heimdal auth: fix the increase of big_buffer size. Bug 2501

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 29059ffa53dd8882c23452b4f23d88ce7dc82697..a15e5b4a0b5241f05328cdd6620cd20b579053f1 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -95,6 +95,11 @@ JH/20 Taint checking: disallow use of tainted data for
       - named-queue names
       Previously this was permitted.
 
+JH/21 Bug 2501: Fix init call in the heimdal authenticator.  Previously it
+      adjusted the size of a major service buffer; this failed because the
+      buffer was in use at the time.  Change to a compile-time increase in the
+      buffer size, when this authenticator is compiled into exim.
+
 
 Exim version 4.93
 -----------------

diff --git a/src/src/auths/README b/src/src/auths/README
index d4f125c3006cbd5e18f54f6b4c09568371d67395..66bdcdcf8cde67827b56b0a5dafcbd493c113743 100644 (file)
--- a/src/src/auths/README
+++ b/src/src/auths/README
@@ -34,7 +34,7 @@ instance block for this configured mechanism. It must set the flags called
 the server and/or client functions are available for this authenticator.
 Typically this depends on whether server or client configuration options have
 been set, but it is also possible to have an authenticator that has only one of
-the server or client functions.
+the server or client functions.  The function may not touch big_buffer.
 
 SERVER AUTHENTICATION
 

diff --git a/src/src/auths/heimdal_gssapi.c b/src/src/auths/heimdal_gssapi.c
index 3dfcb8c6aacaa135221e0239f094a4d17aef1a62..523f7c69a8a505fd2b469533f9cb2c28a3372066 100644 (file)
--- a/src/src/auths/heimdal_gssapi.c
+++ b/src/src/auths/heimdal_gssapi.c
@@ -200,16 +200,6 @@ if (krc)
 
 krb5_free_context(context);
 
-/* RFC 4121 section 5.2, SHOULD support 64K input buffers */
-if (big_buffer_size < (64 * 1024))
-  {
-  uschar *newbuf;
-  big_buffer_size = 64 * 1024;
-  newbuf = store_malloc(big_buffer_size);
-  store_free(big_buffer);
-  big_buffer = newbuf;
-  }
-
 ablock->server = TRUE;
 }
 

diff --git a/src/src/macros.h b/src/src/macros.h
index cc96c85163f84e9df39e0fe3303f96fafe3066ca..c99b152d5def3a82b6656f55ca0cf3505eecf785 100644 (file)
--- a/src/src/macros.h
+++ b/src/src/macros.h
@@ -152,12 +152,19 @@ enough to hold all the headers from a normal kind of message. */
 into big_buffer_size and in some circumstances increased. It should be at least
 as long as the maximum path length. */
 
-#if defined PATH_MAX && PATH_MAX > 16384
+#ifdef AUTH_HEIMDAL_GSSAPI
+               /* RFC 4121 section 5.2, SHOULD support 64K input buffers */
+# define __BIG_BUFFER_SIZE 65536
+#else
+# define __BIG_BUFFER_SIZE 16384
+#endif
+
+#if defined PATH_MAX && PATH_MAX > __BIG_BUFFER_SIZE
 # define BIG_BUFFER_SIZE PATH_MAX
-#elif defined MAXPATHLEN && MAXPATHLEN > 16384
+#elif defined MAXPATHLEN && MAXPATHLEN > __BIG_BUFFER_SIZE
 # define BIG_BUFFER_SIZE MAXPATHLEN
 #else
-# define BIG_BUFFER_SIZE 16384
+# define BIG_BUFFER_SIZE __BIG_BUFFER_SIZE
 #endif
 
 /* header size of pipe content

diff --git a/src/src/readconf.c b/src/src/readconf.c
index 65dffe10a599f54f4e3080ac3a9ceeff8fd13ef7..05afb246438d637cf3d2eeef21e72621d59811ce 100644 (file)
--- a/src/src/readconf.c
+++ b/src/src/readconf.c
@@ -3690,7 +3690,7 @@ driver_instance **p = anchor;
 driver_instance *d = NULL;
 uschar *buffer;
 
-while ((buffer = get_config_line()) != NULL)
+while ((buffer = get_config_line()))
   {
   uschar name[64];
   uschar *s;
@@ -3711,6 +3711,7 @@ while ((buffer = get_config_line()) != NULL)
       if (!d->driver_name)
         log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
           "no driver defined for %s \"%s\"", class, d->name);
+      /* s is using big_buffer, so this call had better not */
       (d->info->init)(d);
       d = NULL;
       }