From 67719940585f36617a15dac16a32744a18711ede Mon Sep 17 00:00:00 2001 From: Magnus Hagander Date: Thu, 12 Jul 2007 14:10:39 +0000 Subject: [PATCH] Fix freenig of names in Kerberos when using MIT - need to use the free function provided in the Kerberos library. This fixes a very hard to track down heap corruption on windows when using debug runtimes. --- configure | 58 ++++++++++++++++++++++++++++++++++ configure.in | 11 ++++++- src/include/pg_config.h.in | 3 ++ src/interfaces/libpq/fe-auth.c | 16 ++++++++-- src/tools/msvc/Solution.pm | 3 +- 5 files changed, 87 insertions(+), 4 deletions(-) diff --git a/configure b/configure index 6e9dfe6988..1f13896cb1 100755 --- a/configure +++ b/configure @@ -14398,6 +14398,64 @@ fi fi + +# Win32 requires headers to be loaded for __stdcall, so can't use +# AC_CHECK_FUNCS here. + echo "$as_me:$LINENO: checking for krb5_free_unparsed_name" >&5 +echo $ECHO_N "checking for krb5_free_unparsed_name... $ECHO_C" >&6 + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +int +main () +{ +krb5_free_unparsed_name(NULL,NULL); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + +cat >>confdefs.h <<\_ACEOF +#define HAVE_KRB5_FREE_UNPARSED_NAME 1 +_ACEOF + +echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6 +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext fi diff --git a/configure.in b/configure.in index d3bec75e6c..c01ae3fcd7 100644 --- a/configure.in +++ b/configure.in @@ -1,5 +1,5 @@ dnl Process this file with autoconf to produce a configure script. -dnl $PostgreSQL: pgsql/configure.in,v 1.518 2007/07/10 16:41:01 tgl Exp $ +dnl $PostgreSQL: pgsql/configure.in,v 1.519 2007/07/12 14:10:39 mha Exp $ dnl dnl Developers, please strive to achieve this order: dnl @@ -965,6 +965,15 @@ if test "$with_krb5" = yes; then [AC_MSG_ERROR([could not determine how to extract Kerberos 5 error messages])], [#include ])], [#include ]) + +# Win32 requires headers to be loaded for __stdcall, so can't use +# AC_CHECK_FUNCS here. + AC_MSG_CHECKING(for krb5_free_unparsed_name) + AC_TRY_LINK([#include ], + [krb5_free_unparsed_name(NULL,NULL);], + [AC_DEFINE(HAVE_KRB5_FREE_UNPARSED_NAME, 1, [Define to 1 if you have krb5_free_unparsed_name]) +AC_MSG_RESULT(yes)], + [AC_MSG_RESULT(no)]) fi diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in index 2381c20da1..e2962d123c 100644 --- a/src/include/pg_config.h.in +++ b/src/include/pg_config.h.in @@ -214,6 +214,9 @@ /* Define to 1 if `text.data' is member of `krb5_error'. */ #undef HAVE_KRB5_ERROR_TEXT_DATA +/* Define to 1 if you have krb5_free_unparsed_name */ +#undef HAVE_KRB5_FREE_UNPARSED_NAME + /* Define to 1 if `client' is member of `krb5_ticket'. */ #undef HAVE_KRB5_TICKET_CLIENT diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c index 8e6dca6fb0..f19ef07671 100644 --- a/src/interfaces/libpq/fe-auth.c +++ b/src/interfaces/libpq/fe-auth.c @@ -10,7 +10,7 @@ * exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes). * * IDENTIFICATION - * $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.124 2007/07/10 13:14:21 mha Exp $ + * $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.125 2007/07/12 14:10:39 mha Exp $ * *------------------------------------------------------------------------- */ @@ -63,6 +63,18 @@ #include #endif +/* + * Heimdal doesn't have a free function for unparsed names. Just pass it to + * standard free() which should work in these cases. + */ +#ifndef HAVE_KRB5_FREE_UNPARSED_NAME +static void +krb5_free_unparsed_name(krb5_context context, char *val) +{ + free(val); +} +#endif + /* * pg_an_to_ln -- return the local name corresponding to an authentication * name @@ -180,8 +192,8 @@ pg_krb5_destroy(struct krb5_info * info) { krb5_free_principal(info->pg_krb5_context, info->pg_krb5_client); krb5_cc_close(info->pg_krb5_context, info->pg_krb5_ccache); + krb5_free_unparsed_name(info->pg_krb5_context, info->pg_krb5_name); krb5_free_context(info->pg_krb5_context); - free(info->pg_krb5_name); } diff --git a/src/tools/msvc/Solution.pm b/src/tools/msvc/Solution.pm index d8c883f676..78844e3d97 100644 --- a/src/tools/msvc/Solution.pm +++ b/src/tools/msvc/Solution.pm @@ -3,7 +3,7 @@ package Solution; # # Package that encapsulates a Visual C++ solution file generation # -# $PostgreSQL: pgsql/src/tools/msvc/Solution.pm,v 1.27 2007/06/20 17:19:00 adunstan Exp $ +# $PostgreSQL: pgsql/src/tools/msvc/Solution.pm,v 1.28 2007/07/12 14:10:39 mha Exp $ # use Carp; use strict; @@ -123,6 +123,7 @@ s{PG_VERSION_STR "[^"]+"}{__STRINGIFY(x) #x\n#define __STRINGIFY2(z) __STRINGIFY print O "#define KRB5 1\n"; print O "#define HAVE_KRB5_ERROR_TEXT_DATA 1\n"; print O "#define HAVE_KRB5_TICKET_ENC_PART2 1\n"; + print O "#define HAVE_KRB5_FREE_UNPARSED_NAME 1\n"; print O "#define PG_KRB_SRVNAM \"postgres\"\n"; } if (my $port = $self->{options}->{"--with-pgport"})