The branch, master has been updated
via 69a7e3c s4: libcli: ldap message - Ensure all asn1_XX returns are
checked.
via b1a1f69 s4: libcli: ldap controls - Ensure all asn1_XX returns are
checked.
via ac54f51 s3: tldap_util: Ensure all asn1_XX returns are checked.
via e6cf99c s4: auth: gensec: asn1 fixes - check all returns.
via a2f779f s3: tldap: Ensure all asn1_XX returns are checked.
via a713623 s3: libsmb: Ensure all asn1_XX returns are checked.
via 53f21ff libcli: auth: Ensure all asn1_XX returns are checked.
via 612b742 lib: util: asn1 tests. Check every asn1 return.
via 4dba8fd auth: gensec: asn1 fixes - check all returns.
via f102752 lib: util: asn1 fixes - check all returns.
from b6ec190 vfs_fruit: update rfork size in AppleDouble header
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 69a7e3cfdc8dbba9c8dcfdfae82d2894c7247e15
Author: Jeremy Allison <j...@samba.org>
Date: Mon Sep 22 16:08:26 2014 -0700
s4: libcli: ldap message - Ensure all asn1_XX returns are checked.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Ronnie Sahlberg <ronniesahlb...@gmail.com>
Autobuild-User(master): Jeremy Allison <j...@samba.org>
Autobuild-Date(master): Fri Sep 26 03:15:00 CEST 2014 on sn-devel-104
commit b1a1f691c8d1b6b1064a5033c81451e5c606b9f4
Author: Jeremy Allison <j...@samba.org>
Date: Mon Sep 22 13:28:18 2014 -0700
s4: libcli: ldap controls - Ensure all asn1_XX returns are checked.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Ronnie Sahlberg <ronniesahlb...@gmail.com>
commit ac54f519cbb332b5d8aab06c3fa61780d8f3ee0f
Author: Jeremy Allison <j...@samba.org>
Date: Fri Sep 19 15:21:06 2014 -0700
s3: tldap_util: Ensure all asn1_XX returns are checked.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Ronnie Sahlberg <ronniesahlb...@gmail.com>
commit e6cf99c9d9160ed2f5921b2b3169a374a21242dc
Author: Jeremy Allison <j...@samba.org>
Date: Fri Sep 19 15:16:38 2014 -0700
s4: auth: gensec: asn1 fixes - check all returns.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Ronnie Sahlberg <ronniesahlb...@gmail.com>
commit a2f779fd5f7209010426472858929fb75ae13564
Author: Jeremy Allison <j...@samba.org>
Date: Fri Sep 19 15:10:46 2014 -0700
s3: tldap: Ensure all asn1_XX returns are checked.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Ronnie Sahlberg <ronniesahlb...@gmail.com>
commit a713623212e4f440372b3556d26f3dfbbe064940
Author: Jeremy Allison <j...@samba.org>
Date: Fri Sep 19 14:27:58 2014 -0700
s3: libsmb: Ensure all asn1_XX returns are checked.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Ronnie Sahlberg <ronniesahlb...@gmail.com>
commit 53f21ffb4af085b7de90f3237b957e13acc0c227
Author: Jeremy Allison <j...@samba.org>
Date: Fri Sep 19 13:42:39 2014 -0700
libcli: auth: Ensure all asn1_XX returns are checked.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Ronnie Sahlberg <ronniesahlb...@gmail.com>
commit 612b74296c23fd2e3cac9b38ab390a18d658e494
Author: Jeremy Allison <j...@samba.org>
Date: Fri Sep 19 12:46:49 2014 -0700
lib: util: asn1 tests. Check every asn1 return.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Ronnie Sahlberg <ronniesahlb...@gmail.com>
commit 4dba8fd59982e5459c4275aaf434f6d564fcf79d
Author: Jeremy Allison <j...@samba.org>
Date: Fri Sep 19 12:41:22 2014 -0700
auth: gensec: asn1 fixes - check all returns.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Ronnie Sahlberg <ronniesahlb...@gmail.com>
commit f102752b0ccc39d8fdef6a85485dc0b44d16a860
Author: Jeremy Allison <j...@samba.org>
Date: Fri Sep 19 12:39:19 2014 -0700
lib: util: asn1 fixes - check all returns.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Ronnie Sahlberg <ronniesahlb...@gmail.com>
-----------------------------------------------------------------------
Summary of changes:
auth/gensec/gensec_util.c | 11 +-
lib/krb5_wrap/krb5_samba.c | 26 +-
lib/util/tests/asn1_tests.c | 14 +-
libcli/auth/spnego_parse.c | 214 +++++-----
libcli/ldap/ldap_message.c | 786 ++++++++++++++++++-----------------
libcli/ldap/ldap_message.h | 2 +-
source3/lib/tldap.c | 315 ++++++++-------
source3/lib/tldap_util.c | 43 +-
source3/libsmb/clispnego.c | 253 ++++++-----
source4/auth/gensec/gensec_krb5.c | 41 +-
source4/libcli/ldap/ldap_controls.c | 28 +-
11 files changed, 912 insertions(+), 821 deletions(-)
Changeset truncated at 500 lines:
diff --git a/auth/gensec/gensec_util.c b/auth/gensec/gensec_util.c
index 568128a..b8e38b7 100644
--- a/auth/gensec/gensec_util.c
+++ b/auth/gensec/gensec_util.c
@@ -188,19 +188,20 @@ NTSTATUS gensec_packet_full_request(struct
gensec_security *gensec_security,
*/
static bool gensec_gssapi_check_oid(const DATA_BLOB *blob, const char *oid)
{
- bool ret;
+ bool ret = false;
struct asn1_data *data = asn1_init(NULL);
if (!data) return false;
- asn1_load(data, *blob);
- asn1_start_tag(data, ASN1_APPLICATION(0));
- asn1_check_OID(data, oid);
+ if (!asn1_load(data, *blob)) goto err;
+ if (!asn1_start_tag(data, ASN1_APPLICATION(0))) goto err;
+ if (!asn1_check_OID(data, oid)) goto err;
ret = !data->has_error;
- asn1_free(data);
+ err:
+ asn1_free(data);
return ret;
}
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 39926a6..5f0378b 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -296,23 +296,22 @@ bool unwrap_edata_ntstatus(TALLOC_CTX *mem_ctx,
return false;
}
- asn1_load(data, *edata);
- asn1_start_tag(data, ASN1_SEQUENCE(0));
- asn1_start_tag(data, ASN1_CONTEXT(1));
- asn1_read_Integer(data, &edata_type);
+ if (!asn1_load(data, *edata)) goto err;
+ if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) goto err;
+ if (!asn1_start_tag(data, ASN1_CONTEXT(1))) goto err;
+ if (!asn1_read_Integer(data, &edata_type)) goto err;
if (edata_type != KRB5_PADATA_PW_SALT) {
DEBUG(0,("edata is not of required type %d but of type %d\n",
KRB5_PADATA_PW_SALT, edata_type));
- asn1_free(data);
- return false;
+ goto err;
}
- asn1_start_tag(data, ASN1_CONTEXT(2));
- asn1_read_OctetString(data, talloc_tos(), &edata_contents);
- asn1_end_tag(data);
- asn1_end_tag(data);
- asn1_end_tag(data);
+ if (!asn1_start_tag(data, ASN1_CONTEXT(2))) goto err;
+ if (!asn1_read_OctetString(data, talloc_tos(), &edata_contents)) goto
err;
+ if (!asn1_end_tag(data)) goto err;
+ if (!asn1_end_tag(data)) goto err;
+ if (!asn1_end_tag(data)) goto err;
asn1_free(data);
*edata_out = data_blob_talloc(mem_ctx, edata_contents.data,
edata_contents.length);
@@ -320,6 +319,11 @@ bool unwrap_edata_ntstatus(TALLOC_CTX *mem_ctx,
data_blob_free(&edata_contents);
return true;
+
+ err:
+
+ asn1_free(data);
+ return false;
}
diff --git a/lib/util/tests/asn1_tests.c b/lib/util/tests/asn1_tests.c
index 93ffbad..2c68cb4 100644
--- a/lib/util/tests/asn1_tests.c
+++ b/lib/util/tests/asn1_tests.c
@@ -321,6 +321,7 @@ static bool test_asn1_Integer(struct torture_context *tctx)
{
int i;
TALLOC_CTX *mem_ctx;
+ bool ret = false;
mem_ctx = talloc_new(tctx);
@@ -331,25 +332,28 @@ static bool test_asn1_Integer(struct torture_context
*tctx)
data = asn1_init(mem_ctx);
if (!data) {
- return -1;
+ goto err;
}
- asn1_write_Integer(data, integer_tests[i].value);
+ if (!asn1_write_Integer(data, integer_tests[i].value)) goto err;
blob.data = data->data;
blob.length = data->length;
torture_assert_data_blob_equal(tctx, blob,
integer_tests[i].blob, "asn1_write_Integer gave incorrect result");
- asn1_load(data, blob);
+ if (!asn1_load(data, blob)) goto err;
torture_assert(tctx, asn1_read_Integer(data, &val),
"asn1_write_Integer output could not be read by asn1_read_Integer()");
torture_assert_int_equal(tctx, val, integer_tests[i].value,
"readback of asn1_write_Integer output by
asn1_read_Integer() failed");
}
- talloc_free(mem_ctx);
+ ret = true;
- return true;
+ err:
+
+ talloc_free(mem_ctx);
+ return ret;
}
diff --git a/libcli/auth/spnego_parse.c b/libcli/auth/spnego_parse.c
index b1ca07d..d4c5bdc 100644
--- a/libcli/auth/spnego_parse.c
+++ b/libcli/auth/spnego_parse.c
@@ -29,12 +29,13 @@ static bool read_negTokenInit(struct asn1_data *asn1,
TALLOC_CTX *mem_ctx,
{
ZERO_STRUCTP(token);
- asn1_start_tag(asn1, ASN1_CONTEXT(0));
- asn1_start_tag(asn1, ASN1_SEQUENCE(0));
+ if (!asn1_start_tag(asn1, ASN1_CONTEXT(0))) return false;
+ if (!asn1_start_tag(asn1, ASN1_SEQUENCE(0))) return false;
while (!asn1->has_error && 0 < asn1_tag_remaining(asn1)) {
int i;
uint8_t context;
+
if (!asn1_peek_uint8(asn1, &context)) {
asn1->has_error = true;
break;
@@ -45,8 +46,8 @@ static bool read_negTokenInit(struct asn1_data *asn1,
TALLOC_CTX *mem_ctx,
case ASN1_CONTEXT(0): {
const char **mechTypes;
- asn1_start_tag(asn1, ASN1_CONTEXT(0));
- asn1_start_tag(asn1, ASN1_SEQUENCE(0));
+ if (!asn1_start_tag(asn1, ASN1_CONTEXT(0))) return
false;
+ if (!asn1_start_tag(asn1, ASN1_SEQUENCE(0))) return
false;
mechTypes = talloc(mem_ctx, const char *);
if (mechTypes == NULL) {
@@ -67,7 +68,7 @@ static bool read_negTokenInit(struct asn1_data *asn1,
TALLOC_CTX *mem_ctx,
}
mechTypes = p;
- asn1_read_OID(asn1, mechTypes, &oid);
+ if (!asn1_read_OID(asn1, mechTypes, &oid))
return false;
mechTypes[i] = oid;
}
mechTypes[i] = NULL;
@@ -79,42 +80,42 @@ static bool read_negTokenInit(struct asn1_data *asn1,
TALLOC_CTX *mem_ctx,
}
/* Read reqFlags */
case ASN1_CONTEXT(1):
- asn1_start_tag(asn1, ASN1_CONTEXT(1));
- asn1_read_BitString(asn1, mem_ctx, &token->reqFlags,
- &token->reqFlagsPadding);
- asn1_end_tag(asn1);
+ if (!asn1_start_tag(asn1, ASN1_CONTEXT(1))) return
false;
+ if (!asn1_read_BitString(asn1, mem_ctx,
&token->reqFlags,
+ &token->reqFlagsPadding)) return
false;
+ if (!asn1_end_tag(asn1)) return false;
break;
/* Read mechToken */
case ASN1_CONTEXT(2):
- asn1_start_tag(asn1, ASN1_CONTEXT(2));
- asn1_read_OctetString(asn1, mem_ctx, &token->mechToken);
- asn1_end_tag(asn1);
+ if (!asn1_start_tag(asn1, ASN1_CONTEXT(2))) return
false;
+ if (!asn1_read_OctetString(asn1, mem_ctx,
&token->mechToken)) return false;
+ if (!asn1_end_tag(asn1)) return false;
break;
/* Read mecListMIC */
case ASN1_CONTEXT(3):
{
uint8_t type_peek;
- asn1_start_tag(asn1, ASN1_CONTEXT(3));
+ if (!asn1_start_tag(asn1, ASN1_CONTEXT(3))) return
false;
if (!asn1_peek_uint8(asn1, &type_peek)) {
asn1->has_error = true;
break;
}
if (type_peek == ASN1_OCTET_STRING) {
- asn1_read_OctetString(asn1, mem_ctx,
- &token->mechListMIC);
+ if (!asn1_read_OctetString(asn1, mem_ctx,
+ &token->mechListMIC))
return false;
} else {
/* RFC 2478 says we have an Octet String here,
but W2k sends something different... */
char *mechListMIC;
- asn1_start_tag(asn1, ASN1_SEQUENCE(0));
- asn1_start_tag(asn1, ASN1_CONTEXT(0));
- asn1_read_GeneralString(asn1, mem_ctx,
&mechListMIC);
- asn1_end_tag(asn1);
- asn1_end_tag(asn1);
+ if (!asn1_start_tag(asn1, ASN1_SEQUENCE(0)))
return false;
+ if (!asn1_start_tag(asn1, ASN1_CONTEXT(0)))
return false;
+ if (!asn1_read_GeneralString(asn1, mem_ctx,
&mechListMIC)) return false;
+ if (!asn1_end_tag(asn1)) return false;
+ if (!asn1_end_tag(asn1)) return false;
token->targetPrincipal = mechListMIC;
}
- asn1_end_tag(asn1);
+ if (!asn1_end_tag(asn1)) return false;
break;
}
default:
@@ -123,50 +124,50 @@ static bool read_negTokenInit(struct asn1_data *asn1,
TALLOC_CTX *mem_ctx,
}
}
- asn1_end_tag(asn1);
- asn1_end_tag(asn1);
+ if (!asn1_end_tag(asn1)) return false;
+ if (!asn1_end_tag(asn1)) return false;
return !asn1->has_error;
}
static bool write_negTokenInit(struct asn1_data *asn1, struct
spnego_negTokenInit *token)
{
- asn1_push_tag(asn1, ASN1_CONTEXT(0));
- asn1_push_tag(asn1, ASN1_SEQUENCE(0));
+ if (!asn1_push_tag(asn1, ASN1_CONTEXT(0))) return false;
+ if (!asn1_push_tag(asn1, ASN1_SEQUENCE(0))) return false;
/* Write mechTypes */
if (token->mechTypes && *token->mechTypes) {
int i;
- asn1_push_tag(asn1, ASN1_CONTEXT(0));
- asn1_push_tag(asn1, ASN1_SEQUENCE(0));
+ if (!asn1_push_tag(asn1, ASN1_CONTEXT(0))) return false;
+ if (!asn1_push_tag(asn1, ASN1_SEQUENCE(0))) return false;
for (i = 0; token->mechTypes[i]; i++) {
- asn1_write_OID(asn1, token->mechTypes[i]);
+ if (!asn1_write_OID(asn1, token->mechTypes[i])) return
false;
}
- asn1_pop_tag(asn1);
- asn1_pop_tag(asn1);
+ if (!asn1_pop_tag(asn1)) return false;
+ if (!asn1_pop_tag(asn1)) return false;
}
/* write reqFlags */
if (token->reqFlags.length > 0) {
- asn1_push_tag(asn1, ASN1_CONTEXT(1));
- asn1_write_BitString(asn1, token->reqFlags.data,
+ if (!asn1_push_tag(asn1, ASN1_CONTEXT(1))) return false;
+ if (!asn1_write_BitString(asn1, token->reqFlags.data,
token->reqFlags.length,
- token->reqFlagsPadding);
- asn1_pop_tag(asn1);
+ token->reqFlagsPadding)) return false;
+ if (!asn1_pop_tag(asn1)) return false;
}
/* write mechToken */
if (token->mechToken.data) {
- asn1_push_tag(asn1, ASN1_CONTEXT(2));
- asn1_write_OctetString(asn1, token->mechToken.data,
- token->mechToken.length);
- asn1_pop_tag(asn1);
+ if (!asn1_push_tag(asn1, ASN1_CONTEXT(2))) return false;
+ if (!asn1_write_OctetString(asn1, token->mechToken.data,
+ token->mechToken.length)) return false;
+ if (!asn1_pop_tag(asn1)) return false;
}
/* write mechListMIC */
if (token->mechListMIC.data) {
- asn1_push_tag(asn1, ASN1_CONTEXT(3));
+ if (!asn1_push_tag(asn1, ASN1_CONTEXT(3))) return false;
#if 0
/* This is what RFC 2478 says ... */
asn1_write_OctetString(asn1, token->mechListMIC.data,
@@ -174,20 +175,20 @@ static bool write_negTokenInit(struct asn1_data *asn1,
struct spnego_negTokenIni
#else
/* ... but unfortunately this is what Windows
sends/expects */
- asn1_push_tag(asn1, ASN1_SEQUENCE(0));
- asn1_push_tag(asn1, ASN1_CONTEXT(0));
- asn1_push_tag(asn1, ASN1_GENERAL_STRING);
- asn1_write(asn1, token->mechListMIC.data,
- token->mechListMIC.length);
- asn1_pop_tag(asn1);
- asn1_pop_tag(asn1);
- asn1_pop_tag(asn1);
+ if (!asn1_push_tag(asn1, ASN1_SEQUENCE(0))) return false;
+ if (!asn1_push_tag(asn1, ASN1_CONTEXT(0))) return false;
+ if (!asn1_push_tag(asn1, ASN1_GENERAL_STRING)) return false;
+ if (!asn1_write(asn1, token->mechListMIC.data,
+ token->mechListMIC.length)) return false;
+ if (!asn1_pop_tag(asn1)) return false;
+ if (!asn1_pop_tag(asn1)) return false;
+ if (!asn1_pop_tag(asn1)) return false;
#endif
- asn1_pop_tag(asn1);
+ if (!asn1_pop_tag(asn1)) return false;
}
- asn1_pop_tag(asn1);
- asn1_pop_tag(asn1);
+ if (!asn1_pop_tag(asn1)) return false;
+ if (!asn1_pop_tag(asn1)) return false;
return !asn1->has_error;
}
@@ -197,8 +198,8 @@ static bool read_negTokenTarg(struct asn1_data *asn1,
TALLOC_CTX *mem_ctx,
{
ZERO_STRUCTP(token);
- asn1_start_tag(asn1, ASN1_CONTEXT(1));
- asn1_start_tag(asn1, ASN1_SEQUENCE(0));
+ if (!asn1_start_tag(asn1, ASN1_CONTEXT(1))) return false;
+ if (!asn1_start_tag(asn1, ASN1_SEQUENCE(0))) return false;
while (!asn1->has_error && 0 < asn1_tag_remaining(asn1)) {
uint8_t context;
@@ -210,27 +211,27 @@ static bool read_negTokenTarg(struct asn1_data *asn1,
TALLOC_CTX *mem_ctx,
switch (context) {
case ASN1_CONTEXT(0):
- asn1_start_tag(asn1, ASN1_CONTEXT(0));
- asn1_start_tag(asn1, ASN1_ENUMERATED);
- asn1_read_uint8(asn1, &token->negResult);
- asn1_end_tag(asn1);
- asn1_end_tag(asn1);
+ if (!asn1_start_tag(asn1, ASN1_CONTEXT(0))) return
false;
+ if (!asn1_start_tag(asn1, ASN1_ENUMERATED)) return
false;
+ if (!asn1_read_uint8(asn1, &token->negResult)) return
false;
+ if (!asn1_end_tag(asn1)) return false;
+ if (!asn1_end_tag(asn1)) return false;
break;
case ASN1_CONTEXT(1):
- asn1_start_tag(asn1, ASN1_CONTEXT(1));
- asn1_read_OID(asn1, mem_ctx, &oid);
+ if (!asn1_start_tag(asn1, ASN1_CONTEXT(1))) return
false;
+ if (!asn1_read_OID(asn1, mem_ctx, &oid)) return false;
token->supportedMech = oid;
- asn1_end_tag(asn1);
+ if (!asn1_end_tag(asn1)) return false;
break;
case ASN1_CONTEXT(2):
- asn1_start_tag(asn1, ASN1_CONTEXT(2));
- asn1_read_OctetString(asn1, mem_ctx,
&token->responseToken);
- asn1_end_tag(asn1);
+ if (!asn1_start_tag(asn1, ASN1_CONTEXT(2))) return
false;
+ if (!asn1_read_OctetString(asn1, mem_ctx,
&token->responseToken)) return false;
+ if (!asn1_end_tag(asn1)) return false;
break;
case ASN1_CONTEXT(3):
- asn1_start_tag(asn1, ASN1_CONTEXT(3));
- asn1_read_OctetString(asn1, mem_ctx,
&token->mechListMIC);
- asn1_end_tag(asn1);
+ if (!asn1_start_tag(asn1, ASN1_CONTEXT(3))) return
false;
+ if (!asn1_read_OctetString(asn1, mem_ctx,
&token->mechListMIC)) return false;
+ if (!asn1_end_tag(asn1)) return false;
break;
default:
asn1->has_error = true;
@@ -238,45 +239,45 @@ static bool read_negTokenTarg(struct asn1_data *asn1,
TALLOC_CTX *mem_ctx,
}
}
- asn1_end_tag(asn1);
- asn1_end_tag(asn1);
+ if (!asn1_end_tag(asn1)) return false;
+ if (!asn1_end_tag(asn1)) return false;
return !asn1->has_error;
}
static bool write_negTokenTarg(struct asn1_data *asn1, struct
spnego_negTokenTarg *token)
{
- asn1_push_tag(asn1, ASN1_CONTEXT(1));
- asn1_push_tag(asn1, ASN1_SEQUENCE(0));
+ if (!asn1_push_tag(asn1, ASN1_CONTEXT(1))) return false;
+ if (!asn1_push_tag(asn1, ASN1_SEQUENCE(0))) return false;
if (token->negResult != SPNEGO_NONE_RESULT) {
- asn1_push_tag(asn1, ASN1_CONTEXT(0));
- asn1_write_enumerated(asn1, token->negResult);
- asn1_pop_tag(asn1);
+ if (!asn1_push_tag(asn1, ASN1_CONTEXT(0))) return false;
+ if (!asn1_write_enumerated(asn1, token->negResult)) return
false;
+ if (!asn1_pop_tag(asn1)) return false;
}
if (token->supportedMech) {
- asn1_push_tag(asn1, ASN1_CONTEXT(1));
- asn1_write_OID(asn1, token->supportedMech);
- asn1_pop_tag(asn1);
+ if (!asn1_push_tag(asn1, ASN1_CONTEXT(1))) return false;
+ if (!asn1_write_OID(asn1, token->supportedMech)) return false;
+ if (!asn1_pop_tag(asn1)) return false;
}
if (token->responseToken.data) {
- asn1_push_tag(asn1, ASN1_CONTEXT(2));
- asn1_write_OctetString(asn1, token->responseToken.data,
- token->responseToken.length);
- asn1_pop_tag(asn1);
+ if (!asn1_push_tag(asn1, ASN1_CONTEXT(2))) return false;
+ if (!asn1_write_OctetString(asn1, token->responseToken.data,
+ token->responseToken.length)) return
false;
+ if (!asn1_pop_tag(asn1)) return false;
}
if (token->mechListMIC.data) {
- asn1_push_tag(asn1, ASN1_CONTEXT(3));
- asn1_write_OctetString(asn1, token->mechListMIC.data,
- token->mechListMIC.length);
- asn1_pop_tag(asn1);
+ if (!asn1_push_tag(asn1, ASN1_CONTEXT(3))) return false;
+ if (!asn1_write_OctetString(asn1, token->mechListMIC.data,
+ token->mechListMIC.length)) return false;
+ if (!asn1_pop_tag(asn1)) return false;
}
- asn1_pop_tag(asn1);
- asn1_pop_tag(asn1);
+ if (!asn1_pop_tag(asn1)) return false;
+ if (!asn1_pop_tag(asn1)) return false;
return !asn1->has_error;
}
@@ -298,19 +299,19 @@ ssize_t spnego_read_data(TALLOC_CTX *mem_ctx, DATA_BLOB
data, struct spnego_data
return -1;
}
- asn1_load(asn1, data);
+ if (!asn1_load(asn1, data)) goto err;
if (!asn1_peek_uint8(asn1, &context)) {
asn1->has_error = true;
} else {
switch (context) {
case ASN1_APPLICATION(0):
- asn1_start_tag(asn1, ASN1_APPLICATION(0));
- asn1_check_OID(asn1, OID_SPNEGO);
+ if (!asn1_start_tag(asn1, ASN1_APPLICATION(0))) goto
err;
+ if (!asn1_check_OID(asn1, OID_SPNEGO)) goto err;
if (read_negTokenInit(asn1, mem_ctx,
&token->negTokenInit)) {
token->type = SPNEGO_NEG_TOKEN_INIT;
}
- asn1_end_tag(asn1);
+ if (!asn1_end_tag(asn1)) goto err;
break;
case ASN1_CONTEXT(1):
if (read_negTokenTarg(asn1, mem_ctx,
&token->negTokenTarg)) {
@@ -324,6 +325,9 @@ ssize_t spnego_read_data(TALLOC_CTX *mem_ctx, DATA_BLOB
data, struct spnego_data
}
if (!asn1->has_error) ret = asn1->ofs;
+
+ err:
+
asn1_free(asn1);
return ret;
@@ -340,10 +344,10 @@ ssize_t spnego_write_data(TALLOC_CTX *mem_ctx, DATA_BLOB
*blob, struct spnego_da
switch (spnego->type) {
case SPNEGO_NEG_TOKEN_INIT:
- asn1_push_tag(asn1, ASN1_APPLICATION(0));
- asn1_write_OID(asn1, OID_SPNEGO);
- write_negTokenInit(asn1, &spnego->negTokenInit);
- asn1_pop_tag(asn1);
+ if (!asn1_push_tag(asn1, ASN1_APPLICATION(0))) goto err;
+ if (!asn1_write_OID(asn1, OID_SPNEGO)) goto err;
+ if (!write_negTokenInit(asn1, &spnego->negTokenInit)) goto err;
+ if (!asn1_pop_tag(asn1)) goto err;
break;
case SPNEGO_NEG_TOKEN_TARG:
write_negTokenTarg(asn1, &spnego->negTokenTarg);
@@ -357,6 +361,9 @@ ssize_t spnego_write_data(TALLOC_CTX *mem_ctx, DATA_BLOB
*blob, struct spnego_da
*blob = data_blob_talloc(mem_ctx, asn1->data, asn1->length);
ret = asn1->ofs;
}
+
+ err:
--
Samba Shared Repository
