[Pkg-freeipa-devel] [Git][freeipa-team/jss][master] 2 commits: fix-bufferprfd.diff: Fix tests on big-endian.

Tue Sep 10 05:14:27 BST 2019


Timo Aaltonen pushed to branch master at FreeIPA packaging / jss


Commits:
9c67c506 by Timo Aaltonen at 2019-09-10T04:07:56Z
fix-bufferprfd.diff: Fix tests on big-endian.

- - - - -
74d1a911 by Timo Aaltonen at 2019-09-10T04:13:49Z
releasing package jss version 4.6.1-2

- - - - -


3 changed files:

- debian/changelog
- + debian/patches/fix-bufferprfd.diff
- debian/patches/series


Changes:

=====================================
debian/changelog
=====================================
@@ -1,3 +1,9 @@
+jss (4.6.1-2) unstable; urgency=medium
+
+  * fix-bufferprfd.diff: Fix tests on big-endian.
+
+ -- Timo Aaltonen <tjaalton at debian.org>  Tue, 10 Sep 2019 07:13:43 +0300
+
 jss (4.6.1-1) unstable; urgency=medium
 
   * New upstream release.


=====================================
debian/patches/fix-bufferprfd.diff
=====================================
@@ -0,0 +1,103 @@
+commit a272589d079eca9d3e056eeee386f30ef8cbc0f4
+Author: Alexander Scheel <ascheel at redhat.com>
+Date:   Thu Aug 15 15:08:28 2019 -0400
+
+    Fix BufferPRFD's PRBufferGetSocketOption
+    
+    PRBufferGetSocketOption takes two parameters: the PRFileDesc that we're
+    operating on and a PRSocketOptionData where we place the result. I
+    incorrectly treated this as a struct holding all options for a socket.
+    In reality, it contains two fields:
+    
+     - the option requested
+     - the value of that option (via a union)
+    
+    We thus need to condition on the option requested and return *only* its
+    value.
+    
+    Under the previous implementation, we clobbered all options we set,
+    except the last one, data->value.send_buffer_size. In TestBufferPRFD.c,
+    we set the capacity of the buffer as 2048. Since sizeof(PRSize) >=
+    sizeof(PRBool), we did not perform an out of bounds write. On big endian
+    systems such as s390x, we stored the value 0x00000000 00000800: this
+    meant accessing data->value.non_blocking returned PR_FALSE (0x00).
+    
+    Since the condition in ssl_FdIsBlocking is "!opt.value.non_blocking",
+    this resulted in NSS assuming our buffer was blocking.
+    
+    Many thanks to Bob Relyea for finding this.
+    
+    Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1730109
+    
+    Signed-off-by: Alexander Scheel <ascheel at redhat.com>
+
+diff --git a/org/mozilla/jss/ssl/javax/BufferPRFD.c b/org/mozilla/jss/ssl/javax/BufferPRFD.c
+index ba7206d4..7929f64d 100644
+--- a/org/mozilla/jss/ssl/javax/BufferPRFD.c
++++ b/org/mozilla/jss/ssl/javax/BufferPRFD.c
+@@ -189,34 +189,55 @@ static PRInt32 PRBufferRecv(PRFileDesc *fd, void *buf, PRInt32 amount, PRIntn fl
+ // Fake responses to getSocketOption requests
+ static PRStatus PRBufferGetSocketOption(PRFileDesc *fd, PRSocketOptionData *data)
+ {
+-    /* getSocketOption takes a PRFileDesc and modifies the PRSocketOptionData
+-     * with the options on this. We set a couple of sane defaults here:
++    /* getSocketOption takes a PRFileDesc and modifies the value field of data
++     * with socket option specified in the option field. We fake responses with
++     * a couple of sane defaults here:
+      *
+      *   non_blocking = true
+      *   reuse_addr = true
+      *   keep_alive = false
+      *   no_delay = true
+      *
+-     * However the list above is far fom extensive. Note that responses are
+-     * "fake" in that calls to setSocketOption fail to reflect here.
++     * We return valid responses to three other options:
++     *
++     *   max_segment = capacity of read_buffer
++     *   recv_buffer_size = capacity of read buffer
++     *   send_buffer_size = capacity of write buffer
++     *
++     * Note that all responses are "fake" in that calls to SetSocketOption will
++     * not be reflected here.
+      */
+ 
+-    if (data) {
+-        PRFilePrivate *internal = fd->secret;
++    if (!data || !fd) {
++        return PR_FAILURE;
++    }
+ 
++    PRFilePrivate *internal = fd->secret;
++    switch (data->option) {
++    case PR_SockOpt_Nonblocking:
+         data->value.non_blocking = PR_TRUE;
++        return PR_SUCCESS;
++    case PR_SockOpt_Reuseaddr:
+         data->value.reuse_addr = PR_TRUE;
++        return PR_SUCCESS;
++    case PR_SockOpt_Keepalive:
+         data->value.keep_alive = PR_FALSE;
+-        data->value.mcast_loopback = PR_FALSE;
++        return PR_SUCCESS;
++    case PR_SockOpt_NoDelay:
+         data->value.no_delay = PR_TRUE;
++        return PR_SUCCESS;
++    case PR_SockOpt_MaxSegment:
+         data->value.max_segment = jb_capacity(internal->read_buffer);
++        return PR_SUCCESS;
++    case PR_SockOpt_RecvBufferSize:
+         data->value.recv_buffer_size = jb_capacity(internal->read_buffer);
++        return PR_SUCCESS;
++    case PR_SockOpt_SendBufferSize:
+         data->value.send_buffer_size = jb_capacity(internal->write_buffer);
+-
+         return PR_SUCCESS;
++    default:
++        return PR_FAILURE;
+     }
+-
+-    return PR_FAILURE;
+ }
+ 
+ // Fake responses to setSocketOption


=====================================
debian/patches/series
=====================================
@@ -1 +1 @@
-#placeholder
+fix-bufferprfd.diff



View it on GitLab: https://salsa.debian.org/freeipa-team/jss/compare/34145baabfddb1efbc0a78dce219c01bbb852b6b...74d1a91114c3878cbe9f16db8d650d05e3733cec

-- 
View it on GitLab: https://salsa.debian.org/freeipa-team/jss/compare/34145baabfddb1efbc0a78dce219c01bbb852b6b...74d1a91114c3878cbe9f16db8d650d05e3733cec
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20190910/169e36cc/attachment-0001.html>
