From 44ee58ef5f2fc7c1bb06f023b204048d61ab452d Mon Sep 17 00:00:00 2001 From: Juan Carlos Luciani Date: Tue, 6 Feb 2007 22:52:44 +0000 Subject: [PATCH] Changes to address issues brought up by the security review. --- .../server/ApacheSupport/2.2/mod_authn_casa.c | 8 +- .../AuthTokenValidate/Svc/linux/server.cpp | 4 +- .../idenTokenProviders/casa/identoken.c | 58 +++--- .../casa/identokenprovider.c | 5 +- .../idenTokenProviders/casa/internal.h | 14 +- .../idenTokenProviders/casa/util.c | 180 +++++++++-------- .../iden_token_provider_if.h | 20 +- .../server/AuthTokenValidate/internal.h | 16 +- .../server/AuthTokenValidate/principal.c | 22 +-- .../server/AuthTokenValidate/util.c | 182 ++++++++++-------- .../server/AuthTokenValidate/validate.c | 15 +- .../server/PamSupport/pam_authtoken.c | 8 +- CASA-auth-token/server/include/casa_c_ipc.h | 9 +- .../server/include/casa_s_authtoken.h | 26 +-- .../IpcLibs/linux/client/cchannel.cpp | 6 +- .../utilities/IpcLibs/linux/client/cchannel.h | 26 +-- .../utilities/IpcLibs/linux/client/client.cpp | 75 +++++--- .../IpcLibs/linux/client/clientreq.cpp | 4 +- .../IpcLibs/linux/client/clientreq.h | 6 +- .../IpcLibs/linux/client/remoteendpoint.cpp | 4 +- .../IpcLibs/linux/client/remoteendpoint.h | 4 +- .../IpcLibs/linux/common/channelproto.cpp | 12 +- .../IpcLibs/linux/common/channelproto.h | 6 +- .../IpcLibs/linux/server/schannel.cpp | 6 +- .../utilities/IpcLibs/linux/server/schannel.h | 2 +- .../utilities/IpcLibs/linux/server/server.cpp | 2 +- .../IpcLibs/linux/server/serverreq.cpp | 4 +- .../IpcLibs/linux/server/serverreq.h | 6 +- 28 files changed, 386 insertions(+), 344 deletions(-) diff --git a/CASA-auth-token/server/ApacheSupport/2.2/mod_authn_casa.c b/CASA-auth-token/server/ApacheSupport/2.2/mod_authn_casa.c index b1d4c5ec..3ead5015 100644 --- a/CASA-auth-token/server/ApacheSupport/2.2/mod_authn_casa.c +++ b/CASA-auth-token/server/ApacheSupport/2.2/mod_authn_casa.c @@ -207,7 +207,7 @@ check_password( &pPrincipalIf); if (CASA_SUCCESS(casaStatus)) { - int buffLen = 0; + size_t buffLen = 0; apr_table_t *e = r->subprocess_env; // Associate necessary environment variables with the request block @@ -335,9 +335,9 @@ check_password( if (retStatus == AUTH_GRANTED) { - char *pAttribNameBuff, *pAttribValueBuff; - int enumHandle = 0; - int attribNameBuffLen, attribValueBuffLen; + char *pAttribNameBuff, *pAttribValueBuff; + unsigned int enumHandle = 0; + size_t attribNameBuffLen, attribValueBuffLen; while (retStatus == AUTH_GRANTED) { diff --git a/CASA-auth-token/server/AuthTokenValidate/Svc/linux/server.cpp b/CASA-auth-token/server/AuthTokenValidate/Svc/linux/server.cpp index b4562d75..849ff314 100644 --- a/CASA-auth-token/server/AuthTokenValidate/Svc/linux/server.cpp +++ b/CASA-auth-token/server/AuthTokenValidate/Svc/linux/server.cpp @@ -130,8 +130,8 @@ ServiceRequests(void) { // Helper class found, now get the id of the method that we invoke jmethodID mId = g_env->GetStaticMethodID(helperClass, - authTokenClassValidateMethodName, - "(Ljava/lang/String;)Ljava/lang/String;"); + authTokenClassValidateMethodName, + "(Ljava/lang/String;)Ljava/lang/String;"); if (mId) { // Loop until told to terminate diff --git a/CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/identoken.c b/CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/identoken.c index 812f2c0d..064ca467 100644 --- a/CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/identoken.c +++ b/CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/identoken.c @@ -73,9 +73,9 @@ typedef struct _Attribute { LIST_ENTRY listEntry; char *pAttribName; - int attribNameLen; + size_t attribNameLen; char *pAttribValue; - int attribValueLen; + size_t attribValueLen; } Attribute, *PAttribute; @@ -87,15 +87,15 @@ typedef struct _IdenTokenIfInstance { int refCount; char *pIdentId; - int identIdLen; + size_t identIdLen; char *pIdentSourceName; - int identSourceNameLen; + size_t identSourceNameLen; char *pIdentSourceUrl; - int identSourceUrlLen; + size_t identSourceUrlLen; char *pTargetService; - int targetServiceLen; + size_t targetServiceLen; char *pTargetHost; - int targetHostLen; + size_t targetHostLen; LIST_ENTRY attributeListHead; IdenTokenIf idenTokenIf; @@ -109,7 +109,7 @@ typedef struct _IdenTokenParse { XML_Parser p; int state; - int elementDataProcessed; + size_t elementDataProcessed; IdenTokenIfInstance *pIdenTokenIfInstance; CasaStatus status; @@ -377,7 +377,7 @@ ConsumeElementData( IN const XML_Char *s, IN int len, INOUT char **ppElementData, - INOUT int *pElementDataLen) + INOUT size_t *pElementDataLen) // // Arguments: // @@ -424,7 +424,7 @@ ConsumeElementData( char *pNewBuf; // We have already received token data, append this data to it. - pNewBuf = (char*) malloc(pIdenTokenParse->elementDataProcessed + len + 1); + pNewBuf = (char*) malloc((size_t)(pIdenTokenParse->elementDataProcessed + len + 1)); if (pNewBuf) { memset(pNewBuf, @@ -860,7 +860,7 @@ CasaStatus SSCS_CALL GetIdentityId( IN const void *pIfInstance, INOUT char *pIdentIdBuf, - INOUT int *pIdentIdLen) + INOUT size_t *pIdentIdLen) // // Arguments: // pIfInstance - @@ -935,7 +935,7 @@ CasaStatus SSCS_CALL GetSourceName( IN const void *pIfInstance, INOUT char *pSourceNameBuf, - INOUT int *pSourceNameLen) + INOUT size_t *pSourceNameLen) // // Arguments: // pIfInstance - @@ -1011,7 +1011,7 @@ CasaStatus SSCS_CALL GetSourceUrl( IN const void *pIfInstance, INOUT char *pSourceUrlBuf, - INOUT int *pSourceUrlLen) + INOUT size_t *pSourceUrlLen) // // Arguments: // pIfInstance - @@ -1085,12 +1085,12 @@ exit: static CasaStatus SSCS_CALL AttributeEnumerate( - IN const void *pIfInstance, - INOUT int *pEnumHandle, - INOUT char *pAttribNameBuf, - INOUT int *pAttribNameLen, - INOUT char *pAttribValueBuf, - INOUT int *pAttribValueLen) + IN const void *pIfInstance, + INOUT unsigned int *pEnumHandle, + INOUT char *pAttribNameBuf, + INOUT size_t *pAttribNameLen, + INOUT char *pAttribValueBuf, + INOUT size_t *pAttribValueLen) // // Arguments: // pIfInstance - @@ -1231,9 +1231,9 @@ exit: //++======================================================================= CasaStatus GetIdenTokenInterface( - IN const char *pTokenBuf, - IN const int tokenLen, - INOUT IdenTokenIf **ppIdenTokenIf) + IN const char *pTokenBuf, + IN const size_t tokenLen, + INOUT IdenTokenIf **ppIdenTokenIf) // // Arguments: // @@ -1252,6 +1252,16 @@ GetIdenTokenInterface( DbgTrace(2, "-GetIdenTokenInterface- Start\n", 0); + // Verify that the token is not too large for the parser + if (tokenLen > INT32_MAX) + { + DbgTrace(0, "-GetIdenTokenInterface- Token too large\n", 0); + retStatus = CasaStatusBuild(CASA_SEVERITY_INFORMATIONAL, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_UNSUCCESSFUL); + goto exit; + } + // Create a IdenTokenIfInstance object for it. pIdenTokenIfInstance = malloc(sizeof(*pIdenTokenIfInstance)); if (pIdenTokenIfInstance) @@ -1314,7 +1324,7 @@ GetIdenTokenInterface( XML_SetUserData(p, &idenTokenParse); // Parse the document - if (XML_Parse(p, pTokenBuf, tokenLen, 1) == XML_STATUS_OK) + if (XML_Parse(p, pTokenBuf, (int) tokenLen, 1) == XML_STATUS_OK) { // Verify that the parse operation completed successfully if (idenTokenParse.state == DONE_PARSING) @@ -1385,6 +1395,8 @@ GetIdenTokenInterface( CASA_STATUS_INSUFFICIENT_RESOURCES); } +exit: + DbgTrace(2, "-GetIdenTokenInterface- End, retStatus = %0X\n", retStatus); return retStatus; diff --git a/CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/identokenprovider.c b/CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/identokenprovider.c index 8fb9b043..f30eb6e2 100644 --- a/CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/identokenprovider.c +++ b/CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/identokenprovider.c @@ -147,7 +147,7 @@ CasaStatus GetIdentityTokenIf( IN const void *pIfInstance, IN const char *pTokenBuf, - IN const int tokenLen, + IN const size_t tokenLen, INOUT IdenTokenIf **ppIdenTokenIf) // // Arguments: @@ -175,13 +175,14 @@ GetIdentityTokenIf( { CasaStatus retStatus; char *pDecodedTokenBuf; - int decodedTokenBufLen; + uint32_t decodedTokenBufLen; DbgTrace(2, "-GetIdentityTokenIf- Start\n", 0); // Validate input parameters if (pIfInstance == NULL || pTokenBuf == NULL + || tokenLen > UINT32_MAX || tokenLen == 0 || ppIdenTokenIf == NULL) { diff --git a/CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/internal.h b/CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/internal.h index 13b200c9..d6382ddf 100644 --- a/CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/internal.h +++ b/CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/internal.h @@ -57,9 +57,9 @@ extern int DebugLevel; extern CasaStatus GetIdenTokenInterface( - IN const char *pTokenBuf, - IN const int tokenLen, - INOUT IdenTokenIf **ppIdenTokenIf); + IN const char *pTokenBuf, + IN const uint32_t tokenLen, + INOUT IdenTokenIf **ppIdenTokenIf); extern CasaStatus @@ -77,17 +77,17 @@ extern CasaStatus EncodeData( IN const void *pData, - IN const int32_t dataLen, + IN const uint32_t dataLen, INOUT char **ppEncodedData, - INOUT int32_t *pEncodedDataLen); + INOUT uint32_t *pEncodedDataLen); extern CasaStatus DecodeData( IN const char *pEncodedData, - IN const int32_t encodedDataLen, // Does not include NULL terminator + IN const uint32_t encodedDataLen, // Does not include NULL terminator INOUT void **ppData, - INOUT int32_t *pDataLen); + INOUT uint32_t *pDataLen); extern int diff --git a/CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/util.c b/CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/util.c index 2483c744..6daa8219 100644 --- a/CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/util.c +++ b/CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/util.c @@ -62,9 +62,9 @@ static const uint8_t g_Expand64[256] = CasaStatus EncodeData( IN const void *pData, - IN const int32_t dataLen, + IN const uint32_t dataLen, INOUT char **ppEncodedData, - INOUT int32_t *pEncodedDataLen) + INOUT uint32_t *pEncodedDataLen) // // Arguments: // @@ -88,7 +88,7 @@ EncodeData( if (*ppEncodedData) { uint8_t *pOut, *pIn; - int i; + uint32_t i; // Setup pointers to move through the buffers pIn = (uint8_t*) pData; @@ -147,9 +147,9 @@ EncodeData( CasaStatus DecodeData( IN const char *pEncodedData, - IN const int32_t encodedDataLen, // Does not include NULL terminator + IN const uint32_t encodedDataLen, // Does not include NULL terminator INOUT void **ppData, - INOUT int32_t *pDataLen) + INOUT uint32_t *pDataLen) // // Arguments: // @@ -161,8 +161,8 @@ DecodeData( //=======================================================================-- { CasaStatus retStatus; - int i, j; - int decodedSize; + uint32_t i, j; + size_t decodedSize; DbgTrace(3, "-DecodeData- Start\n", 0); @@ -172,98 +172,110 @@ DecodeData( j++; decodedSize = (j * 3 + 3) / 4; - // Allocate buffer to hold the decoded data - *ppData = malloc(decodedSize); - if (*ppData) + // Verify that we are not going to overflow the uint32 + if (decodedSize <= UINT32_MAX) { - bool endReached = false; - uint8_t c0, c1, c2, c3; - uint8_t *p, *q; - - // Initialize parameters that will be used during the decode operation - c0 = c1 = c2 = c3 = 0; - p = (uint8_t*) pEncodedData; - q = (uint8_t*) *ppData; - - // Decode the data - // - // Loop through the data, piecing back information. Any newlines, and/or - // carriage returns need to be skipped. - while (j > 4) + // Allocate buffer to hold the decoded data + *ppData = malloc(decodedSize); + if (*ppData) { - while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p))) - p++; - if (64 == g_Expand64[*p]) - { - endReached = true; - break; - } - c0 = *(p++); + bool endReached = false; + uint8_t c0, c1, c2, c3; + uint8_t *p, *q; - while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p))) - p++; - if (64 == g_Expand64[*p]) - { - *(q++) = (uint8_t)(g_Expand64[c0] << 2); - j--; - endReached = true; - break; - } - c1 = *(p++); + // Initialize parameters that will be used during the decode operation + c0 = c1 = c2 = c3 = 0; + p = (uint8_t*) pEncodedData; + q = (uint8_t*) *ppData; - while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p))) - p++; - if (64 == g_Expand64[*p]) - { - *(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4); - *(q++) = (uint8_t)(g_Expand64[c1] << 4); - j -= 2; - endReached = true; - break; - } - c2 = *(p++); + // Decode the data + // + // Loop through the data, piecing back information. Any newlines, and/or + // carriage returns need to be skipped. + while (j > 4) + { + while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p))) + p++; + if (64 == g_Expand64[*p]) + { + endReached = true; + break; + } + c0 = *(p++); - while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p))) - p++; - if (64 == g_Expand64[*p]) - { - *(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4); - *(q++) = (uint8_t)(g_Expand64[c1] << 4 | g_Expand64[c2] >> 2); - *(q++) = (uint8_t)(g_Expand64[c2] << 6); - j -= 3; - endReached = true; - break; - } - c3 = *(p++); + while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p))) + p++; + if (64 == g_Expand64[*p]) + { + *(q++) = (uint8_t)(g_Expand64[c0] << 2); + j--; + endReached = true; + break; + } + c1 = *(p++); - *(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4); - *(q++) = (uint8_t)(g_Expand64[c1] << 4 | g_Expand64[c2] >> 2); - *(q++) = (uint8_t)(g_Expand64[c2] << 6 | g_Expand64[c3]); - j -= 4; + while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p))) + p++; + if (64 == g_Expand64[*p]) + { + *(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4); + *(q++) = (uint8_t)(g_Expand64[c1] << 4); + j -= 2; + endReached = true; + break; + } + c2 = *(p++); + + while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p))) + p++; + if (64 == g_Expand64[*p]) + { + *(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4); + *(q++) = (uint8_t)(g_Expand64[c1] << 4 | g_Expand64[c2] >> 2); + *(q++) = (uint8_t)(g_Expand64[c2] << 6); + j -= 3; + endReached = true; + break; + } + c3 = *(p++); + + *(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4); + *(q++) = (uint8_t)(g_Expand64[c1] << 4 | g_Expand64[c2] >> 2); + *(q++) = (uint8_t)(g_Expand64[c2] << 6 | g_Expand64[c3]); + j -= 4; + } + if (!endReached) + { + if (j > 1) + *(q++) = (uint8_t)(g_Expand64[*p] << 2 | g_Expand64[p[1]] >> 4); + if (j > 2) + *(q++) = (uint8_t)(g_Expand64[p[1]] << 4 | g_Expand64[p[2]] >> 2); + if (j > 3) + *(q++) = (uint8_t)(g_Expand64[p[2]] << 6 | g_Expand64[p[3]]); + } + + // Return the length of the decoded data + *pDataLen = (int32_t)(q - (uint8_t*)*ppData); + + // Success + retStatus = CASA_STATUS_SUCCESS; } - if (!endReached) + else { - if (j > 1) - *(q++) = (uint8_t)(g_Expand64[*p] << 2 | g_Expand64[p[1]] >> 4); - if (j > 2) - *(q++) = (uint8_t)(g_Expand64[p[1]] << 4 | g_Expand64[p[2]] >> 2); - if (j > 3) - *(q++) = (uint8_t)(g_Expand64[p[2]] << 6 | g_Expand64[p[3]]); + DbgTrace(0, "-DecodeData- Buffer allocation failure\n", 0); + + retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_INSUFFICIENT_RESOURCES); } - - // Return the length of the decoded data - *pDataLen = (int32_t)(q - (uint8_t*)*ppData); - - // Success - retStatus = CASA_STATUS_SUCCESS; } else { - DbgTrace(0, "-DecodeData- Buffer allocation failure\n", 0); + DbgTrace(0, "-DecodeData- Prevented uint32 overflow\n", 0); retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_INSUFFICIENT_RESOURCES); + CASA_STATUS_UNSUCCESSFUL); } DbgTrace(3, "-DecodeData- End, retStatus = %0X\n", retStatus); diff --git a/CASA-auth-token/server/AuthTokenValidate/iden_token_provider_if.h b/CASA-auth-token/server/AuthTokenValidate/iden_token_provider_if.h index 9f9a6339..93dfabee 100644 --- a/CASA-auth-token/server/AuthTokenValidate/iden_token_provider_if.h +++ b/CASA-auth-token/server/AuthTokenValidate/iden_token_provider_if.h @@ -89,7 +89,7 @@ CasaStatus (SSCS_CALL *PFNIdenTokenIf_GetIdentityId)( IN const void *pIfInstance, INOUT char *pIdentIdBuf, - INOUT int *pIdentIdLen); + INOUT size_t *pIdentIdLen); // // Arguments: // pIfInstance - @@ -119,7 +119,7 @@ CasaStatus (SSCS_CALL *PFNIdenTokenIf_GetSourceName)( IN const void *pIfInstance, INOUT char *pSourceNameBuf, - INOUT int *pSourceNameLen); + INOUT size_t *pSourceNameLen); // // Arguments: // pIfInstance - @@ -150,7 +150,7 @@ CasaStatus (SSCS_CALL *PFNIdenTokenIf_GetSourceUrl)( IN const void *pIfInstance, INOUT char *pSourceUrlBuf, - INOUT int *pSourceUrlLen); + INOUT size_t *pSourceUrlLen); // // Arguments: // pIfInstance - @@ -179,12 +179,12 @@ CasaStatus typedef CasaStatus (SSCS_CALL *PFNIdenTokenIf_AttributeEnumerate)( - IN const void *pIfInstance, - INOUT int *pEnumHandle, - INOUT char *pAttribNameBuf, - INOUT int *pAttribNameLen, - INOUT char *pAttribValueBuf, - INOUT int *pAttribValueLen); + IN const void *pIfInstance, + INOUT unsigned int *pEnumHandle, + INOUT char *pAttribNameBuf, + INOUT size_t *pAttribNameLen, + INOUT char *pAttribValueBuf, + INOUT size_t *pAttribValueLen); // // Arguments: // pIfInstance - @@ -289,7 +289,7 @@ CasaStatus (SSCS_CALL *PFNIdenTokenProviderIf_GetIdentityTokenIf)( IN const void *pIfInstance, IN const char *pTokenBuf, - IN const int tokenLen, + IN const size_t tokenLen, INOUT IdenTokenIf **ppIdenTokenIf); // // Arguments: diff --git a/CASA-auth-token/server/AuthTokenValidate/internal.h b/CASA-auth-token/server/AuthTokenValidate/internal.h index 4244f362..703f3efa 100644 --- a/CASA-auth-token/server/AuthTokenValidate/internal.h +++ b/CASA-auth-token/server/AuthTokenValidate/internal.h @@ -166,10 +166,10 @@ PrincipalIfUninit(void); extern CasaStatus SSCS_CALL ValidateAuthToken( - IN const char *pServiceName, - IN const char *pTokenBuf, - IN const int tokenBufLen, - INOUT PrincipalIf **ppPrincipalIf); + IN const char *pServiceName, + IN const char *pTokenBuf, + IN const size_t tokenBufLen, + INOUT PrincipalIf **ppPrincipalIf); // // Functions exported by authtoken.c @@ -201,17 +201,17 @@ extern CasaStatus EncodeData( IN const void *pData, - IN const int32_t dataLen, + IN const uint32_t dataLen, INOUT char **ppEncodedData, - INOUT int32_t *pEncodedDataLen); + INOUT uint32_t *pEncodedDataLen); extern CasaStatus DecodeData( IN const char *pEncodedData, - IN const int32_t encodedDataLen, // Does not include NULL terminator + IN const uint32_t encodedDataLen, // Does not include NULL terminator INOUT void **ppData, - INOUT int32_t *pDataLen); + INOUT uint32_t *pDataLen); extern int diff --git a/CASA-auth-token/server/AuthTokenValidate/principal.c b/CASA-auth-token/server/AuthTokenValidate/principal.c index e247ce7a..a42288ed 100644 --- a/CASA-auth-token/server/AuthTokenValidate/principal.c +++ b/CASA-auth-token/server/AuthTokenValidate/principal.c @@ -164,7 +164,7 @@ CasaStatus SSCS_CALL GetIdentityId( IN const void *pIfInstance, INOUT char *pIdentIdBuf, - INOUT int *pIdentIdLen) + INOUT size_t *pIdentIdLen) // // Arguments: // pIfInstance - @@ -225,7 +225,7 @@ CasaStatus SSCS_CALL GetSourceName( IN const void *pIfInstance, INOUT char *pSourceNameBuf, - INOUT int *pSourceNameLen) + INOUT size_t *pSourceNameLen) // // Arguments: // pIfInstance - @@ -287,7 +287,7 @@ CasaStatus SSCS_CALL GetSourceUrl( IN const void *pIfInstance, INOUT char *pSourceUrlBuf, - INOUT int *pSourceUrlLen) + INOUT size_t *pSourceUrlLen) // // Arguments: // pIfInstance - @@ -347,12 +347,12 @@ exit: static CasaStatus SSCS_CALL AttributeEnumerate( - IN const void *pIfInstance, - INOUT int *pEnumHandle, - INOUT char *pAttribNameBuf, - INOUT int *pAttribNameLen, - INOUT char *pAttribValueBuf, - INOUT int *pAttribValueLen) + IN const void *pIfInstance, + INOUT unsigned int *pEnumHandle, + INOUT char *pAttribNameBuf, + INOUT size_t *pAttribNameLen, + INOUT char *pAttribValueBuf, + INOUT size_t *pAttribValueLen) // // Arguments: // pIfInstance - @@ -399,9 +399,9 @@ AttributeEnumerate( if (pIfInstance == NULL || pEnumHandle == NULL || pAttribNameLen == NULL - || (*pAttribNameLen != 0 && pAttribNameBuf == NULL + || (*pAttribNameLen != 0 && pAttribNameBuf == NULL) || pAttribValueLen == NULL - || (*pAttribValueLen != 0 && pAttribValueBuf == NULL))) + || (*pAttribValueLen != 0 && pAttribValueBuf == NULL)) { DbgTrace(0, "-AttributeEnumerate- Invalid parameter\n", 0); retStatus = CasaStatusBuild(CASA_SEVERITY_INFORMATIONAL, diff --git a/CASA-auth-token/server/AuthTokenValidate/util.c b/CASA-auth-token/server/AuthTokenValidate/util.c index a5fbf7cb..09aacd69 100644 --- a/CASA-auth-token/server/AuthTokenValidate/util.c +++ b/CASA-auth-token/server/AuthTokenValidate/util.c @@ -62,9 +62,9 @@ static const uint8_t g_Expand64[256] = CasaStatus EncodeData( IN const void *pData, - IN const int32_t dataLen, + IN const uint32_t dataLen, INOUT char **ppEncodedData, - INOUT int32_t *pEncodedDataLen) + INOUT uint32_t *pEncodedDataLen) // // Arguments: // @@ -76,7 +76,7 @@ EncodeData( //=======================================================================-- { CasaStatus retStatus; - int encodedSize; + uint32_t encodedSize; char *pTmp; DbgTrace(3, "-EncodeData- Start\n", 0); @@ -88,7 +88,7 @@ EncodeData( if (*ppEncodedData) { uint8_t *pOut, *pIn; - int i; + uint32_t i; // Setup pointers to move through the buffers pIn = (uint8_t*) pData; @@ -147,9 +147,9 @@ EncodeData( CasaStatus DecodeData( IN const char *pEncodedData, - IN const int32_t encodedDataLen, // Does not include NULL terminator + IN const uint32_t encodedDataLen, // Does not include NULL terminator INOUT void **ppData, - INOUT int32_t *pDataLen) + INOUT uint32_t *pDataLen) // // Arguments: // @@ -161,8 +161,8 @@ DecodeData( //=======================================================================-- { CasaStatus retStatus; - int i, j; - int decodedSize; + uint32_t i, j; + size_t decodedSize; DbgTrace(3, "-DecodeData- Start\n", 0); @@ -172,98 +172,110 @@ DecodeData( j++; decodedSize = (j * 3 + 3) / 4; - // Allocate buffer to hold the decoded data - *ppData = malloc(decodedSize); - if (*ppData) + // Verify that we are not going to overflow the uint32 + if (decodedSize <= UINT32_MAX) { - bool endReached = false; - uint8_t c0, c1, c2, c3; - uint8_t *p, *q; - - // Initialize parameters that will be used during the decode operation - c0 = c1 = c2 = c3 = 0; - p = (uint8_t*) pEncodedData; - q = (uint8_t*) *ppData; - - // Decode the data - // - // Loop through the data, piecing back information. Any newlines, and/or - // carriage returns need to be skipped. - while (j > 4) + // Allocate buffer to hold the decoded data + *ppData = malloc(decodedSize); + if (*ppData) { - while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p))) - p++; - if (64 == g_Expand64[*p]) - { - endReached = true; - break; - } - c0 = *(p++); + bool endReached = false; + uint8_t c0, c1, c2, c3; + uint8_t *p, *q; - while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p))) - p++; - if (64 == g_Expand64[*p]) - { - *(q++) = (uint8_t)(g_Expand64[c0] << 2); - j--; - endReached = true; - break; - } - c1 = *(p++); + // Initialize parameters that will be used during the decode operation + c0 = c1 = c2 = c3 = 0; + p = (uint8_t*) pEncodedData; + q = (uint8_t*) *ppData; - while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p))) - p++; - if (64 == g_Expand64[*p]) - { - *(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4); - *(q++) = (uint8_t)(g_Expand64[c1] << 4); - j -= 2; - endReached = true; - break; - } - c2 = *(p++); + // Decode the data + // + // Loop through the data, piecing back information. Any newlines, and/or + // carriage returns need to be skipped. + while (j > 4) + { + while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p))) + p++; + if (64 == g_Expand64[*p]) + { + endReached = true; + break; + } + c0 = *(p++); - while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p))) - p++; - if (64 == g_Expand64[*p]) - { - *(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4); - *(q++) = (uint8_t)(g_Expand64[c1] << 4 | g_Expand64[c2] >> 2); - *(q++) = (uint8_t)(g_Expand64[c2] << 6); - j -= 3; - endReached = true; - break; - } - c3 = *(p++); + while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p))) + p++; + if (64 == g_Expand64[*p]) + { + *(q++) = (uint8_t)(g_Expand64[c0] << 2); + j--; + endReached = true; + break; + } + c1 = *(p++); - *(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4); - *(q++) = (uint8_t)(g_Expand64[c1] << 4 | g_Expand64[c2] >> 2); - *(q++) = (uint8_t)(g_Expand64[c2] << 6 | g_Expand64[c3]); - j -= 4; + while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p))) + p++; + if (64 == g_Expand64[*p]) + { + *(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4); + *(q++) = (uint8_t)(g_Expand64[c1] << 4); + j -= 2; + endReached = true; + break; + } + c2 = *(p++); + + while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p))) + p++; + if (64 == g_Expand64[*p]) + { + *(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4); + *(q++) = (uint8_t)(g_Expand64[c1] << 4 | g_Expand64[c2] >> 2); + *(q++) = (uint8_t)(g_Expand64[c2] << 6); + j -= 3; + endReached = true; + break; + } + c3 = *(p++); + + *(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4); + *(q++) = (uint8_t)(g_Expand64[c1] << 4 | g_Expand64[c2] >> 2); + *(q++) = (uint8_t)(g_Expand64[c2] << 6 | g_Expand64[c3]); + j -= 4; + } + if (!endReached) + { + if (j > 1) + *(q++) = (uint8_t)(g_Expand64[*p] << 2 | g_Expand64[p[1]] >> 4); + if (j > 2) + *(q++) = (uint8_t)(g_Expand64[p[1]] << 4 | g_Expand64[p[2]] >> 2); + if (j > 3) + *(q++) = (uint8_t)(g_Expand64[p[2]] << 6 | g_Expand64[p[3]]); + } + + // Return the length of the decoded data + *pDataLen = (int32_t)(q - (uint8_t*)*ppData); + + // Success + retStatus = CASA_STATUS_SUCCESS; } - if (!endReached) + else { - if (j > 1) - *(q++) = (uint8_t)(g_Expand64[*p] << 2 | g_Expand64[p[1]] >> 4); - if (j > 2) - *(q++) = (uint8_t)(g_Expand64[p[1]] << 4 | g_Expand64[p[2]] >> 2); - if (j > 3) - *(q++) = (uint8_t)(g_Expand64[p[2]] << 6 | g_Expand64[p[3]]); + DbgTrace(0, "-DecodeData- Buffer allocation failure\n", 0); + + retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_INSUFFICIENT_RESOURCES); } - - // Return the length of the decoded data - *pDataLen = (int32_t)(q - (uint8_t*)*ppData); - - // Success - retStatus = CASA_STATUS_SUCCESS; } else { - DbgTrace(0, "-DecodeData- Buffer allocation failure\n", 0); + DbgTrace(0, "-DecodeData- Prevented uint32 overflow\n", 0); retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_INSUFFICIENT_RESOURCES); + CASA_STATUS_UNSUCCESSFUL); } DbgTrace(3, "-DecodeData- End, retStatus = %0X\n", retStatus); diff --git a/CASA-auth-token/server/AuthTokenValidate/validate.c b/CASA-auth-token/server/AuthTokenValidate/validate.c index fe541ec9..657c3f4b 100644 --- a/CASA-auth-token/server/AuthTokenValidate/validate.c +++ b/CASA-auth-token/server/AuthTokenValidate/validate.c @@ -73,7 +73,7 @@ CasaStatus SSCS_CALL ValidateAuthToken( IN const char *pServiceName, IN const char *pTokenBuf, - IN const int tokenBufLen, + IN const size_t tokenBufLen, INOUT PrincipalIf **ppPrincipalIf) // // Arguments: @@ -108,7 +108,7 @@ ValidateAuthToken( { CasaStatus retStatus; char *pDecodedTokenBuf; - int32_t decodedTokenBufLen; + uint32_t decodedTokenBufLen; PrincipalIf *pPrincipalIf; DbgTrace(1, "-ValidateAuthToken- Start\n", 0); @@ -117,7 +117,8 @@ ValidateAuthToken( if (pServiceName == NULL || pTokenBuf == NULL || tokenBufLen == 0 - || tokenBufLen > INT32_MAX + || tokenBufLen > UINT32_MAX + || tokenBufLen == 0 || ppPrincipalIf == NULL) { DbgTrace(0, "-ValidateAuthToken- Invalid input parameter\n", 0); @@ -263,8 +264,8 @@ ValidateAuthToken( &decodedTokenBufLen); if (CASA_SUCCESS(retStatus)) { - char *pIdenTokenData; - int32_t idenTokenDataLen; + char *pIdenTokenData; + uint32_t idenTokenDataLen; // Assume failure retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, @@ -289,7 +290,9 @@ ValidateAuthToken( // The authentication token was validated, now obtain // Identity Token Provider interface. retStatus = GetIdenTokenProviderInterface("CasaIdentityToken", // tbd - Hard code until we enhance the protocol with the atvs to also return this information. - &pIdenTokenProviderIf); + &pIdenTokenProviderIf); // IMPORTANT: Protect against invalid token type names when this is implemented. Invalid token + // names would contain something like "../" as part of the string to try to get us to open an + // malicious token provider library. if (CASA_SUCCESS(retStatus)) { IdenTokenIf *pIdenTokenIf; diff --git a/CASA-auth-token/server/PamSupport/pam_authtoken.c b/CASA-auth-token/server/PamSupport/pam_authtoken.c index b6839891..57744e02 100644 --- a/CASA-auth-token/server/PamSupport/pam_authtoken.c +++ b/CASA-auth-token/server/PamSupport/pam_authtoken.c @@ -280,7 +280,7 @@ pam_sm_authenticate(pam_handle_t *pamh, &pPrincipalIf); if (CASA_SUCCESS(casaStatus)) { - int buffLen; + size_t buffLen; // Assume success retStatus = PAM_SUCCESS; @@ -444,9 +444,9 @@ pam_sm_authenticate(pam_handle_t *pamh, if (retStatus == PAM_SUCCESS) { - char *pBuff; - int enumHandle = 0; - int buff2Len; + char *pBuff; + unsigned int enumHandle = 0; + size_t buff2Len; while (retStatus == PAM_SUCCESS) { diff --git a/CASA-auth-token/server/include/casa_c_ipc.h b/CASA-auth-token/server/include/casa_c_ipc.h index d3d57855..1b0cf3be 100644 --- a/CASA-auth-token/server/include/casa_c_ipc.h +++ b/CASA-auth-token/server/include/casa_c_ipc.h @@ -75,7 +75,6 @@ IpcClientOpenUnixRemoteEndPoint( // this procedure. // //=======================================================================-- - typedef int (*PFN_IpcClientOpenUnixRemoteEndPoint)( @@ -160,9 +159,9 @@ int IpcClientSubmitReq( IN uint32_t endPointHandle, IN char *pClientData, - IN int32_t clientDataLen, + IN uint32_t clientDataLen, INOUT char **ppServerData, - INOUT int32_t *pServerDataLen); + INOUT uint32_t *pServerDataLen); // // Arguments In: endPointHandle - Handle of the remote endpoint that will // be the target of the request. @@ -202,9 +201,9 @@ int (*PFN_IpcClientSubmitReq)( IN uint32_t endPointHandle, IN char *pClientData, - IN int32_t clientDataLen, + IN uint32_t clientDataLen, INOUT char **ppServerData, - INOUT int32_t *pServerDataLen); + INOUT uint32_t *pServerDataLen); //++======================================================================= diff --git a/CASA-auth-token/server/include/casa_s_authtoken.h b/CASA-auth-token/server/include/casa_s_authtoken.h index b0d29954..3dee887e 100644 --- a/CASA-auth-token/server/include/casa_s_authtoken.h +++ b/CASA-auth-token/server/include/casa_s_authtoken.h @@ -102,7 +102,7 @@ CasaStatus (SSCS_CALL *PFNPrincipalIf_GetIdentityId)( IN const void *pIfInstance, INOUT char *pIdentIdBuf, - INOUT int *pIdentIdLen); + INOUT size_t *pIdentIdLen); // // Arguments: // pIfInstance - @@ -132,7 +132,7 @@ CasaStatus (SSCS_CALL *PFNPrincipalIf_GetSourceName)( IN const void *pIfInstance, INOUT char *pSourceNameBuf, - INOUT int *pSourceNameLen); + INOUT size_t *pSourceNameLen); // // Arguments: // pIfInstance - @@ -163,7 +163,7 @@ CasaStatus (SSCS_CALL *PFNPrincipalIf_GetSourceUrl)( IN const void *pIfInstance, INOUT char *pSourceUrlBuf, - INOUT int *pSourceUrlLen); + INOUT size_t *pSourceUrlLen); // // Arguments: // pIfInstance - @@ -192,12 +192,12 @@ CasaStatus typedef CasaStatus (SSCS_CALL *PFNPrincipalIf_AttributeEnumerate)( - IN const void *pIfInstance, - INOUT int *pEnumHandle, - INOUT char *pAttribNameBuf, - INOUT int *pAttribNameLen, - INOUT char *pAttribValueBuf, - INOUT int *pAttribValueLen); + IN const void *pIfInstance, + INOUT unsigned int *pEnumHandle, + INOUT char *pAttribNameBuf, + INOUT size_t *pAttribNameLen, + INOUT char *pAttribValueBuf, + INOUT size_t *pAttribValueLen); // // Arguments: // pIfInstance - @@ -262,10 +262,10 @@ typedef struct _PrincipalIf //++======================================================================= extern CasaStatus SSCS_CALL ValidateAuthToken( - IN const char *pServiceName, - IN const char *pTokenBuf, - IN const int tokenBufLen, - INOUT PrincipalIf **ppPrincipalIf); + IN const char *pServiceName, + IN const char *pTokenBuf, + IN const size_t tokenBufLen, + INOUT PrincipalIf **ppPrincipalIf); // // Arguments: // pServiceName - diff --git a/CASA-auth-token/server/utilities/IpcLibs/linux/client/cchannel.cpp b/CASA-auth-token/server/utilities/IpcLibs/linux/client/cchannel.cpp index 7fdaf885..679e83ea 100644 --- a/CASA-auth-token/server/utilities/IpcLibs/linux/client/cchannel.cpp +++ b/CASA-auth-token/server/utilities/IpcLibs/linux/client/cchannel.cpp @@ -390,9 +390,9 @@ CChannel::connectionThread( { CChannel *pCChannel = *pSmartCChannel; bool doneReceivingData = false; - int32_t bytesReceived; + size_t bytesReceived; uint32_t reqId; - int32_t payloadLength; + uint32_t payloadLength; unsigned long totalPayloadBytesReceived = 0; char reqDataPktHdr[ReqDataPktHdrTemplate.length()]; char *pRecvBuff; @@ -747,7 +747,7 @@ CChannel::submitReq( uint32_t reqId, ClientReq &clientReq, char *pClientData, - int32_t clientDataLen) + uint32_t clientDataLen) // // Arguments: // diff --git a/CASA-auth-token/server/utilities/IpcLibs/linux/client/cchannel.h b/CASA-auth-token/server/utilities/IpcLibs/linux/client/cchannel.h index b82ba6fe..4e0f368d 100644 --- a/CASA-auth-token/server/utilities/IpcLibs/linux/client/cchannel.h +++ b/CASA-auth-token/server/utilities/IpcLibs/linux/client/cchannel.h @@ -222,7 +222,7 @@ public: int submitReq(uint32_t reqId, ClientReq &clientReq, char *pClientData, - int32_t clientDataLen); + uint32_t clientDataLen); // // Remove Request routine @@ -237,30 +237,6 @@ public: // void removeReq(uint32_t reqId); - // - // Send Data routine - // - // Parameters: - // reqId (input) - - // Id of the Request. - // - // pClientData (input) - - // Pointer to client data that must be sent to - // the server. Buffer is NEVER released - // by the procedure. - // - // clientDataLen (input) - - // Length of the client data. - // - // - // Abstract: Sends data to the server for a previously - // submitted Request. - // - // Returns: 0 if successful. - // - int sendData(uint32_t reqId, - char *pClientData, - int clientDataLen); }; typedef SmartPtr SmartCChannel; diff --git a/CASA-auth-token/server/utilities/IpcLibs/linux/client/client.cpp b/CASA-auth-token/server/utilities/IpcLibs/linux/client/client.cpp index 81a3e02f..9a36e469 100644 --- a/CASA-auth-token/server/utilities/IpcLibs/linux/client/client.cpp +++ b/CASA-auth-token/server/utilities/IpcLibs/linux/client/client.cpp @@ -152,22 +152,36 @@ IpcClientOpenUnixRemoteEndPoint( pSocketFileName)); // Allocate a handle for the endpoint - uint32_t handle = remoteEndPointHandleAllocator ++; + uint32_t handle = remoteEndPointHandleAllocator + 1; - // Insert the new RemoteEndPoint into the REP map - REPIterBoolPair insertResult; - insertResult = repMap.insert(make_pair(handle, pSmartRemoteEndPoint)); - if (!insertResult.second) + // Protect against wrap-around + if (handle != 0) { - // Insertion failed - DbgTrace(0, "IpcClientOpenUnixRemoteEndPoint- Unable to insert RemoteEndPoint into REP\n", 0); - delete pSmartRemoteEndPoint; + // Insert the new RemoteEndPoint into the REP map + REPIterBoolPair insertResult; + insertResult = repMap.insert(make_pair(handle, pSmartRemoteEndPoint)); + if (!insertResult.second) + { + // Insertion failed + DbgTrace(0, "IpcClientOpenUnixRemoteEndPoint- Unable to insert RemoteEndPoint into REP\n", 0); + delete pSmartRemoteEndPoint; + } + else + { + // RemoteEndPoint inserted in the REP map, success. + // + // Consume the allocated handle + remoteEndPointHandleAllocator ++; + *pEndPointHandle = handle; + + retStatus = 0; + } } else { - // RemoteEndPoint inserted in the REP map, success. - *pEndPointHandle = handle; - retStatus = 0; + // Handle allocator wrap-around prevented + DbgTrace(0, "IpcClientOpenUnixRemoteEndPoint- Handle allocator wrap-around prevented\n", 0); + delete pSmartRemoteEndPoint; } } catch (...) { DbgTrace(0, "IpcClientOpenUnixRemoteEndPoint- Exception caught\n", 0); @@ -254,22 +268,35 @@ IpcClientOpenInetRemoteEndPoint( address)); // Allocate a handle for the endpoint - uint32_t handle = remoteEndPointHandleAllocator ++; + uint32_t handle = remoteEndPointHandleAllocator + 1; - // Insert the new RemoteEndPoint into the REP map - REPIterBoolPair insertResult; - insertResult = repMap.insert(make_pair(handle, pSmartRemoteEndPoint)); - if (!insertResult.second) + // Protect against wrap-around + if (handle != 0) { - // Insertion failed - DbgTrace(0, "IpcClientOpenInetRemoteEndPoint- Unable to insert RemoteEndPoint into REP\n", 0); - delete pSmartRemoteEndPoint; + // Insert the new RemoteEndPoint into the REP map + REPIterBoolPair insertResult; + insertResult = repMap.insert(make_pair(handle, pSmartRemoteEndPoint)); + if (!insertResult.second) + { + // Insertion failed + DbgTrace(0, "IpcClientOpenInetRemoteEndPoint- Unable to insert RemoteEndPoint into REP\n", 0); + delete pSmartRemoteEndPoint; + } + else + { + // RemoteEndPoint inserted in the REP map, success. + // + // Consume the allocated handle + remoteEndPointHandleAllocator ++; + *pEndPointHandle = handle; + retStatus = 0; + } } else { - // RemoteEndPoint inserted in the REP map, success. - *pEndPointHandle = handle; - retStatus = 0; + // Handle allocator wrap-around prevented + DbgTrace(0, "IpcClientOpenInetRemoteEndPoint- Handle allocator wrap-around prevented\n", 0); + delete pSmartRemoteEndPoint; } } catch (...) { DbgTrace(0, "IpcClientOpenInetRemoteEndPoint- Exception caught\n", 0); @@ -366,9 +393,9 @@ int IpcClientSubmitReq( IN uint32_t endPointHandle, IN char *pClientData, - IN int32_t clientDataLen, + IN uint32_t clientDataLen, INOUT char **ppServerData, - INOUT int32_t *pServerDataLen) + INOUT uint32_t *pServerDataLen) // // Arguments In: endPointHandle - Handle of the remote endpoint that will // be the target of the request. diff --git a/CASA-auth-token/server/utilities/IpcLibs/linux/client/clientreq.cpp b/CASA-auth-token/server/utilities/IpcLibs/linux/client/clientreq.cpp index 6caee71a..36347011 100644 --- a/CASA-auth-token/server/utilities/IpcLibs/linux/client/clientreq.cpp +++ b/CASA-auth-token/server/utilities/IpcLibs/linux/client/clientreq.cpp @@ -142,7 +142,7 @@ ClientReq::~ClientReq(void) void ClientReq::processServerData( char *pServerData, - int32_t serverDataLength) + uint32_t serverDataLength) // // Arguments: // @@ -230,7 +230,7 @@ ClientReq::processError(void) int ClientReq::waitForCompletion( char **ppResponseData, - int32_t *pResponseDataLength) + uint32_t *pResponseDataLength) // // Arguments: // diff --git a/CASA-auth-token/server/utilities/IpcLibs/linux/client/clientreq.h b/CASA-auth-token/server/utilities/IpcLibs/linux/client/clientreq.h index b76ef094..05ad0035 100644 --- a/CASA-auth-token/server/utilities/IpcLibs/linux/client/clientreq.h +++ b/CASA-auth-token/server/utilities/IpcLibs/linux/client/clientreq.h @@ -52,7 +52,7 @@ class ClientReq // Server Data char *m_pServerData; - int32_t m_serverDataLen; + uint32_t m_serverDataLen; // Flag indicating the state of the submitting // thread. @@ -114,7 +114,7 @@ public: // Returns: Nothing. // void processServerData(char *pServerData, - int32_t serverDataLength); + uint32_t serverDataLength); // // Process Error routine @@ -147,7 +147,7 @@ public: // -1 == Request did not complete gracefully // int waitForCompletion(char **ppResponseData, - int32_t *pResponseDataLength); + uint32_t *pResponseDataLength); // // Completion status diff --git a/CASA-auth-token/server/utilities/IpcLibs/linux/client/remoteendpoint.cpp b/CASA-auth-token/server/utilities/IpcLibs/linux/client/remoteendpoint.cpp index eed3cc49..96964a12 100644 --- a/CASA-auth-token/server/utilities/IpcLibs/linux/client/remoteendpoint.cpp +++ b/CASA-auth-token/server/utilities/IpcLibs/linux/client/remoteendpoint.cpp @@ -336,9 +336,9 @@ RemoteEndPoint::getCChannel(void) int RemoteEndPoint::submitReq( char *pClientData, - int32_t clientDataLen, + uint32_t clientDataLen, char **ppServerData, - int32_t *pServerDataLen) + uint32_t *pServerDataLen) // // Arguments: // diff --git a/CASA-auth-token/server/utilities/IpcLibs/linux/client/remoteendpoint.h b/CASA-auth-token/server/utilities/IpcLibs/linux/client/remoteendpoint.h index f88d9d19..cb23bcc7 100644 --- a/CASA-auth-token/server/utilities/IpcLibs/linux/client/remoteendpoint.h +++ b/CASA-auth-token/server/utilities/IpcLibs/linux/client/remoteendpoint.h @@ -186,9 +186,9 @@ public: // Note: The routine blocks until the request completes. // int submitReq(char *pClientData, - int32_t clientDataLen, + uint32_t clientDataLen, char **ppServerData, - int32_t *pServerDataLen); + uint32_t *pServerDataLen); }; typedef SmartPtr SmartRemoteEndPoint; diff --git a/CASA-auth-token/server/utilities/IpcLibs/linux/common/channelproto.cpp b/CASA-auth-token/server/utilities/IpcLibs/linux/common/channelproto.cpp index 1815a900..519ce0e5 100644 --- a/CASA-auth-token/server/utilities/IpcLibs/linux/common/channelproto.cpp +++ b/CASA-auth-token/server/utilities/IpcLibs/linux/common/channelproto.cpp @@ -60,7 +60,7 @@ string ReqErrorPktHdrTemplate = "Type02\r\nReqIdHdr =XXXXXXXX\r\nPayloadLength int ChannelProto::buildReqDataPktHdr( uint32_t reqId, - int32_t payloadLength, + uint32_t payloadLength, char *pPktHdr) // // Arguments: @@ -133,7 +133,7 @@ ChannelProto::buildReqDataPktHdr( int ChannelProto::buildReqErrorPktHdr( uint32_t reqId, - int32_t payloadLength, + uint32_t payloadLength, char *pPktHdr) // // Arguments: @@ -281,7 +281,7 @@ ChannelProto::getReqIdAndPayloadLength( char *pBuff, int hdrLength, uint32_t *pReqId, - int32_t *pPayloadLength) + uint32_t *pPayloadLength) // // Arguments: // @@ -385,16 +385,16 @@ ChannelProto::getReqIdAndPayloadLength( // Convert the value to hex errno = 0; - long int value = strtol(pValue, NULL, 16); + unsigned long int value = strtoul(pValue, NULL, 16); if (errno != 0 - || value > INT32_MAX) + || value > UINT32_MAX) { DbgTrace(0, "ChannelProto::getReqIdAndPayloadLength- Invalid payloadLength value, %s\n", pValue); break; } // Use the value - *pPayloadLength = (int32_t) value; + *pPayloadLength = (uint32_t) value; // Undo the damage that we did *(pCurr-2) = '\r'; diff --git a/CASA-auth-token/server/utilities/IpcLibs/linux/common/channelproto.h b/CASA-auth-token/server/utilities/IpcLibs/linux/common/channelproto.h index d53349ee..e15bdd68 100644 --- a/CASA-auth-token/server/utilities/IpcLibs/linux/common/channelproto.h +++ b/CASA-auth-token/server/utilities/IpcLibs/linux/common/channelproto.h @@ -80,7 +80,7 @@ public: // Returns: 0 if successful. // static int buildReqDataPktHdr(uint32_t reqId, - int32_t payloadLength, + uint32_t payloadLength, char *pPktHdr); // @@ -104,7 +104,7 @@ public: // Returns: 0 if successful. // static int buildReqErrorPktHdr(uint32_t reqId, - int32_t payloadLength, + uint32_t payloadLength, char *pPktHdr); // @@ -148,7 +148,7 @@ public: static bool getReqIdAndPayloadLength(char *pBuff, int hdrLength, uint32_t *pReqId, - int32_t *pPayloadLength); + uint32_t *pPayloadLength); }; diff --git a/CASA-auth-token/server/utilities/IpcLibs/linux/server/schannel.cpp b/CASA-auth-token/server/utilities/IpcLibs/linux/server/schannel.cpp index 98b2ef03..b2ed2d34 100644 --- a/CASA-auth-token/server/utilities/IpcLibs/linux/server/schannel.cpp +++ b/CASA-auth-token/server/utilities/IpcLibs/linux/server/schannel.cpp @@ -234,10 +234,10 @@ SChannel::connectionThread( { SChannel *pSChannel = *pSmartSChannel; bool doneReceivingData = false; - int32_t bytesReceived; + size_t bytesReceived; unsigned long bytesSent; uint32_t reqId; - int32_t payloadLength; + uint32_t payloadLength; unsigned long totalPayloadBytesReceived = 0; char reqDataPktHdr[ReqDataPktHdrTemplate.length()]; char reqErrorPktHdr[ReqErrorPktHdrTemplate.length()]; @@ -520,7 +520,7 @@ int SChannel::sendReplyData( uint32_t reqId, char *pServerData, - int32_t serverDataLen) + uint32_t serverDataLen) // // Arguments: // diff --git a/CASA-auth-token/server/utilities/IpcLibs/linux/server/schannel.h b/CASA-auth-token/server/utilities/IpcLibs/linux/server/schannel.h index 963256d4..f99a48b4 100644 --- a/CASA-auth-token/server/utilities/IpcLibs/linux/server/schannel.h +++ b/CASA-auth-token/server/utilities/IpcLibs/linux/server/schannel.h @@ -150,7 +150,7 @@ public: // int sendReplyData(uint32_t reqId, char *pServerData, - int32_t serverDataLen); + uint32_t serverDataLen); // // Send Reply Error routine diff --git a/CASA-auth-token/server/utilities/IpcLibs/linux/server/server.cpp b/CASA-auth-token/server/utilities/IpcLibs/linux/server/server.cpp index 987e63b2..2a5d009b 100644 --- a/CASA-auth-token/server/utilities/IpcLibs/linux/server/server.cpp +++ b/CASA-auth-token/server/utilities/IpcLibs/linux/server/server.cpp @@ -847,7 +847,7 @@ IpcServerGetRequestData( // L2 //=======================================================================-- { - int32_t reqDataLen = 0; + uint32_t reqDataLen = 0; DbgTrace(1, "IpcServerGetRequestData- Start, requestId = %0X\n", requestId); diff --git a/CASA-auth-token/server/utilities/IpcLibs/linux/server/serverreq.cpp b/CASA-auth-token/server/utilities/IpcLibs/linux/server/serverreq.cpp index adc29670..9d2b9396 100644 --- a/CASA-auth-token/server/utilities/IpcLibs/linux/server/serverreq.cpp +++ b/CASA-auth-token/server/utilities/IpcLibs/linux/server/serverreq.cpp @@ -61,7 +61,7 @@ ServerReq::ServerReq( SChannel *pSChannel, uint32_t reqId, char *pClientData, - int32_t clientDataLength) : + uint32_t clientDataLength) : m_signature (SERVER_REQ_SIGNATURE), m_reqId (reqId), @@ -125,7 +125,7 @@ ServerReq::~ServerReq(void) //++======================================================================= -int +uint32_t ServerReq::getReqData( char **ppClientData) // diff --git a/CASA-auth-token/server/utilities/IpcLibs/linux/server/serverreq.h b/CASA-auth-token/server/utilities/IpcLibs/linux/server/serverreq.h index adb1ed5d..74da8537 100644 --- a/CASA-auth-token/server/utilities/IpcLibs/linux/server/serverreq.h +++ b/CASA-auth-token/server/utilities/IpcLibs/linux/server/serverreq.h @@ -58,7 +58,7 @@ class ServerReq // Request Client Data char *m_pClientData; - int32_t m_clientDataLength; + uint32_t m_clientDataLength; public: @@ -90,7 +90,7 @@ public: ServerReq(SChannel *pSChannel, uint32_t reqId, char *pClientData, - int32_t clientDataLength); + uint32_t clientDataLength); // // Get request Data routine @@ -105,7 +105,7 @@ public: // // Returns: The length of the client request data. 0 if not successful. // - int getReqData(char **ppClientData); + uint32_t getReqData(char **ppClientData); // // Complete Request routine