FreeBSD Bugzilla – Attachment 196646 Details for
Bug 230978
security/zxid: Take MAINTAINER'ship and fix memory leak
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
zxid.patch
zxid.patch (text/plain), 5.60 KB, created by
Andres Montalban
on 2018-08-28 14:34:38 UTC
(
hide
)
Description:
zxid.patch
Filename:
MIME Type:
Creator:
Andres Montalban
Created:
2018-08-28 14:34:38 UTC
Size:
5.60 KB
patch
obsolete
>diff -urN zxid.orig/Makefile zxid/Makefile >--- zxid.orig/Makefile 2017-03-15 07:45:30.000000000 -0700 >+++ zxid/Makefile 2018-08-28 07:20:51.187066000 -0700 >@@ -3,10 +3,11 @@ > > PORTNAME= zxid > PORTVERSION= 1.42 >+PORTREVISION= 1 > CATEGORIES= security www > MASTER_SITES= http://zxid.org/ > >-MAINTAINER= ports@FreeBSD.org >+MAINTAINER= admins@perceptyx.com > COMMENT= Open Source IdM for the Masses - SAML SSO > > LICENSE= E2ETA >diff -urN zxid.orig/files/patch-errmac.h zxid/files/patch-errmac.h >--- zxid.orig/files/patch-errmac.h 1969-12-31 16:00:00.000000000 -0800 >+++ zxid/files/patch-errmac.h 2018-08-28 07:10:52.760388000 -0700 >@@ -0,0 +1,21 @@ >+--- errmac.h.orig 2016-02-29 00:16:50 UTC >++++ errmac.h >+@@ -483,9 +483,17 @@ extern FILE* errmac_debug_log; /* Def >+ #define DD_XML_BLOB(cf, lk, len, xml) /* Documentative */ >+ >+ int hexdmp(const char* msg, const void* p, int len, int max); >++#if __FreeBSD__ >++int hexdump_zxid(const char* msg, const void* p, const void* lim, int max); >++#else >+ int hexdump(const char* msg, const void* p, const void* lim, int max); >++#endif >+ >++#if __FreeBSD__ >++#define HEXDUMP(msg, p, lim, max) if ((errmac_debug&ERRMAC_DEBUG_MASK) > 1) hexdump_zxid((msg), (p), (lim), (max)) >++#else >+ #define HEXDUMP(msg, p, lim, max) if ((errmac_debug&ERRMAC_DEBUG_MASK) > 1) hexdump((msg), (p), (lim), (max)) >++#endif >+ #define DHEXDUMP(msg, p, lim, max) /* Disabled hex dump */ >+ >+ #define DUMP_CORE() ASSERT(0) >+ >diff -urN zxid.orig/files/patch-zxsig.c zxid/files/patch-zxsig.c >--- zxid.orig/files/patch-zxsig.c 1969-12-31 16:00:00.000000000 -0800 >+++ zxid/files/patch-zxsig.c 2018-08-28 07:11:07.511433000 -0700 >@@ -0,0 +1,69 @@ >+--- zxsig.c.orig 2016-02-29 00:16:50 UTC >++++ zxsig.c >+@@ -887,8 +887,13 @@ int zx_report_openssl_err(const char* lo >+ #endif >+ >+ D("%s: len=%d data(%.*s)", lk, len, len, data); >++#if __FreeBSD__ >++ D("%s: data above %d", lk, hexdump_zxid("data: ", data, data+len, 4096)); >++ D("%s: digest above %d", lk, hexdump_zxid("digest: ", mdbuf, mdbuf+mdlen, 64)); >++#else >+ D("%s: data above %d", lk, hexdump("data: ", data, data+len, 4096)); >+ D("%s: digest above %d", lk, hexdump("digest: ", mdbuf, mdbuf+mdlen, 64)); >++#endif >+ >+ if (!priv_key) { >+ ERR(priv_key_missing_msg, geteuid(), getegid()); >+@@ -906,7 +911,11 @@ int zx_report_openssl_err(const char* lo >+ if (RSA_sign(EVP_MD_type(evp_digest), mdbuf, mdlen, (unsigned char*)*sig, (unsigned int*)&len, rsa)) { >+ DD("data = %s, SHA1 sig = %s, siglen = %d", data, *sig, len); >+ D("RSA siglen = %d", len); >++#if __FreeBSD__ >++ D("%s: sig above %d", lk, hexdump_zxid("sig: ", *sig, *sig+len, 1024)); >++#else >+ D("%s: sig above %d", lk, hexdump("sig: ", *sig, *sig+len, 1024)); >++#endif >+ return len; >+ } >+ #else >+@@ -1042,9 +1051,15 @@ int zxsig_verify_data(int len, char* dat >+ else if (!strcmp(mdalg, "SHA512")) { SHA512((unsigned char*)data, len, mdbuf); nid = NID_sha512; } >+ else { SHA1((unsigned char*)data, len, mdbuf); nid = NID_sha1; } >+ #endif >++#if __FreeBSD__ >++ D("%s: vfy data len=%d above %d", lk, len, hexdump_zxid("data: ", data, data+len, 8192)); >++ D("%s: vfy sig above %d", lk, hexdump_zxid("sig: ", sig, sig+siglen, 8192)); >++ D("%s: vfy md above %d", lk, hexdump_zxid("md: ", mdbuf, mdbuf+64, 64)); >++#else >+ D("%s: vfy data len=%d above %d", lk, len, hexdump("data: ", data, data+len, 8192)); >+ D("%s: vfy sig above %d", lk, hexdump("sig: ", sig, sig+siglen, 8192)); >+ D("%s: vfy md above %d", lk, hexdump("md: ", mdbuf, mdbuf+64, 64)); >++#endif >+ >+ evp_pubk = X509_get_pubkey(cert); >+ if (!evp_pubk) { >+@@ -1080,7 +1095,11 @@ int zxsig_verify_data(int len, char* dat >+ if (!verdict) { >+ ERR("RSA signature verify in %s data failed. Perhaps you have bad or no certificate(%p) len=%d data=%p siglen=%d sig=%p", lk, cert, len, data, siglen, sig); >+ zx_report_openssl_err(lk); >++#if __FreeBSD__ >++ D("RSA_vfy(%s) bad sig above %d", lk, hexdump_zxid("sig: ", sig, sig+siglen, 4096)); >++#else >+ D("RSA_vfy(%s) bad sig above %d", lk, hexdump("sig: ", sig, sig+siglen, 4096)); >++#endif >+ return ZXSIG_VFY_FAIL; >+ } else { >+ D("RSA verify OK %d", verdict); >+@@ -1115,7 +1134,11 @@ int zxsig_verify_data(int len, char* dat >+ if (!verdict) { >+ ERR("DSA signature verify in %s data failed. Perhaps you have bad or no certificate(%p) len=%d data=%p siglen=%d sig=%p", lk, cert, len, data, siglen, sig); >+ zx_report_openssl_err(lk); >++#if __FreeBSD__ >++ D("DSA_vfy(%s) sig above %d", lk, hexdump_zxid("sig: ", sig, sig+siglen, 4096)); >++#else >+ D("DSA_vfy(%s) sig above %d", lk, hexdump("sig: ", sig, sig+siglen, 4096)); >++#endif >+ return ZXSIG_VFY_FAIL; >+ } else { >+ D("DSA verify OK %d", verdict); >+ >diff -urN zxid.orig/files/patch-zxutil.c zxid/files/patch-zxutil.c >--- zxid.orig/files/patch-zxutil.c 1969-12-31 16:00:00.000000000 -0800 >+++ zxid/files/patch-zxutil.c 2018-08-28 07:11:25.135822000 -0700 >@@ -0,0 +1,21 @@ >+--- zxutil.c.orig 2018-08-06 01:37:42 UTC >++++ zxutil.c >+@@ -681,7 +681,7 @@ linkrest: >+ /*() Output a hexdump to stderr. Used for debugging purposes. */ >+ >+ /* Called by: */ >+-int hexdump(const char* msg, const void* data, const void* lim, int max) >++int hexdump_zxid(const char* msg, const void* data, const void* lim, int max) >+ { >+ int i; >+ const char* p = (const char*)data; >+@@ -720,7 +720,7 @@ int hexdump(const char* msg, const void* >+ >+ /* Called by: zx_get_symkey, zx_raw_cipher2 x4, zxbus_verify_receipt x2, zxsig_validate x19 */ >+ int hexdmp(const char* msg, const void* p, int len, int max) { >+- return hexdump(msg, p, p+len, max); >++ return hexdump_zxid(msg, p, p+len, max); >+ } >+ >+ /* >+
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=196646">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 230978
: 196646