[SCM] Samba Shared Repository - branch v4-16-stable updated
Jule Anger
janger at samba.org
Tue Oct 25 09:12:37 UTC 2022
The branch, v4-16-stable has been updated
via dc74e56c03d VERSION: Disable GIT_SNAPSHOT for the 4.16.6 release.
via 620698353ba WHATSNEW: Add release notes for Samba 4.16.6.
via 5c31d5beb3b CVE-2022-3437 third_party/heimdal: Pass correct length to _gssapi_verify_pad()
via 22dd9072c9f CVE-2022-3437 third_party/heimdal: Check for overflow in _gsskrb5_get_mech()
via d16ac1f4057 CVE-2022-3437 third_party/heimdal: Check buffer length against overflow for DES{,3} unwrap
via de77f015987 CVE-2022-3437 third_party/heimdal: Check the result of _gsskrb5_get_mech()
via e1c2e2836ef CVE-2022-3437 third_party/heimdal: Avoid undefined behaviour in _gssapi_verify_pad()
via c944773adc4 CVE-2022-3437 third_party/heimdal: Don't pass NULL pointers to memcpy() in DES unwrap
via 9ca9408c5ed CVE-2022-3437 third_party/heimdal: Use constant-time memcmp() in unwrap_des3()
via e3c314ed69f CVE-2022-3437 third_party/heimdal: Use constant-time memcmp() for arcfour unwrap
via 03eefa45d38 CVE-2022-3437 s4/auth/tests: Add unit tests for unwrap_des3()
via c5dd87f4888 CVE-2022-3437 third_party/heimdal_build: Add gssapi-subsystem subsystem
via 0eaa68d1935 CVE-2022-3437 third_party/heimdal: Remove __func__ compatibility workaround
via 1b4f98ef870 VERSION: Bump version up to Samba 4.16.5...
from c034f061d9c VERSION: Disable GIT_SNAPSHOT for the 4.16.5 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-16-stable
- Log -----------------------------------------------------------------
commit dc74e56c03d3aa95ec6b2e44f9ff3b22ee1e380b
Author: Jule Anger <janger at samba.org>
Date: Mon Oct 24 12:44:57 2022 +0200
VERSION: Disable GIT_SNAPSHOT for the 4.16.6 release.
Signed-off-by: Jule Anger <janger at samba.org>
commit 620698353ba0a3d95c28a7ff68ef8ad10f9663bd
Author: Jule Anger <janger at samba.org>
Date: Mon Oct 24 12:26:09 2022 +0200
WHATSNEW: Add release notes for Samba 4.16.6.
Signed-off-by: Jule Anger <janger at samba.org>
commit 5c31d5beb3bed6b28c8d648d889c47e69c16cc8e
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Oct 12 13:57:33 2022 +1300
CVE-2022-3437 third_party/heimdal: Pass correct length to _gssapi_verify_pad()
We later subtract 8 when calculating the length of the output message
buffer. If padlength is excessively high, this calculation can underflow
and result in a very large positive value.
Now we properly constrain the value of padlength so underflow shouldn't
be possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 22dd9072c9f964931db931ee0b638a9799e947ca
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Oct 10 20:33:09 2022 +1300
CVE-2022-3437 third_party/heimdal: Check for overflow in _gsskrb5_get_mech()
If len_len is equal to total_len - 1 (i.e. the input consists only of a
0x60 byte and a length), the expression 'total_len - 1 - len_len - 1',
used as the 'len' parameter to der_get_length(), will overflow to
SIZE_MAX. Then der_get_length() will proceed to read, unconstrained,
whatever data follows in memory. Add a check to ensure that doesn't
happen.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d16ac1f4057ec0c26768f04f00c512abf271be7f
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Aug 15 16:54:23 2022 +1200
CVE-2022-3437 third_party/heimdal: Check buffer length against overflow for DES{,3} unwrap
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit de77f0159873fb0c569c02cee5aa492af8e3f461
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Aug 15 16:53:55 2022 +1200
CVE-2022-3437 third_party/heimdal: Check the result of _gsskrb5_get_mech()
We should make sure that the result of 'total_len - mech_len' won't
overflow, and that we don't memcmp() past the end of the buffer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e1c2e2836efaa895d817b5611bf908284c3d415d
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Aug 15 16:53:45 2022 +1200
CVE-2022-3437 third_party/heimdal: Avoid undefined behaviour in _gssapi_verify_pad()
By decrementing 'pad' only when we know it's safe, we ensure we can't
stray backwards past the start of a buffer, which would be undefined
behaviour.
In the previous version of the loop, 'i' is the number of bytes left to
check, and 'pad' is the current byte we're checking. 'pad' was
decremented at the end of each loop iteration. If 'i' was 1 (so we
checked the final byte), 'pad' could potentially be pointing to the
first byte of the input buffer, and the decrement would put it one
byte behind the buffer.
That would be undefined behaviour.
The patch changes it so that 'pad' is the byte we previously checked,
which allows us to ensure that we only decrement it when we know we
have a byte to check.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c944773adc421b3f85a8166fa2d9733e3e9a10c2
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Oct 12 13:57:42 2022 +1300
CVE-2022-3437 third_party/heimdal: Don't pass NULL pointers to memcpy() in DES unwrap
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 9ca9408c5edf807de9fba9f59eabd899c79458a9
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Oct 12 13:57:55 2022 +1300
CVE-2022-3437 third_party/heimdal: Use constant-time memcmp() in unwrap_des3()
The surrounding checks all use ct_memcmp(), so this one was presumably
meant to as well.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e3c314ed69f99db1c797772fbda83820352d5387
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Oct 12 13:57:13 2022 +1300
CVE-2022-3437 third_party/heimdal: Use constant-time memcmp() for arcfour unwrap
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 03eefa45d38ca3eade2018767421bb60ba65d58b
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Oct 12 13:55:39 2022 +1300
CVE-2022-3437 s4/auth/tests: Add unit tests for unwrap_des3()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c5dd87f488820e180649e6fd3597bce4ffa24fdc
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Oct 12 13:55:51 2022 +1300
CVE-2022-3437 third_party/heimdal_build: Add gssapi-subsystem subsystem
This allows us to access (and so test) functions internal to GSSAPI by
depending on this subsystem.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 0eaa68d1935236c0a6188ba1ba078db507887e6c
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Oct 12 13:56:08 2022 +1300
CVE-2022-3437 third_party/heimdal: Remove __func__ compatibility workaround
As described by the C standard, __func__ is a variable, not a macro.
Hence this #ifndef check does not work as intended, and only serves to
unconditionally disable __func__. A nonoperating __func__ prevents
cmocka operating correctly, so remove this definition.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 46 +-
selftest/tests.py | 5 +
source4/auth/tests/heimdal_unwrap_des.c | 1244 +++++++++++++++++++++
source4/auth/wscript_build | 21 +
third_party/heimdal/lib/gssapi/krb5/arcfour.c | 14 +-
third_party/heimdal/lib/gssapi/krb5/decapsulate.c | 12 +-
third_party/heimdal/lib/gssapi/krb5/unwrap.c | 34 +-
third_party/heimdal/lib/krb5/krb5_locl.h | 4 -
third_party/heimdal_build/wscript_build | 18 +-
10 files changed, 1368 insertions(+), 32 deletions(-)
create mode 100644 source4/auth/tests/heimdal_unwrap_des.c
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index bb80bd65bd8..99e33e33656 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=16
-SAMBA_VERSION_RELEASE=5
+SAMBA_VERSION_RELEASE=6
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 08bb7086b27..fc386e8fb05 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,46 @@
+ ==============================
+ Release Notes for Samba 4.16.6
+ October 25, 2022
+ ==============================
+
+
+This is a security release in order to address the following defect:
+
+o CVE-2022-3437: There is a limited write heap buffer overflow in the GSSAPI
+ unwrap_des() and unwrap_des3() routines of Heimdal (included
+ in Samba).
+ https://www.samba.org/samba/security/CVE-2022-3437.html
+
+Changes since 4.16.5
+---------------------
+
+o Joseph Sutton <josephsutton at catalyst.net.nz>
+ * BUG 15134: CVE-2022-3437.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
==============================
Release Notes for Samba 4.16.5
September 07, 2022
@@ -60,8 +103,7 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
==============================
Release Notes for Samba 4.16.4
July 27, 2022
diff --git a/selftest/tests.py b/selftest/tests.py
index e35c3fff3c1..646956d783a 100644
--- a/selftest/tests.py
+++ b/selftest/tests.py
@@ -47,6 +47,8 @@ with_pam = ("WITH_PAM" in config_hash)
with_elasticsearch_backend = ("HAVE_SPOTLIGHT_BACKEND_ES" in config_hash)
pam_wrapper_so_path = config_hash.get("LIBPAM_WRAPPER_SO_PATH")
pam_set_items_so_path = config_hash.get("PAM_SET_ITEMS_SO_PATH")
+have_heimdal_support = "SAMBA4_USES_HEIMDAL" in config_hash
+using_system_gssapi = "USING_SYSTEM_GSSAPI" in config_hash
planpythontestsuite("none", "samba.tests.source")
planpythontestsuite("none", "samba.tests.source_chars")
@@ -432,6 +434,9 @@ plantestsuite("samba.unittests.test_registry_regfio", "none",
[os.path.join(bindir(), "default/source3/test_registry_regfio")])
plantestsuite("samba.unittests.test_oLschema2ldif", "none",
[os.path.join(bindir(), "default/source4/utils/oLschema2ldif/test_oLschema2ldif")])
+if have_heimdal_support and not using_system_gssapi:
+ plantestsuite("samba.unittests.auth.heimdal_gensec_unwrap_des", "none",
+ [valgrindify(os.path.join(bindir(), "test_heimdal_gensec_unwrap_des"))])
if with_elasticsearch_backend:
plantestsuite("samba.unittests.mdsparser_es", "none",
[os.path.join(bindir(), "default/source3/test_mdsparser_es")] + [configuration])
diff --git a/source4/auth/tests/heimdal_unwrap_des.c b/source4/auth/tests/heimdal_unwrap_des.c
new file mode 100644
index 00000000000..fbfe7782e7e
--- /dev/null
+++ b/source4/auth/tests/heimdal_unwrap_des.c
@@ -0,0 +1,1244 @@
+/*
+ * Unit tests for third_party/heimdal/lib/gssapi/krb5/unwrap.c
+ *
+ * Copyright (C) Catalyst.NET Ltd 2022
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+/*
+ * from cmocka.c:
+ * These headers or their equivalents should be included prior to
+ * including
+ * this header file.
+ *
+ * #include <stdarg.h>
+ * #include <stddef.h>
+ * #include <setjmp.h>
+ *
+ * This allows test applications to use custom definitions of C standard
+ * library functions and types.
+ *
+ */
+
+#include <stdarg.h>
+#include <stddef.h>
+#include <setjmp.h>
+
+#include <cmocka.h>
+
+#include "includes.h"
+#include "replace.h"
+
+#include "../../../third_party/heimdal/lib/gssapi/gssapi/gssapi.h"
+#include "gsskrb5_locl.h"
+
+/******************************************************************************
+ * Helper functions
+ ******************************************************************************/
+
+const uint8_t *valid_range_begin;
+const uint8_t *valid_range_end;
+const uint8_t *invalid_range_end;
+
+/*
+ * 'array_len' is the size of the passed in array. 'buffer_len' is the size to
+ * report in the resulting buffer.
+ */
+static const gss_buffer_desc get_input_buffer(TALLOC_CTX *mem_ctx,
+ const uint8_t array[],
+ const size_t array_len,
+ const size_t buffer_len)
+{
+ gss_buffer_desc buf;
+
+ /* Add some padding to catch invalid memory accesses. */
+ const size_t padding = 0x100;
+ const size_t padded_len = array_len + padding;
+
+ uint8_t *data = talloc_size(mem_ctx, padded_len);
+ assert_non_null(data);
+
+ memcpy(data, array, array_len);
+ memset(data + array_len, 0, padding);
+
+ assert_in_range(buffer_len, 0, array_len);
+
+ buf.value = data;
+ buf.length = buffer_len;
+
+ valid_range_begin = buf.value;
+ valid_range_end = valid_range_begin + buf.length;
+ invalid_range_end = valid_range_begin + padded_len;
+
+ return buf;
+}
+
+static void assert_mem_in_valid_range(const uint8_t *ptr, const size_t len)
+{
+ /* Ensure we've set up the range pointers properly. */
+ assert_non_null(valid_range_begin);
+ assert_non_null(valid_range_end);
+ assert_non_null(invalid_range_end);
+
+ /*
+ * Ensure the length isn't excessively large (a symptom of integer
+ * underflow).
+ */
+ assert_in_range(len, 0, 0x1000);
+
+ /* Ensure the memory is in our valid range. */
+ assert_in_range(ptr, valid_range_begin, valid_range_end);
+ assert_in_range(ptr + len, valid_range_begin, valid_range_end);
+}
+
+/*
+ * This function takes a pointer to volatile to allow it to be called from the
+ * ct_memcmp() wrapper.
+ */
+static void assert_mem_outside_invalid_range(const volatile uint8_t *ptr,
+ const size_t len)
+{
+ const LargestIntegralType _valid_range_end
+ = cast_ptr_to_largest_integral_type(valid_range_end);
+ const LargestIntegralType _invalid_range_end
+ = cast_ptr_to_largest_integral_type(invalid_range_end);
+ const LargestIntegralType _ptr = cast_ptr_to_largest_integral_type(ptr);
+ const LargestIntegralType _len = cast_to_largest_integral_type(len);
+
+ /* Ensure we've set up the range pointers properly. */
+ assert_non_null(valid_range_begin);
+ assert_non_null(valid_range_end);
+ assert_non_null(invalid_range_end);
+
+ /*
+ * Ensure the length isn't excessively large (a symptom of integer
+ * underflow).
+ */
+ assert_in_range(len, 0, 0x1000);
+
+ /* Ensure the memory is outside the invalid range. */
+ if (_ptr < _invalid_range_end && _ptr + _len > _valid_range_end) {
+ fail();
+ }
+}
+
+/*****************************************************************************
+ * wrapped functions
+ *****************************************************************************/
+
+krb5_keyblock dummy_key;
+
+krb5_error_code __wrap_krb5_auth_con_getlocalsubkey(krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_keyblock **keyblock);
+krb5_error_code __wrap_krb5_auth_con_getlocalsubkey(krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_keyblock **keyblock)
+{
+ *keyblock = &dummy_key;
+ return 0;
+}
+
+void __wrap_krb5_free_keyblock(krb5_context context,
+ krb5_keyblock *keyblock);
+void __wrap_krb5_free_keyblock(krb5_context context,
+ krb5_keyblock *keyblock)
+{
+ assert_ptr_equal(&dummy_key, keyblock);
+}
+
+struct krb5_crypto_data dummy_crypto;
+
+krb5_error_code __wrap_krb5_crypto_init(krb5_context context,
+ const krb5_keyblock *key,
+ krb5_enctype etype,
+ krb5_crypto *crypto);
+krb5_error_code __wrap_krb5_crypto_init(krb5_context context,
+ const krb5_keyblock *key,
+ krb5_enctype etype,
+ krb5_crypto *crypto)
+{
+ static const LargestIntegralType etypes[] = {ETYPE_DES3_CBC_NONE, 0};
+
+ assert_ptr_equal(&dummy_key, key);
+ assert_in_set(etype, etypes, ARRAY_SIZE(etypes));
+
+ *crypto = &dummy_crypto;
+
+ return 0;
+}
+
+krb5_error_code __wrap_krb5_decrypt(krb5_context context,
+ krb5_crypto crypto,
+ unsigned usage,
+ void *data,
+ size_t len,
+ krb5_data *result);
+krb5_error_code __wrap_krb5_decrypt(krb5_context context,
+ krb5_crypto crypto,
+ unsigned usage,
+ void *data,
+ size_t len,
+ krb5_data *result)
+{
+ assert_ptr_equal(&dummy_crypto, crypto);
+ assert_int_equal(KRB5_KU_USAGE_SEAL, usage);
+
+ assert_mem_in_valid_range(data, len);
+
+ check_expected(len);
+ check_expected_ptr(data);
+
+ result->data = malloc(len);
+ assert_non_null(result->data);
+ result->length = len;
+
+ memcpy(result->data, data, len);
+
+ return 0;
+}
+
+krb5_error_code __wrap_krb5_decrypt_ivec(krb5_context context,
+ krb5_crypto crypto,
+ unsigned usage,
+ void *data,
+ size_t len,
+ krb5_data *result,
+ void *ivec);
+krb5_error_code __wrap_krb5_decrypt_ivec(krb5_context context,
+ krb5_crypto crypto,
+ unsigned usage,
+ void *data,
+ size_t len,
+ krb5_data *result,
+ void *ivec)
+{
+ assert_ptr_equal(&dummy_crypto, crypto);
+ assert_int_equal(KRB5_KU_USAGE_SEQ, usage);
+
+ assert_mem_in_valid_range(data, len);
+
+ assert_int_equal(8, len);
+ check_expected_ptr(data);
+ check_expected_ptr(ivec);
+
+ result->data = malloc(len);
+ assert_non_null(result->data);
+ result->length = len;
+
+ memcpy(result->data, data, len);
+
+ return 0;
+}
+
+krb5_error_code __wrap_krb5_verify_checksum(krb5_context context,
+ krb5_crypto crypto,
+ krb5_key_usage usage,
+ void *data,
+ size_t len,
+ Checksum *cksum);
+krb5_error_code __wrap_krb5_verify_checksum(krb5_context context,
+ krb5_crypto crypto,
+ krb5_key_usage usage,
+ void *data,
+ size_t len,
+ Checksum *cksum)
+{
+ assert_ptr_equal(&dummy_crypto, crypto);
+ assert_int_equal(KRB5_KU_USAGE_SIGN, usage);
+
+ assert_mem_in_valid_range(data, len);
+
+ check_expected(len);
+ check_expected_ptr(data);
+
+ assert_non_null(cksum);
+ assert_int_equal(CKSUMTYPE_HMAC_SHA1_DES3, cksum->cksumtype);
+ assert_int_equal(20, cksum->checksum.length);
+ check_expected_ptr(cksum->checksum.data);
+
+ return 0;
+}
+
+krb5_error_code __wrap_krb5_crypto_destroy(krb5_context context,
+ krb5_crypto crypto);
+krb5_error_code __wrap_krb5_crypto_destroy(krb5_context context,
+ krb5_crypto crypto)
+{
+ assert_ptr_equal(&dummy_crypto, crypto);
+
+ return 0;
+}
+
+
+int __wrap_der_get_length(const unsigned char *p,
+ size_t len,
+ size_t *val,
+ size_t *size);
+int __real_der_get_length(const unsigned char *p,
+ size_t len,
+ size_t *val,
+ size_t *size);
+int __wrap_der_get_length(const unsigned char *p,
+ size_t len,
+ size_t *val,
+ size_t *size)
+{
+ assert_mem_in_valid_range(p, len);
+
+ return __real_der_get_length(p, len, val, size);
+}
+
+int __wrap_ct_memcmp(const volatile void * volatile p1,
+ const volatile void * volatile p2,
+ size_t len);
+int __real_ct_memcmp(const volatile void * volatile p1,
+ const volatile void * volatile p2,
+ size_t len);
+int __wrap_ct_memcmp(const volatile void * volatile p1,
+ const volatile void * volatile p2,
+ size_t len)
+{
+ assert_mem_outside_invalid_range(p1, len);
+ assert_mem_outside_invalid_range(p2, len);
+
+ return __real_ct_memcmp(p1, p2, len);
+}
+
+void *__wrap_malloc(size_t size);
+void *__real_malloc(size_t size);
+void *__wrap_malloc(size_t size)
+{
+ /*
+ * Ensure the length isn't excessively large (a symptom of integer
+ * underflow).
+ */
+ assert_in_range(size, 0, 0x10000);
+
+ return __real_malloc(size);
+}
+
+/*****************************************************************************
+ * Mock implementations
+ *****************************************************************************/
+
+/*
+ * Set the globals used by the mocked functions to a known and consistent state
+ *
+ */
+static void init_mock_results(TALLOC_CTX *mem_ctx)
+{
+ dummy_key.keytype = KRB5_ENCTYPE_DES3_CBC_MD5;
+ dummy_key.keyvalue.data = NULL;
+ dummy_key.keyvalue.length = 0;
+
+ dummy_crypto = (struct krb5_crypto_data) {0};
+
+ valid_range_begin = NULL;
+ valid_range_end = NULL;
+ invalid_range_end = NULL;
+}
+
+/*****************************************************************************
+ * Unit test set up and tear down
+ *****************************************************************************/
+
+struct context {
+ gss_ctx_id_t context_handle;
+};
+
+static int setup(void **state) {
+ struct context *ctx = NULL;
+ krb5_context context = NULL;
+ OM_uint32 major_status;
+ OM_uint32 minor_status;
+ krb5_error_code code;
+
+ ctx = talloc_zero(NULL, struct context);
+ assert_non_null(ctx);
+
+ init_mock_results(ctx);
+
+ code = _gsskrb5_init(&context);
+ assert_int_equal(0, code);
+
+ major_status = _gsskrb5_create_ctx(&minor_status,
+ &ctx->context_handle,
+ context,
+ GSS_C_NO_CHANNEL_BINDINGS,
+ ACCEPTOR_START);
+ assert_int_equal(GSS_S_COMPLETE, major_status);
+
+ *state = ctx;
+ return 0;
+}
+
+static int teardown(void **state) {
+ struct context *ctx = *state;
+ OM_uint32 major_status;
+ OM_uint32 minor_status;
+
+ major_status = _gsskrb5_delete_sec_context(&minor_status,
+ &ctx->context_handle,
+ GSS_C_NO_BUFFER);
+ assert_int_equal(GSS_S_COMPLETE, major_status);
--
Samba Shared Repository
More information about the samba-cvs
mailing list