--- /dev/null
+/* { dg-do run } */
+/* SEGV at comment below. */
+typedef unsigned int size_t;
+typedef enum har {
+ he_fatal = (-199),
+ he_not_initialized,
+ he_bad_input,
+ he_memory_too_small,
+ he_bad_action,
+ he_duplicate,
+ he_bad_nonce,
+ he_stale_nonce,
+ he_bad_credentials,
+ he_bad_user,
+ he_no_such_user,
+ he_bad_passwd,
+ he_unknown_auth_scheme,
+ he_not_found,
+ he_failed_digest_file_check,
+ he_failed_digest_file_save,
+ he_process_not_privileged,
+ he_other,
+ he_end_of_range,
+ ha_no_error = 0,
+ ha_no_value = 1
+} har;
+typedef enum realm_type
+{
+ axis_realm = 0,
+ ws_realm
+} realm_type;
+
+__attribute__((__noclone__, __noinline__))
+har has_www_auth(char *, size_t, realm_type, har);
+
+__attribute__((__noclone__, __noinline__))
+har has_auth_user(const char *, const char *, realm_type, char *, size_t);
+
+__attribute__((__noclone__, __noinline__))
+char *ha_get_string_value(void);
+
+typedef struct
+{
+ unsigned int track_id;
+ char* user;
+ char* realm;
+ char* authent;
+ int internal_realm;
+} request;
+enum user_response {
+ file_not_found_user_response = -3,
+ access_denied_user_response = -2,
+ no_user_response = -1,
+ ok_user_response = 0
+};
+struct realm_group {
+ char *name;
+ int id;
+ struct realm_group *next;
+};
+struct realm {
+ char *name;
+ char *space;
+ struct realm_group *groups;
+ struct realm *next;
+};
+struct user_info {
+ char *name;
+ int no_groups;
+ int groups[128];
+ struct user_info *next;
+};
+static struct user_info *find_user(const char *user_name);
+static int is_member_of_groups(const struct user_info *user_item,
+ const struct realm_group *groups);
+int authent_author(request *req);
+struct realm *realms = ((void *)0);
+struct user_info *users = ((void *)0);
+static struct user_info*
+find_user(const char *user_name)
+{
+ struct user_info *user_item;
+ user_item = users;
+ while (user_item != ((void *)0)) {
+ /* SEGV due to NULL access here on user_name. See also comment below. */
+ if ((__builtin_strcmp(user_item->name, user_name) == 0))
+ break;
+ user_item = user_item->next;
+ }
+ return user_item;
+}
+static int
+is_member_of_groups(const struct user_info *user_item,
+ const struct realm_group *groups)
+{
+ const struct realm_group *group_item;
+ int i;
+ group_item = groups;
+ while (group_item != ((void *)0)) {
+ for (i = 0; i < user_item->no_groups; i++)
+ if (user_item->groups[i] == group_item->id)
+ return 0;
+ group_item = group_item->next;
+ }
+ return -1;
+}
+char *foo (void) __attribute__((__noclone__, __noinline__));
+char* g_strdup (const char *str) __attribute__((__malloc__, __noclone__, __noinline__));
+int g_strcmp0 (const char *str1, const char *str2);
+static int
+is_basic(char **user)
+{
+ char *passwd_ptr;
+ char *authent = foo();
+ passwd_ptr = __builtin_strchr(authent, ':');
+ if (passwd_ptr != ((void *)0)) {
+ *user = g_strdup(authent);
+ return 0;
+ }
+ return -1;
+}
+static int
+is_digest(char **user)
+{
+ int ret_val = -1;
+ char *authent;
+ authent = ha_get_string_value();
+ if (authent) {
+ *user = g_strdup(authent);
+ ret_val = 0;
+ }
+ return ret_val;
+}
+__attribute__((__noclone__, __noinline__))
+void g_free (void * mem);
+static enum user_response
+get_user_info_from_header(const realm_type type,
+ char **user_name,
+ struct user_info **user_item)
+{
+ int ret_val = no_user_response;
+ if ((type == ws_realm)) {
+ if (is_basic(user_name) == 0)
+ ret_val = access_denied_user_response;
+ if (is_digest(user_name) == 0)
+ ret_val = ok_user_response;
+ } else {
+ if (is_basic(user_name) < 0 &&
+ /* Load of *user_name here, but not after the is_digest call. */
+ is_digest(user_name) < 0)
+ ;
+ else if ((*user_item = find_user(*user_name)) != ((void *)0))
+ ret_val = ok_user_response;
+ else
+ ret_val = access_denied_user_response;
+ if (ret_val != ok_user_response)
+ g_free(*user_name);
+ }
+ return ret_val;
+}
+static enum user_response
+authenticate_user(request *req,
+ char **user_name,
+ struct user_info **user_item)
+{
+ char *authent = ((void *)0);
+ har resp = ha_no_value;
+ enum user_response user_resp;
+ int ret_val = no_user_response;
+ if (req->authent && __builtin_strlen(req->authent)) {
+ authent = req->authent;
+ user_resp = get_user_info_from_header(req->internal_realm,
+ user_name,
+ user_item);
+ if (user_resp == ok_user_response) {
+ resp = has_auth_user(authent, 0, req->internal_realm, "", 1);
+ if (resp == ha_no_error)
+ ret_val = ok_user_response;
+ else if (resp != he_stale_nonce)
+ ret_val = access_denied_user_response;
+ } else if (user_resp == access_denied_user_response)
+ ret_val = access_denied_user_response;
+ }
+ if (resp != he_memory_too_small && resp != ha_no_error)
+ resp = has_www_auth("", 1, req->internal_realm, resp);
+ return ret_val;
+}
+
+int __attribute__ ((__noinline__, __noclone__))
+authent_author(request *req)
+{
+ struct realm *realm;
+ char *user_name = ((void *)0);
+ struct user_info *user_item = ((void *)0);
+ int res = 0;
+ asm ("");
+ realm = realms;
+ if (__builtin_strcmp("Wsd", realm->name) == 0) {
+ req->internal_realm = ws_realm;
+ is_digest(&user_name);
+ }
+ if (authenticate_user(req, &user_name, &user_item) < 0) {
+ if (user_name != ((void *)0))
+ req->user = user_name;
+ res = -2;
+ goto authent_author_return;
+ }
+ if (is_member_of_groups(user_item, realm->groups) < 0)
+ res = -1;
+authent_author_return:
+ return res;
+}
+
+int good0, good1, good2;
+
+__attribute__ ((__noinline__, __noclone__))
+char *foo(void)
+{
+ asm ("");
+ good0++;
+ return "";
+}
+
+__attribute__ ((__noinline__, __noclone__))
+char *ha_get_string_value(void)
+{
+ asm ("");
+ good1++;
+ return "f";
+}
+
+__attribute__ ((__noinline__, __noclone__))
+har has_auth_user(const char *a, const char *b, realm_type c, char *d, size_t e)
+{
+ asm ("");
+ if (*a != 'z' || a[1] != 0 || b != 0 || c != axis_realm || *d != 0
+ || e != 1)
+ __builtin_abort ();
+ return ha_no_error;
+}
+
+__attribute__ ((__noinline__, __noclone__))
+har has_www_auth(char *a, size_t b, realm_type c, har d)
+{
+ (void)(*a+b+c+d);
+ asm ("");
+ __builtin_abort ();
+}
+
+
+char *strdupped_user = "me";
+__attribute__((__malloc__, __noclone__, __noinline__))
+char* g_strdup (const char *str)
+{
+ asm ("");
+ if (*str != 'f')
+ __builtin_abort ();
+ good2++;
+ return strdupped_user;
+}
+
+__attribute__((__noclone__, __noinline__))
+void g_free (void * mem)
+{
+ (void)mem;
+ asm ("");
+ __builtin_abort ();
+}
+
+struct user_info me = { .name = "me", .no_groups = 1, .groups = {42}, .next = 0};
+struct user_info you = { .name = "you", .next = &me};
+struct realm_group xgroups = { .name = "*", .id = 42, .next = 0};
+
+int main(void)
+{
+ char *orig_user = "?";
+ struct realm r = { .name = "x", .space = "space?", .groups = &xgroups, .next = 0};
+ request req = { .user = orig_user, .realm = "!", .authent = "z",
+ .internal_realm = axis_realm};
+ realms = &r;
+ users = &you;
+ if (authent_author (&req) != 0 || good0 != 1 || good1 != 1 || good2 != 1
+ || req.user != orig_user
+ || req.internal_realm != axis_realm)
+ __builtin_abort ();
+ __builtin_exit (0);
+}
+
projects / thirdparty / gcc.git / commitdiff
