-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Problems: free of stack variable, TODO left to evaluate #2700
Changes from all commits
77444e2
7be3efc
b7346f8
330856d
5b1c0cd
9387897
e81a40b
90b6c10
7453a02
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change | ||
---|---|---|---|---|
|
@@ -59,6 +59,7 @@ static volatile int zap_deny_all = 0; | |||
// by reference, if not null, and event number by value. Returns -1 | ||||
// in case of error. | ||||
|
||||
#ifdef ZMQ_BUILD_DRAFT_API | ||||
static int | ||||
get_monitor_event (void *monitor, int *value, char **address) | ||||
{ | ||||
|
@@ -89,6 +90,7 @@ get_monitor_event (void *monitor, int *value, char **address) | |||
} | ||||
return event; | ||||
} | ||||
#endif | ||||
|
||||
// -------------------------------------------------------------------------- | ||||
// This methods receives and validates ZAP requestes (allowing or denying | ||||
|
@@ -151,19 +153,23 @@ void test_valid_creds (void *ctx, void *server, void *server_mon, char *endpoint | |||
rc = zmq_setsockopt (client, ZMQ_GSSAPI_PRINCIPAL, | ||||
name, strlen (name) + 1); | ||||
assert (rc == 0); | ||||
#ifdef ZMQ_BUILD_DRAFT_API | ||||
int name_type = ZMQ_GSSAPI_NT_HOSTBASED; | ||||
rc = zmq_setsockopt (client, ZMQ_GSSAPI_PRINCIPAL_NAMETYPE, | ||||
&name_type, sizeof (name_type)); | ||||
assert (rc == 0); | ||||
#endif | ||||
rc = zmq_connect (client, endpoint); | ||||
assert (rc == 0); | ||||
|
||||
bounce (server, client); | ||||
rc = zmq_close (client); | ||||
assert (rc == 0); | ||||
|
||||
#ifdef ZMQ_BUILD_DRAFT_API | ||||
int event = get_monitor_event (server_mon, NULL, NULL); | ||||
assert (event == ZMQ_EVENT_HANDSHAKE_SUCCEED); | ||||
assert (event == ZMQ_EVENT_HANDSHAKE_SUCCEEDED); | ||||
#endif | ||||
} | ||||
|
||||
// Check security with valid but unauthorized credentials | ||||
|
@@ -179,19 +185,23 @@ void test_unauth_creds (void *ctx, void *server, void *server_mon, char *endpoin | |||
rc = zmq_setsockopt (client, ZMQ_GSSAPI_PRINCIPAL, | ||||
name, strlen (name) + 1); | ||||
assert (rc == 0); | ||||
#ifdef ZMQ_BUILD_DRAFT_API | ||||
int name_type = ZMQ_GSSAPI_NT_HOSTBASED; | ||||
rc = zmq_setsockopt (client, ZMQ_GSSAPI_PRINCIPAL_NAMETYPE, | ||||
&name_type, sizeof (name_type)); | ||||
assert (rc == 0); | ||||
#endif | ||||
zap_deny_all = 1; | ||||
rc = zmq_connect (client, endpoint); | ||||
assert (rc == 0); | ||||
|
||||
expect_bounce_fail (server, client); | ||||
close_zero_linger (client); | ||||
|
||||
#ifdef ZMQ_BUILD_DRAFT_API | ||||
int event = get_monitor_event (server_mon, NULL, NULL); | ||||
assert (event == ZMQ_EVENT_HANDSHAKE_FAILED); | ||||
assert (event == ZMQ_EVENT_HANDSHAKE_FAILED_AUTH); | ||||
#endif | ||||
} | ||||
|
||||
// Check GSSAPI security with NULL client credentials | ||||
|
@@ -205,8 +215,10 @@ void test_null_creds (void *ctx, void *server, void *server_mon, char *endpoint) | |||
expect_bounce_fail (server, client); | ||||
close_zero_linger (client); | ||||
|
||||
#ifdef ZMQ_BUILD_DRAFT_API | ||||
int event = get_monitor_event (server_mon, NULL, NULL); | ||||
assert (event == ZMQ_EVENT_HANDSHAKE_FAILED); | ||||
assert (event == ZMQ_EVENT_HANDSHAKE_FAILED_AUTH); | ||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This should be ZMQ_EVENT_HANDSHAKE_FAILED_PROTOCOL with value ZMQ_PROTOCOL_ERROR_ZMTP_MECHANISM_MISMATCH as in libzmq/tests/test_security_curve.cpp Line 178 in 7283574
Maybe expect_zmtp_mechanism_mismatch should be moved to testutil_security.hpp and reused here (and for the PLAIN client test as well) There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Thanks, sent a quick fix here: #2706 |
||||
#endif | ||||
} | ||||
|
||||
// Check GSSAPI security with PLAIN client credentials | ||||
|
@@ -242,7 +254,7 @@ void test_vanilla_socket (void *ctx, void *server, void *server_mon, char *endpo | |||
#endif | ||||
|
||||
s = socket (AF_INET, SOCK_STREAM, IPPROTO_TCP); | ||||
int rc = connect (s, (struct sockaddr*) &ip4addr, sizeof (ip4addr)); | ||||
rc = connect (s, (struct sockaddr*) &ip4addr, sizeof (ip4addr)); | ||||
assert (rc > -1); | ||||
// send anonymous ZMTP/1.0 greeting | ||||
send (s, "\x01\x00", 2, 0); | ||||
|
@@ -292,23 +304,30 @@ int main (void) | |||
rc = zmq_setsockopt (server, ZMQ_GSSAPI_PRINCIPAL, | ||||
name, strlen (name) + 1); | ||||
assert (rc == 0); | ||||
#ifdef ZMQ_BUILD_DRAFT_API | ||||
int name_type = ZMQ_GSSAPI_NT_HOSTBASED; | ||||
rc = zmq_setsockopt (server, ZMQ_GSSAPI_PRINCIPAL_NAMETYPE, | ||||
&name_type, sizeof (name_type)); | ||||
assert (rc == 0); | ||||
#endif | ||||
rc = zmq_bind (server, "tcp://127.0.0.1:*"); | ||||
assert (rc == 0); | ||||
rc = zmq_getsockopt (server, ZMQ_LAST_ENDPOINT, my_endpoint, &len); | ||||
assert (rc == 0); | ||||
|
||||
#ifdef ZMQ_BUILD_DRAFT_API | ||||
// Monitor handshake events on the server | ||||
rc = zmq_socket_monitor (server, "inproc://monitor-server", | ||||
ZMQ_EVENT_HANDSHAKE_SUCCEED | ZMQ_EVENT_HANDSHAKE_FAILED); | ||||
ZMQ_EVENT_HANDSHAKE_SUCCEEDED | ZMQ_EVENT_HANDSHAKE_FAILED_AUTH); | ||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Here, ZMQ_EVENT_HANDSHAKE_FAILED_PROTOCOL must also be enabled. |
||||
assert (rc == 0); | ||||
#endif | ||||
|
||||
// Create socket for collecting monitor events | ||||
void *server_mon = zmq_socket (ctx, ZMQ_PAIR); | ||||
void *server_mon = NULL; | ||||
#ifdef ZMQ_BUILD_DRAFT_API | ||||
server_mon = zmq_socket (ctx, ZMQ_PAIR); | ||||
assert (server_mon); | ||||
#endif | ||||
|
||||
// Connect it to the inproc endpoints so they'll get events | ||||
rc = zmq_connect (server_mon, "inproc://monitor-server"); | ||||
|
@@ -322,7 +341,9 @@ int main (void) | |||
test_unauth_creds (ctx, server, server_mon, my_endpoint); | ||||
|
||||
// Shutdown | ||||
#ifdef ZMQ_BUILD_DRAFT_API | ||||
close_zero_linger (server_mon); | ||||
#endif | ||||
rc = zmq_close (server); | ||||
assert (rc == 0); | ||||
rc = zmq_ctx_term (ctx); | ||||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@sigiesec I took a very wild guess here and in the next events, is this correct?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This one looks good.