Problems: free of stack variable, TODO left to evaluate #2700
Conversation
Solution: free wrapper.value instead of wrapper.
Solution: remove it. Looking at the code: https://github.com/krb5/krb5/blob/master/src/lib/gssapi/mechglue/g_unseal.c#L55 gss_unwrap as the very first thing checks that plaintext is not a null pointer, which in our case it's true given it's on the stack, and then initialises its members to 0 length and null ptr. https://github.com/krb5/krb5/blob/master/src/lib/gssapi/mechglue/g_rel_buffer.c#L36 So it should be safe to release it in all cases, and the release API seems to check again if it's not a null pointer and then if the members are 0 length and null pointer it's a no-op.
|
@bluca, thanks for correcting my mistake in the call to free. It is quite hard to modify the source without having a chance to run or even compile it. |
|
No problem! |
Solution: use it before falling back to headers checks
Solution: remove the second one to fix build failure
Solution: monitor new events only if DRAFT APIs are enabled, and convert to new event types. Same for DRAFT socket options.
|
@sigiesec if you are on Linux, with the changes in this PR you can install the library and build with it: It won't run the test unless you setup the whole kerberos thing, but at least you can check it builds. I'll see if I can add it by default to the packages builds on OBS, and then on a couple of CI jobs as well that already install packages. |
| int event = get_monitor_event (server_mon, NULL, NULL); | ||
| assert (event == ZMQ_EVENT_HANDSHAKE_FAILED); | ||
| assert (event == ZMQ_EVENT_HANDSHAKE_FAILED_AUTH); |
There was a problem hiding this comment.
@sigiesec I took a very wild guess here and in the next events, is this correct?
|
There's a few errors in the GSSAPI code with older GCC on Debian 7, Ubuntu 12.04 and RHEL 7. I'll have a look during the weekend: |
Solution: as discussed, remove the deprecation notices, as many users expressed the need for multi-part support. Fixes zeromq#2699
Solution: add it to CMake's platform.hpp.in
Solution: use LIBZMQ_UNUSED where necessary
Solution: add missing target_link_libraries Fixes zeromq#2701
| int event = get_monitor_event (server_mon, NULL, NULL); | ||
| assert (event == ZMQ_EVENT_HANDSHAKE_FAILED); | ||
| assert (event == ZMQ_EVENT_HANDSHAKE_FAILED_AUTH); |
| int event = get_monitor_event (server_mon, NULL, NULL); | ||
| assert (event == ZMQ_EVENT_HANDSHAKE_FAILED); | ||
| assert (event == ZMQ_EVENT_HANDSHAKE_FAILED_AUTH); |
There was a problem hiding this comment.
This should be ZMQ_EVENT_HANDSHAKE_FAILED_PROTOCOL with value ZMQ_PROTOCOL_ERROR_ZMTP_MECHANISM_MISMATCH as in
libzmq/tests/test_security_curve.cpp
Line 178 in 7283574
Maybe expect_zmtp_mechanism_mismatch should be moved to testutil_security.hpp and reused here (and for the PLAIN client test as well)
There was a problem hiding this comment.
Thanks, sent a quick fix here: #2706
| // Monitor handshake events on the server | ||
| rc = zmq_socket_monitor (server, "inproc://monitor-server", | ||
| ZMQ_EVENT_HANDSHAKE_SUCCEED | ZMQ_EVENT_HANDSHAKE_FAILED); | ||
| ZMQ_EVENT_HANDSHAKE_SUCCEEDED | ZMQ_EVENT_HANDSHAKE_FAILED_AUTH); |
There was a problem hiding this comment.
Here, ZMQ_EVENT_HANDSHAKE_FAILED_PROTOCOL must also be enabled.
Solutions: see commits
Fixes #2701 #2699