[Sblim-commit] Git: SFCB - Small Footprint CIM Broker branch, master, updated. SFCB_1_4_0-243-gaebd

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "SFCB - Small Footprint CIM Broker".

The branch, master has been updated
       via  aebd8df4389cc6642de2d5bac9ed996f15fad949 (commit)
       via  f318700e41652a114a7e59d255c2b6199ae90f9a (commit)
       via  13d9aa5e597b719606255d5a81ac228b9b64e669 (commit)
      from  7c35e2a15e92d7822121aac634896b80faea3d1a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit aebd8df4389cc6642de2d5bac9ed996f15fad949
Merge: f318700 7c35e2a
Author: buccella <buc...@li...>
Date:   Mon Apr 9 14:37:53 2012 -0400

    Changelog merge

commit f318700e41652a114a7e59d255c2b6199ae90f9a
Author: buccella <buc...@li...>
Date:   Mon Apr 9 14:35:31 2012 -0400

    [ 3419721 ] reset CMPIValue buffer in str2CMPIValue

commit 13d9aa5e597b719606255d5a81ac228b9b64e669
Author: buccella <buc...@li...>
Date:   Mon Apr 9 13:45:28 2012 -0400

    [ 3512094 ] SFCB can leak PAM handles under error conditions

-----------------------------------------------------------------------

Summary of changes:

diff --git a/ChangeLog b/ChangeLog
index c894684..255ae84 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+<<<<<<< HEAD
+2012-04-09  Chris Buccella  <buc...@li...>
+
+	* cimXmlGen.c:
+	[ 3419721 ] reset CMPIValue buffer in str2CMPIValue
+
+	* httpAdapter.c, sfcBasicPAMAuthentication.c:
+	[ 3512094 ] SFCB can leak PAM handles under error conditions
+
 2012-04-09 Michael Chase-Salerno <br...@li...>
 
 	* sfcb.init-none.in
diff --git a/NEWS b/NEWS
index 85f2653..ab5e248 100644
--- a/NEWS
+++ b/NEWS
@@ -156,6 +156,8 @@ Bugs Fixed:
 - 3441028 sblim-sfcb fails on large https requests
 - 3416054 Provider continues despite SIGSEGV
 - 3512425 SequenceContext needs to be set at startup
+- 3512094 SFCB can leak PAM handles under error conditions
+- 3419721 reset CMPIValue buffer in str2CMPIValue
 
 Changes in 1.3.13
 =================
diff --git a/cimXmlGen.c b/cimXmlGen.c
index e8db53f..46f056a 100644
--- a/cimXmlGen.c
+++ b/cimXmlGen.c
@@ -353,6 +353,7 @@ str2CMPIValue(CMPIType type, XtokValue val, XtokValueReference * ref,
   CMPIType        t = 0;
   CMPIStatus rc = {CMPI_RC_OK, NULL};
 
+  memset(&value, 0, sizeof(CMPIValue));
   if (type == 0) {
     type = guessType(val.value);
   }
diff --git a/httpAdapter.c b/httpAdapter.c
index b19ad4a..d0ca581 100644
--- a/httpAdapter.c
+++ b/httpAdapter.c
@@ -156,6 +156,17 @@ struct auth_extras {
 };
 typedef struct auth_extras AuthExtras;
 
+AuthExtras      extras = {NULL, NULL, NULL, NULL};
+
+void releaseAuthHandle() {
+  _SFCB_ENTER(TRACE_HTTPDAEMON, "releaseAuthHandle");
+  if (extras.release) {
+     _SFCB_TRACE(1,("--- extras.authHandle = %p",  extras.authHandle));
+     extras.release(extras.authHandle);
+     extras.release = NULL;
+  }
+}
+
 typedef int     (*Authenticate) (char *principal, char *pwd);
 typedef int     (*Authenticate2) (char *principal, char *pwd, AuthExtras *extras);
 
@@ -251,7 +262,7 @@ remProcCtl()
  * Return 1 on success, 0 on fail, -1 on expired
  */
 int
-baValidate(char *cred, char **principal, AuthExtras* extras)
+baValidate(char *cred, char **principal)
 {
   char           *auth,
                  *pw = NULL;
@@ -295,7 +306,7 @@ baValidate(char *cred, char **principal, AuthExtras* extras)
   else {
     *principal = strdup(auth);
     if (authenticate2)
-      ret = authenticate2(auth, pw, extras);
+      ret = authenticate2(auth, pw, &extras);
     else 
       ret = authenticate(auth, pw);
 
@@ -364,6 +375,11 @@ handleSigUsr1(int sig)
   }
 }
 
+static void handleSigPipe(int sig)
+{
+  exit(1);
+}
+
 static void
 freeBuffer(Buffer * b)
 {
@@ -1067,8 +1083,6 @@ doHttpRequest(CommHndl conn_fd)
   }
 #endif
 
-  AuthExtras      extras = {NULL, NULL, NULL, NULL};
-
   if (!authorized && !discardInput && doBa) {
     if (inBuf.authorization) {
 
@@ -1085,7 +1099,7 @@ doHttpRequest(CommHndl conn_fd)
         extras.clientIp = ipstr;
       //        fprintf(stderr, "client is: %s\n", ipstr);
 
-      barc = baValidate(inBuf.authorization,&inBuf.principal,&extras);
+      barc = baValidate(inBuf.authorization,&inBuf.principal);
 
 #ifdef ALLOW_UPDATE_EXPIRED_PW
       if (barc == AUTH_EXPIRED) {
@@ -1142,6 +1156,7 @@ doHttpRequest(CommHndl conn_fd)
     exit(1);
   }
   if (discardInput) {
+    releaseAuthHandle();
     free(hdr);
     freeBuffer(&inBuf);
     _SFCB_RETURN(discardInput - 1);
@@ -1205,9 +1220,7 @@ doHttpRequest(CommHndl conn_fd)
   if (response.buffer != NULL)
     cleanupCimXmlRequest(&response);
 
-  if (extras.release) {
-    extras.release(extras.authHandle);
-  }
+  releaseAuthHandle();
 
 #ifdef SFCB_DEBUG
   if (uset && (_sfcb_trace_mask & TRACE_RESPONSETIMING)) {
@@ -1267,6 +1280,7 @@ handleHttpRequest(int connFd, int sslMode)
       semAcquireUnDo(httpProcSem, 0);
       semReleaseUnDo(httpProcSem, httpProcIdX + 1);
       semRelease(httpWorkSem, 0);
+      atexit(releaseAuthHandle);
       atexit(uninitGarbageCollector);
       atexit(sunsetControl);
     }
@@ -2069,6 +2083,7 @@ httpDaemon(int argc, char *argv[], int sslMode)
   setSignal(SIGINT, SIG_IGN, 0);
   setSignal(SIGTERM, SIG_IGN, 0);
   setSignal(SIGHUP, SIG_IGN, 0);
+  setSignal(SIGPIPE, handleSigPipe,0);
 
 #if defined USE_SSL
   if (sslMode) {
diff --git a/objectImpl.c b/objectImpl.c
index a3ab0d1..b26f521 100644
--- a/objectImpl.c
+++ b/objectImpl.c
@@ -555,7 +555,7 @@ removeClObject(ClObjectHdr * hdr, int id)
 {
    _SFCB_ENTER(TRACE_OBJECTIMPL, "removeClObject");
    //   fprintf(stderr, "replaceClString: %p replacing entry for we're skipping %d\n", hdr, (id-1));
-   char *ts, *fs, *tmpstr = NULL;
+   char *ts, *fs;
    long i, l, u;
    ClStrBuf *fb;
 
diff --git a/sfcBasicPAMAuthentication.c b/sfcBasicPAMAuthentication.c
index 6329637..1f7b111 100644
--- a/sfcBasicPAMAuthentication.c
+++ b/sfcBasicPAMAuthentication.c
@@ -23,6 +23,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <security/pam_appl.h>
+#include "trace.h"
 
 #define SFCB_PAM_APP "sfcb"
 
@@ -60,8 +61,11 @@ sfcBasicConv(int num_msg, const struct pam_message **msg,
 }
 
 void closePam(pam_handle_t* handle) {
+  _SFCB_ENTER(TRACE_HTTPDAEMON, "closePam");
   int rc = PAM_SUCCESS;
+  _SFCB_TRACE(1,("--- pam_end for handle %p",  handle));
   pam_end(handle, rc);
+  _SFCB_TRACE(1,("--- pam_end rc = %d", rc));
 }
 
 static int
@@ -75,7 +79,10 @@ _sfcBasicAuthenticateRemote(char *user, char *pw, AuthExtras *extras)
   int             rc,
                   retval;
 
+  _SFCB_ENTER(TRACE_HTTPDAEMON, "_sfcBasicAuthenticateRemote");
+
   rc = pam_start(SFCB_PAM_APP, user, &sfcConvStruct, &pamh);
+  _SFCB_TRACE(1,("--- pam_start, pamh = %p", pamh));
 
   if (extras && extras->clientIp) {
     pam_set_item(pamh, PAM_RHOST, extras->clientIp);


hooks/post-receive
-- 
SFCB - Small Footprint CIM Broker




[Sblim-commit] Git: SFCB - Small Footprint CIM Broker branch, master, updated. SFCB_1_4_0-243-gaebd

[Sblim-commit] Git: SFCB - Small Footprint CIM Broker branch, master, updated. SFCB_1_4_0-243-gaebd8df