OpenJDK / jdk / jdk
changeset 57692:9bd776693ccf
8231134: Improved credential support
Reviewed-by: ahgross, valeriep
| author | weijun |
|---|---|
| date | Thu, 26 Sep 2019 18:13:20 +0800 |
| parents | 7250627144a6 |
| children | 553cb2204361 |
| files | src/java.security.jgss/windows/native/libsspi_bridge/sspi.cpp |
| diffstat | 1 files changed, 79 insertions(+), 21 deletions(-) [+] |
line wrap: on
line diff
--- a/src/java.security.jgss/windows/native/libsspi_bridge/sspi.cpp Thu Sep 26 18:12:53 2019 +0800 +++ b/src/java.security.jgss/windows/native/libsspi_bridge/sspi.cpp Thu Sep 26 18:13:20 2019 +0800 @@ -132,8 +132,9 @@ return 0; } ULONGLONG diff = (time->QuadPart - uiLocal.QuadPart) / 10000000; - if (diff > (ULONGLONG)~(OM_uint32)0) + if (diff > (ULONGLONG)~(OM_uint32)0) { return GSS_C_INDEFINITE; + } return (OM_uint32)diff; } @@ -177,8 +178,10 @@ new_cred() { gss_cred_id_t out = new gss_cred_id_struct; - out->phCredK = out->phCredS = NULL; - out->time = 0L; + if (out) { + out->phCredK = out->phCredS = NULL; + out->time = 0L; + } return out; } @@ -864,6 +867,7 @@ SecBufferDesc outBuffDesc; SecBuffer outSecBuff; BOOLEAN isSPNEGO = is_same_oid(mech_type, &SPNEGO_OID); + CredHandle* newCred = NULL; gss_ctx_id_t pc; @@ -928,7 +932,10 @@ pc->isLocalCred = FALSE; } else { PP("No credentials provided, acquire myself"); - CredHandle* newCred = new CredHandle; + newCred = new CredHandle; + if (!newCred) { + goto err; + } SEC_WINNT_AUTH_IDENTITY_EX auth; ZeroMemory(&auth, sizeof(auth)); auth.Version = SEC_WINNT_AUTH_IDENTITY_VERSION; @@ -947,7 +954,6 @@ newCred, &lifeTime); if (!(SEC_SUCCESS(ss))) { - delete newCred; goto err; } pc->phCred = newCred; @@ -989,7 +995,6 @@ output_token->value = new char[outSecBuff.cbBuffer]; if (!output_token->value) { FreeContextBuffer(outSecBuff.pvBuffer); - output_token->length = 0; goto err; } memcpy(output_token->value, outSecBuff.pvBuffer, outSecBuff.cbBuffer); @@ -1009,14 +1014,17 @@ return GSS_S_COMPLETE; } err: + if (newCred) { + delete newCred; + } if (firstTime) { OM_uint32 dummy; gss_delete_sec_context(&dummy, context_handle, GSS_C_NO_BUFFER); } if (output_token->value) { gss_release_buffer(NULL, output_token); - output_token = GSS_C_NO_BUFFER; } + output_token = GSS_C_NO_BUFFER; return GSS_S_FAILURE; } @@ -1233,17 +1241,26 @@ secBuff[1].cbBuffer = context_handle->SecPkgContextSizes.cbMaxSignature; secBuff[1].pvBuffer = msg_token->value = new char[secBuff[1].cbBuffer]; + if (!secBuff[1].pvBuffer) { + goto err; + } + ss = MakeSignature((PCtxtHandle)&context_handle->hCtxt, 0, &buffDesc, 0); if (!SEC_SUCCESS(ss)) { - msg_token->length = 0; - msg_token->value = NULL; - delete[] secBuff[1].pvBuffer; - return GSS_S_FAILURE; + goto err; } msg_token->length = secBuff[1].cbBuffer; return GSS_S_COMPLETE; + +err: + msg_token->length = 0; + msg_token->value = NULL; + if (secBuff[1].pvBuffer) { + delete[] secBuff[1].pvBuffer; + } + return GSS_S_FAILURE; } __declspec(dllexport) OM_uint32 @@ -1317,16 +1334,25 @@ context_handle->SecPkgContextSizes.cbSecurityTrailer + input_message_buffer->length + context_handle->SecPkgContextSizes.cbBlockSize);; + if (!output_message_buffer->value) { + goto err; + } secBuff[1].BufferType = SECBUFFER_DATA; secBuff[1].cbBuffer = (ULONG)input_message_buffer->length; secBuff[1].pvBuffer = malloc(secBuff[1].cbBuffer); + if (!secBuff[1].pvBuffer) { + goto err; + } memcpy_s(secBuff[1].pvBuffer, secBuff[1].cbBuffer, input_message_buffer->value, input_message_buffer->length); secBuff[2].BufferType = SECBUFFER_PADDING; secBuff[2].cbBuffer = context_handle->SecPkgContextSizes.cbBlockSize; secBuff[2].pvBuffer = malloc(secBuff[2].cbBuffer); + if (!secBuff[2].pvBuffer) { + goto err; + } ss = EncryptMessage((PCtxtHandle)&context_handle->hCtxt, conf_req_flag ? 0 : SECQOP_WRAP_NO_ENCRYPT, @@ -1336,12 +1362,7 @@ } if (!SEC_SUCCESS(ss)) { - free(secBuff[0].pvBuffer); - free(secBuff[1].pvBuffer); - free(secBuff[2].pvBuffer); - output_message_buffer->length = 0; - output_message_buffer->value = NULL; - return GSS_S_FAILURE; + goto err; } memcpy_s((PBYTE)secBuff[0].pvBuffer + secBuff[0].cbBuffer, @@ -1359,6 +1380,20 @@ free(secBuff[2].pvBuffer); return GSS_S_COMPLETE; + +err: + if (secBuff[0].pvBuffer) { + free(secBuff[0].pvBuffer); + } + if (secBuff[1].pvBuffer) { + free(secBuff[1].pvBuffer); + } + if (secBuff[2].pvBuffer) { + free(secBuff[2].pvBuffer); + } + output_message_buffer->length = 0; + output_message_buffer->value = NULL; + return GSS_S_FAILURE; } __declspec(dllexport) OM_uint32 @@ -1386,6 +1421,11 @@ secBuff[0].BufferType = SECBUFFER_STREAM; secBuff[0].cbBuffer = (ULONG)input_message_buffer->length; secBuff[0].pvBuffer = malloc(input_message_buffer->length); + + if (!secBuff[0].pvBuffer) { + goto err; + } + memcpy_s(secBuff[0].pvBuffer, input_message_buffer->length, input_message_buffer->value, input_message_buffer->length); @@ -1398,21 +1438,31 @@ *qop_state = ulQop; } if (!SEC_SUCCESS(ss)) { - free(secBuff[0].pvBuffer); - output_message_buffer->length = 0; - output_message_buffer->value = NULL; - return GSS_S_FAILURE; + goto err; } // Must allocate a new memory block so client can release it correctly output_message_buffer->length = secBuff[1].cbBuffer; output_message_buffer->value = new char[secBuff[1].cbBuffer]; + + if (!output_message_buffer->value) { + goto err; + } + memcpy_s(output_message_buffer->value, secBuff[1].cbBuffer, secBuff[1].pvBuffer, secBuff[1].cbBuffer); *conf_state = ulQop == SECQOP_WRAP_NO_ENCRYPT ? 0 : 1; free(secBuff[0].pvBuffer); return GSS_S_COMPLETE; + +err: + if (secBuff[0].pvBuffer) { + free(secBuff[0].pvBuffer); + } + output_message_buffer->length = 0; + output_message_buffer->value = NULL; + return GSS_S_FAILURE; } __declspec(dllexport) OM_uint32 @@ -1544,11 +1594,19 @@ msg, 256, 0); if (len > 0) { status_string->value = new char[len + 20]; + if (!status_string->value) { + status_string = GSS_C_NO_BUFFER; + return GSS_S_FAILURE; + } status_string->length = sprintf_s( (LPSTR)status_string->value, len + 19, "(%lx) %ls", status_value, msg); } else { status_string->value = new char[33]; + if (!status_string->value) { + status_string = GSS_C_NO_BUFFER; + return GSS_S_FAILURE; + } status_string->length = sprintf_s( (LPSTR)status_string->value, 32, "status is %lx", status_value);