diff options
| author | Greg Hudson <ghudson@mit.edu> | 2013-04-08 15:32:31 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2013-04-08 15:32:31 -0400 |
| commit | 31124ffb81e8c0935403a9fdc169dead5ecaa777 (patch) | |
| tree | 837d49e7ef8de324f8ad288ab3231ca2acdcdbd7 /src/lib | |
| parent | caaf72893a5be61822763eb471f4d573992479ed (diff) | |
| download | krb5-31124ffb81e8c0935403a9fdc169dead5ecaa777.zip krb5-31124ffb81e8c0935403a9fdc169dead5ecaa777.tar.gz krb5-31124ffb81e8c0935403a9fdc169dead5ecaa777.tar.bz2 | |
Avoid passing null pointers to memcpy/memcmp
By a strict reading of the C standard, memcpy and memcmp have
undefined behavior if their pointer arguments aren't valid object
pointers, even if the length argument is 0. Compilers are becoming
more aggressive about breaking code with undefined behavior, so we
should try to avoid it when possible.
In a krb5_data object, we frequently use NULL as the data value when
the length is 0. Accordingly, we should avoid copying from or
comparing the data field of a length-0 krb5_data object. Add checks
to our wrapper functions (like data_eq and k5_memdup) and to code
which works with possibly-empty krb5_data objects. In a few places,
use wrapper functions to simplify the code rather than adding checks.
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/crypto/krb/encrypt.c | 3 | ||||
| -rw-r--r-- | src/lib/crypto/krb/s2k_des.c | 11 | ||||
| -rw-r--r-- | src/lib/crypto/krb/s2k_pbkdf2.c | 11 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/iakerb.c | 3 | ||||
| -rw-r--r-- | src/lib/krb5/ccache/ccfns.c | 19 | ||||
| -rw-r--r-- | src/lib/krb5/ccache/ccselect_k5identity.c | 5 | ||||
| -rw-r--r-- | src/lib/krb5/krb/authdata.c | 3 | ||||
| -rw-r--r-- | src/lib/krb5/krb/chk_trans.c | 3 | ||||
| -rw-r--r-- | src/lib/krb5/krb/conv_princ.c | 6 | ||||
| -rw-r--r-- | src/lib/krb5/krb/get_in_tkt.c | 11 | ||||
| -rw-r--r-- | src/lib/krb5/krb/pr_to_salt.c | 6 | ||||
| -rw-r--r-- | src/lib/krb5/krb/princ_comp.c | 2 | ||||
| -rw-r--r-- | src/lib/krb5/krb/s4u_creds.c | 9 | ||||
| -rw-r--r-- | src/lib/krb5/krb/unparse.c | 3 | ||||
| -rw-r--r-- | src/lib/krb5/krb/walk_rtree.c | 4 |
15 files changed, 50 insertions, 49 deletions
diff --git a/src/lib/crypto/krb/encrypt.c b/src/lib/crypto/krb/encrypt.c index f46fb13..d9d575a 100644 --- a/src/lib/crypto/krb/encrypt.c +++ b/src/lib/crypto/krb/encrypt.c @@ -60,7 +60,8 @@ krb5_k_encrypt(krb5_context context, krb5_key key, iov[1].flags = KRB5_CRYPTO_TYPE_DATA; iov[1].data = make_data(output->ciphertext.data + header_len, input->length); - memcpy(iov[1].data.data, input->data, input->length); + if (input->length > 0) + memcpy(iov[1].data.data, input->data, input->length); iov[2].flags = KRB5_CRYPTO_TYPE_PADDING; iov[2].data = make_data(iov[1].data.data + input->length, padding_len); diff --git a/src/lib/crypto/krb/s2k_des.c b/src/lib/crypto/krb/s2k_des.c index 61b3c0f..31a613b 100644 --- a/src/lib/crypto/krb/s2k_des.c +++ b/src/lib/crypto/krb/s2k_des.c @@ -404,7 +404,8 @@ afs_s2k_oneblock(const krb5_data *data, const krb5_data *salt, */ memset(password, 0, sizeof(password)); - memcpy(password, salt->data, min(salt->length, 8)); + if (salt->length > 0) + memcpy(password, salt->data, min(salt->length, 8)); for (i = 0; i < 8; i++) { if (isupper(password[i])) password[i] = tolower(password[i]); @@ -443,7 +444,8 @@ afs_s2k_multiblock(const krb5_data *data, const krb5_data *salt, if (!password) return ENOMEM; - memcpy(password, data->data, data->length); + if (data->length > 0) + memcpy(password, data->data, data->length); for (i = data->length, j = 0; j < salt->length; i++, j++) { password[i] = salt->data[j]; if (isupper(password[i])) @@ -513,8 +515,9 @@ des_s2k(const krb5_data *pw, const krb5_data *salt, unsigned char *key_out) copy = malloc(copylen); if (copy == NULL) return ENOMEM; - memcpy(copy, pw->data, pw->length); - if (salt) + if (pw->length > 0) + memcpy(copy, pw->data, pw->length); + if (salt != NULL && salt->length > 0) memcpy(copy + pw->length, salt->data, salt->length); memset(&temp, 0, sizeof(temp)); diff --git a/src/lib/crypto/krb/s2k_pbkdf2.c b/src/lib/crypto/krb/s2k_pbkdf2.c index 2476865..4ada811 100644 --- a/src/lib/crypto/krb/s2k_pbkdf2.c +++ b/src/lib/crypto/krb/s2k_pbkdf2.c @@ -61,8 +61,9 @@ krb5int_dk_string_to_key(const struct krb5_keytypes *ktp, /* construct input string ( = string + salt), fold it, make_key it */ - memcpy(concat, string->data, string->length); - if (salt) + if (string->length > 0) + memcpy(concat, string->data, string->length); + if (salt != NULL && salt->length > 0) memcpy(concat + string->length, salt->data, salt->length); krb5int_nfold(concatlen*8, concat, keybytes*8, foldstring); @@ -146,9 +147,11 @@ pbkdf2_string_to_key(const struct krb5_keytypes *ktp, const krb5_data *string, if (err) return err; - memcpy(sandp.data, pepper->data, pepper->length); + if (pepper->length > 0) + memcpy(sandp.data, pepper->data, pepper->length); sandp.data[pepper->length] = '\0'; - memcpy(&sandp.data[pepper->length + 1], salt->data, salt->length); + if (salt->length > 0) + memcpy(&sandp.data[pepper->length + 1], salt->data, salt->length); salt = &sandp; } diff --git a/src/lib/gssapi/krb5/iakerb.c b/src/lib/gssapi/krb5/iakerb.c index 8c6a082..f30de32 100644 --- a/src/lib/gssapi/krb5/iakerb.c +++ b/src/lib/gssapi/krb5/iakerb.c @@ -278,7 +278,8 @@ iakerb_make_token(iakerb_ctx_id_t ctx, } data->data = p; - memcpy(data->data + data->length, request->data, request->length); + if (request->length > 0) + memcpy(data->data + data->length, request->data, request->length); data->length += request->length; if (initialContextToken) diff --git a/src/lib/krb5/ccache/ccfns.c b/src/lib/krb5/ccache/ccfns.c index 3154b17..1a0bed0 100644 --- a/src/lib/krb5/ccache/ccfns.c +++ b/src/lib/krb5/ccache/ccfns.c @@ -284,15 +284,9 @@ krb5_cc_set_config(krb5_context context, krb5_ccache id, if (data == NULL) { ret = krb5_cc_remove_cred(context, id, 0, &cred); } else { - cred.ticket.data = malloc(data->length); - if (cred.ticket.data == NULL) { - ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + ret = krb5int_copy_data_contents(context, data, &cred.ticket); + if (ret) goto out; - } - cred.ticket.length = data->length; - memcpy(cred.ticket.data, data->data, data->length); - ret = krb5_cc_store_cred(context, id, &cred); } out: @@ -319,14 +313,9 @@ krb5_cc_get_config(krb5_context context, krb5_ccache id, if (ret) goto out; - data->data = malloc(cred.ticket.length); - if (data->data == NULL) { - ret = ENOMEM; - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + ret = krb5int_copy_data_contents(context, &cred.ticket, data); + if (ret) goto out; - } - data->length = cred.ticket.length; - memcpy(data->data, cred.ticket.data, data->length); TRACE_CC_GET_CONFIG(context, id, principal, key, data); diff --git a/src/lib/krb5/ccache/ccselect_k5identity.c b/src/lib/krb5/ccache/ccselect_k5identity.c index adf0fad..bee5416 100644 --- a/src/lib/krb5/ccache/ccselect_k5identity.c +++ b/src/lib/krb5/ccache/ccselect_k5identity.c @@ -46,14 +46,13 @@ k5identity_init(krb5_context context, krb5_ccselect_moddata *data_out, static krb5_boolean fnmatch_data(const char *pattern, krb5_data *data, krb5_boolean fold_case) { + krb5_error_code ret; char *str, *p; int res; - str = malloc(data->length + 1); + str = k5memdup0(data->data, data->length, &ret); if (str == NULL) return FALSE; - memcpy(str, data->data, data->length); - str[data->length] = '\0'; if (fold_case) { for (p = str; *p != '\0'; p++) { diff --git a/src/lib/krb5/krb/authdata.c b/src/lib/krb5/krb/authdata.c index 546fb82..75b1c6e 100644 --- a/src/lib/krb5/krb/authdata.c +++ b/src/lib/krb5/krb/authdata.c @@ -292,8 +292,7 @@ k5_ad_find_module(krb5_context kcontext, continue; /* check for name match */ - if (strlen(module->name) != name->length || - memcmp(module->name, name->data, name->length) != 0) + if (!data_eq_string(*name, module->name)) continue; ret = module; diff --git a/src/lib/krb5/krb/chk_trans.c b/src/lib/krb5/krb/chk_trans.c index 2c29e62..71833e6 100644 --- a/src/lib/krb5/krb/chk_trans.c +++ b/src/lib/krb5/krb/chk_trans.c @@ -242,7 +242,8 @@ foreach_realm (krb5_error_code (*fn)(krb5_data *comp,void *data), void *data, if (p == transit->data) { if (crealm->length >= MAXLEN) return KRB5KRB_AP_ERR_ILL_CR_TKT; - memcpy (last, crealm->data, crealm->length); + if (crealm->length > 0) + memcpy (last, crealm->data, crealm->length); last[crealm->length] = '\0'; last_component.length = crealm->length; } diff --git a/src/lib/krb5/krb/conv_princ.c b/src/lib/krb5/krb/conv_princ.c index 04d4b65..c33c67d 100644 --- a/src/lib/krb5/krb/conv_princ.c +++ b/src/lib/krb5/krb/conv_princ.c @@ -194,7 +194,8 @@ krb5_524_conv_principal(krb5_context context, krb5_const_principal princ, compo = &princ->data[1]; if (compo->length >= INST_SZ - 1) return KRB5_INVALID_PRINCIPAL; - memcpy(inst, compo->data, compo->length); + if (compo->length > 0) + memcpy(inst, compo->data, compo->length); inst[compo->length] = '\0'; } /* fall through */ @@ -204,7 +205,8 @@ krb5_524_conv_principal(krb5_context context, krb5_const_principal princ, compo = &princ->data[0]; if (compo->length >= ANAME_SZ) return KRB5_INVALID_PRINCIPAL; - memcpy(name, compo->data, compo->length); + if (compo->length > 0) + memcpy(name, compo->data, compo->length); name[compo->length] = '\0'; } break; diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c index 15f7cc6..59614e7 100644 --- a/src/lib/krb5/krb/get_in_tkt.c +++ b/src/lib/krb5/krb/get_in_tkt.c @@ -1073,6 +1073,7 @@ init_creds_validate_reply(krb5_context context, static void read_allowed_preauth_type(krb5_context context, krb5_init_creds_context ctx) { + krb5_error_code ret; krb5_data config; char *tmp, *p; @@ -1084,18 +1085,14 @@ read_allowed_preauth_type(krb5_context context, krb5_init_creds_context ctx) ctx->request->server, KRB5_CC_CONF_PA_TYPE, &config) != 0) return; - tmp = malloc(config.length + 1); - if (tmp == NULL) { - krb5_free_data_contents(context, &config); + tmp = k5memdup0(config.data, config.length, &ret); + krb5_free_data_contents(context, &config); + if (tmp == NULL) return; - } - memcpy(tmp, config.data, config.length); - tmp[config.length] = '\0'; ctx->allowed_preauth_type = strtol(tmp, &p, 10); if (p == NULL || *p != '\0') ctx->allowed_preauth_type = KRB5_PADATA_NONE; free(tmp); - krb5_free_data_contents(context, &config); } static krb5_error_code diff --git a/src/lib/krb5/krb/pr_to_salt.c b/src/lib/krb5/krb/pr_to_salt.c index 87fe911..00d0c73 100644 --- a/src/lib/krb5/krb/pr_to_salt.c +++ b/src/lib/krb5/krb/pr_to_salt.c @@ -56,11 +56,13 @@ principal2salt_internal(krb5_context context, if (use_realm) { offset = pr->realm.length; - memcpy(ret->data, pr->realm.data, offset); + if (offset > 0) + memcpy(ret->data, pr->realm.data, offset); } for (i = 0; i < pr->length; i++) { - memcpy(&ret->data[offset], pr->data[i].data, pr->data[i].length); + if (pr->data[i].length > 0) + memcpy(&ret->data[offset], pr->data[i].data, pr->data[i].length); offset += pr->data[i].length; } return 0; diff --git a/src/lib/krb5/krb/princ_comp.c b/src/lib/krb5/krb/princ_comp.c index 994f41d..a693610 100644 --- a/src/lib/krb5/krb/princ_comp.c +++ b/src/lib/krb5/krb/princ_comp.c @@ -38,6 +38,8 @@ realm_compare_flags(krb5_context context, if (realm1->length != realm2->length) return FALSE; + if (realm1->length == 0) + return TRUE; return (flags & KRB5_PRINCIPAL_COMPARE_CASEFOLD) ? (strncasecmp(realm1->data, realm2->data, realm2->length) == 0) : diff --git a/src/lib/krb5/krb/s4u_creds.c b/src/lib/krb5/krb/s4u_creds.c index b7bb9fe..c85c0d4 100644 --- a/src/lib/krb5/krb/s4u_creds.c +++ b/src/lib/krb5/krb/s4u_creds.c @@ -161,14 +161,17 @@ make_pa_for_user_checksum(krb5_context context, p += 4; for (i = 0; i < req->user->length; i++) { - memcpy(p, req->user->data[i].data, req->user->data[i].length); + if (req->user->data[i].length > 0) + memcpy(p, req->user->data[i].data, req->user->data[i].length); p += req->user->data[i].length; } - memcpy(p, req->user->realm.data, req->user->realm.length); + if (req->user->realm.length > 0) + memcpy(p, req->user->realm.data, req->user->realm.length); p += req->user->realm.length; - memcpy(p, req->auth_package.data, req->auth_package.length); + if (req->auth_package.length > 0) + memcpy(p, req->auth_package.data, req->auth_package.length); /* Per spec, use hmac-md5 checksum regardless of key type. */ code = krb5_c_make_checksum(context, CKSUMTYPE_HMAC_MD5_ARCFOUR, key, diff --git a/src/lib/krb5/krb/unparse.c b/src/lib/krb5/krb/unparse.c index 779121a..5bb64d0 100644 --- a/src/lib/krb5/krb/unparse.c +++ b/src/lib/krb5/krb/unparse.c @@ -90,7 +90,8 @@ copy_component_quoting(char *dest, const krb5_data *src, int flags) int length = src->length; if (flags & KRB5_PRINCIPAL_UNPARSE_DISPLAY) { - memcpy(dest, src->data, src->length); + if (src->length > 0) + memcpy(dest, src->data, src->length); return src->length; } diff --git a/src/lib/krb5/krb/walk_rtree.c b/src/lib/krb5/krb/walk_rtree.c index 0aed147..2b96628 100644 --- a/src/lib/krb5/krb/walk_rtree.c +++ b/src/lib/krb5/krb/walk_rtree.c @@ -105,10 +105,8 @@ krb5_walk_realm_tree( krb5_context context, if (client->data == NULL || server->data == NULL) return KRB5_NO_TKT_IN_RLM; - if (client->length == server->length && - memcmp(client->data, server->data, server->length) == 0) { + if (data_eq(*client, *server)) return KRB5_NO_TKT_IN_RLM; - } retval = rtree_capath_vals(context, client, server, &capvals); if (retval) return retval; |