[SCM] GNU gsasl branch, master, updated. gsasl-1-4-1-56-g7959565

gsasl-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gsasl branch, master, updated. gsasl-1-4-1-56-g7959565

From:	Simon Josefsson
Subject:	[SCM] GNU gsasl branch, master, updated. gsasl-1-4-1-56-g7959565
Date:	Thu, 18 Mar 2010 15:04:25 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gsasl".

http://git.savannah.gnu.org/cgit/gsasl.git/commit/?id=7959565a46cb2b4c147f10f8eb3ffd2507501939

The branch, master has been updated
       via  7959565a46cb2b4c147f10f8eb3ffd2507501939 (commit)
       via  9b2a31d07984d9dc31145f11fc3e6530ef84f4d3 (commit)
      from  9271d262c4423827185fafb369671baaa8efdc92 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 7959565a46cb2b4c147f10f8eb3ffd2507501939
Author: Simon Josefsson <address@hidden>
Date:   Thu Mar 18 16:04:21 2010 +0100

    SCRAM: Don't read out of bounds when parsing tokens.

commit 9b2a31d07984d9dc31145f11fc3e6530ef84f4d3
Author: Simon Josefsson <address@hidden>
Date:   Thu Mar 18 16:03:05 2010 +0100

    Add self-test for round-out-of-bounds.

-----------------------------------------------------------------------

Summary of changes:
 lib/NEWS           |    2 +
 lib/scram/parser.c |    8 ++--
 tests/Makefile.am  |    2 +-
 tests/readnz.c     |  111 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 118 insertions(+), 5 deletions(-)
 create mode 100644 tests/readnz.c

diff --git a/lib/NEWS b/lib/NEWS
index b9cfbcb..4289d0f 100644
--- a/lib/NEWS
+++ b/lib/NEWS
@@ -15,6 +15,8 @@ they are compatible in modern releases.
 ** SCRAM: Encode and decode username/authzid properly.
 Before any username/authzid that contained '=' or ',' would not work.
 
+** SCRAM: Don't read out of bounds when parsing tokens.
+
 ** DIGEST-MD5: The server code now returns GSASL_OK after the final token.
 
 ** API and ABI modifications.
diff --git a/lib/scram/parser.c b/lib/scram/parser.c
index a7fbff5..3a38bb0 100644
--- a/lib/scram/parser.c
+++ b/lib/scram/parser.c
@@ -76,7 +76,7 @@ scram_parse_client_first (const char *str, size_t len,
                          struct scram_client_first *cf)
 {
   /* Minimum client first string is 'n,,n=a,r=b'. */
-  if (strlen (str) < 10)
+  if (strnlen (str, len) < 10)
     return -1;
 
   if (len == 0 || *str != 'n')
@@ -199,7 +199,7 @@ scram_parse_server_first (const char *str, size_t len,
                          struct scram_server_first *sf)
 {
   /* Minimum server first string is 'r=ab,s=biws,i=1'. */
-  if (strlen (str) < 15)
+  if (strnlen (str, len) < 15)
     return -1;
 
   if (len == 0 || *str != 'r')
@@ -308,7 +308,7 @@ scram_parse_client_final (const char *str, size_t len,
                          struct scram_client_final *cl)
 {
   /* Minimum client final string is 'c=biws,r=ab,p=ab=='. */
-  if (strlen (str) < 18)
+  if (strnlen (str, len) < 18)
     return -1;
 
   if (len == 0 || *str != 'c')
@@ -413,7 +413,7 @@ scram_parse_server_final (const char *str, size_t len,
                          struct scram_server_final *sl)
 {
   /* Minimum client final string is 'v=ab=='. */
-  if (strlen (str) < 6)
+  if (strnlen (str, len) < 6)
     return -1;
 
   if (len == 0 || *str != 'v')
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 2aa1d09..f5915a4 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -41,7 +41,7 @@ TESTS_ENVIRONMENT = \
        $(VALGRIND)
 
 ctests = external cram-md5 digest-md5 md5file name errors suggest      \
-       simple crypto scram symbols gssapi gs2-krb5
+       simple crypto scram symbols gssapi gs2-krb5 readnz
 
 if OBSOLETE
 ctests += old-simple old-md5file old-cram-md5 old-digest-md5   \
diff --git a/tests/readnz.c b/tests/readnz.c
new file mode 100644
index 0000000..c3f6de1
--- /dev/null
+++ b/tests/readnz.c
@@ -0,0 +1,111 @@
+/* readnz.c --- Check out-of-bounds reads on non-zero terminated strings.
+ * Copyright (C) 2010  Simon Josefsson
+ *
+ * This file is part of GNU SASL.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdbool.h>
+
+#include "utils.h"
+
+static void
+doit2 (bool server_p)
+{
+  Gsasl *ctx = NULL;
+  Gsasl_session *session = NULL;
+  char *mechs;
+  char *mech, *ptrptr;
+  char *s1;
+  size_t s1len;
+  int res;
+  size_t i;
+
+  res = gsasl_init (&ctx);
+  if (res != GSASL_OK)
+    {
+      fail ("gsasl_init() failed (%d):\n%s\n", res, gsasl_strerror (res));
+      return;
+    }
+
+  if (server_p)
+    res = gsasl_server_mechlist (ctx, &mechs);
+  else
+    res = gsasl_client_mechlist (ctx, &mechs);
+  if (res != GSASL_OK)
+    {
+      fail ("mechlist() failed (%d):\n%s\n",
+           res, gsasl_strerror (res));
+      return;
+    }
+
+  for (i = 0; (mech = strtok_r (i == 0 ? mechs : NULL, " ", &ptrptr)); i++)
+    {
+      size_t len;
+
+      for (len = 0; len < 5; len++)
+       {
+         char *p;
+
+         if (server_p)
+           res = gsasl_server_start (ctx, mech, &session);
+         else
+           res = gsasl_client_start (ctx, mech, &session);
+         if (res != GSASL_OK)
+           {
+             fail ("start(%s) failed (%d):\n%s\n", mech,
+                   res, gsasl_strerror (res));
+             return;
+           }
+
+         p = malloc (len);
+         if (!p)
+           {
+             fail ("out of memory");
+             return;
+           }
+
+         memset (p, 42, len);
+
+         res = gsasl_step (session, p, len, &s1, &s1len);
+         if (res == GSASL_OK || res == GSASL_NEEDS_MORE)
+           gsasl_free (s1);
+
+         gsasl_free (p);
+
+         gsasl_finish (session);
+       }
+    }
+
+  gsasl_free (mechs);
+
+  gsasl_done (ctx);
+}
+
+void
+doit (void)
+{
+  doit2 (true);
+  doit2 (false);
+}


hooks/post-receive
-- 
GNU gsasl

[Prev in Thread]

Current Thread

[Next in Thread]

[SCM] GNU gsasl branch, master, updated. gsasl-1-4-1-56-g7959565, Simon Josefsson <=

Prev by Date: [SCM] GNU gsasl branch, master, updated. gsasl-1-4-1-54-g9271d26
Next by Date: [SCM] GNU gsasl branch, master, updated. gsasl-1-4-1-58-g239669a
Previous by thread: [SCM] GNU gsasl branch, master, updated. gsasl-1-4-1-54-g9271d26
Next by thread: [SCM] GNU gsasl branch, master, updated. gsasl-1-4-1-58-g239669a
Index(es):
- Date
- Thread