Skip to content

Commit

Permalink
Merge pull request zeromq#1375 from hintjens/master
Browse files Browse the repository at this point in the history 
Problem: passes null pointer on interrupt (zeromq#1374)
  • Loading branch information
@sappo
sappo committed Mar 16, 2016
2 parents 5890621 + 13da81b commit 26b666e
Show file tree
Hide file tree
Showing 4 changed files with 108 additions and 111 deletions.
106 changes: 52 additions & 54 deletions src/zauth.c
View file
Expand Up @@ -354,67 +354,65 @@ static int
s_self_authenticate (self_t *self)
{
zap_request_t *request = s_zap_request_new (self->handler, self->verbose);
if (request) {
// Is address explicitly whitelisted or blacklisted?
bool allowed = false;
bool denied = false;

if (zhashx_size (self->whitelist)) {
if (zhashx_lookup (self->whitelist, request->address)) {
allowed = true;
if (self->verbose)
zsys_info ("zauth: - passed (whitelist) address=%s", request->address);
}
else {
denied = true;
if (self->verbose)
zsys_info ("zauth: - denied (not in whitelist) address=%s", request->address);
}
if (!request)
return 0; // Interrupted, no request to process

// Is address explicitly whitelisted or blacklisted?
bool allowed = false;
bool denied = false;

if (zhashx_size (self->whitelist)) {
if (zhashx_lookup (self->whitelist, request->address)) {
allowed = true;
if (self->verbose)
zsys_info ("zauth: - passed (whitelist) address=%s", request->address);
}
else
if (zhashx_size (self->blacklist)) {
if (zhashx_lookup (self->blacklist, request->address)) {
denied = true;
if (self->verbose)
zsys_info ("zauth: - denied (blacklist) address=%s", request->address);
}
else {
allowed = true;
if (self->verbose)
zsys_info ("zauth: - passed (not in blacklist) address=%s", request->address);
}
else {
denied = true;
if (self->verbose)
zsys_info ("zauth: - denied (not in whitelist) address=%s", request->address);
}
// Mechanism-specific checks
if (!denied) {
if (streq (request->mechanism, "NULL") && !allowed) {
// For NULL, we allow if the address wasn't blacklisted
if (self->verbose)
zsys_info ("zauth: - allowed (NULL)");
allowed = true;
}
else
if (streq (request->mechanism, "PLAIN"))
// For PLAIN, even a whitelisted address must authenticate
allowed = s_authenticate_plain (self, request);
else
if (streq (request->mechanism, "CURVE"))
// For CURVE, even a whitelisted address must authenticate
allowed = s_authenticate_curve (self, request);
else
if (streq (request->mechanism, "GSSAPI"))
// For GSSAPI, even a whitelisted address must authenticate
allowed = s_authenticate_gssapi (self, request);
}
else
if (zhashx_size (self->blacklist)) {
if (zhashx_lookup (self->blacklist, request->address)) {
denied = true;
if (self->verbose)
zsys_info ("zauth: - denied (blacklist) address=%s", request->address);
}
else {
allowed = true;
if (self->verbose)
zsys_info ("zauth: - passed (not in blacklist) address=%s", request->address);
}
}
// Mechanism-specific checks
if (!denied) {
if (streq (request->mechanism, "NULL") && !allowed) {
// For NULL, we allow if the address wasn't blacklisted
if (self->verbose)
zsys_info ("zauth: - allowed (NULL)");
allowed = true;
}
if (allowed)
s_zap_request_reply (request, "200", "OK");
else
s_zap_request_reply (request, "400", "No access");

s_zap_request_destroy (&request);
if (streq (request->mechanism, "PLAIN"))
// For PLAIN, even a whitelisted address must authenticate
allowed = s_authenticate_plain (self, request);
else
if (streq (request->mechanism, "CURVE"))
// For CURVE, even a whitelisted address must authenticate
allowed = s_authenticate_curve (self, request);
else
if (streq (request->mechanism, "GSSAPI"))
// For GSSAPI, even a whitelisted address must authenticate
allowed = s_authenticate_gssapi (self, request);
}
if (allowed)
s_zap_request_reply (request, "200", "OK");
else
s_zap_request_reply (request, "500", "Internal error");
s_zap_request_reply (request, "400", "No access");

s_zap_request_destroy (&request);
return 0;
}

Expand Down
107 changes: 53 additions & 54 deletions src/zauth_v2.c
View file
Expand Up @@ -451,66 +451,65 @@ static int
s_agent_authenticate (agent_t *self)
{
zap_request_t *request = zap_request_new (self->handler);
if (request) {
// Is address explicitly whitelisted or blacklisted?
bool allowed = false;
bool denied = false;

if (zhash_size (self->whitelist)) {
if (zhash_lookup (self->whitelist, request->address)) {
allowed = true;
if (self->verbose)
printf ("ZAUTH I: PASSED (whitelist) address=%s\n", request->address);
}
else {
denied = true;
if (self->verbose)
printf ("ZAUTH I: DENIED (not in whitelist) address=%s\n", request->address);
}
if (!request)
return 0; // Interrupted, no request to process

// Is address explicitly whitelisted or blacklisted?
bool allowed = false;
bool denied = false;

if (zhash_size (self->whitelist)) {
if (zhash_lookup (self->whitelist, request->address)) {
allowed = true;
if (self->verbose)
printf ("ZAUTH I: PASSED (whitelist) address=%s\n", request->address);
}
else
if (zhash_size (self->blacklist)) {
if (zhash_lookup (self->blacklist, request->address)) {
denied = true;
if (self->verbose)
printf ("ZAUTH I: DENIED (blacklist) address=%s\n", request->address);
}
else {
allowed = true;
if (self->verbose)
printf ("ZAUTH I: PASSED (not in blacklist) address=%s\n", request->address);
}
else {
denied = true;
if (self->verbose)
printf ("ZAUTH I: DENIED (not in whitelist) address=%s\n", request->address);
}
// Mechanism-specific checks
if (!denied) {
if (streq (request->mechanism, "NULL") && !allowed) {
// For NULL, we allow if the address wasn't blacklisted
if (self->verbose)
printf ("ZAUTH I: ALLOWED (NULL)\n");
allowed = true;
}
else
if (streq (request->mechanism, "PLAIN"))
// For PLAIN, even a whitelisted address must authenticate
allowed = s_authenticate_plain (self, request);
else
if (streq (request->mechanism, "CURVE"))
// For CURVE, even a whitelisted address must authenticate
allowed = s_authenticate_curve (self, request);
else
if (streq (request->mechanism, "GSSAPI"))
// For GSSAPI, even a whitelisted address must authenticate
allowed = s_authenticate_gssapi (self, request);
}
else
if (zhash_size (self->blacklist)) {
if (zhash_lookup (self->blacklist, request->address)) {
denied = true;
if (self->verbose)
printf ("ZAUTH I: DENIED (blacklist) address=%s\n", request->address);
}
else {
allowed = true;
if (self->verbose)
printf ("ZAUTH I: PASSED (not in blacklist) address=%s\n", request->address);
}
}
// Mechanism-specific checks
if (!denied) {
if (streq (request->mechanism, "NULL") && !allowed) {
// For NULL, we allow if the address wasn't blacklisted
if (self->verbose)
printf ("ZAUTH I: ALLOWED (NULL)\n");
allowed = true;
}
if (allowed)
zap_request_reply (request, "200", "OK");
else
zap_request_reply (request, "400", "NO ACCESS");

zap_request_destroy (&request);
if (streq (request->mechanism, "PLAIN"))
// For PLAIN, even a whitelisted address must authenticate
allowed = s_authenticate_plain (self, request);
else
if (streq (request->mechanism, "CURVE"))
// For CURVE, even a whitelisted address must authenticate
allowed = s_authenticate_curve (self, request);
else
if (streq (request->mechanism, "GSSAPI"))
// For GSSAPI, even a whitelisted address must authenticate
allowed = s_authenticate_gssapi (self, request);
}
if (allowed)
zap_request_reply (request, "200", "OK");
else
zap_request_reply (request, "500", "Internal error");
zap_request_reply (request, "400", "NO ACCESS");

zap_request_destroy (&request);
return 0;
}

Expand Down
4 changes: 2 additions & 2 deletions src/zcert.c
View file
Expand Up @@ -357,11 +357,11 @@ zcert_save_secret (zcert_t *self, const char *filename)
// undefined, and this certificate will not work successfully.

void
zcert_apply (zcert_t *self, void *zocket)
zcert_apply (zcert_t *self, void *socket)
{
assert (self);
#if (ZMQ_VERSION_MAJOR == 4)
void *handle = zsock_resolve (zocket);
void *handle = zsock_resolve (socket);
if (zsys_has_curve ()) {
zsock_set_curve_secretkey_bin (handle, self->secret_key);
zsock_set_curve_publickey_bin (handle, self->public_key);
Expand Down
2 changes: 1 addition & 1 deletion src/zchunk.c
View file
Expand Up @@ -13,7 +13,7 @@
/*
@header
The zchunk class works with variable sized blobs. Not as efficient as
MQ's messages but they do less weirdness and so are easier to understand.
ZeroMQ's messages but they do less weirdness and so are easier to understand.
The chunk class has methods to read and write chunks from disk.
@discuss
@end
Expand Down

0 comments on commit 26b666e

Please sign in to comment.