gsasl-commit
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gsasl branch, master, updated. gsasl-1-3-20-g3cd4787

From: Simon Josefsson
Subject: [SCM] GNU gsasl branch, master, updated. gsasl-1-3-20-g3cd4787
Date: Mon, 26 Oct 2009 15:51:01 +0000 
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gsasl".

http://git.savannah.gnu.org/cgit/gsasl.git/commit/?id=3cd4787ae4df3e67252df4e65d2236c66e4842b1

The branch, master has been updated
       via  3cd4787ae4df3e67252df4e65d2236c66e4842b1 (commit)
       via  17cf04b3ba18cb730579514438b6808084ffcebb (commit)
       via  31d01a1dfa1b0bca33e0f9b74ef05677e57d927d (commit)
       via  bdcfe94400fec5792141825ab7766bacd4954f61 (commit)
       via  be3504034b9094af12905d6ec449bf552411fe39 (commit)
      from  c8fc8cd6db2f4bdc6662a97807ffa21335c296f3 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 3cd4787ae4df3e67252df4e65d2236c66e4842b1
Author: Simon Josefsson <address@hidden>
Date:   Mon Oct 26 16:50:53 2009 +0100

    Add.

commit 17cf04b3ba18cb730579514438b6808084ffcebb
Author: Simon Josefsson <address@hidden>
Date:   Mon Oct 26 16:49:35 2009 +0100

    Also test when app provides a GSASL_SCRAM_SALTED_PASSWORD.

commit 31d01a1dfa1b0bca33e0f9b74ef05677e57d927d
Author: Simon Josefsson <address@hidden>
Date:   Mon Oct 26 16:47:56 2009 +0100

    Fix crash in code when application provides a GSASL_SCRAM_SALTED_PASSWORD.

commit bdcfe94400fec5792141825ab7766bacd4954f61
Author: Simon Josefsson <address@hidden>
Date:   Mon Oct 26 16:37:46 2009 +0100

    Add.

commit be3504034b9094af12905d6ec449bf552411fe39
Author: Simon Josefsson <address@hidden>
Date:   Mon Oct 26 16:36:29 2009 +0100

    Prefer SCRAM-SHA-1 over CRAM-MD5 and DIGEST-MD5.

-----------------------------------------------------------------------

Summary of changes:
 NEWS               |    3 +++
 lib/NEWS           |    3 +++
 lib/scram/client.c |   11 +++++------
 lib/src/init.c     |   12 ++++++------
 tests/scram.c      |   14 ++++++++++++--
 5 files changed, 29 insertions(+), 14 deletions(-)

diff --git a/NEWS b/NEWS
index 26be0b7..f854f9a 100644
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,9 @@ SASL.  That include the manual, the command line tool, and 
self tests.
 
 ** tests/crypto: Also test newly added SHA-1 interfaces.
 
+** tests/scram: Also test GSASL_SCRAM_SALTED_PASSWORD case.
+This code path triggered a crash in v1.3.
+
 ** i18n: Added Finnish translation.
 Thanks to Jorma Karvonen <address@hidden>.
 
diff --git a/lib/NEWS b/lib/NEWS
index 9edc680..99a20aa 100644
--- a/lib/NEWS
+++ b/lib/NEWS
@@ -10,6 +10,9 @@ This was accidentally forgotten in the last release.
 ** libgsasl: Export gsasl_sha1 and gsasl_hmac_sha1 in linker version script.
 This was accidentally forgotten in the last release.
 
+** libgsasl: Fix crash in SCRAM-SHA-1 client when the application provides
+** a value for GSASL_SCRAM_SALTED_PASSWORD.
+
 ** i18n: Added Finnish translation.
 Thanks to Jorma Karvonen <address@hidden>.
 
diff --git a/lib/scram/client.c b/lib/scram/client.c
index 869d83f..de087cc 100644
--- a/lib/scram/client.c
+++ b/lib/scram/client.c
@@ -30,7 +30,7 @@
 /* Get malloc, free. */
 #include <stdlib.h>
 
-/* Get memcpy, strlen. */
+/* Get memcpy, strlen, strchr. */
 #include <string.h>
 
 /* Get bool. */
@@ -110,19 +110,18 @@ sha1_hex_to_byte (char *saltedpassword, const char *p)
   while (*p)
     {
       *saltedpassword = hex_to_char (p[0], p[1]);
-      p++;
-
-      saltedpassword += 2;
+      p += 2;
+      saltedpassword++;
     }
 }
 
 static bool
 hex_p (const char *hexstr)
 {
-  static char hexalpha[] = "0123456789abcdef";
+  static const char hexalpha[] = "0123456789abcdef";
 
   for (; *hexstr; hexstr++)
-    if (!strchr (hexalpha, *hexstr))
+    if (strchr (hexalpha, *hexstr) == NULL)
       return false;
 
   return true;
diff --git a/lib/src/init.c b/lib/src/init.c
index cc7d60f..f764bdb 100644
--- a/lib/src/init.c
+++ b/lib/src/init.c
@@ -54,12 +54,6 @@ register_builtin_mechs (Gsasl * ctx)
 {
   int rc = GSASL_OK;
 
-#ifdef USE_SCRAM_SHA1
-  rc = gsasl_register (ctx, &gsasl_scram_sha1_mechanism);
-  if (rc != GSASL_OK)
-    return rc;
-#endif /* USE_SCRAM_SHA1 */
-
 #ifdef USE_ANONYMOUS
   rc = gsasl_register (ctx, &gsasl_anonymous_mechanism);
   if (rc != GSASL_OK)
@@ -108,6 +102,12 @@ register_builtin_mechs (Gsasl * ctx)
     return rc;
 #endif /* USE_CRAM_MD5 */
 
+#ifdef USE_SCRAM_SHA1
+  rc = gsasl_register (ctx, &gsasl_scram_sha1_mechanism);
+  if (rc != GSASL_OK)
+    return rc;
+#endif /* USE_SCRAM_SHA1 */
+
 #ifdef USE_GSSAPI
   rc = gsasl_register (ctx, &gsasl_gssapi_mechanism);
   if (rc != GSASL_OK)
diff --git a/tests/scram.c b/tests/scram.c
index d50c3b9..d4bb94f 100644
--- a/tests/scram.c
+++ b/tests/scram.c
@@ -87,7 +87,17 @@ callback (Gsasl * ctx, Gsasl_session * sctx, Gsasl_property 
prop)
       break;
 
     case GSASL_SCRAM_SALTED_PASSWORD:
-      /* No support for this yet. */
+      if (i & 0x04 && i & 0x08) /* Only works with fixed salt. */
+       {
+         const char *str[] = {
+           "06bfd2d70a0fa425c20473722a93700df39f3cbd",
+           "f1e6c0e5a207367176ac42c7799b67ae3e097d7e",
+         };
+         /* >>1 to mask out authzid. */
+         size_t pos = (i & ~0x04 & ~0x08) >> 1;
+         gsasl_property_set (sctx, prop, str[pos]);
+         rc = GSASL_OK;
+       }
       break;
 
     default:
@@ -124,7 +134,7 @@ doit (void)
 
   gsasl_callback_set (ctx, callback);
 
-  for (i = 0; i <= 7; i++)
+  for (i = 0; i <= 15; i++)
     {
       if (debug)
        printf ("Iteration %d ...\n", i);


hooks/post-receive
-- 
GNU gsasl
reply via email to
[Prev in Thread] Current Thread [Next in Thread]