Date: Sat, 1 Sep 2018 07:40:28 +0000 (UTC) From: Thomas Zander <riggs@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r478659 - in branches/2018Q3/security/zxid: . files Message-ID: <201809010740.w817eSsC066679@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: riggs Date: Sat Sep 1 07:40:28 2018 New Revision: 478659 URL: https://svnweb.freebsd.org/changeset/ports/478659 Log: MFH: r478658 Fix memleak, update MAINTAINER Details: - Fix a memory leak in ZXID caused by using system hexdump() function instead of the one included in ZXID. - Set MAINTAINER'ship to admins@perceptyx.com PR: 230978 Submitted by: amontalban@gmail.com (new maintainer) Approved by: ports-secteam (riggs) Added: branches/2018Q3/security/zxid/files/patch-errmac.h - copied unchanged from r478658, head/security/zxid/files/patch-errmac.h branches/2018Q3/security/zxid/files/patch-zxsig.c - copied unchanged from r478658, head/security/zxid/files/patch-zxsig.c branches/2018Q3/security/zxid/files/patch-zxutil.c - copied unchanged from r478658, head/security/zxid/files/patch-zxutil.c Modified: branches/2018Q3/security/zxid/Makefile Directory Properties: branches/2018Q3/ (props changed) Modified: branches/2018Q3/security/zxid/Makefile ============================================================================== --- branches/2018Q3/security/zxid/Makefile Sat Sep 1 07:35:29 2018 (r478658) +++ branches/2018Q3/security/zxid/Makefile Sat Sep 1 07:40:28 2018 (r478659) @@ -3,10 +3,11 @@ PORTNAME= zxid PORTVERSION= 1.42 +PORTREVISION= 1 CATEGORIES= security www MASTER_SITES= http://zxid.org/ -MAINTAINER= ports@FreeBSD.org +MAINTAINER= admins@perceptyx.com COMMENT= Open Source IdM for the Masses - SAML SSO LICENSE= E2ETA Copied: branches/2018Q3/security/zxid/files/patch-errmac.h (from r478658, head/security/zxid/files/patch-errmac.h) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2018Q3/security/zxid/files/patch-errmac.h Sat Sep 1 07:40:28 2018 (r478659, copy of r478658, head/security/zxid/files/patch-errmac.h) @@ -0,0 +1,21 @@ +--- errmac.h.orig 2016-02-29 00:16:50 UTC ++++ errmac.h +@@ -483,9 +483,17 @@ extern FILE* errmac_debug_log; /* Def + #define DD_XML_BLOB(cf, lk, len, xml) /* Documentative */ + + int hexdmp(const char* msg, const void* p, int len, int max); ++#if __FreeBSD__ ++int hexdump_zxid(const char* msg, const void* p, const void* lim, int max); ++#else + int hexdump(const char* msg, const void* p, const void* lim, int max); ++#endif + ++#if __FreeBSD__ ++#define HEXDUMP(msg, p, lim, max) if ((errmac_debug&ERRMAC_DEBUG_MASK) > 1) hexdump_zxid((msg), (p), (lim), (max)) ++#else + #define HEXDUMP(msg, p, lim, max) if ((errmac_debug&ERRMAC_DEBUG_MASK) > 1) hexdump((msg), (p), (lim), (max)) ++#endif + #define DHEXDUMP(msg, p, lim, max) /* Disabled hex dump */ + + #define DUMP_CORE() ASSERT(0) + Copied: branches/2018Q3/security/zxid/files/patch-zxsig.c (from r478658, head/security/zxid/files/patch-zxsig.c) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2018Q3/security/zxid/files/patch-zxsig.c Sat Sep 1 07:40:28 2018 (r478659, copy of r478658, head/security/zxid/files/patch-zxsig.c) @@ -0,0 +1,69 @@ +--- zxsig.c.orig 2016-02-29 00:16:50 UTC ++++ zxsig.c +@@ -887,8 +887,13 @@ int zx_report_openssl_err(const char* lo + #endif + + D("%s: len=%d data(%.*s)", lk, len, len, data); ++#if __FreeBSD__ ++ D("%s: data above %d", lk, hexdump_zxid("data: ", data, data+len, 4096)); ++ D("%s: digest above %d", lk, hexdump_zxid("digest: ", mdbuf, mdbuf+mdlen, 64)); ++#else + D("%s: data above %d", lk, hexdump("data: ", data, data+len, 4096)); + D("%s: digest above %d", lk, hexdump("digest: ", mdbuf, mdbuf+mdlen, 64)); ++#endif + + if (!priv_key) { + ERR(priv_key_missing_msg, geteuid(), getegid()); +@@ -906,7 +911,11 @@ int zx_report_openssl_err(const char* lo + if (RSA_sign(EVP_MD_type(evp_digest), mdbuf, mdlen, (unsigned char*)*sig, (unsigned int*)&len, rsa)) { + DD("data = %s, SHA1 sig = %s, siglen = %d", data, *sig, len); + D("RSA siglen = %d", len); ++#if __FreeBSD__ ++ D("%s: sig above %d", lk, hexdump_zxid("sig: ", *sig, *sig+len, 1024)); ++#else + D("%s: sig above %d", lk, hexdump("sig: ", *sig, *sig+len, 1024)); ++#endif + return len; + } + #else +@@ -1042,9 +1051,15 @@ int zxsig_verify_data(int len, char* dat + else if (!strcmp(mdalg, "SHA512")) { SHA512((unsigned char*)data, len, mdbuf); nid = NID_sha512; } + else { SHA1((unsigned char*)data, len, mdbuf); nid = NID_sha1; } + #endif ++#if __FreeBSD__ ++ D("%s: vfy data len=%d above %d", lk, len, hexdump_zxid("data: ", data, data+len, 8192)); ++ D("%s: vfy sig above %d", lk, hexdump_zxid("sig: ", sig, sig+siglen, 8192)); ++ D("%s: vfy md above %d", lk, hexdump_zxid("md: ", mdbuf, mdbuf+64, 64)); ++#else + D("%s: vfy data len=%d above %d", lk, len, hexdump("data: ", data, data+len, 8192)); + D("%s: vfy sig above %d", lk, hexdump("sig: ", sig, sig+siglen, 8192)); + D("%s: vfy md above %d", lk, hexdump("md: ", mdbuf, mdbuf+64, 64)); ++#endif + + evp_pubk = X509_get_pubkey(cert); + if (!evp_pubk) { +@@ -1080,7 +1095,11 @@ int zxsig_verify_data(int len, char* dat + if (!verdict) { + ERR("RSA signature verify in %s data failed. Perhaps you have bad or no certificate(%p) len=%d data=%p siglen=%d sig=%p", lk, cert, len, data, siglen, sig); + zx_report_openssl_err(lk); ++#if __FreeBSD__ ++ D("RSA_vfy(%s) bad sig above %d", lk, hexdump_zxid("sig: ", sig, sig+siglen, 4096)); ++#else + D("RSA_vfy(%s) bad sig above %d", lk, hexdump("sig: ", sig, sig+siglen, 4096)); ++#endif + return ZXSIG_VFY_FAIL; + } else { + D("RSA verify OK %d", verdict); +@@ -1115,7 +1134,11 @@ int zxsig_verify_data(int len, char* dat + if (!verdict) { + ERR("DSA signature verify in %s data failed. Perhaps you have bad or no certificate(%p) len=%d data=%p siglen=%d sig=%p", lk, cert, len, data, siglen, sig); + zx_report_openssl_err(lk); ++#if __FreeBSD__ ++ D("DSA_vfy(%s) sig above %d", lk, hexdump_zxid("sig: ", sig, sig+siglen, 4096)); ++#else + D("DSA_vfy(%s) sig above %d", lk, hexdump("sig: ", sig, sig+siglen, 4096)); ++#endif + return ZXSIG_VFY_FAIL; + } else { + D("DSA verify OK %d", verdict); + Copied: branches/2018Q3/security/zxid/files/patch-zxutil.c (from r478658, head/security/zxid/files/patch-zxutil.c) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2018Q3/security/zxid/files/patch-zxutil.c Sat Sep 1 07:40:28 2018 (r478659, copy of r478658, head/security/zxid/files/patch-zxutil.c) @@ -0,0 +1,21 @@ +--- zxutil.c.orig 2018-08-06 01:37:42 UTC ++++ zxutil.c +@@ -681,7 +681,7 @@ linkrest: + /*() Output a hexdump to stderr. Used for debugging purposes. */ + + /* Called by: */ +-int hexdump(const char* msg, const void* data, const void* lim, int max) ++int hexdump_zxid(const char* msg, const void* data, const void* lim, int max) + { + int i; + const char* p = (const char*)data; +@@ -720,7 +720,7 @@ int hexdump(const char* msg, const void* + + /* Called by: zx_get_symkey, zx_raw_cipher2 x4, zxbus_verify_receipt x2, zxsig_validate x19 */ + int hexdmp(const char* msg, const void* p, int len, int max) { +- return hexdump(msg, p, p+len, max); ++ return hexdump_zxid(msg, p, p+len, max); + } + + /* +
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201809010740.w817eSsC066679>