More changes to resolve issues brought up during the security
review of the code.
This commit is contained in:
Juan Carlos Luciani
@@ -87,7 +87,7 @@ GetUserCredentials(
|
||||
// Get the length of the realm string into the secret id structure
|
||||
// and verify thatr it is not too long.
|
||||
secretIdLen = sscs_Utf8Strlen(pRealm) + 1;
|
||||
if (secretIdLen <= U32_MAX)
|
||||
if (secretIdLen <= UINT32_MAX)
|
||||
{
|
||||
secretId.len = secretIdLen;
|
||||
if (secretId.len <= NSSCS_MAX_SECRET_ID_LEN)
|
||||
@@ -219,7 +219,7 @@ AuthTokenIf_GetAuthToken(
|
||||
IN const char *pHostName,
|
||||
IN void *pCredStoreScope,
|
||||
INOUT char *pTokenBuf,
|
||||
INOUT int *pTokenBufLen)
|
||||
INOUT size_t *pTokenBufLen)
|
||||
//
|
||||
// Arguments:
|
||||
// pIfInstance -
|
||||
@@ -300,63 +300,80 @@ AuthTokenIf_GetAuthToken(
|
||||
&pPassword);
|
||||
if (CASA_SUCCESS(retStatus))
|
||||
{
|
||||
// Now construct the PW token with the following format:
|
||||
// "username\r\n" + "password\r\n"
|
||||
//
|
||||
// First allocate a buffer large enough to hold the token
|
||||
pToken = (char*) malloc(strlen(pUsername) + 2 + strlen(pPassword) + 2 + 1);
|
||||
if (pToken)
|
||||
size_t tokenLen = strlen(pUsername) + 2 + strlen(pPassword) + 2 + 1;
|
||||
|
||||
// Make sure that the token is not too large
|
||||
if (tokenLen <= UINT32_MAX)
|
||||
{
|
||||
char *pEncodedToken;
|
||||
int encodedTokenLen;
|
||||
|
||||
// Now assemble the token
|
||||
sprintf(pToken, "%s\r\n%s\r\n", pUsername, pPassword);
|
||||
|
||||
// The token has been assembled, now encode it.
|
||||
retStatus = EncodeData(pToken,
|
||||
(const int) strlen(pToken),
|
||||
&pEncodedToken,
|
||||
&encodedTokenLen);
|
||||
if (CASA_SUCCESS(retStatus))
|
||||
// Now construct the PW token with the following format:
|
||||
// "username\r\n" + "password\r\n"
|
||||
//
|
||||
// First allocate a buffer large enough to hold the token
|
||||
pToken = (char*) malloc(strlen(pUsername) + 2 + strlen(pPassword) + 2 + 1);
|
||||
if (pToken)
|
||||
{
|
||||
// Verify that the caller provided a buffer that is big enough
|
||||
if (encodedTokenLen > *pTokenBufLen)
|
||||
char *pEncodedToken;
|
||||
uint32_t encodedTokenLen;
|
||||
|
||||
// Now assemble the token
|
||||
sprintf(pToken, "%s\r\n%s\r\n", pUsername, pPassword);
|
||||
|
||||
// The token has been assembled, now encode it.
|
||||
retStatus = EncodeData(pToken,
|
||||
(const uint32_t) tokenLen,
|
||||
&pEncodedToken,
|
||||
&encodedTokenLen);
|
||||
if (CASA_SUCCESS(retStatus))
|
||||
{
|
||||
// The buffer is not big enough
|
||||
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
||||
CASA_FACILITY_PWTOKEN,
|
||||
CASA_STATUS_BUFFER_OVERFLOW);
|
||||
// Verify that the caller provided a buffer that is big enough
|
||||
if (encodedTokenLen > *pTokenBufLen)
|
||||
{
|
||||
// The buffer is not big enough
|
||||
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
||||
CASA_FACILITY_PWTOKEN,
|
||||
CASA_STATUS_BUFFER_OVERFLOW);
|
||||
}
|
||||
else
|
||||
{
|
||||
// The buffer provided is large enough, copy the data.
|
||||
memcpy((void*) pTokenBuf, pEncodedToken, encodedTokenLen);
|
||||
|
||||
// Success
|
||||
retStatus = CASA_STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
// Return the actual size or the size required
|
||||
*pTokenBufLen = encodedTokenLen;
|
||||
|
||||
// Free the buffer containing the encoded token after clearing
|
||||
// it to avoid leaking sensitive information.
|
||||
memset(pEncodedToken, 0, strlen(pEncodedToken));
|
||||
free(pEncodedToken);
|
||||
}
|
||||
else
|
||||
{
|
||||
// The buffer provided is large enough, copy the data.
|
||||
memcpy((void*) pTokenBuf, pEncodedToken, encodedTokenLen);
|
||||
|
||||
// Success
|
||||
retStatus = CASA_STATUS_SUCCESS;
|
||||
DbgTrace(1, "-AuthTokenIf_GetAuthToken- Encoding failed\n", 0);
|
||||
}
|
||||
|
||||
// Return the actual size or the size required
|
||||
*pTokenBufLen = encodedTokenLen;
|
||||
|
||||
// Free the buffer containing the encoded token after clearing
|
||||
// it to avoid leaking sensitive information.
|
||||
memset(pEncodedToken, 0, strlen(pEncodedToken));
|
||||
free(pEncodedToken);
|
||||
// Free the buffer allocated for the token after clearing it
|
||||
// to avoid leaving sensitive information behind.
|
||||
memset(pToken, 0, strlen(pToken));
|
||||
free(pToken);
|
||||
}
|
||||
else
|
||||
{
|
||||
DbgTrace(0, "-AuthTokenIf_GetAuthToken- Buffer allocation error\n", 0);
|
||||
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
||||
CASA_FACILITY_PWTOKEN,
|
||||
CASA_STATUS_INSUFFICIENT_RESOURCES);
|
||||
}
|
||||
|
||||
// Free the buffer allocated for the token after clearing it
|
||||
// to avoid leaving sensitive information behind.
|
||||
memset(pToken, 0, strlen(pToken));
|
||||
free(pToken);
|
||||
}
|
||||
else
|
||||
{
|
||||
DbgTrace(0, "-AuthTokenIf_GetAuthToken- Buffer allocation error\n", 0);
|
||||
DbgTrace(0, "-AuthTokenIf_GetAuthToken- Token too large\n", 0);
|
||||
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
||||
CASA_FACILITY_PWTOKEN,
|
||||
CASA_STATUS_INSUFFICIENT_RESOURCES);
|
||||
CASA_FACILITY_KRB5TOKEN,
|
||||
CASA_STATUS_UNSUCCESSFUL);
|
||||
}
|
||||
|
||||
// Free allocated buffers after clearing memory holding the password
|
||||
|
||||
Reference in New Issue
Block a user