IETF Logo Mail Archive

Re: [kitten] New Version Notification for draft-kaduk-kitten-gss-loop-02.txt (fwd)

mrex@sap.com (Martin Rex) Tue, 21 January 2014 18:10 UTC

Return-Path: <mrex@sap.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C616C1A0150 for <kitten@ietfa.amsl.com>; Tue, 21 Jan 2014 10:10:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.552
X-Spam-Level:
X-Spam-Status: No, score=-6.552 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vlBMSI7qbJrS for <kitten@ietfa.amsl.com>; Tue, 21 Jan 2014 10:10:53 -0800 (PST)
Received: from smtpde01.sap-ag.de (smtpde01.sap-ag.de [155.56.68.170]) by ietfa.amsl.com (Postfix) with ESMTP id 4C8D71A00C8 for <kitten@ietf.org>; Tue, 21 Jan 2014 10:10:53 -0800 (PST)
Received: from mail05.wdf.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id s0LIAnrf017330 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 21 Jan 2014 19:10:49 +0100 (MET)
In-Reply-To: <1390319809.31766.158.camel@minbar.fac.cs.cmu.edu>
To: Jeffrey Hutzelman <jhutz@cmu.edu>
Date: Tue, 21 Jan 2014 19:10:49 +0100
X-Mailer: ELM [version 2.4ME+ PL125 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20140121181049.AD63C1ABBC@ld9781.wdf.sap.corp>
From: mrex@sap.com
X-SAP: out
Cc: kitten@ietf.org
Subject: Re: [kitten] New Version Notification for draft-kaduk-kitten-gss-loop-02.txt (fwd)
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: mrex@sap.com
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jan 2014 18:10:56 -0000

Jeffrey Hutzelman wrote:
> > With that in mind, a comment like
> > 
> > >
> > > /* It is safe to call gss_release_buffer twice on the same buffer. */
> > 
> > is ambiguous and wrong.
> 
> It's not ambiguous, unless you willfully misinterpret it.
> It _is_ wrong, which is what started this discussion.
> 
> 
> I think we've beat this issue into the ground.
> I think we have something resembling consensus that the example code
> should avoid double-releasing, even though what it _actually does_
> happens to be safe with current major GSS implementations.  Therefore,
> we should stop arguing about it.
 
OK.

> 
> That leaves open the question of what, if any, changes should be made to
> the spec.  There are some on which I suspect there is mostly agreement,
> and one which seems to be controversial.  Nico seems to believe it
> should be explicitly safe to call gss_release_buffer() on a
> gss_buffer_desc that has already been released.  I think I agree.  But
> we must be clear here -- we are talking about two calls with _pointers
> to the same structure_, not calls with pointers to different structures
> that started out with the same value.  In other words, we want to make
> the example code's assumption safe.
 
There is an explicit notion of an empty buffer in the C-Bindings
Header file:  GSS_C_EMPTY_BUFFER
IMHO, it would be difficult for a gssapi mechanism to argue to
be compliant to rfc2744 when breaking on a gss_release_buffer()
call that is passed an empty buffer, because the semantics of
a gss_buffer_desc with {0, 0} contents is well-defined in the
GSS-API C-Bindings.


http://tools.ietf.org/html/rfc2744#page-6

   3.2. String and similar data

   Many of the GSS-API routines take arguments and return values that
   describe contiguous octet-strings.  All such data is passed between
   the GSS-API and the caller using the gss_buffer_t data type.  This
   data type is a pointer to a buffer descriptor, which consists of a
   length field that contains the total number of bytes in the datum,
   and a value field which contains a pointer to the actual datum:

   typedef struct gss_buffer_desc_struct {
      size_t    length;
      void      *value;
   } gss_buffer_desc, *gss_buffer_t;

   Storage for data returned to the application by a GSS-API routine
   using the gss_buffer_t conventions is allocated by the GSS-API
   routine.  The application may free this storage by invoking the
   gss_release_buffer routine.  Allocation of the gss_buffer_desc object
   is always the responsibility of the application;  unused
   gss_buffer_desc objects may be initialized to the value
   GSS_C_EMPTY_BUFFER.


-Martin

v2.29.0 | Report a Bug | By Email | System Status