From 791b0be58333707e5e524a53998a6df2da626095 Mon Sep 17 00:00:00 2001 From: Juan Carlos Luciani Date: Fri, 2 Feb 2007 23:02:43 +0000 Subject: [PATCH] Addressed issues found during the SuSE security review. --- CASA-auth-token/client/library/authmsg.c | 6 +- CASA-auth-token/client/library/cache.c | 522 ++++++++++-------- CASA-auth-token/client/library/engine.c | 10 +- CASA-auth-token/client/library/getpolicymsg.c | 4 +- CASA-auth-token/client/library/gettokenmsg.c | 4 +- CASA-auth-token/client/library/internal.h | 19 +- CASA-auth-token/client/library/invalidcert.c | 2 - .../client/library/linux/platform.c | 6 +- .../client/library/linux/platform.h | 6 +- CASA-auth-token/client/library/linux/rpc.c | 56 +- .../client/library/mechanisms/pwd/get.c | 80 +-- .../client/library/mechanisms/pwd/internal.h | 4 + .../client/library/windows/platform.c | 6 +- CASA-auth-token/client/library/windows/rpc.c | 51 +- 14 files changed, 456 insertions(+), 320 deletions(-) diff --git a/CASA-auth-token/client/library/authmsg.c b/CASA-auth-token/client/library/authmsg.c index 33da83d6..4585a6be 100644 --- a/CASA-auth-token/client/library/authmsg.c +++ b/CASA-auth-token/client/library/authmsg.c @@ -92,8 +92,8 @@ BuildAuthenticateMsg( // L2 //=======================================================================-- { - char *pMsg = NULL; - int bufferSize; + char *pMsg = NULL; + size_t bufferSize; DbgTrace(1, "-BuildAuthenticateMsg- Start\n", 0); @@ -670,7 +670,7 @@ AuthRespEndElementHandler( CasaStatus CreateAuthenticateResp( IN char *pRespMsg, - IN int respLen, + IN size_t respLen, INOUT AuthenticateResp **ppAuthenticateResp) // // Arguments: diff --git a/CASA-auth-token/client/library/cache.c b/CASA-auth-token/client/library/cache.c index 30f128db..8e256f1d 100644 --- a/CASA-auth-token/client/library/cache.c +++ b/CASA-auth-token/client/library/cache.c @@ -76,7 +76,8 @@ CreateAuthTokenCacheEntry( int32_t miCasaStatus; SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"}; SSCS_SECRET_ID_T sharedId = {27, "CASA_AUTHENTICATION_TOKENS"}; - int32_t tokenSize, wrapperEntrySize, entrySize, keySize; + uint32_t entrySize, keySize; + size_t tokenSize, wrapperEntrySize, cacheKeyStrLen, groupOrHostNameStrLen; WrapperAuthCacheEntry *pWrapperEntry = NULL; AuthCacheEntry *pEntry = NULL; char *pKey; @@ -93,71 +94,91 @@ CreateAuthTokenCacheEntry( } wrapperEntrySize = tokenSize + sizeof(WrapperAuthCacheEntry); - entrySize = tokenSize + sizeof(AuthCacheEntry); - // Allocate space for the entry wrapper - // - // The WrapperAuthCacheEntry structure contains room for the tokens NULL terminator - pWrapperEntry = (WrapperAuthCacheEntry*) malloc(wrapperEntrySize); - if (pWrapperEntry) + // Verify that entrySize will not overflow + if ((tokenSize + sizeof(AuthCacheEntry)) <= U32_MAX) { - // Save the entry size - pWrapperEntry->size = wrapperEntrySize; + entrySize = tokenSize + sizeof(AuthCacheEntry); - // Set the AuthCacheEntry pointer - pEntry = &pWrapperEntry->entry; + // Allocate space for the entry wrapper + // + // The WrapperAuthCacheEntry structure contains room for the tokens NULL terminator + pWrapperEntry = (WrapperAuthCacheEntry*) malloc(wrapperEntrySize); + if (pWrapperEntry) + { + // Save the entry size + pWrapperEntry->size = wrapperEntrySize; - // Set the status - pEntry->status = status; - - if (pEntry->status == CASA_STATUS_SUCCESS) - { - memcpy(&pEntry->token[0], pToken, tokenSize); - } - - pEntry->token[tokenSize] = '\0'; - - // Set the time when the entry was added to the cache - pEntry->creationTime = GetTickCount(); - - // First determine the time when the entry is due to expire - if (entryLifetime != 0) - { - pEntry->expirationTime = pEntry->creationTime + (entryLifetime * 1000); - pEntry->doesNotExpire = false; - } - else - { - // The entry does not expire - pEntry->expirationTime = 0; - pEntry->doesNotExpire = true; - } - - keySize = (uint32_t)strlen(pCacheKey) + (uint32_t)strlen(pGroupOrHostName) + 2; - - pKey = malloc(keySize); - if (pKey) - { - strncpy(pKey, pCacheKey, keySize); - strncat(pKey, "@", keySize); - strncat(pKey, pGroupOrHostName, keySize); - - miCasaStatus = miCASAWriteBinaryKey(g_hCASAContext, - 0, - &sessionKeyChain, - &sharedId, - (SS_UTF8_T*) pKey, - keySize, - (uint8_t *) pEntry, - (uint32_t*) &entrySize, - NULL, - (SSCS_EXT_T*) pCredStoreScope); - if (miCasaStatus != NSSCS_SUCCESS) + // Set the AuthCacheEntry pointer + pEntry = &pWrapperEntry->entry; + + // Set the status + pEntry->status = status; + + if (pEntry->status == CASA_STATUS_SUCCESS) { - DbgTrace(0, "-CreateAuthTokenCacheEntry- miCASAWriteBinaryKey failure, status = %0X\n", miCasaStatus); + memcpy(&pEntry->token[0], pToken, tokenSize); + } + + pEntry->token[tokenSize] = '\0'; + + // Set the time when the entry was added to the cache + pEntry->creationTime = GetTickCount(); + + // First determine the time when the entry is due to expire + if (entryLifetime != 0) + { + pEntry->expirationTime = pEntry->creationTime + (entryLifetime * 1000); + pEntry->doesNotExpire = false; + } + else + { + // The entry does not expire + pEntry->expirationTime = 0; + pEntry->doesNotExpire = true; + } + + cacheKeyStrLen = strlen(pCacheKey); + groupOrHostNameStrLen = strlen(pGroupOrHostName); + + // Verify that keySize will not overflow + if ((cacheKeyStrLen + groupOrHostNameStrLen + 2) <= U32_MAX) + { + keySize = (uint32_t) (cacheKeyStrLen + groupOrHostNameStrLen + 2); + + pKey = malloc(keySize); + if (pKey) + { + strncpy(pKey, pCacheKey, keySize); + strncat(pKey, "@", keySize); + strncat(pKey, pGroupOrHostName, keySize); + + miCasaStatus = miCASAWriteBinaryKey(g_hCASAContext, + 0, + &sessionKeyChain, + &sharedId, + (SS_UTF8_T*) pKey, + keySize, + (uint8_t *) pEntry, + &entrySize, + NULL, + (SSCS_EXT_T*) pCredStoreScope); + if (miCasaStatus != NSSCS_SUCCESS) + { + DbgTrace(0, "-CreateAuthTokenCacheEntry- miCASAWriteBinaryKey failure, status = %0X\n", miCasaStatus); + } + + free(pKey); + } + else + { + DbgTrace(0, "-CreateAuthTokenCacheEntry- Memory allocation failure\n", 0); + } + } + else + { + DbgTrace(0, "-CreateAuthTokenCacheEntry- keySize overflow prevented\n", 0); } - - free(pKey); } else { @@ -166,7 +187,7 @@ CreateAuthTokenCacheEntry( } else { - DbgTrace(0, "-CreateAuthTokenCacheEntry- Memory allocation failure\n", 0); + DbgTrace(0, "-CreateAuthTokenCacheEntry- entrySize overflow prevented\n", 0); } DbgTrace(1, "-CreateAuthTokenCacheEntry- End, pEntry = %0lX\n", (long) pEntry); @@ -199,7 +220,8 @@ CreateSessionTokenCacheEntry( int32_t miCasaStatus; SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"}; SSCS_SECRET_ID_T sharedId = {20, "CASA_SESSION_TOKENS"}; - int32_t tokenSize, wrapperEntrySize, entrySize; + uint32_t entrySize; + size_t tokenSize, wrapperEntrySize, cacheKeyStrLen; WrapperAuthCacheEntry *pWrapperEntry = NULL; AuthCacheEntry *pEntry = NULL; @@ -215,64 +237,83 @@ CreateSessionTokenCacheEntry( } wrapperEntrySize = tokenSize + sizeof(WrapperAuthCacheEntry); - entrySize = tokenSize + sizeof(AuthCacheEntry); - // Allocate space for the entry wrapper - // - // The WrapperAuthCacheEntry structure contains room for the tokens NULL terminator - pWrapperEntry = (WrapperAuthCacheEntry*) malloc(wrapperEntrySize); - if (pWrapperEntry) + // Verify that entrySize will not overflow + if ((tokenSize + sizeof(AuthCacheEntry)) <= U32_MAX) { - // Save the entry size - pWrapperEntry->size = wrapperEntrySize; + entrySize = tokenSize + sizeof(AuthCacheEntry); - // Set the AuthCacheEntry pointer - pEntry = &pWrapperEntry->entry; + // Allocate space for the entry wrapper + // + // The WrapperAuthCacheEntry structure contains room for the tokens NULL terminator + pWrapperEntry = (WrapperAuthCacheEntry*) malloc(wrapperEntrySize); + if (pWrapperEntry) + { + // Save the entry size + pWrapperEntry->size = wrapperEntrySize; - // Set the status - pEntry->status = status; - - if (pEntry->status == CASA_STATUS_SUCCESS) - { - memcpy(&pEntry->token[0], pToken, tokenSize); - } - - pEntry->token[tokenSize] = '\0'; - - // Set the time when the entry was added to the cache - pEntry->creationTime = GetTickCount(); - - // First determine the time when the entry is due to expire - if (entryLifetime != 0) - { - pEntry->expirationTime = pEntry->creationTime + (entryLifetime * 1000); - pEntry->doesNotExpire = false; + // Set the AuthCacheEntry pointer + pEntry = &pWrapperEntry->entry; + + // Set the status + pEntry->status = status; + + if (pEntry->status == CASA_STATUS_SUCCESS) + { + memcpy(&pEntry->token[0], pToken, tokenSize); + } + + pEntry->token[tokenSize] = '\0'; + + // Set the time when the entry was added to the cache + pEntry->creationTime = GetTickCount(); + + // First determine the time when the entry is due to expire + if (entryLifetime != 0) + { + pEntry->expirationTime = pEntry->creationTime + (entryLifetime * 1000); + pEntry->doesNotExpire = false; + } + else + { + // The entry does not expire + pEntry->expirationTime = 0; + pEntry->doesNotExpire = true; + } + + cacheKeyStrLen = strlen(pCacheKey) + 1; + + // Verify that the cacheKeyStrLen can be casted to a uint32_t + if (cacheKeyStrLen <= U32_MAX) + { + miCasaStatus = miCASAWriteBinaryKey(g_hCASAContext, + 0, + &sessionKeyChain, + &sharedId, + (SS_UTF8_T*) pCacheKey, + (uint32_t) cacheKeyStrLen, + (uint8_t *) pEntry, + &entrySize, + NULL, + (SSCS_EXT_T*) pCredStoreScope); + if (miCasaStatus != NSSCS_SUCCESS) + { + DbgTrace(0, "-CreateSessionTokenCacheEntry- miCASAWriteBinaryKey failure, status = %0X\n", miCasaStatus); + } + } + else + { + DbgTrace(0, "-CreateSessionTokenCacheEntry- cacheKeyStrLen overflow prevented\n", 0); + } } else { - // The entry does not expire - pEntry->expirationTime = 0; - pEntry->doesNotExpire = true; - } - - miCasaStatus = miCASAWriteBinaryKey(g_hCASAContext, - 0, - &sessionKeyChain, - &sharedId, - (SS_UTF8_T*) pCacheKey, - (uint32_t) strlen(pCacheKey) + 1, - (uint8_t *) pEntry, - (uint32_t*) &entrySize, - NULL, - (SSCS_EXT_T*) pCredStoreScope); - if (miCasaStatus != NSSCS_SUCCESS) - { - DbgTrace(0, "-CreateSessionTokenCacheEntry- miCASAWriteBinaryKey failure, status = %0X\n", miCasaStatus); + DbgTrace(0, "-CreateSessionTokenCacheEntry- Memory allocation failure\n", 0); } } else { - DbgTrace(0, "-CreateSessionTokenCacheEntry- Memory allocation failure\n", 0); + DbgTrace(0, "-CreateSessionTokenCacheEntry- entrySize overflow prevented\n", 0); } DbgTrace(1, "-CreateSessionTokenCacheEntry- End, pEntry = %0lX\n", (long) pEntry); @@ -401,7 +442,8 @@ FindSessionTokenEntryInCache( int32_t miCasaStatus; SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"}; SSCS_SECRET_ID_T sharedId = {20, "CASA_SESSION_TOKENS"}; - int32_t valueLength, wrapperEntrySize, bytesRequired; + uint32_t valueLength, bytesRequired; + size_t wrapperEntrySize, cacheKeyStrLen; WrapperAuthCacheEntry *pWrapperEntry = NULL; AuthCacheEntry *pEntry = NULL; @@ -410,72 +452,82 @@ FindSessionTokenEntryInCache( valueLength = 0; bytesRequired = 0; - miCasaStatus = miCASAReadBinaryKey(g_hCASAContext, - 0, - &sessionKeyChain, - &sharedId, - (SS_UTF8_T*) pCacheKey, - (uint32_t) strlen(pCacheKey) + 1, - NULL, - (uint32_t*) &valueLength, - (SSCS_PASSWORD_T*) NULL, - (uint32_t*) &bytesRequired, - (SSCS_EXT_T*) pCredStoreScope); + cacheKeyStrLen = strlen(pCacheKey) + 1; - if (miCasaStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT - && bytesRequired != 0) + // Verify that the cacheKeyStrLen can be casted to a uint32_t + if (cacheKeyStrLen <= U32_MAX) { - wrapperEntrySize = bytesRequired + sizeof(WrapperAuthCacheEntry) - sizeof(AuthCacheEntry); - pWrapperEntry = (WrapperAuthCacheEntry*) malloc(wrapperEntrySize); - if (pWrapperEntry) + miCasaStatus = miCASAReadBinaryKey(g_hCASAContext, + 0, + &sessionKeyChain, + &sharedId, + (SS_UTF8_T*) pCacheKey, + cacheKeyStrLen, + NULL, + &valueLength, + (SSCS_PASSWORD_T*) NULL, + &bytesRequired, + (SSCS_EXT_T*) pCredStoreScope); + + if (miCasaStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT + && bytesRequired != 0) { - pWrapperEntry->size = wrapperEntrySize; - pEntry = &pWrapperEntry->entry; - valueLength = bytesRequired; - bytesRequired = 0; - - miCasaStatus = miCASAReadBinaryKey(g_hCASAContext, - 0, - &sessionKeyChain, - &sharedId, - (SS_UTF8_T*) pCacheKey, - (uint32_t) strlen(pCacheKey) + 1, - (uint8_t *) pEntry, - (uint32_t*) &valueLength, - (SSCS_PASSWORD_T*) NULL, - (uint32_t*) &bytesRequired, - (SSCS_EXT_T*) pCredStoreScope); - if (miCasaStatus == NSSCS_SUCCESS) + wrapperEntrySize = bytesRequired + sizeof(WrapperAuthCacheEntry) - sizeof(AuthCacheEntry); + pWrapperEntry = (WrapperAuthCacheEntry*) malloc(wrapperEntrySize); + if (pWrapperEntry) { - if (pEntry->doesNotExpire == false - && CacheEntryLifetimeExpired(pEntry->creationTime, pEntry->expirationTime)) + pWrapperEntry->size = wrapperEntrySize; + pEntry = &pWrapperEntry->entry; + valueLength = bytesRequired; + bytesRequired = 0; + + miCasaStatus = miCASAReadBinaryKey(g_hCASAContext, + 0, + &sessionKeyChain, + &sharedId, + (SS_UTF8_T*) pCacheKey, + cacheKeyStrLen, + (uint8_t *) pEntry, + &valueLength, + (SSCS_PASSWORD_T*) NULL, + &bytesRequired, + (SSCS_EXT_T*) pCredStoreScope); + if (miCasaStatus == NSSCS_SUCCESS) { - // Remove the entry from the cache - miCasaStatus = miCASARemoveKey(g_hCASAContext, - 0, - &sessionKeyChain, - &sharedId, - (SS_UTF8_T*) pCacheKey, - (uint32_t) strlen(pCacheKey) + 1, - (SSCS_PASSWORD_T*) NULL, - (SSCS_EXT_T*) pCredStoreScope); - if (miCasaStatus != NSSCS_SUCCESS) + if (pEntry->doesNotExpire == false + && CacheEntryLifetimeExpired(pEntry->creationTime, pEntry->expirationTime)) { - DbgTrace(0, "-FindSessionTokenEntryInCache- miCASARemoveKey error = %0X\n", miCasaStatus); + // Remove the entry from the cache + miCasaStatus = miCASARemoveKey(g_hCASAContext, + 0, + &sessionKeyChain, + &sharedId, + (SS_UTF8_T*) pCacheKey, + cacheKeyStrLen, + (SSCS_PASSWORD_T*) NULL, + (SSCS_EXT_T*) pCredStoreScope); + if (miCasaStatus != NSSCS_SUCCESS) + { + DbgTrace(0, "-FindSessionTokenEntryInCache- miCASARemoveKey error = %0X\n", miCasaStatus); + } + + FreeAuthCacheEntry(pEntry); + pEntry = NULL; } - + } + else + { + DbgTrace(0, "-FindSessionTokenEntryInCache- miCASAReadBinaryKey error = %0X\n", miCasaStatus); FreeAuthCacheEntry(pEntry); pEntry = NULL; } } - else - { - DbgTrace(0, "-FindSessionTokenEntryInCache- miCASAReadBinaryKey error = %0X\n", miCasaStatus); - FreeAuthCacheEntry(pEntry); - pEntry = NULL; - } } } + else + { + DbgTrace(0, "-FindSessionTokenEntryInCache- cacheKeyStrLen overflow prevented\n", 0); + } DbgTrace(1, "-FindSessionTokenEntryInCache- End, pEntry = %0lX\n", (long) pEntry); @@ -504,7 +556,8 @@ FindAuthTokenEntryInCache( int32_t miCasaStatus; SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"}; SSCS_SECRET_ID_T sharedId = {27, "CASA_AUTHENTICATION_TOKENS"}; - int32_t valueLength, wrapperEntrySize, bytesRequired, keySize; + uint32_t valueLength, bytesRequired, keySize; + size_t wrapperEntrySize, cacheKeyStrLen, groupOrHostNameStrLen; WrapperAuthCacheEntry *pWrapperEntry = NULL; AuthCacheEntry *pEntry = NULL; char *pKey; @@ -512,85 +565,96 @@ FindAuthTokenEntryInCache( DbgTrace(1, "-FindAuthTokenEntryInCache- Start\n", 0); - keySize = (uint32_t)strlen(pCacheKey) + (uint32_t)strlen(pGroupOrHostName) + 2; + cacheKeyStrLen = strlen(pCacheKey); + groupOrHostNameStrLen = strlen(pGroupOrHostName); - pKey = malloc(keySize); - if (pKey) + // Verify that keySize will not overflow + if ((cacheKeyStrLen + groupOrHostNameStrLen + 2) <= U32_MAX) { - strncpy(pKey, pCacheKey, keySize); - strncat(pKey, "@", keySize); - strncat(pKey, pGroupOrHostName, keySize); - - valueLength = 0; - bytesRequired = 0; - - miCasaStatus = miCASAReadBinaryKey(g_hCASAContext, - 0, - &sessionKeyChain, - &sharedId, - (SS_UTF8_T*) pKey, - keySize, - NULL, - (uint32_t*) &valueLength, - (SSCS_PASSWORD_T*) NULL, - (uint32_t*) &bytesRequired, - (SSCS_EXT_T*) pCredStoreScope); - if (miCasaStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT - && bytesRequired != 0) + keySize = (uint32_t) (cacheKeyStrLen + groupOrHostNameStrLen + 2); + + pKey = malloc(keySize); + if (pKey) { - wrapperEntrySize = bytesRequired + sizeof(WrapperAuthCacheEntry) - sizeof(AuthCacheEntry); - pWrapperEntry = (WrapperAuthCacheEntry*) malloc(wrapperEntrySize); - if (pWrapperEntry) + strncpy(pKey, pCacheKey, keySize); + strncat(pKey, "@", keySize); + strncat(pKey, pGroupOrHostName, keySize); + + valueLength = 0; + bytesRequired = 0; + + miCasaStatus = miCASAReadBinaryKey(g_hCASAContext, + 0, + &sessionKeyChain, + &sharedId, + (SS_UTF8_T*) pKey, + keySize, + NULL, + &valueLength, + (SSCS_PASSWORD_T*) NULL, + &bytesRequired, + (SSCS_EXT_T*) pCredStoreScope); + if (miCasaStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT + && bytesRequired != 0) { - pWrapperEntry->size = wrapperEntrySize; - pEntry = &pWrapperEntry->entry; - valueLength = bytesRequired; - bytesRequired = 0; - - miCasaStatus = miCASAReadBinaryKey(g_hCASAContext, - 0, - &sessionKeyChain, - &sharedId, - (SS_UTF8_T*) pKey, - keySize, - (uint8_t *) pEntry, - (uint32_t*) &valueLength, - (SSCS_PASSWORD_T*) NULL, - (uint32_t*) &bytesRequired, - (SSCS_EXT_T*) pCredStoreScope); - if (miCasaStatus == NSSCS_SUCCESS) + wrapperEntrySize = bytesRequired + sizeof(WrapperAuthCacheEntry) - sizeof(AuthCacheEntry); + pWrapperEntry = (WrapperAuthCacheEntry*) malloc(wrapperEntrySize); + if (pWrapperEntry) { - if (pEntry->doesNotExpire == false - && CacheEntryLifetimeExpired(pEntry->creationTime, pEntry->expirationTime)) - { - // Remove the entry from the cache - miCasaStatus = miCASARemoveKey(g_hCASAContext, - 0, - &sessionKeyChain, - &sharedId, - (SS_UTF8_T*) pKey, + pWrapperEntry->size = wrapperEntrySize; + pEntry = &pWrapperEntry->entry; + valueLength = bytesRequired; + bytesRequired = 0; + + miCasaStatus = miCASAReadBinaryKey(g_hCASAContext, + 0, + &sessionKeyChain, + &sharedId, + (SS_UTF8_T*) pKey, keySize, - (SSCS_PASSWORD_T*) NULL, - (SSCS_EXT_T*) pCredStoreScope); - if (miCasaStatus != NSSCS_SUCCESS) + (uint8_t *) pEntry, + &valueLength, + (SSCS_PASSWORD_T*) NULL, + &bytesRequired, + (SSCS_EXT_T*) pCredStoreScope); + if (miCasaStatus == NSSCS_SUCCESS) + { + if (pEntry->doesNotExpire == false + && CacheEntryLifetimeExpired(pEntry->creationTime, pEntry->expirationTime)) { - DbgTrace(0, "-FindAuthTokenEntryInCache- miCASARemoveKey error = %0X\n", miCasaStatus); + // Remove the entry from the cache + miCasaStatus = miCASARemoveKey(g_hCASAContext, + 0, + &sessionKeyChain, + &sharedId, + (SS_UTF8_T*) pKey, + keySize, + (SSCS_PASSWORD_T*) NULL, + (SSCS_EXT_T*) pCredStoreScope); + if (miCasaStatus != NSSCS_SUCCESS) + { + DbgTrace(0, "-FindAuthTokenEntryInCache- miCASARemoveKey error = %0X\n", miCasaStatus); + } + + FreeAuthCacheEntry(pEntry); + pEntry = NULL; } - + } + else + { + DbgTrace(0, "-FindAuthTokenEntryInCache- miCASAReadBinaryKey error = %0X\n", miCasaStatus); FreeAuthCacheEntry(pEntry); pEntry = NULL; } } - else - { - DbgTrace(0, "-FindAuthTokenEntryInCache- miCASAReadBinaryKey error = %0X\n", miCasaStatus); - FreeAuthCacheEntry(pEntry); - pEntry = NULL; - } } + + free(pKey); } - - free(pKey); + } + else + { + DbgTrace(0, "-FindAuthTokenEntryInCache- keySize overflow prevented\n", 0); } DbgTrace(1, "-FindAuthTokenEntryInCache- End, pEntry = %0lX\n", (long) pEntry); diff --git a/CASA-auth-token/client/library/engine.c b/CASA-auth-token/client/library/engine.c index d13177a6..a75dc73c 100644 --- a/CASA-auth-token/client/library/engine.c +++ b/CASA-auth-token/client/library/engine.c @@ -83,7 +83,7 @@ ObtainSessionToken( CASA_STATUS_UNSUCCESSFUL); LIST_ENTRY *pListEntry; AuthCacheEntry *pCacheEntry = NULL; - AuthContext *pAuthContext; + AuthContext *pAuthContext = NULL; DbgTrace(1, "-ObtainSessionToken- Start\n", 0); @@ -137,9 +137,9 @@ ObtainSessionToken( pCredStoreScope); if (pCacheEntry == NULL) { - char *pReqMsg = NULL; - char *pRespMsg = NULL; - int respLen; + char *pReqMsg = NULL; + char *pRespMsg = NULL; + size_t respLen; // Get authentication mechanism token retStatus = GetAuthMechToken(pAuthContext, @@ -328,7 +328,7 @@ ObtainAuthTokenFromServer( { char *pReqMsg = NULL; char *pRespMsg = NULL; - int respLen; + size_t respLen; AuthPolicy *pAuthPolicy = NULL; GetAuthPolicyResp *pGetAuthPolicyResp = NULL; GetAuthTokenResp *pGetAuthTokenResp = NULL; diff --git a/CASA-auth-token/client/library/getpolicymsg.c b/CASA-auth-token/client/library/getpolicymsg.c index 1434de1e..8892c9f8 100644 --- a/CASA-auth-token/client/library/getpolicymsg.c +++ b/CASA-auth-token/client/library/getpolicymsg.c @@ -86,8 +86,8 @@ BuildGetAuthPolicyMsg( // L2 //=======================================================================-- { - char *pMsg = NULL; - int bufferSize; + char *pMsg = NULL; + size_t bufferSize; DbgTrace(1, "-BuildGetAuthPolicyMsg- Start\n", 0); diff --git a/CASA-auth-token/client/library/gettokenmsg.c b/CASA-auth-token/client/library/gettokenmsg.c index 580ea080..6f76f90d 100644 --- a/CASA-auth-token/client/library/gettokenmsg.c +++ b/CASA-auth-token/client/library/gettokenmsg.c @@ -88,8 +88,8 @@ BuildGetAuthTokenMsg( // L2 //=======================================================================-- { - char *pMsg = NULL; - int bufferSize; + char *pMsg = NULL; + size_t bufferSize; DbgTrace(1, "-BuildGetAuthTokenMsg- Start\n", 0); diff --git a/CASA-auth-token/client/library/internal.h b/CASA-auth-token/client/library/internal.h index 9d9412fb..8e17ab41 100644 --- a/CASA-auth-token/client/library/internal.h +++ b/CASA-auth-token/client/library/internal.h @@ -39,6 +39,12 @@ //===[ Type definitions ]================================================== +#define MAX_RPC_REPLY_SZ (256 * 1024) + +#ifndef U32_MAX +#define U32_MAX (~(uint32_t)0) +#endif + // // Authentication Context structure // @@ -179,6 +185,15 @@ void RelGetAuthPolicyResp( IN GetAuthPolicyResp *pGetAuthPolicyResp); +extern +int +InitializeLibrary(void); + +extern +void +UnInitializeLibrary(void); + + // // Functions exported by authpolicy.c // @@ -209,7 +224,7 @@ extern CasaStatus CreateAuthenticateResp( IN char *pRespMsg, - IN int respLen, + IN size_t respLen, INOUT AuthenticateResp **ppAuthenticateResp); extern @@ -391,7 +406,7 @@ Rpc( IN long flags, IN char *pRequestData, INOUT char **ppResponseData, - INOUT int *pResponseDataLen); + INOUT size_t *pResponseDataLen); extern CasaStatus diff --git a/CASA-auth-token/client/library/invalidcert.c b/CASA-auth-token/client/library/invalidcert.c index a4a4fb63..d1944f6a 100644 --- a/CASA-auth-token/client/library/invalidcert.c +++ b/CASA-auth-token/client/library/invalidcert.c @@ -77,8 +77,6 @@ AllowInvalidCertsFromHost( // L0 //=======================================================================-- { - bool retStatus = true; - DbgTrace(2, "-AllowInvalidCertsFromHost- Start\n", 0); // tbd diff --git a/CASA-auth-token/client/library/linux/platform.c b/CASA-auth-token/client/library/linux/platform.c index 5d7ff0da..2d865809 100644 --- a/CASA-auth-token/client/library/linux/platform.c +++ b/CASA-auth-token/client/library/linux/platform.c @@ -36,7 +36,7 @@ typedef struct _NormalizedHostNameCacheEntry LIST_ENTRY listEntry; char *pHostName; char *pNormalizedHostName; - int buffLengthRequired; + size_t buffLengthRequired; } NormalizedHostNameCacheEntry, *PNormalizedHostNameCacheEntry; @@ -720,7 +720,7 @@ NormalizeHostName( NI_NAMEREQD) == 0) { // We resolved the address to a DNS name, use it as the normalized name. - pEntry->buffLengthRequired = (int) strlen(pDnsHostName) + 1; + pEntry->buffLengthRequired = strlen(pDnsHostName) + 1; pEntry->pNormalizedHostName = (char*) malloc(pEntry->buffLengthRequired); if (pEntry->pNormalizedHostName) { @@ -738,7 +738,7 @@ NormalizeHostName( // Not able to resolve the name in DNS, just use the host name as // the normalized name. - pEntry->buffLengthRequired = (int) strlen(pHostName) + 1; + pEntry->buffLengthRequired = strlen(pHostName) + 1; pEntry->pNormalizedHostName = (char*) malloc(pEntry->buffLengthRequired); if (pEntry->pNormalizedHostName) { diff --git a/CASA-auth-token/client/library/linux/platform.h b/CASA-auth-token/client/library/linux/platform.h index fc8b1a7c..c7d87775 100644 --- a/CASA-auth-token/client/library/linux/platform.h +++ b/CASA-auth-token/client/library/linux/platform.h @@ -83,12 +83,12 @@ typedef struct _RpcSession { CURL *hCurl; char *pPartialHttpUrl; - int partialHttpUrlLen; + size_t partialHttpUrlLen; char *pPartialHttpsUrl; - int partialHttpsUrlLen; + size_t partialHttpsUrlLen; struct curl_slist *headers; char *pRecvData; - int recvDataLen; + size_t recvDataLen; } RpcSession, *PRpcSession; diff --git a/CASA-auth-token/client/library/linux/rpc.c b/CASA-auth-token/client/library/linux/rpc.c index 62885251..b0f7e0cd 100644 --- a/CASA-auth-token/client/library/linux/rpc.c +++ b/CASA-auth-token/client/library/linux/rpc.c @@ -79,34 +79,56 @@ CurlWriteCallback( if (pSession->pRecvData == NULL) { // We have not yet consumed receive data for the current Rpc - pSession->pRecvData = (char*) malloc(numDataItems * dataItemSz); - if (pSession->pRecvData) + // if the data does not exceed our maximum Rpc reply size. + if ((numDataItems * dataItemSz) <= MAX_RPC_REPLY_SZ) { - // Consume the data - memcpy(pSession->pRecvData, pData, numDataItems * dataItemSz); - pSession->recvDataLen = numDataItems * dataItemSz; + pSession->pRecvData = (char*) malloc(numDataItems * dataItemSz); + if (pSession->pRecvData) + { + // Consume the data + memcpy(pSession->pRecvData, pData, numDataItems * dataItemSz); + pSession->recvDataLen = numDataItems * dataItemSz; + } + else + { + DbgTrace(0, "-CurlWriteCallback- Buffer allocation error\n", 0); + dataConsumed = CURLE_WRITE_ERROR; // To abort RPC + } } else { - DbgTrace(0, "-CurlWriteCallback- Buffer allocation error\n", 0); + DbgTrace(0, "-CurlWriteCallback- Max Rpc reply size exceeded\n", 0); dataConsumed = CURLE_WRITE_ERROR; // To abort RPC } } else { - // We have already consumed receive data for the current Rpc, append the new data to it. - char *pNewRecvDataBuf = (char*) malloc(pSession->recvDataLen + (numDataItems * dataItemSz)); - if (pNewRecvDataBuf) + // We have already consumed receive data for the current Rpc, append the new data to it + // if the data does not exceed our maximum Rpc reply size. + if ((pSession->recvDataLen + (numDataItems * dataItemSz)) <= MAX_RPC_REPLY_SZ) { - memcpy(pNewRecvDataBuf, pSession->pRecvData, pSession->recvDataLen); - memcpy(pNewRecvDataBuf + pSession->recvDataLen, pData, numDataItems * dataItemSz); - pSession->recvDataLen += numDataItems * dataItemSz; - free(pSession->pRecvData); - pSession->pRecvData = pNewRecvDataBuf; + char *pNewRecvDataBuf = (char*) malloc(pSession->recvDataLen + (numDataItems * dataItemSz)); + if (pNewRecvDataBuf) + { + memcpy(pNewRecvDataBuf, pSession->pRecvData, pSession->recvDataLen); + memcpy(pNewRecvDataBuf + pSession->recvDataLen, pData, numDataItems * dataItemSz); + pSession->recvDataLen += numDataItems * dataItemSz; + free(pSession->pRecvData); + pSession->pRecvData = pNewRecvDataBuf; + } + else + { + DbgTrace(0, "-CurlWriteCallback- Buffer allocation error\n", 0); + dataConsumed = CURLE_WRITE_ERROR; // To abort RPC + + // Forget about already consumed data + free(pSession->pRecvData); + pSession->pRecvData = NULL; + } } else { - DbgTrace(0, "-CurlWriteCallback- Buffer allocation error\n", 0); + DbgTrace(0, "-CurlWriteCallback- Max Rpc reply size exceeded\n", 0); dataConsumed = CURLE_WRITE_ERROR; // To abort RPC // Forget about already consumed data @@ -308,7 +330,7 @@ InternalRpc( IN long flags, IN char *pRequestData, INOUT char **ppResponseData, - INOUT int *pResponseDataLen) + INOUT size_t *pResponseDataLen) // // Arguments: // @@ -494,7 +516,7 @@ Rpc( IN long flags, IN char *pRequestData, INOUT char **ppResponseData, - INOUT int *pResponseDataLen) + INOUT size_t *pResponseDataLen) // // Arguments: // diff --git a/CASA-auth-token/client/library/mechanisms/pwd/get.c b/CASA-auth-token/client/library/mechanisms/pwd/get.c index 1745bdf5..dfca87f9 100644 --- a/CASA-auth-token/client/library/mechanisms/pwd/get.c +++ b/CASA-auth-token/client/library/mechanisms/pwd/get.c @@ -76,6 +76,7 @@ GetUserCredentials( uint32_t credtype = SSCS_CRED_TYPE_BASIC_F; SSCS_BASIC_CREDENTIAL credential = {0}; SSCS_SECRET_ID_T secretId = {0}; + size_t secretIdLen; DbgTrace(1, "-GetUserCredentials- Start\n", 0); @@ -85,45 +86,56 @@ GetUserCredentials( // Get the length of the realm string into the secret id structure // and verify thatr it is not too long. - secretId.len = sscs_Utf8Strlen(pRealm) + 1; - if (secretId.len <= NSSCS_MAX_SECRET_ID_LEN) + secretIdLen = sscs_Utf8Strlen(pRealm) + 1; + if (secretIdLen <= U32_MAX) { - // Set the secret id in the structure - sscs_Utf8Strcpy((char*) secretId.id, pRealm); - - // Specify that we want the common name - credential.unFlags = USERNAME_TYPE_CN_F; - - // Now try to get the credentials - rcode = miCASAGetCredential(0, - &secretId, - NULL, - &credtype, - &credential, - (SSCS_EXT_T*) pCredStoreScope); - if (rcode != NSSCS_SUCCESS) + secretId.len = secretIdLen; + if (secretId.len <= NSSCS_MAX_SECRET_ID_LEN) { - // There were no credentials for the realm, now try to obtain the - // desktop credentials. - secretId.len = sscs_Utf8Strlen("Desktop") + 1; - if (secretId.len <= NSSCS_MAX_SECRET_ID_LEN) + // Set the secret id in the structure + sscs_Utf8Strcpy((char*) secretId.id, pRealm); + + // Specify that we want the common name + credential.unFlags = USERNAME_TYPE_CN_F; + + // Now try to get the credentials + rcode = miCASAGetCredential(0, + &secretId, + NULL, + &credtype, + &credential, + (SSCS_EXT_T*) pCredStoreScope); + if (rcode != NSSCS_SUCCESS) { - sscs_Utf8Strcpy((char*) secretId.id, "Desktop"); - rcode = miCASAGetCredential(0, - &secretId, - NULL, - &credtype, - &credential, - (SSCS_EXT_T*) pCredStoreScope); - } - else - { - DbgTrace(0, "-GetUserCredentials- Desktop name too long\n", 0); - retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_PWTOKEN, - CASA_STATUS_UNSUCCESSFUL); + // There were no credentials for the realm, now try to obtain the + // desktop credentials. + secretId.len = sscs_Utf8Strlen("Desktop") + 1; + if (secretId.len <= NSSCS_MAX_SECRET_ID_LEN) + { + sscs_Utf8Strcpy((char*) secretId.id, "Desktop"); + rcode = miCASAGetCredential(0, + &secretId, + NULL, + &credtype, + &credential, + (SSCS_EXT_T*) pCredStoreScope); + } + else + { + DbgTrace(0, "-GetUserCredentials- Desktop name too long\n", 0); + retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_PWTOKEN, + CASA_STATUS_UNSUCCESSFUL); + } } } + else + { + DbgTrace(0, "-GetUserCredentials- Realm name too long\n", 0); + retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_PWTOKEN, + CASA_STATUS_UNSUCCESSFUL); + } } else { diff --git a/CASA-auth-token/client/library/mechanisms/pwd/internal.h b/CASA-auth-token/client/library/mechanisms/pwd/internal.h index 8ace235c..d79dfea7 100644 --- a/CASA-auth-token/client/library/mechanisms/pwd/internal.h +++ b/CASA-auth-token/client/library/mechanisms/pwd/internal.h @@ -37,6 +37,10 @@ //===[ Type definitions ]================================================== +#ifndef U32_MAX +#define U32_MAX (~(uint32_t)0) +#endif + //===[ Inlines functions ]=============================================== //===[ Function prototypes ]=============================================== diff --git a/CASA-auth-token/client/library/windows/platform.c b/CASA-auth-token/client/library/windows/platform.c index 8ff90a2c..c512004d 100644 --- a/CASA-auth-token/client/library/windows/platform.c +++ b/CASA-auth-token/client/library/windows/platform.c @@ -36,7 +36,7 @@ typedef struct _NormalizedHostNameCacheEntry LIST_ENTRY listEntry; char *pHostName; char *pNormalizedHostName; - int buffLengthRequired; + size_t buffLengthRequired; } NormalizedHostNameCacheEntry, *PNormalizedHostNameCacheEntry; @@ -458,7 +458,7 @@ NormalizeHostName( NI_NAMEREQD) == 0) { // We resolved the address to a DNS name, use it as the normalized name. - pEntry->buffLengthRequired = (int) strlen(pDnsHostName) + 1; + pEntry->buffLengthRequired = strlen(pDnsHostName) + 1; pEntry->pNormalizedHostName = (char*) malloc(pEntry->buffLengthRequired); if (pEntry->pNormalizedHostName) { @@ -476,7 +476,7 @@ NormalizeHostName( // Not able to resolve the name in DNS, just use the host name as // the normalized name. - pEntry->buffLengthRequired = (int) strlen(pHostName) + 1; + pEntry->buffLengthRequired = strlen(pHostName) + 1; pEntry->pNormalizedHostName = (char*) malloc(pEntry->buffLengthRequired); if (pEntry->pNormalizedHostName) { diff --git a/CASA-auth-token/client/library/windows/rpc.c b/CASA-auth-token/client/library/windows/rpc.c index 8217889e..da69c555 100644 --- a/CASA-auth-token/client/library/windows/rpc.c +++ b/CASA-auth-token/client/library/windows/rpc.c @@ -343,7 +343,7 @@ InternalRpc( IN long flags, IN char *pRequestData, INOUT char **ppResponseData, - INOUT int *pResponseDataLen) + INOUT size_t *pResponseDataLen) // // Arguments: // @@ -467,9 +467,9 @@ InternalRpc( // Check that the request completed successfully if (memcmp(httpCompStatus, L"200", sizeof(httpCompStatus)) == 0) { - char *pResponseData; - int responseDataBufSize = INITIAL_RESPONSE_DATA_BUF_SIZE; - int responseDataRead = 0; + char *pResponseData; + size_t responseDataBufSize = INITIAL_RESPONSE_DATA_BUF_SIZE; + size_t responseDataRead = 0; // Now read the response data, to do so we need to allocate a buffer. pResponseData = (char*) malloc(INITIAL_RESPONSE_DATA_BUF_SIZE); @@ -494,22 +494,43 @@ InternalRpc( { char *pTmpBuf; - // We need to upgrade the receive buffer - pTmpBuf = (char*) malloc(responseDataBufSize + INCREMENT_RESPONSE_DATA_BUF_SIZE); - if (pTmpBuf) + // We need to upgrade the receive buffer. + // + // Do not allow the reply to exceed our maximum + if (responseDataBufSize < MAX_RPC_REPLY_SZ) { - memcpy(pTmpBuf, pResponseData, responseDataBufSize); - free(pResponseData); - pResponseData = pTmpBuf; - pCurrLocation = pResponseData + responseDataBufSize; - responseDataBufSize += INCREMENT_RESPONSE_DATA_BUF_SIZE; + size_t incrementSz; + + // Determine the buffer size imcrement so that the maximum rpc reply + // size is not exceeded. + if ((responseDataBufSize + INCREMENT_RESPONSE_DATA_BUF_SIZE) <= MAX_RPC_REPLY_SZ) + incrementSz = INCREMENT_RESPONSE_DATA_BUF_SIZE; + else + incrementSz = MAX_RPC_REPLY_SZ - responseDataBufSize; + + pTmpBuf = (char*) malloc(responseDataBufSize + incrementSz); + if (pTmpBuf) + { + memcpy(pTmpBuf, pResponseData, responseDataBufSize); + free(pResponseData); + pResponseData = pTmpBuf; + pCurrLocation = pResponseData + responseDataBufSize; + responseDataBufSize += incrementSz; + } + else + { + DbgTrace(0, "-InternalRpc- Buffer allocation failure\n", 0); + retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_INSUFFICIENT_RESOURCES); + } } else { - DbgTrace(0, "-InternalRpc- Buffer allocation failure\n", 0); + DbgTrace(0, "-InternalRpc- Reply maximum exceeded\n", 0); retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_INSUFFICIENT_RESOURCES); + CASA_STATUS_UNSUCCESSFUL); } } } @@ -743,7 +764,7 @@ Rpc( IN long flags, IN char *pRequestData, INOUT char **ppResponseData, - INOUT int *pResponseDataLen) + INOUT size_t *pResponseDataLen) // // Arguments: //