You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by co...@apache.org on 2017/07/21 11:27:35 UTC
[48/50] [abbrv] directory-kerby git commit: Added some checks and did
some clean up
Added some checks and did some clean up
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/4f50e851
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/4f50e851
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/4f50e851
Branch: refs/heads/gssapi
Commit: 4f50e8511d7f0989d21109a792a3495319fd1280
Parents: 62cf23d
Author: Kai Zheng <ka...@intel.com>
Authored: Sun Jun 12 23:34:15 2016 +0800
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Jul 21 12:25:51 2017 +0100
----------------------------------------------------------------------
.../kerb/type/ad/AuthorizationType.java | 17 +++++----------
.../kerberos/kerb/type/base/EncryptionType.java | 2 +-
.../kerberos/kerb/type/base/HostAddrType.java | 4 ++--
.../kerby/kerberos/kerb/KrbInputStream.java | 22 +++++++++++++-------
.../kerb/ccache/CredCacheInputStream.java | 17 ++++++++++++---
.../kerby/kerberos/kerb/ccache/Credential.java | 1 -
.../kerberos/kerb/keytab/KeytabInputStream.java | 12 -----------
7 files changed, 37 insertions(+), 38 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4f50e851/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/AuthorizationType.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/AuthorizationType.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/AuthorizationType.java
index 0135215..e6c40c4 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/AuthorizationType.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/AuthorizationType.java
@@ -21,9 +21,6 @@ package org.apache.kerby.kerberos.kerb.type.ad;
import org.apache.kerby.asn1.EnumType;
-import java.util.HashMap;
-import java.util.Map;
-
/**
* The various AuthorizationType values, as defined in RFC 4120 and RFC 1510.
*
@@ -33,7 +30,7 @@ public enum AuthorizationType implements EnumType {
/**
* Constant for the "null" authorization type.
*/
- NULL(0),
+ NONE(0),
/**
* Constant for the "if relevant" authorization type.
@@ -315,8 +312,6 @@ public enum AuthorizationType implements EnumType {
/** The internal value */
private final int value;
- private static Map<Integer, AuthorizationType> valueMap;
-
/**
* Create a new enum
*/
@@ -348,15 +343,13 @@ public enum AuthorizationType implements EnumType {
*/
public static AuthorizationType fromValue(Integer value) {
if (value != null) {
- if (valueMap == null) {
- valueMap = new HashMap<Integer, AuthorizationType>(32);
- for (EnumType e : values()) {
- valueMap.put(e.getValue(), (AuthorizationType) e);
+ for (EnumType e : values()) {
+ if (e.getValue() == value) {
+ return (AuthorizationType) e;
}
}
- return valueMap.get(value);
}
- return NULL;
+ return NONE;
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4f50e851/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/EncryptionType.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/EncryptionType.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/EncryptionType.java
index 86962de..24a4119 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/EncryptionType.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/EncryptionType.java
@@ -131,7 +131,7 @@ public enum EncryptionType implements EnumType {
if (name != null) {
for (EncryptionType e : values()) {
if (e.getName().equals(name)) {
- return (EncryptionType) e;
+ return e;
}
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4f50e851/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/HostAddrType.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/HostAddrType.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/HostAddrType.java
index 21ae885..30501c5 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/HostAddrType.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/HostAddrType.java
@@ -30,7 +30,7 @@ public enum HostAddrType implements EnumType {
/**
* Constant for the "null" host address type.
*/
- NULL(0),
+ NONE(0),
/**
* Constant for the "Internet" host address type.
@@ -120,6 +120,6 @@ public enum HostAddrType implements EnumType {
}
}
- return NULL;
+ return HostAddrType.NONE;
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4f50e851/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/KrbInputStream.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/KrbInputStream.java b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/KrbInputStream.java
index 3dac9bf..9611fe0 100644
--- a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/KrbInputStream.java
+++ b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/KrbInputStream.java
@@ -42,20 +42,25 @@ public abstract class KrbInputStream extends DataInputStream {
public abstract PrincipalName readPrincipal(int version) throws IOException;
- public EncryptionKey readKey(int version) throws IOException {
+ public EncryptionKey readKey() throws IOException {
int eType = readShort();
- EncryptionType encryptionType = EncryptionType.fromValue(eType);
-
+ EncryptionType encType = EncryptionType.fromValue(eType);
byte[] keyData = readCountedOctets();
- EncryptionKey key = new EncryptionKey(encryptionType, keyData);
+ if (encType == EncryptionType.NONE || keyData == null) {
+ return null;
+ }
+ EncryptionKey key = new EncryptionKey(encType, keyData);
return key;
}
public String readCountedString() throws IOException {
byte[] countedOctets = readCountedOctets();
- // ASCII
- return new String(countedOctets, StandardCharsets.UTF_8);
+ if (countedOctets != null) {
+ // ASCII
+ return new String(countedOctets, StandardCharsets.UTF_8);
+ }
+ return null;
}
public byte[] readCountedOctets() throws IOException {
@@ -63,10 +68,13 @@ public abstract class KrbInputStream extends DataInputStream {
if (len == 0) {
return null;
}
+ if (len < 0 || len > available()) {
+ throw new IOException("Unexpected octets len: " + len);
+ }
byte[] data = new byte[len];
if (read(data) == -1) {
- throw new IOException();
+ throw new IOException("Unexpected end of stream");
}
return data;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4f50e851/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/CredCacheInputStream.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/CredCacheInputStream.java b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/CredCacheInputStream.java
index ea52156..dded504 100644
--- a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/CredCacheInputStream.java
+++ b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/CredCacheInputStream.java
@@ -73,10 +73,10 @@ public class CredCacheInputStream extends KrbInputStream {
public EncryptionKey readKey(int version) throws IOException {
if (version == CredentialCache.FCC_FVNO_3) {
- readShort(); // ignore keytype
+ readShort(); // ignore keytype
}
- return super.readKey(version);
+ return super.readKey();
}
public KerberosTime[] readTimes() throws IOException {
@@ -113,8 +113,13 @@ public class CredCacheInputStream extends KrbInputStream {
public HostAddress readAddress() throws IOException {
int typeValue = readShort();
HostAddrType addrType = HostAddrType.fromValue(typeValue);
+ if (addrType == HostAddrType.NONE) {
+ throw new IOException("Invalid host address type");
+ }
byte[] addrData = readCountedOctets();
-
+ if (addrData == null) {
+ throw new IOException("Invalid host address data");
+ }
HostAddress addr = new HostAddress();
addr.setAddrType(addrType);
addr.setAddress(addrData);
@@ -141,7 +146,13 @@ public class CredCacheInputStream extends KrbInputStream {
public AuthorizationDataEntry readAuthzDataEntry() throws IOException {
int typeValue = readShort();
AuthorizationType authzType = AuthorizationType.fromValue(typeValue);
+ if (authzType == AuthorizationType.NONE) {
+ throw new IOException("Invalid authorization data type");
+ }
byte[] authzData = readCountedOctets();
+ if (authzData == null) {
+ throw new IOException("Invalid authorization data");
+ }
AuthorizationDataEntry authzEntry = new AuthorizationDataEntry();
authzEntry.setAuthzType(authzType);
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4f50e851/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/Credential.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/Credential.java b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/Credential.java
index c29c8bd..03484dc 100644
--- a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/Credential.java
+++ b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/Credential.java
@@ -175,7 +175,6 @@ public class Credential {
if (serverName.getRealm().equals(CONF_REALM)) {
isConfEntry = true;
}
-
this.key = ccis.readKey(version);
KerberosTime[] times = ccis.readTimes();
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4f50e851/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/KeytabInputStream.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/KeytabInputStream.java b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/KeytabInputStream.java
index 2e52b9c..111ad14 100644
--- a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/KeytabInputStream.java
+++ b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/KeytabInputStream.java
@@ -21,8 +21,6 @@ package org.apache.kerby.kerberos.kerb.keytab;
import org.apache.kerby.kerberos.kerb.KrbInputStream;
import org.apache.kerby.kerberos.kerb.type.KerberosTime;
-import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
-import org.apache.kerby.kerberos.kerb.type.base.EncryptionType;
import org.apache.kerby.kerberos.kerb.type.base.NameType;
import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
@@ -64,16 +62,6 @@ public class KeytabInputStream extends KrbInputStream {
return principal;
}
- public EncryptionKey readKey() throws IOException {
- int eType = readShort();
- EncryptionType encryptionType = EncryptionType.fromValue(eType);
-
- byte[] keyData = readCountedOctets();
- EncryptionKey key = new EncryptionKey(encryptionType, keyData);
-
- return key;
- }
-
@Override
public int readOctetsCount() throws IOException {
return readShort();