Merge pull request #10090 from ydb-platform/mergelibs-241004-1110

Library import 241004-1110
author: Maxim Yurchuk <maxim-yurchuk@ydb.tech> 2024-10-04 17:24:16 +0300
committer: GitHub <noreply@github.com> 2024-10-04 17:24:16 +0300
commit: a1e4766748b5924d3879ab6a0259b28ec3c5d535 (patch)
tree: 4480150864228623d6c9101a4ba8c049bda9aa90 /contrib/libs/curl/lib/socks_gssapi.c
parent: 6536467764bed7822214815ce92ed4dcd5bf409b (diff)
parent: a46fe128b9c9c84438fc2aac337aeefdaecb99df (diff)
download: ydb-a1e4766748b5924d3879ab6a0259b28ec3c5d535.tar.gz
1 files changed, 18 insertions, 16 deletions
diff --git a/contrib/libs/curl/lib/socks_gssapi.c b/contrib/libs/curl/lib/socks_gssapi.c
index 8a8d1ce28e..30fae9f8ff 100644
--- a/contrib/libs/curl/lib/socks_gssapi.c
+++ b/contrib/libs/curl/lib/socks_gssapi.c
@@ -35,6 +35,7 @@
 #include "timeval.h"
 #include "socks.h"
 #include "warnless.h"
+#include "strdup.h"
 
 /* The last 3 #include files should be in this order */
 #include "curl_printf.h"
@@ -139,10 +140,9 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
   /* prepare service name */
   if(strchr(serviceptr, '/')) {
     service.length = serviceptr_length;
-    service.value = malloc(service.length);
+    service.value = Curl_memdup(serviceptr, service.length);
     if(!service.value)
       return CURLE_OUT_OF_MEMORY;
-    memcpy(service.value, serviceptr, service.length);
 
     gss_major_status = gss_import_name(&gss_minor_status, &service,
                                        (gss_OID) GSS_C_NULL_OID, &server);
@@ -172,7 +172,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
 
   (void)curlx_nonblock(sock, FALSE);
 
-  /* As long as we need to keep sending some context info, and there's no  */
+  /* As long as we need to keep sending some context info, and there is no  */
   /* errors, keep sending it...                                            */
   for(;;) {
     gss_major_status = Curl_gss_init_sec_context(data,
@@ -201,10 +201,11 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
     if(gss_send_token.length) {
       socksreq[0] = 1;    /* GSS-API subnegotiation version */
       socksreq[1] = 1;    /* authentication message type */
-      us_length = htons((short)gss_send_token.length);
+      us_length = htons((unsigned short)gss_send_token.length);
       memcpy(socksreq + 2, &us_length, sizeof(short));
 
-      nwritten = Curl_conn_cf_send(cf->next, data, (char *)socksreq, 4, &code);
+      nwritten = Curl_conn_cf_send(cf->next, data, (char *)socksreq, 4,
+                                   FALSE, &code);
       if(code || (4 != nwritten)) {
         failf(data, "Failed to send GSS-API authentication request.");
         gss_release_name(&gss_status, &server);
@@ -216,7 +217,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
 
       nwritten = Curl_conn_cf_send(cf->next, data,
                                    (char *)gss_send_token.value,
-                                   gss_send_token.length, &code);
+                                   gss_send_token.length, FALSE, &code);
       if(code || ((ssize_t)gss_send_token.length != nwritten)) {
         failf(data, "Failed to send GSS-API authentication token.");
         gss_release_name(&gss_status, &server);
@@ -306,7 +307,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
                    gss_minor_status, "gss_inquire_context")) {
     gss_delete_sec_context(&gss_status, &gss_context, NULL);
     gss_release_name(&gss_status, &gss_client_name);
-    failf(data, "Failed to determine user name.");
+    failf(data, "Failed to determine username.");
     return CURLE_COULDNT_CONNECT;
   }
   gss_major_status = gss_display_name(&gss_minor_status, gss_client_name,
@@ -316,7 +317,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
     gss_delete_sec_context(&gss_status, &gss_context, NULL);
     gss_release_name(&gss_status, &gss_client_name);
     gss_release_buffer(&gss_status, &gss_send_token);
-    failf(data, "Failed to determine user name.");
+    failf(data, "Failed to determine username.");
     return CURLE_COULDNT_CONNECT;
   }
   user = malloc(gss_send_token.length + 1);
@@ -377,7 +378,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
    *
    * The token is produced by encapsulating an octet containing the
    * required protection level using gss_seal()/gss_wrap() with conf_req
-   * set to FALSE.  The token is verified using gss_unseal()/
+   * set to FALSE. The token is verified using gss_unseal()/
    * gss_unwrap().
    *
    */
@@ -387,12 +388,11 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
   }
   else {
     gss_send_token.length = 1;
-    gss_send_token.value = malloc(1);
+    gss_send_token.value = Curl_memdup(&gss_enc, 1);
     if(!gss_send_token.value) {
       gss_delete_sec_context(&gss_status, &gss_context, NULL);
       return CURLE_OUT_OF_MEMORY;
     }
-    memcpy(gss_send_token.value, &gss_enc, 1);
 
     gss_major_status = gss_wrap(&gss_minor_status, gss_context, 0,
                                 GSS_C_QOP_DEFAULT, &gss_send_token,
@@ -407,11 +407,12 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
     }
     gss_release_buffer(&gss_status, &gss_send_token);
 
-    us_length = htons((short)gss_w_token.length);
+    us_length = htons((unsigned short)gss_w_token.length);
     memcpy(socksreq + 2, &us_length, sizeof(short));
   }
 
-  nwritten = Curl_conn_cf_send(cf->next, data, (char *)socksreq, 4, &code);
+  nwritten = Curl_conn_cf_send(cf->next, data, (char *)socksreq, 4, FALSE,
+                               &code);
   if(code  || (4 != nwritten)) {
     failf(data, "Failed to send GSS-API encryption request.");
     gss_release_buffer(&gss_status, &gss_w_token);
@@ -421,7 +422,8 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
 
   if(data->set.socks5_gssapi_nec) {
     memcpy(socksreq, &gss_enc, 1);
-    nwritten = Curl_conn_cf_send(cf->next, data, (char *)socksreq, 1, &code);
+    nwritten = Curl_conn_cf_send(cf->next, data, (char *)socksreq, 1, FALSE,
+                                 &code);
     if(code || ( 1 != nwritten)) {
       failf(data, "Failed to send GSS-API encryption type.");
       gss_delete_sec_context(&gss_status, &gss_context, NULL);
@@ -431,7 +433,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
   else {
     nwritten = Curl_conn_cf_send(cf->next, data,
                                  (char *)gss_w_token.value,
-                                 gss_w_token.length, &code);
+                                 gss_w_token.length, FALSE, &code);
     if(code || ((ssize_t)gss_w_token.length != nwritten)) {
       failf(data, "Failed to send GSS-API encryption type.");
       gss_release_buffer(&gss_status, &gss_w_token);
@@ -476,7 +478,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
                               gss_recv_token.length, &actualread);
 
   if(result || (actualread != us_length)) {
-    failf(data, "Failed to receive GSS-API encryptrion type.");
+    failf(data, "Failed to receive GSS-API encryption type.");
     gss_release_buffer(&gss_status, &gss_recv_token);
     gss_delete_sec_context(&gss_status, &gss_context, NULL);
     return CURLE_COULDNT_CONNECT;
author	Maxim Yurchuk <maxim-yurchuk@ydb.tech>	2024-10-04 17:24:16 +0300
committer	GitHub <noreply@github.com>	2024-10-04 17:24:16 +0300
commit	a1e4766748b5924d3879ab6a0259b28ec3c5d535 (patch)
tree	4480150864228623d6c9101a4ba8c049bda9aa90 /contrib/libs/curl/lib/socks_gssapi.c
parent	6536467764bed7822214815ce92ed4dcd5bf409b (diff)
parent	a46fe128b9c9c84438fc2aac337aeefdaecb99df (diff)
download	ydb-a1e4766748b5924d3879ab6a0259b28ec3c5d535.tar.gz