Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 1 Sep 2018 07:35:29 +0000 (UTC)
From:      Thomas Zander <riggs@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r478658 - in head/security/zxid: . files
Message-ID:  <201809010735.w817ZTP0066239@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: riggs
Date: Sat Sep  1 07:35:29 2018
New Revision: 478658
URL: https://svnweb.freebsd.org/changeset/ports/478658

Log:
  Fix memleak, update MAINTAINER
  
  Details:
  - Fix a memory leak in ZXID caused by using system hexdump() function
    instead of the one included in ZXID.
  - Set MAINTAINER'ship to admins@perceptyx.com
  
  PR:		230978
  Submitted by:	amontalban@gmail.com (new maintainer)
  MFH:		2018Q3

Added:
  head/security/zxid/files/patch-errmac.h   (contents, props changed)
  head/security/zxid/files/patch-zxsig.c   (contents, props changed)
  head/security/zxid/files/patch-zxutil.c   (contents, props changed)
Modified:
  head/security/zxid/Makefile

Modified: head/security/zxid/Makefile
==============================================================================
--- head/security/zxid/Makefile	Sat Sep  1 07:27:11 2018	(r478657)
+++ head/security/zxid/Makefile	Sat Sep  1 07:35:29 2018	(r478658)
@@ -3,10 +3,11 @@
 
 PORTNAME=	zxid
 PORTVERSION=	1.42
+PORTREVISION=	1
 CATEGORIES=	security www
 MASTER_SITES=	http://zxid.org/
 
-MAINTAINER=	ports@FreeBSD.org
+MAINTAINER=	admins@perceptyx.com
 COMMENT=	Open Source IdM for the Masses - SAML SSO
 
 LICENSE=	E2ETA

Added: head/security/zxid/files/patch-errmac.h
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/zxid/files/patch-errmac.h	Sat Sep  1 07:35:29 2018	(r478658)
@@ -0,0 +1,21 @@
+--- errmac.h.orig	2016-02-29 00:16:50 UTC
++++ errmac.h
+@@ -483,9 +483,17 @@ extern FILE* errmac_debug_log;    /* Def
+ #define DD_XML_BLOB(cf, lk, len, xml) /* Documentative */
+ 
+ int hexdmp(const char* msg, const void* p, int len, int max);
++#if __FreeBSD__
++int hexdump_zxid(const char* msg, const void* p, const void* lim, int max);
++#else 
+ int hexdump(const char* msg, const void* p, const void* lim, int max);
++#endif
+ 
++#if __FreeBSD__
++#define HEXDUMP(msg, p, lim, max) if ((errmac_debug&ERRMAC_DEBUG_MASK) > 1) hexdump_zxid((msg), (p), (lim), (max))
++#else 
+ #define HEXDUMP(msg, p, lim, max) if ((errmac_debug&ERRMAC_DEBUG_MASK) > 1) hexdump((msg), (p), (lim), (max))
++#endif
+ #define DHEXDUMP(msg, p, lim, max) /* Disabled hex dump */
+ 
+ #define DUMP_CORE() ASSERT(0)
+

Added: head/security/zxid/files/patch-zxsig.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/zxid/files/patch-zxsig.c	Sat Sep  1 07:35:29 2018	(r478658)
@@ -0,0 +1,69 @@
+--- zxsig.c.orig	2016-02-29 00:16:50 UTC
++++ zxsig.c
+@@ -887,8 +887,13 @@ int zx_report_openssl_err(const char* lo
+ #endif
+ 
+   D("%s: len=%d data(%.*s)", lk, len, len, data);
++#if __FreeBSD__
++  D("%s: data above %d", lk, hexdump_zxid("data: ", data, data+len, 4096));
++  D("%s: digest above %d", lk, hexdump_zxid("digest: ", mdbuf, mdbuf+mdlen, 64));
++#else
+   D("%s: data above %d", lk, hexdump("data: ", data, data+len, 4096));
+   D("%s: digest above %d", lk, hexdump("digest: ", mdbuf, mdbuf+mdlen, 64));
++#endif
+ 
+   if (!priv_key) {
+     ERR(priv_key_missing_msg, geteuid(), getegid());
+@@ -906,7 +911,11 @@ int zx_report_openssl_err(const char* lo
+     if (RSA_sign(EVP_MD_type(evp_digest), mdbuf, mdlen, (unsigned char*)*sig, (unsigned int*)&len, rsa)) {
+       DD("data = %s, SHA1 sig = %s, siglen = %d", data, *sig, len);
+       D("RSA siglen = %d", len);
++#if __FreeBSD__
++      D("%s: sig above %d", lk, hexdump_zxid("sig: ", *sig, *sig+len, 1024));
++#else
+       D("%s: sig above %d", lk, hexdump("sig: ", *sig, *sig+len, 1024));
++#endif
+       return len;
+     }
+ #else
+@@ -1042,9 +1051,15 @@ int zxsig_verify_data(int len, char* dat
+   else if (!strcmp(mdalg, "SHA512")) { SHA512((unsigned char*)data, len, mdbuf); nid = NID_sha512; }
+   else { SHA1((unsigned char*)data, len, mdbuf); nid = NID_sha1; }
+ #endif
++#if __FreeBSD__
++  D("%s: vfy data len=%d above %d", lk, len, hexdump_zxid("data: ", data, data+len, 8192));
++  D("%s: vfy sig above %d",  lk, hexdump_zxid("sig: ",  sig,  sig+siglen, 8192));
++  D("%s: vfy md above %d", lk, hexdump_zxid("md: ", mdbuf, mdbuf+64, 64));
++#else
+   D("%s: vfy data len=%d above %d", lk, len, hexdump("data: ", data, data+len, 8192));
+   D("%s: vfy sig above %d",  lk, hexdump("sig: ",  sig,  sig+siglen, 8192));
+   D("%s: vfy md above %d", lk, hexdump("md: ", mdbuf, mdbuf+64, 64));
++#endif
+   
+   evp_pubk = X509_get_pubkey(cert);
+   if (!evp_pubk) {
+@@ -1080,7 +1095,11 @@ int zxsig_verify_data(int len, char* dat
+     if (!verdict) {
+       ERR("RSA signature verify in %s data failed. Perhaps you have bad or no certificate(%p) len=%d data=%p siglen=%d sig=%p", lk, cert, len, data, siglen, sig);
+       zx_report_openssl_err(lk);
++#if __FreeBSD__
++      D("RSA_vfy(%s) bad sig above %d",  lk, hexdump_zxid("sig: ",  sig,  sig+siglen, 4096));
++#else
+       D("RSA_vfy(%s) bad sig above %d",  lk, hexdump("sig: ",  sig,  sig+siglen, 4096));
++#endif
+       return ZXSIG_VFY_FAIL;
+     } else {
+       D("RSA verify OK %d", verdict);
+@@ -1115,7 +1134,11 @@ int zxsig_verify_data(int len, char* dat
+     if (!verdict) {
+       ERR("DSA signature verify in %s data failed. Perhaps you have bad or no certificate(%p) len=%d data=%p siglen=%d sig=%p", lk, cert, len, data, siglen, sig);
+       zx_report_openssl_err(lk);
++#if __FreeBSD__
++      D("DSA_vfy(%s) sig above %d",  lk, hexdump_zxid("sig: ",  sig,  sig+siglen, 4096));
++#else
+       D("DSA_vfy(%s) sig above %d",  lk, hexdump("sig: ",  sig,  sig+siglen, 4096));
++#endif
+       return ZXSIG_VFY_FAIL;
+     } else {
+       D("DSA verify OK %d", verdict);
+

Added: head/security/zxid/files/patch-zxutil.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/zxid/files/patch-zxutil.c	Sat Sep  1 07:35:29 2018	(r478658)
@@ -0,0 +1,21 @@
+--- zxutil.c.orig	2018-08-06 01:37:42 UTC
++++ zxutil.c
+@@ -681,7 +681,7 @@ linkrest:
+ /*() Output a hexdump to stderr. Used for debugging purposes. */
+ 
+ /* Called by: */
+-int hexdump(const char* msg, const void* data, const void* lim, int max)
++int hexdump_zxid(const char* msg, const void* data, const void* lim, int max)
+ {
+   int i;
+   const char* p = (const char*)data;
+@@ -720,7 +720,7 @@ int hexdump(const char* msg, const void*
+ 
+ /* Called by:  zx_get_symkey, zx_raw_cipher2 x4, zxbus_verify_receipt x2, zxsig_validate x19 */
+ int hexdmp(const char* msg, const void* p, int len, int max) {
+-  return hexdump(msg, p, p+len, max);
++  return hexdump_zxid(msg, p, p+len, max);
+ }
+ 
+ /*
+



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201809010735.w817ZTP0066239>