MFH: r478658

Fix memleak, update MAINTAINER Details: - Fix a memory leak in ZXID caused by using system hexdump() function instead of the one included in ZXID. - Set MAINTAINER'ship to admins@perceptyx.com PR: 230978 Submitted by: amontalban@gmail.com (new maintainer) Approved by: ports-secteam (riggs)
svn path=/branches/2018Q3/; revision=478659
2018-09-01 07:40:28 +00:00 · 2018-09-01 07:40:28 +00:00 · 0a00a601b6 · 2021-03-31 03:12:20 +00:00
commit 0a00a601b6
parent bfa1f8faef
4 changed files with 113 additions and 1 deletions
--- a/security/zxid/Makefile
+++ b/security/zxid/Makefile
@ -3,10 +3,11 @@

 PORTNAME=	zxid
 PORTVERSION=	1.42
+PORTREVISION=	1
 CATEGORIES=	security www
 MASTER_SITES=	http://zxid.org/

-MAINTAINER=	ports@FreeBSD.org
+MAINTAINER=	admins@perceptyx.com
 COMMENT=	Open Source IdM for the Masses - SAML SSO

 LICENSE=	E2ETA
--- a/security/zxid/files/patch-errmac.h
+++ b/security/zxid/files/patch-errmac.h
@ -0,0 +1,21 @@
+--- errmac.h.orig	2016-02-29 00:16:50 UTC
+++ errmac.h
+@@ -483,9 +483,17 @@ extern FILE* errmac_debug_log;    /* Def
+ #define DD_XML_BLOB(cf, lk, len, xml) /* Documentative */
+ 
+ int hexdmp(const char* msg, const void* p, int len, int max);
+#if __FreeBSD__
+int hexdump_zxid(const char* msg, const void* p, const void* lim, int max);
+#else 
+ int hexdump(const char* msg, const void* p, const void* lim, int max);
+#endif
+ 
+#if __FreeBSD__
+#define HEXDUMP(msg, p, lim, max) if ((errmac_debug&ERRMAC_DEBUG_MASK) > 1) hexdump_zxid((msg), (p), (lim), (max))
+#else 
+ #define HEXDUMP(msg, p, lim, max) if ((errmac_debug&ERRMAC_DEBUG_MASK) > 1) hexdump((msg), (p), (lim), (max))
+#endif
+ #define DHEXDUMP(msg, p, lim, max) /* Disabled hex dump */
+ 
+ #define DUMP_CORE() ASSERT(0)
+
--- a/security/zxid/files/patch-zxsig.c
+++ b/security/zxid/files/patch-zxsig.c
@ -0,0 +1,69 @@
+--- zxsig.c.orig	2016-02-29 00:16:50 UTC
+++ zxsig.c
+@@ -887,8 +887,13 @@ int zx_report_openssl_err(const char* lo
+ #endif
+ 
+   D("%s: len=%d data(%.*s)", lk, len, len, data);
+#if __FreeBSD__
+  D("%s: data above %d", lk, hexdump_zxid("data: ", data, data+len, 4096));
+  D("%s: digest above %d", lk, hexdump_zxid("digest: ", mdbuf, mdbuf+mdlen, 64));
+#else
+   D("%s: data above %d", lk, hexdump("data: ", data, data+len, 4096));
+   D("%s: digest above %d", lk, hexdump("digest: ", mdbuf, mdbuf+mdlen, 64));
+#endif
+ 
+   if (!priv_key) {
+     ERR(priv_key_missing_msg, geteuid(), getegid());
+@@ -906,7 +911,11 @@ int zx_report_openssl_err(const char* lo
+     if (RSA_sign(EVP_MD_type(evp_digest), mdbuf, mdlen, (unsigned char*)*sig, (unsigned int*)&len, rsa)) {
+       DD("data = %s, SHA1 sig = %s, siglen = %d", data, *sig, len);
+       D("RSA siglen = %d", len);
+#if __FreeBSD__
+      D("%s: sig above %d", lk, hexdump_zxid("sig: ", *sig, *sig+len, 1024));
+#else
+       D("%s: sig above %d", lk, hexdump("sig: ", *sig, *sig+len, 1024));
+#endif
+       return len;
+     }
+ #else
+@@ -1042,9 +1051,15 @@ int zxsig_verify_data(int len, char* dat
+   else if (!strcmp(mdalg, "SHA512")) { SHA512((unsigned char*)data, len, mdbuf); nid = NID_sha512; }
+   else { SHA1((unsigned char*)data, len, mdbuf); nid = NID_sha1; }
+ #endif
+#if __FreeBSD__
+  D("%s: vfy data len=%d above %d", lk, len, hexdump_zxid("data: ", data, data+len, 8192));
+  D("%s: vfy sig above %d",  lk, hexdump_zxid("sig: ",  sig,  sig+siglen, 8192));
+  D("%s: vfy md above %d", lk, hexdump_zxid("md: ", mdbuf, mdbuf+64, 64));
+#else
+   D("%s: vfy data len=%d above %d", lk, len, hexdump("data: ", data, data+len, 8192));
+   D("%s: vfy sig above %d",  lk, hexdump("sig: ",  sig,  sig+siglen, 8192));
+   D("%s: vfy md above %d", lk, hexdump("md: ", mdbuf, mdbuf+64, 64));
+#endif
+   
+   evp_pubk = X509_get_pubkey(cert);
+   if (!evp_pubk) {
+@@ -1080,7 +1095,11 @@ int zxsig_verify_data(int len, char* dat
+     if (!verdict) {
+       ERR("RSA signature verify in %s data failed. Perhaps you have bad or no certificate(%p) len=%d data=%p siglen=%d sig=%p", lk, cert, len, data, siglen, sig);
+       zx_report_openssl_err(lk);
+#if __FreeBSD__
+      D("RSA_vfy(%s) bad sig above %d",  lk, hexdump_zxid("sig: ",  sig,  sig+siglen, 4096));
+#else
+       D("RSA_vfy(%s) bad sig above %d",  lk, hexdump("sig: ",  sig,  sig+siglen, 4096));
+#endif
+       return ZXSIG_VFY_FAIL;
+     } else {
+       D("RSA verify OK %d", verdict);
+@@ -1115,7 +1134,11 @@ int zxsig_verify_data(int len, char* dat
+     if (!verdict) {
+       ERR("DSA signature verify in %s data failed. Perhaps you have bad or no certificate(%p) len=%d data=%p siglen=%d sig=%p", lk, cert, len, data, siglen, sig);
+       zx_report_openssl_err(lk);
+#if __FreeBSD__
+      D("DSA_vfy(%s) sig above %d",  lk, hexdump_zxid("sig: ",  sig,  sig+siglen, 4096));
+#else
+       D("DSA_vfy(%s) sig above %d",  lk, hexdump("sig: ",  sig,  sig+siglen, 4096));
+#endif
+       return ZXSIG_VFY_FAIL;
+     } else {
+       D("DSA verify OK %d", verdict);
+
--- a/security/zxid/files/patch-zxutil.c
+++ b/security/zxid/files/patch-zxutil.c
@ -0,0 +1,21 @@
+--- zxutil.c.orig	2018-08-06 01:37:42 UTC
+++ zxutil.c
+@@ -681,7 +681,7 @@ linkrest:
+ /*() Output a hexdump to stderr. Used for debugging purposes. */
+ 
+ /* Called by: */
+-int hexdump(const char* msg, const void* data, const void* lim, int max)
+int hexdump_zxid(const char* msg, const void* data, const void* lim, int max)
+ {
+   int i;
+   const char* p = (const char*)data;
+@@ -720,7 +720,7 @@ int hexdump(const char* msg, const void*
+ 
+ /* Called by:  zx_get_symkey, zx_raw_cipher2 x4, zxbus_verify_receipt x2, zxsig_validate x19 */
+ int hexdmp(const char* msg, const void* p, int len, int max) {
+-  return hexdump(msg, p, p+len, max);
+  return hexdump_zxid(msg, p, p+len, max);
+ }
+ 
+ /*
+