8) & 0xFF; + buf[2] = (i >> 16) & 0xFF; + buf[3] = (i >> 24) & 0xFF; +} + static int hash_cb (OM_uint32 *minor_status, gss_ctx_id_t * context_handle, @@ -34,25 +43,20 @@ hash_cb (OM_uint32 *minor_status, { gss_ctx_id_t ctx = *context_handle; _gss_krb5_ctx_t k5 = ctx->krb5; - char *buf; + char *buf, *p; size_t len; int res; - /* We don't support addresses. */ - if (input_chan_bindings->initiator_addrtype != 0 || - input_chan_bindings->initiator_address.length != 0 || - input_chan_bindings->initiator_address.value != NULL || - input_chan_bindings->acceptor_addrtype != 0 || - input_chan_bindings->acceptor_address.length != 0 || - input_chan_bindings->acceptor_address.value != NULL) - return GSS_S_FAILURE; - - /* We need to hash the four OM_uint32 values, for the - initiator_addrtype, initiator_address.length, accept_addrtype, - and accept_address.length. */ + if (input_chan_bindings->initiator_address.length > UINT32_MAX || + input_chan_bindings->acceptor_address.length > UINT32_MAX || + input_chan_bindings->application_data.length > UINT32_MAX) + return GSS_S_BAD_BINDINGS; - len = 4 * 4 + input_chan_bindings->application_data.length; - buf = malloc (len); + len = sizeof (OM_uint32) * 5 + + input_chan_bindings->initiator_address.length + + input_chan_bindings->acceptor_address.length + + input_chan_bindings->application_data.length; + p = buf = malloc (len); if (!buf) { if (minor_status) @@ -60,9 +64,31 @@ hash_cb (OM_uint32 *minor_status, return GSS_S_FAILURE; } - memset (buf, 0, 4 * 4); - memcpy (buf + 4 * 4, input_chan_bindings->application_data.value, - input_chan_bindings->application_data.length); + pack_uint32 (input_chan_bindings->initiator_addrtype, p); + p += sizeof (OM_uint32); + pack_uint32 (input_chan_bindings->initiator_address.length, p); + p += sizeof (OM_uint32); + if (input_chan_bindings->initiator_address.length > 0) + { + memcpy (p, input_chan_bindings->initiator_address.value, + input_chan_bindings->initiator_address.length); + p += input_chan_bindings->initiator_address.length; + } + pack_uint32 (input_chan_bindings->acceptor_addrtype, p); + p += sizeof (OM_uint32); + pack_uint32 (input_chan_bindings->acceptor_address.length, p); + p += sizeof (OM_uint32); + if (input_chan_bindings->acceptor_address.length > 0) + { + memcpy (p, input_chan_bindings->acceptor_address.value, + input_chan_bindings->acceptor_address.length); + p += input_chan_bindings->acceptor_address.length; + } + pack_uint32 (input_chan_bindings->application_data.length, p); + p += sizeof (OM_uint32); + if (input_chan_bindings->application_data.value > 0) + memcpy (p, input_chan_bindings->application_data.value, + input_chan_bindings->application_data.length); res = shishi_md5 (k5->sh, buf, len, out); free (buf); diff --git a/tests/krb5context.c b/tests/krb5context.c index 946e823..87ea506 100644 --- a/tests/krb5context.c +++ b/tests/krb5context.c @@ -81,6 +81,11 @@ main (int argc, char *argv[]) gss_cred_id_t server_creds; Shishi *handle; size_t i; + struct gss_channel_bindings_struct cb; + + memset (&cb, 0, sizeof (cb)); + cb.application_data.length = 3; + cb.application_data.value = (char*) "hej"; do if (strcmp (argv[argc - 1], "-v") == 0 || @@ -146,7 +151,7 @@ main (int argc, char *argv[]) break; case 1: - /* Default OID. */ + /* Default OID, channel bindings. */ maj_stat = gss_init_sec_context (&min_stat, GSS_C_NO_CREDENTIAL, &cctx, @@ -156,7 +161,7 @@ main (int argc, char *argv[]) GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG, 0, - GSS_C_NO_CHANNEL_BINDINGS, + &cb, GSS_C_NO_BUFFER, NULL, &bufdesc2, NULL, NULL); if (maj_stat != GSS_S_CONTINUE_NEEDED) @@ -226,7 +231,19 @@ main (int argc, char *argv[]) fail ("loop 0 accept flag failure (%d)\n", ret_flags); break; - default: + case 1: + maj_stat = gss_accept_sec_context (&min_stat, + &sctx, + server_creds, + &bufdesc2, + &cb, + &name, + NULL, + &bufdesc, + &ret_flags, &time_rec, NULL); + break; + + case 2: maj_stat = gss_accept_sec_context (&min_stat, &sctx, server_creds, @@ -237,6 +254,9 @@ main (int argc, char *argv[]) &bufdesc, &ret_flags, &time_rec, NULL); break; + default: + fail ("default?!\n"); + break; } if (GSS_ERROR (maj_stat)) { hooks/post-receive -- GNU gss _______________________________________________ Gss-commit mailing list [email protected] http://lists.gnu.org/mailman/listinfo/gss-commit
