Skip to content

Commit

Permalink
Problem: passes null pointer on interrupt (#1374)
Browse files Browse the repository at this point in the history 
Solution: do nothing, when interrupted

Fixes #1374
  • Loading branch information
@hintjens
hintjens committed Mar 16, 2016
1 parent 4b89173 commit e3aeb9a
Show file tree
Hide file tree
Showing 2 changed files with 105 additions and 108 deletions.
106 changes: 52 additions & 54 deletions src/zauth.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -354,67 +354,65 @@ static int
s_self_authenticate (self_t *self)
{
zap_request_t *request = s_zap_request_new (self->handler, self->verbose);
if (request) {
// Is address explicitly whitelisted or blacklisted?
bool allowed = false;
bool denied = false;

if (zhashx_size (self->whitelist)) {
if (zhashx_lookup (self->whitelist, request->address)) {
allowed = true;
if (self->verbose)
zsys_info ("zauth: - passed (whitelist) address=%s", request->address);
}
else {
denied = true;
if (self->verbose)
zsys_info ("zauth: - denied (not in whitelist) address=%s", request->address);
}
if (!request)
return 0; // Interrupted, no request to process

// Is address explicitly whitelisted or blacklisted?
bool allowed = false;
bool denied = false;

if (zhashx_size (self->whitelist)) {
if (zhashx_lookup (self->whitelist, request->address)) {
allowed = true;
if (self->verbose)
zsys_info ("zauth: - passed (whitelist) address=%s", request->address);
}
else
if (zhashx_size (self->blacklist)) {
if (zhashx_lookup (self->blacklist, request->address)) {
denied = true;
if (self->verbose)
zsys_info ("zauth: - denied (blacklist) address=%s", request->address);
}
else {
allowed = true;
if (self->verbose)
zsys_info ("zauth: - passed (not in blacklist) address=%s", request->address);
}
else {
denied = true;
if (self->verbose)
zsys_info ("zauth: - denied (not in whitelist) address=%s", request->address);
}
// Mechanism-specific checks
if (!denied) {
if (streq (request->mechanism, "NULL") && !allowed) {
// For NULL, we allow if the address wasn't blacklisted
if (self->verbose)
zsys_info ("zauth: - allowed (NULL)");
allowed = true;
}
else
if (streq (request->mechanism, "PLAIN"))
// For PLAIN, even a whitelisted address must authenticate
allowed = s_authenticate_plain (self, request);
else
if (streq (request->mechanism, "CURVE"))
// For CURVE, even a whitelisted address must authenticate
allowed = s_authenticate_curve (self, request);
else
if (streq (request->mechanism, "GSSAPI"))
// For GSSAPI, even a whitelisted address must authenticate
allowed = s_authenticate_gssapi (self, request);
}
else
if (zhashx_size (self->blacklist)) {
if (zhashx_lookup (self->blacklist, request->address)) {
denied = true;
if (self->verbose)
zsys_info ("zauth: - denied (blacklist) address=%s", request->address);
}
else {
allowed = true;
if (self->verbose)
zsys_info ("zauth: - passed (not in blacklist) address=%s", request->address);
}
}
// Mechanism-specific checks
if (!denied) {
if (streq (request->mechanism, "NULL") && !allowed) {
// For NULL, we allow if the address wasn't blacklisted
if (self->verbose)
zsys_info ("zauth: - allowed (NULL)");
allowed = true;
}
if (allowed)
s_zap_request_reply (request, "200", "OK");
else
s_zap_request_reply (request, "400", "No access");

s_zap_request_destroy (&request);
if (streq (request->mechanism, "PLAIN"))
// For PLAIN, even a whitelisted address must authenticate
allowed = s_authenticate_plain (self, request);
else
if (streq (request->mechanism, "CURVE"))
// For CURVE, even a whitelisted address must authenticate
allowed = s_authenticate_curve (self, request);
else
if (streq (request->mechanism, "GSSAPI"))
// For GSSAPI, even a whitelisted address must authenticate
allowed = s_authenticate_gssapi (self, request);
}
if (allowed)
s_zap_request_reply (request, "200", "OK");
else
s_zap_request_reply (request, "500", "Internal error");
s_zap_request_reply (request, "400", "No access");

s_zap_request_destroy (&request);
return 0;
}

Expand Down
107 changes: 53 additions & 54 deletions src/zauth_v2.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -451,66 +451,65 @@ static int
s_agent_authenticate (agent_t *self)
{
zap_request_t *request = zap_request_new (self->handler);
if (request) {
// Is address explicitly whitelisted or blacklisted?
bool allowed = false;
bool denied = false;

if (zhash_size (self->whitelist)) {
if (zhash_lookup (self->whitelist, request->address)) {
allowed = true;
if (self->verbose)
printf ("ZAUTH I: PASSED (whitelist) address=%s\n", request->address);
}
else {
denied = true;
if (self->verbose)
printf ("ZAUTH I: DENIED (not in whitelist) address=%s\n", request->address);
}
if (!request)
return 0; // Interrupted, no request to process

// Is address explicitly whitelisted or blacklisted?
bool allowed = false;
bool denied = false;

if (zhash_size (self->whitelist)) {
if (zhash_lookup (self->whitelist, request->address)) {
allowed = true;
if (self->verbose)
printf ("ZAUTH I: PASSED (whitelist) address=%s\n", request->address);
}
else
if (zhash_size (self->blacklist)) {
if (zhash_lookup (self->blacklist, request->address)) {
denied = true;
if (self->verbose)
printf ("ZAUTH I: DENIED (blacklist) address=%s\n", request->address);
}
else {
allowed = true;
if (self->verbose)
printf ("ZAUTH I: PASSED (not in blacklist) address=%s\n", request->address);
}
else {
denied = true;
if (self->verbose)
printf ("ZAUTH I: DENIED (not in whitelist) address=%s\n", request->address);
}
// Mechanism-specific checks
if (!denied) {
if (streq (request->mechanism, "NULL") && !allowed) {
// For NULL, we allow if the address wasn't blacklisted
if (self->verbose)
printf ("ZAUTH I: ALLOWED (NULL)\n");
allowed = true;
}
else
if (streq (request->mechanism, "PLAIN"))
// For PLAIN, even a whitelisted address must authenticate
allowed = s_authenticate_plain (self, request);
else
if (streq (request->mechanism, "CURVE"))
// For CURVE, even a whitelisted address must authenticate
allowed = s_authenticate_curve (self, request);
else
if (streq (request->mechanism, "GSSAPI"))
// For GSSAPI, even a whitelisted address must authenticate
allowed = s_authenticate_gssapi (self, request);
}
else
if (zhash_size (self->blacklist)) {
if (zhash_lookup (self->blacklist, request->address)) {
denied = true;
if (self->verbose)
printf ("ZAUTH I: DENIED (blacklist) address=%s\n", request->address);
}
else {
allowed = true;
if (self->verbose)
printf ("ZAUTH I: PASSED (not in blacklist) address=%s\n", request->address);
}
}
// Mechanism-specific checks
if (!denied) {
if (streq (request->mechanism, "NULL") && !allowed) {
// For NULL, we allow if the address wasn't blacklisted
if (self->verbose)
printf ("ZAUTH I: ALLOWED (NULL)\n");
allowed = true;
}
if (allowed)
zap_request_reply (request, "200", "OK");
else
zap_request_reply (request, "400", "NO ACCESS");

zap_request_destroy (&request);
if (streq (request->mechanism, "PLAIN"))
// For PLAIN, even a whitelisted address must authenticate
allowed = s_authenticate_plain (self, request);
else
if (streq (request->mechanism, "CURVE"))
// For CURVE, even a whitelisted address must authenticate
allowed = s_authenticate_curve (self, request);
else
if (streq (request->mechanism, "GSSAPI"))
// For GSSAPI, even a whitelisted address must authenticate
allowed = s_authenticate_gssapi (self, request);
}
if (allowed)
zap_request_reply (request, "200", "OK");
else
zap_request_reply (request, "500", "Internal error");
zap_request_reply (request, "400", "NO ACCESS");

zap_request_destroy (&request);
return 0;
}

Expand Down

0 comments on commit e3aeb9a

Please sign in to comment.