Mercurial > illumos > illumos-gate
changeset 279:bf3a45792fd2
6262680 lock usage error in krb5_gss_init_sec_context()
6301844 mech_krb5 has problem working on 64 bit systems
author | willf |
---|---|
date | Wed, 03 Aug 2005 06:13:20 -0700 |
parents | a67c0ed6398a |
children | ffd6f0e5ac00 |
files | usr/src/lib/gss_mechs/mech_krb5/crypto/pbkdf2.c usr/src/lib/gss_mechs/mech_krb5/mech/init_sec_context.c |
diffstat | 2 files changed, 17 insertions(+), 9 deletions(-) [+] |
line wrap: on
line diff
--- a/usr/src/lib/gss_mechs/mech_krb5/crypto/pbkdf2.c Tue Aug 02 18:36:51 2005 -0700 +++ b/usr/src/lib/gss_mechs/mech_krb5/crypto/pbkdf2.c Wed Aug 03 06:13:20 2005 -0700 @@ -1,5 +1,5 @@ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2005 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -62,6 +62,7 @@ CK_KEY_TYPE keytype; CK_OBJECT_HANDLE hKey; int attrs = 0; + CK_ULONG outlen, passlen; mechanism.mechanism = CKM_PKCS5_PBKD2; mechanism.pParameter = ¶ms; @@ -92,8 +93,10 @@ enctype != ENCTYPE_DES3_CBC_SHA1 && enctype != ENCTYPE_DES3_CBC_RAW) { tmpl[attrs].type = CKA_VALUE_LEN; - tmpl[attrs].pValue = (void *)&out->length; - tmpl[attrs].ulValueLen = out->length; + /* using outlen to avoid 64bit alignment issues */ + outlen = (CK_ULONG)out->length; + tmpl[attrs].pValue = &outlen; + tmpl[attrs].ulValueLen = sizeof(outlen); attrs++; } @@ -105,7 +108,9 @@ params.pPrfData = NULL; params.ulPrfDataLen = 0; params.pPassword = (CK_UTF8CHAR_PTR)pass->data; - params.ulPasswordLen = (CK_ULONG *)&pass->length; + /* using passlen to avoid 64bit alignment issues */ + passlen = (CK_ULONG)pass->length; + params.ulPasswordLen = &passlen; rv = C_GenerateKey(krb_ctx_hSession(context), &mechanism, tmpl, attrs, &hKey);
--- a/usr/src/lib/gss_mechs/mech_krb5/mech/init_sec_context.c Tue Aug 02 18:36:51 2005 -0700 +++ b/usr/src/lib/gss_mechs/mech_krb5/mech/init_sec_context.c Wed Aug 03 06:13:20 2005 -0700 @@ -1293,8 +1293,10 @@ if (ctx_free->subkey) krb5_free_keyblock(context, ctx_free->subkey); xfree(ctx_free); - } else - (void)krb5_gss_delete_sec_context(context, minor_status, context_handle, NULL); + } else { + (void)krb5_gss_delete_sec_context_no_lock(context, minor_status, + context_handle, NULL); + } *minor_status = code; return (major_status); @@ -1354,7 +1356,7 @@ if (! krb5_principal_compare(context, ctx->there, (krb5_principal) target_name)) { - (void)krb5_gss_delete_sec_context(context, minor_status, + (void)krb5_gss_delete_sec_context_no_lock(context, minor_status, context_handle, NULL); code = 0; major_status = GSS_S_BAD_NAME; @@ -1364,7 +1366,7 @@ /* verify the token and leave the AP_REP message in ap_rep */ if (input_token == GSS_C_NO_BUFFER) { - (void)krb5_gss_delete_sec_context(context, minor_status, + (void)krb5_gss_delete_sec_context_no_lock(context, minor_status, context_handle, NULL); code = 0; major_status = GSS_S_DEFECTIVE_TOKEN; @@ -1464,7 +1466,8 @@ return GSS_S_COMPLETE; fail: - (void)krb5_gss_delete_sec_context(context, minor_status, context_handle, NULL); + (void)krb5_gss_delete_sec_context_no_lock(context, minor_status, + context_handle, NULL); *minor_status = code; return (major_status);