From 7f280d95d1bc92a8534d589b537b8e90e913099c Mon Sep 17 00:00:00 2001 From: Gordon Sim Date: Mon, 1 Jun 2009 16:47:55 +0000 Subject: QPID-1819: ensure that security layer implementation can cope with the case where the max allowed input to cyrus sal routines isless than the max frame size in use. git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@780719 13f79535-47bb-0310-9956-ffa450edef68 --- cpp/src/qpid/sys/cyrus/CyrusSecurityLayer.cpp | 17 ++++++++++++----- cpp/src/qpid/sys/cyrus/CyrusSecurityLayer.h | 2 ++ cpp/src/tests/.valgrind.supp | 20 ++++++++++++++++++++ 3 files changed, 34 insertions(+), 5 deletions(-) (limited to 'cpp/src') diff --git a/cpp/src/qpid/sys/cyrus/CyrusSecurityLayer.cpp b/cpp/src/qpid/sys/cyrus/CyrusSecurityLayer.cpp index 35203a33ce..a7a6e1d02a 100644 --- a/cpp/src/qpid/sys/cyrus/CyrusSecurityLayer.cpp +++ b/cpp/src/qpid/sys/cyrus/CyrusSecurityLayer.cpp @@ -29,7 +29,8 @@ namespace sys { namespace cyrus { CyrusSecurityLayer::CyrusSecurityLayer(sasl_conn_t* c, uint16_t maxFrameSize) : - conn(c), decrypted(0), decryptedSize(0), encrypted(0), encryptedSize(0), codec(0), maxInputSize(0), decodeBuffer(maxFrameSize) + conn(c), decrypted(0), decryptedSize(0), encrypted(0), encryptedSize(0), codec(0), maxInputSize(0), + decodeBuffer(maxFrameSize), encodeBuffer(maxFrameSize), encoded(0) { const void* value(0); int result = sasl_getprop(conn, SASL_MAXOUTBUF, &value); @@ -70,13 +71,19 @@ size_t CyrusSecurityLayer::encode(const char* buffer, size_t size) size_t processed = 0;//records how many bytes have been written to buffer do { if (!encrypted) { - DataBuffer encodeBuffer(maxInputSize);//make sure maxInputSize > maxFrameSize - size_t encoded = codec->encode(encodeBuffer.data, encodeBuffer.size); - if (!encoded) break;//nothing more to do - int result = sasl_encode(conn, encodeBuffer.data, encoded, &encrypted, &encryptedSize); + if (!encoded) { + encodeBuffer.position = 0; + encoded = codec->encode(encodeBuffer.data, encodeBuffer.size); + if (!encoded) break;//nothing more to do + } + + size_t encryptable = std::min(encoded, maxInputSize); + int result = sasl_encode(conn, encodeBuffer.data + encodeBuffer.position, encryptable, &encrypted, &encryptedSize); if (result != SASL_OK) { throw framing::InternalErrorException(QPID_MSG("SASL encode error: " << sasl_errdetail(conn))); } + encodeBuffer.position += encryptable; + encoded -= encryptable; } size_t remaining = size - processed; if (remaining < encryptedSize) { diff --git a/cpp/src/qpid/sys/cyrus/CyrusSecurityLayer.h b/cpp/src/qpid/sys/cyrus/CyrusSecurityLayer.h index 3c00d496a9..1645cf1a58 100644 --- a/cpp/src/qpid/sys/cyrus/CyrusSecurityLayer.h +++ b/cpp/src/qpid/sys/cyrus/CyrusSecurityLayer.h @@ -60,6 +60,8 @@ class CyrusSecurityLayer : public qpid::sys::SecurityLayer qpid::sys::Codec* codec; size_t maxInputSize; DataBuffer decodeBuffer; + DataBuffer encodeBuffer; + size_t encoded; }; }}} // namespace qpid::sys::cyrus diff --git a/cpp/src/tests/.valgrind.supp b/cpp/src/tests/.valgrind.supp index 9984c18151..5e40a0db89 100644 --- a/cpp/src/tests/.valgrind.supp +++ b/cpp/src/tests/.valgrind.supp @@ -1,3 +1,23 @@ +{ + Reported on FC5 and RHEL5 when md5 sasl libs are installed + Memcheck:Leak + fun:* + fun:_dl_map_object_from_fd + fun:_dl_map_object + fun:openaux + fun:_dl_catch_error + fun:_dl_map_object_deps + fun:dl_open_worker + fun:_dl_catch_error + fun:_dl_open + fun:dlopen_doit + fun:_dl_catch_error + fun:_dlerror_run + fun:dlopen@@GLIBC_2.2.5 + fun:_sasl_get_plugin + fun:_sasl_load_plugins + fun:sasl_client_init +} { Benign leak in CPG - patched version. Memcheck:Leak -- cgit v1.2.1