QPID-1819: ensure that security layer implementation can cope with the case where the max allowed input to cyrus sal routines isless than the max frame size in use.

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@780719 13f79535-47bb-0310-9956-ffa450edef68

3 files changed, 34 insertions, 5 deletions

diff --git a/cpp/src/qpid/sys/cyrus/CyrusSecurityLayer.cpp b/cpp/src/qpid/sys/cyrus/CyrusSecurityLayer.cpp
index 35203a33ce..a7a6e1d02a 100644
--- a/cpp/src/qpid/sys/cyrus/CyrusSecurityLayer.cpp
+++ b/cpp/src/qpid/sys/cyrus/CyrusSecurityLayer.cpp
@@ -29,7 +29,8 @@ namespace sys {
 namespace cyrus {
 
 CyrusSecurityLayer::CyrusSecurityLayer(sasl_conn_t* c, uint16_t maxFrameSize) : 
-    conn(c), decrypted(0), decryptedSize(0), encrypted(0), encryptedSize(0), codec(0), maxInputSize(0), decodeBuffer(maxFrameSize)
+    conn(c), decrypted(0), decryptedSize(0), encrypted(0), encryptedSize(0), codec(0), maxInputSize(0), 
+    decodeBuffer(maxFrameSize), encodeBuffer(maxFrameSize), encoded(0)
 {
     const void* value(0);
     int result = sasl_getprop(conn, SASL_MAXOUTBUF, &value);
@@ -70,13 +71,19 @@ size_t CyrusSecurityLayer::encode(const char* buffer, size_t size)
     size_t processed = 0;//records how many bytes have been written to buffer
     do {
         if (!encrypted) {
-            DataBuffer encodeBuffer(maxInputSize);//make sure maxInputSize > maxFrameSize
-            size_t encoded = codec->encode(encodeBuffer.data, encodeBuffer.size);
-            if (!encoded) break;//nothing more to do
-            int result = sasl_encode(conn, encodeBuffer.data, encoded, &encrypted, &encryptedSize);
+            if (!encoded) {
+                encodeBuffer.position = 0;
+                encoded = codec->encode(encodeBuffer.data, encodeBuffer.size);
+                if (!encoded) break;//nothing more to do
+            }
+
+            size_t encryptable = std::min(encoded, maxInputSize); 
+            int result = sasl_encode(conn, encodeBuffer.data + encodeBuffer.position, encryptable, &encrypted, &encryptedSize);
             if (result != SASL_OK) {
                 throw framing::InternalErrorException(QPID_MSG("SASL encode error: " << sasl_errdetail(conn)));
             }
+            encodeBuffer.position += encryptable;
+            encoded -= encryptable;
         }
         size_t remaining = size - processed;
         if (remaining < encryptedSize) {
diff --git a/cpp/src/qpid/sys/cyrus/CyrusSecurityLayer.h b/cpp/src/qpid/sys/cyrus/CyrusSecurityLayer.h
index 3c00d496a9..1645cf1a58 100644
--- a/cpp/src/qpid/sys/cyrus/CyrusSecurityLayer.h
+++ b/cpp/src/qpid/sys/cyrus/CyrusSecurityLayer.h
@@ -60,6 +60,8 @@ class CyrusSecurityLayer : public qpid::sys::SecurityLayer
     qpid::sys::Codec* codec;
     size_t maxInputSize;
     DataBuffer decodeBuffer;
+    DataBuffer encodeBuffer;
+    size_t encoded;
 };
 }}} // namespace qpid::sys::cyrus
 
diff --git a/cpp/src/tests/.valgrind.supp b/cpp/src/tests/.valgrind.supp
index 9984c18151..5e40a0db89 100644
--- a/cpp/src/tests/.valgrind.supp
+++ b/cpp/src/tests/.valgrind.supp
@@ -1,4 +1,24 @@
 {
+   Reported on FC5 and RHEL5 when md5 sasl libs are installed
+   Memcheck:Leak
+   fun:*
+   fun:_dl_map_object_from_fd
+   fun:_dl_map_object
+   fun:openaux
+   fun:_dl_catch_error
+   fun:_dl_map_object_deps
+   fun:dl_open_worker
+   fun:_dl_catch_error
+   fun:_dl_open
+   fun:dlopen_doit
+   fun:_dl_catch_error
+   fun:_dlerror_run
+   fun:dlopen@@GLIBC_2.2.5
+   fun:_sasl_get_plugin
+   fun:_sasl_load_plugins
+   fun:sasl_client_init
+}
+{
    Benign leak in CPG - patched version.
    Memcheck:Leak
    fun:*