From cb00eba3cf5fb7721c896588f182c63dbe421abc Mon Sep 17 00:00:00 2001 From: Samuel Cabrero Date: Wed, 1 Jun 2022 11:56:19 +0200 Subject: [PATCH 1/2] replace: Check for -Wuse-after-free BUG: https://bugzilla.samba.org/show_bug.cgi?id=15095 Signed-off-by: Samuel Cabrero Reviewed-by: Andrew Bartlett (cherry picked from commit 89e0c732b1c45f6498ed0f39add77c2a52afddce) --- lib/replace/wscript | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/replace/wscript b/lib/replace/wscript index e60ff15f903..e4c2d513076 100644 --- a/lib/replace/wscript +++ b/lib/replace/wscript @@ -128,6 +128,9 @@ def configure(conf): if conf.CHECK_CFLAGS('-Wno-strict-overflow'): conf.define('HAVE_WNO_STRICT_OVERFLOW', '1') + if conf.CHECK_CFLAGS('-Wuse-after-free=1'): + conf.define('HAVE_WUSE_AFTER_FREE_1', '1') + # Check for process set name support conf.CHECK_CODE(''' #include -- 2.36.1 From c7af8dcf50f7c8820d0282ee767ec3be5f0c9bfe Mon Sep 17 00:00:00 2001 From: Samuel Cabrero Date: Thu, 9 Jun 2022 10:51:54 +0200 Subject: [PATCH 2/2] third_party/heimdal: Fix build with gcc version 12.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Split lib/krb5/crypto to its own subsystem to built with its own CFLAGS and avoid the following error: [1510/4771] Compiling third_party/heimdal/lib/krb5/crypto.c ../../third_party/heimdal/lib/krb5/crypto.c: In function ‘_krb5_internal_hmac’: ../../third_party/heimdal/lib/krb5/crypto.c:302:24: warning: cast discards ‘const’ qualifier from pointer target type [-Wcast-qual] 302 | iov[0].data.data = (void *) data; | ^ ../../third_party/heimdal/lib/krb5/crypto.c: In function ‘derive_key_sp800_hmac’: ../../third_party/heimdal/lib/krb5/crypto.c:2427:18: warning: cast discards ‘const’ qualifier from pointer target type [-Wcast-qual] 2427 | label.data = (void *)constant; | ^ ../../third_party/heimdal/lib/krb5/crypto.c: In function ‘decrypt_internal_derived’: ../../third_party/heimdal/lib/krb5/crypto.c:1280:9: error: pointer ‘p’ may be used after ‘realloc’ [-Werror=use-after-free] 1280 | free(p); | ^~~~~~~ ../../third_party/heimdal/lib/krb5/crypto.c:1278:20: note: call to ‘realloc’ here 1278 | result->data = realloc(p, l); | ^~~~~~~~~~~~~ ../../third_party/heimdal/lib/krb5/crypto.c: In function ‘decrypt_internal_enc_then_cksum’: ../../third_party/heimdal/lib/krb5/crypto.c:1365:9: error: pointer ‘p’ may be used after ‘realloc’ [-Werror=use-after-free] 1365 | free(p); | ^~~~~~~ ../../third_party/heimdal/lib/krb5/crypto.c:1363:20: note: call to ‘realloc’ here 1363 | result->data = realloc(p, l); | ^~~~~~~~~~~~~ ../../third_party/heimdal/lib/krb5/crypto.c: In function ‘decrypt_internal’: ../../third_party/heimdal/lib/krb5/crypto.c:1431:9: error: pointer ‘p’ may be used after ‘realloc’ [-Werror=use-after-free] 1431 | free(p); | ^~~~~~~ ../../third_party/heimdal/lib/krb5/crypto.c:1429:20: note: call to ‘realloc’ here 1429 | result->data = realloc(p, l); | ^~~~~~~~~~~~~ ../../third_party/heimdal/lib/krb5/crypto.c: In function ‘decrypt_internal_special’: ../../third_party/heimdal/lib/krb5/crypto.c:1478:9: error: pointer ‘p’ may be used after ‘realloc’ [-Werror=use-after-free] 1478 | free(p); | ^~~~~~~ ../../third_party/heimdal/lib/krb5/crypto.c:1476:20: note: call to ‘realloc’ here 1476 | result->data = realloc(p, sz); | ^~~~~~~~~~~~~~ cc1: all warnings being treated as errors BUG: https://bugzilla.samba.org/show_bug.cgi?id=15095 Signed-off-by: Samuel Cabrero Reviewed-by: Andrew Bartlett Autobuild-User(master): Samuel Cabrero Autobuild-Date(master): Tue Jun 14 10:16:18 UTC 2022 on sn-devel-184 (cherry picked from commit 971441ca5244b0e56f6b664d785fcefa3867ede1) --- third_party/heimdal_build/wscript_build | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/third_party/heimdal_build/wscript_build b/third_party/heimdal_build/wscript_build index a395430c28f..fc136bc4116 100644 --- a/third_party/heimdal_build/wscript_build +++ b/third_party/heimdal_build/wscript_build @@ -670,6 +670,17 @@ if not bld.CONFIG_SET("USING_SYSTEM_KRB5"): HEIMDAL_ERRTABLE('HEIMDAL_HEIM_ERR_ET', 'lib/base/heim_err.et') + krb5_crypto_cflags = [] + if bld.CONFIG_SET('HAVE_WUSE_AFTER_FREE_1'): + krb5_crypto_cflags.append('-Werror=use-after-free=1') + + + HEIMDAL_SUBSYSTEM('KRB5_CRYPTO', + 'lib/krb5/crypto.c', + includes='../heimdal/lib/krb5 ../heimdal/include', + deps='wind hcrypto', + cflags=krb5_crypto_cflags) + KRB5_SOURCE = [os.path.join('lib/krb5/', x) for x in TO_LIST( '''acache.c add_et_list.c addr_families.c appdefault.c @@ -678,7 +689,7 @@ if not bld.CONFIG_SET("USING_SYSTEM_KRB5"): changepw.c codec.c config_file.c constants.c convert_creds.c copy_host_realm.c crc.c creds.c - crypto.c crypto-aes-sha1.c crypto-aes-sha2.c crypto-algs.c + crypto-aes-sha1.c crypto-aes-sha2.c crypto-algs.c crypto-arcfour.c crypto-des3.c crypto-des.c crypto-des-common.c crypto-evp.c crypto-null.c crypto-pk.c crypto-rand.c @@ -712,10 +723,10 @@ if not bld.CONFIG_SET("USING_SYSTEM_KRB5"): HEIMDAL_LIBRARY('krb5', KRB5_SOURCE, version_script='lib/krb5/version-script.map', includes='../heimdal/lib/krb5 ../heimdal/lib/asn1 ../heimdal/include', - deps='roken wind asn1 hx509 HEIMDAL_KX509_ASN1 hcrypto com_err HEIMDAL_CONFIG heimbase execinfo samba_intl HEIMDAL_IPC_CLIENT', + deps='roken wind asn1 hx509 HEIMDAL_KX509_ASN1 hcrypto com_err HEIMDAL_CONFIG heimbase execinfo samba_intl HEIMDAL_IPC_CLIENT KRB5_CRYPTO', cflags=['-DLOCALSTATEDIR="/2"'] + bld.dynconfig_cflags(), ) - KRB5_PROTO_SOURCE = KRB5_SOURCE + ['lib/krb5/expand_path.c', 'lib/krb5/plugin.c', 'lib/krb5/context.c'] + KRB5_PROTO_SOURCE = KRB5_SOURCE + ['lib/krb5/expand_path.c', 'lib/krb5/plugin.c', 'lib/krb5/context.c', 'lib/krb5/crypto.c'] HEIMDAL_AUTOPROTO_PRIVATE('lib/krb5/krb5-private.h', KRB5_PROTO_SOURCE) HEIMDAL_AUTOPROTO('lib/krb5/krb5-protos.h', KRB5_PROTO_SOURCE, -- 2.36.1