krb5 commit: Kill TCP connections if getsockname fails
Greg Hudson
ghudson at mit.edu
Mon Jun 5 12:32:17 EDT 2017
https://github.com/krb5/krb5/commit/342d51e9e3ee0e35addf6a64d177730d980755d7
commit 342d51e9e3ee0e35addf6a64d177730d980755d7
Author: Andreas Schneider <asn at samba.org>
Date: Tue May 30 09:50:10 2017 +0200
Kill TCP connections if getsockname fails
In net-server.c:process_tcp_connection_read(), we don't expect
getsockname() to fail under ordinary circumstances, so instead of
passing a null local address to dispatch(), just error out. Simplify
schpw.c:dispatch() by assuming a non-null local_saddr.
[ghudson at mit.edu: simplified schpw.c:dispatch(); rewrote commit
message]
src/kadmin/server/schpw.c | 16 +++-------------
src/lib/apputils/net-server.c | 10 ++++++----
2 files changed, 9 insertions(+), 17 deletions(-)
diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c
index 2823057..d89d246 100644
--- a/src/kadmin/server/schpw.c
+++ b/src/kadmin/server/schpw.c
@@ -444,20 +444,11 @@ dispatch(void *handle, struct sockaddr *local_saddr,
krb5_keytab kt = NULL;
kadm5_server_handle_t server_handle = (kadm5_server_handle_t)handle;
krb5_fulladdr local_faddr;
- krb5_address **local_kaddrs = NULL, local_kaddr_buf;
+ krb5_address local_kaddr_buf;
krb5_data *response = NULL;
- if (local_saddr == NULL) {
- ret = krb5_os_localaddr(server_handle->context, &local_kaddrs);
- if (ret != 0)
- goto egress;
-
- local_faddr.address = local_kaddrs[0];
- local_faddr.port = 0;
- } else {
- local_faddr.address = &local_kaddr_buf;
- init_addr(&local_faddr, local_saddr);
- }
+ local_faddr.address = &local_kaddr_buf;
+ init_addr(&local_faddr, local_saddr);
ret = krb5_kt_resolve(server_handle->context, "KDB:", &kt);
if (ret != 0) {
@@ -481,7 +472,6 @@ dispatch(void *handle, struct sockaddr *local_saddr,
egress:
if (ret)
krb5_free_data(server_handle->context, response);
- krb5_free_addresses(server_handle->context, local_kaddrs);
krb5_kt_close(server_handle->context, kt);
(*respond)(arg, ret, ret == 0 ? response : NULL);
}
diff --git a/src/lib/apputils/net-server.c b/src/lib/apputils/net-server.c
index f0b7a38..ee3d743 100644
--- a/src/lib/apputils/net-server.c
+++ b/src/lib/apputils/net-server.c
@@ -1329,7 +1329,6 @@ process_tcp_connection_read(verto_ctx *ctx, verto_ev *ev)
} else {
/* msglen known. */
socklen_t local_saddrlen = sizeof(struct sockaddr_storage);
- struct sockaddr *local_saddrp = NULL;
len = conn->msglen - (conn->offset - 4);
nread = SOCKET_READ(verto_get_fd(ev),
@@ -1351,10 +1350,13 @@ process_tcp_connection_read(verto_ctx *ctx, verto_ev *ev)
state->request.data = conn->buffer + 4;
if (getsockname(verto_get_fd(ev), ss2sa(&state->local_saddr),
- &local_saddrlen) == 0)
- local_saddrp = ss2sa(&state->local_saddr);
+ &local_saddrlen) < 0) {
+ krb5_klog_syslog(LOG_ERR, _("getsockname failed: %s"),
+ error_message(errno));
+ goto kill_tcp_connection;
+ }
- dispatch(state->conn->handle, local_saddrp, &conn->faddr,
+ dispatch(state->conn->handle, ss2sa(&state->local_saddr), &conn->faddr,
&state->request, 1, ctx, process_tcp_response, state);
}
More information about the cvs-krb5
mailing list