Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 20 Apr 2016 00:50:17 +0000 (UTC)
From:      "Pedro F. Giffuni" <pfg@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org
Subject:   svn commit: r298316 - stable/9/lib/libgssapi
Message-ID:  <201604200050.u3K0oHhZ015836@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: pfg
Date: Wed Apr 20 00:50:17 2016
New Revision: 298316
URL: https://svnweb.freebsd.org/changeset/base/298316

Log:
  MFC 297942:
  libgssapi: avoid NULL pointer dereferences.
  
  While here also use NULL instead of zero for pointers.

Modified:
  stable/9/lib/libgssapi/gss_add_cred.c
  stable/9/lib/libgssapi/gss_encapsulate_token.c
  stable/9/lib/libgssapi/gss_get_mic.c
  stable/9/lib/libgssapi/gss_inquire_context.c
  stable/9/lib/libgssapi/gss_mech_switch.c
  stable/9/lib/libgssapi/gss_pseudo_random.c
  stable/9/lib/libgssapi/gss_verify_mic.c
  stable/9/lib/libgssapi/gss_wrap.c
  stable/9/lib/libgssapi/gss_wrap_size_limit.c
Directory Properties:
  stable/9/lib/libgssapi/   (props changed)

Modified: stable/9/lib/libgssapi/gss_add_cred.c
==============================================================================
--- stable/9/lib/libgssapi/gss_add_cred.c	Wed Apr 20 00:49:49 2016	(r298315)
+++ stable/9/lib/libgssapi/gss_add_cred.c	Wed Apr 20 00:50:17 2016	(r298316)
@@ -121,7 +121,7 @@ gss_add_cred(OM_uint32 *minor_status,
 	 * gss_add_cred for that mechanism, otherwise we copy the mc
 	 * to new_cred.
 	 */
-	target_mc = 0;
+	target_mc = NULL;
 	if (cred) {
 		SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) {
 			if (gss_oid_equal(mc->gmc_mech_oid, desired_mech)) {
@@ -151,7 +151,7 @@ gss_add_cred(OM_uint32 *minor_status,
 			return (major_status);
 		}
 	} else {
-		mn = 0;
+		mn = NULL;
 	}
 
 	m = _gss_find_mech_switch(desired_mech);

Modified: stable/9/lib/libgssapi/gss_encapsulate_token.c
==============================================================================
--- stable/9/lib/libgssapi/gss_encapsulate_token.c	Wed Apr 20 00:49:49 2016	(r298315)
+++ stable/9/lib/libgssapi/gss_encapsulate_token.c	Wed Apr 20 00:50:17 2016	(r298316)
@@ -47,7 +47,7 @@ gss_encapsulate_token(const gss_buffer_t
 	 * First time around, we calculate the size, second time, we
 	 * encode the token.
 	 */
-	p = 0;
+	p = NULL;
 	for (i = 0; i < 2; i++) {
 		len = 0;
 

Modified: stable/9/lib/libgssapi/gss_get_mic.c
==============================================================================
--- stable/9/lib/libgssapi/gss_get_mic.c	Wed Apr 20 00:49:49 2016	(r298315)
+++ stable/9/lib/libgssapi/gss_get_mic.c	Wed Apr 20 00:50:17 2016	(r298316)
@@ -40,13 +40,14 @@ gss_get_mic(OM_uint32 *minor_status,
     gss_buffer_t message_token)
 {
 	struct _gss_context *ctx = (struct _gss_context *) context_handle;
-	struct _gss_mech_switch *m = ctx->gc_mech;
+	struct _gss_mech_switch *m;
 
 	_gss_buffer_zero(message_token);
 	if (ctx == NULL) {
 		*minor_status = 0;
 		return (GSS_S_NO_CONTEXT);
 	}
+	m = ctx->gc_mech;
 
 	return (m->gm_get_mic(minor_status, ctx->gc_ctx, qop_req,
 		    message_buffer, message_token));

Modified: stable/9/lib/libgssapi/gss_inquire_context.c
==============================================================================
--- stable/9/lib/libgssapi/gss_inquire_context.c	Wed Apr 20 00:49:49 2016	(r298315)
+++ stable/9/lib/libgssapi/gss_inquire_context.c	Wed Apr 20 00:50:17 2016	(r298316)
@@ -99,7 +99,7 @@ gss_inquire_context(OM_uint32 *minor_sta
 			if (src_name)
 				gss_release_name(minor_status, src_name);
 			m->gm_release_name(minor_status, &src_mn);
-			minor_status = 0;
+			minor_status = NULL;
 			return (GSS_S_FAILURE);
 		}
 		*targ_name = (gss_name_t) name;

Modified: stable/9/lib/libgssapi/gss_mech_switch.c
==============================================================================
--- stable/9/lib/libgssapi/gss_mech_switch.c	Wed Apr 20 00:49:49 2016	(r298315)
+++ stable/9/lib/libgssapi/gss_mech_switch.c	Wed Apr 20 00:50:17 2016	(r298316)
@@ -83,7 +83,7 @@ _gss_string_to_oid(const char* s, gss_OI
 	 * out the size. Second time around, we actually encode the
 	 * number.
 	 */
-	res = 0;
+	res = NULL;
 	for (i = 0; i < 2; i++) {
 		byte_count = 0;
 		for (p = s, j = 0; p; p = q, j++) {

Modified: stable/9/lib/libgssapi/gss_pseudo_random.c
==============================================================================
--- stable/9/lib/libgssapi/gss_pseudo_random.c	Wed Apr 20 00:49:49 2016	(r298315)
+++ stable/9/lib/libgssapi/gss_pseudo_random.c	Wed Apr 20 00:50:17 2016	(r298316)
@@ -48,7 +48,7 @@ gss_pseudo_random(OM_uint32 *minor_statu
 		  gss_buffer_t prf_out)
 {
     struct _gss_context *ctx = (struct _gss_context *) context;
-    struct _gss_mech_switch *m = ctx->gc_mech;
+    struct _gss_mech_switch *m;
     OM_uint32 major_status;
 
     _gss_buffer_zero(prf_out);
@@ -58,6 +58,7 @@ gss_pseudo_random(OM_uint32 *minor_statu
 	*minor_status = 0;
 	return GSS_S_NO_CONTEXT;
     }
+    m = ctx->gc_mech;
 
     if (m->gm_pseudo_random == NULL)
 	return GSS_S_UNAVAILABLE;

Modified: stable/9/lib/libgssapi/gss_verify_mic.c
==============================================================================
--- stable/9/lib/libgssapi/gss_verify_mic.c	Wed Apr 20 00:49:49 2016	(r298315)
+++ stable/9/lib/libgssapi/gss_verify_mic.c	Wed Apr 20 00:50:17 2016	(r298316)
@@ -39,7 +39,7 @@ gss_verify_mic(OM_uint32 *minor_status,
     gss_qop_t *qop_state)
 {
 	struct _gss_context *ctx = (struct _gss_context *) context_handle;
-	struct _gss_mech_switch *m = ctx->gc_mech;
+	struct _gss_mech_switch *m;
 
 	if (qop_state)
 		*qop_state = 0;
@@ -47,6 +47,7 @@ gss_verify_mic(OM_uint32 *minor_status,
 		*minor_status = 0;
 		return (GSS_S_NO_CONTEXT);
 	}
+	m = ctx->gc_mech;
 
 	return (m->gm_verify_mic(minor_status, ctx->gc_ctx,
 		    message_buffer, token_buffer, qop_state));

Modified: stable/9/lib/libgssapi/gss_wrap.c
==============================================================================
--- stable/9/lib/libgssapi/gss_wrap.c	Wed Apr 20 00:49:49 2016	(r298315)
+++ stable/9/lib/libgssapi/gss_wrap.c	Wed Apr 20 00:50:17 2016	(r298316)
@@ -42,7 +42,7 @@ gss_wrap(OM_uint32 *minor_status,
     gss_buffer_t output_message_buffer)
 {
 	struct _gss_context *ctx = (struct _gss_context *) context_handle;
-	struct _gss_mech_switch *m = ctx->gc_mech;
+	struct _gss_mech_switch *m;
 
 	if (conf_state)
 		*conf_state = 0;
@@ -51,6 +51,7 @@ gss_wrap(OM_uint32 *minor_status,
 		*minor_status = 0;
 		return (GSS_S_NO_CONTEXT);
 	}
+	m = ctx->gc_mech;
 
 	return (m->gm_wrap(minor_status, ctx->gc_ctx,
 		    conf_req_flag, qop_req, input_message_buffer,

Modified: stable/9/lib/libgssapi/gss_wrap_size_limit.c
==============================================================================
--- stable/9/lib/libgssapi/gss_wrap_size_limit.c	Wed Apr 20 00:49:49 2016	(r298315)
+++ stable/9/lib/libgssapi/gss_wrap_size_limit.c	Wed Apr 20 00:50:17 2016	(r298316)
@@ -40,13 +40,14 @@ gss_wrap_size_limit(OM_uint32 *minor_sta
     OM_uint32 *max_input_size)
 {
 	struct _gss_context *ctx = (struct _gss_context *) context_handle;
-	struct _gss_mech_switch *m = ctx->gc_mech;
+	struct _gss_mech_switch *m;
 
 	*max_input_size = 0;
 	if (ctx == NULL) {
 		*minor_status = 0;
 		return (GSS_S_NO_CONTEXT);
 	}
+	m = ctx->gc_mech;
 
 	return (m->gm_wrap_size_limit(minor_status, ctx->gc_ctx,
 		    conf_req_flag, qop_req, req_output_size, max_input_size));



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201604200050.u3K0oHhZ015836>