geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Changes to address issues brought up by the security review.

Browse Source
This commit is contained in:
Juan Carlos Luciani
2007-02-06 22:52:44 +00:00
parent 51ffdf0702
commit 44ee58ef5f
28 changed files with 386 additions and 344 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CASA-auth-token/server/AuthTokenValidate/Svc/linux/server.cpp
View File

@@ -130,8 +130,8 @@ ServiceRequests(void)
{
// Helper class found, now get the id of the method that we invoke
jmethodID mId = g_env->GetStaticMethodID(helperClass,
authTokenClassValidateMethodName,
"(Ljava/lang/String;)Ljava/lang/String;");
authTokenClassValidateMethodName,
"(Ljava/lang/String;)Ljava/lang/String;");
if (mId)
{
// Loop until told to terminate

58
CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/identoken.c
View File

@@ -73,9 +73,9 @@ typedef struct _Attribute
{
LIST_ENTRY listEntry;
char *pAttribName;
int attribNameLen;
size_t attribNameLen;
char *pAttribValue;
int attribValueLen;
size_t attribValueLen;
} Attribute, *PAttribute;
@@ -87,15 +87,15 @@ typedef struct _IdenTokenIfInstance
{
int refCount;
char *pIdentId;
int identIdLen;
size_t identIdLen;
char *pIdentSourceName;
int identSourceNameLen;
size_t identSourceNameLen;
char *pIdentSourceUrl;
int identSourceUrlLen;
size_t identSourceUrlLen;
char *pTargetService;
int targetServiceLen;
size_t targetServiceLen;
char *pTargetHost;
int targetHostLen;
size_t targetHostLen;
LIST_ENTRY attributeListHead;
IdenTokenIf idenTokenIf;
@@ -109,7 +109,7 @@ typedef struct _IdenTokenParse
{
XML_Parser p;
int state;
int elementDataProcessed;
size_t elementDataProcessed;
IdenTokenIfInstance *pIdenTokenIfInstance;
CasaStatus status;
@@ -377,7 +377,7 @@ ConsumeElementData(
IN const XML_Char *s,
IN int len,
INOUT char **ppElementData,
INOUT int *pElementDataLen)
INOUT size_t *pElementDataLen)
//
// Arguments:
//
@@ -424,7 +424,7 @@ ConsumeElementData(
char *pNewBuf;
// We have already received token data, append this data to it.
pNewBuf = (char*) malloc(pIdenTokenParse->elementDataProcessed + len + 1);
pNewBuf = (char*) malloc((size_t)(pIdenTokenParse->elementDataProcessed + len + 1));
if (pNewBuf)
{
memset(pNewBuf,
@@ -860,7 +860,7 @@ CasaStatus SSCS_CALL
GetIdentityId(
IN const void *pIfInstance,
INOUT char *pIdentIdBuf,
INOUT int *pIdentIdLen)
INOUT size_t *pIdentIdLen)
//
// Arguments:
// pIfInstance -
@@ -935,7 +935,7 @@ CasaStatus SSCS_CALL
GetSourceName(
IN const void *pIfInstance,
INOUT char *pSourceNameBuf,
INOUT int *pSourceNameLen)
INOUT size_t *pSourceNameLen)
//
// Arguments:
// pIfInstance -
@@ -1011,7 +1011,7 @@ CasaStatus SSCS_CALL
GetSourceUrl(
IN const void *pIfInstance,
INOUT char *pSourceUrlBuf,
INOUT int *pSourceUrlLen)
INOUT size_t *pSourceUrlLen)
//
// Arguments:
// pIfInstance -
@@ -1085,12 +1085,12 @@ exit:
static
CasaStatus SSCS_CALL
AttributeEnumerate(
IN const void *pIfInstance,
INOUT int *pEnumHandle,
INOUT char *pAttribNameBuf,
INOUT int *pAttribNameLen,
INOUT char *pAttribValueBuf,
INOUT int *pAttribValueLen)
IN const void *pIfInstance,
INOUT unsigned int *pEnumHandle,
INOUT char *pAttribNameBuf,
INOUT size_t *pAttribNameLen,
INOUT char *pAttribValueBuf,
INOUT size_t *pAttribValueLen)
//
// Arguments:
// pIfInstance -
@@ -1231,9 +1231,9 @@ exit:
//++=======================================================================
CasaStatus
GetIdenTokenInterface(
IN const char *pTokenBuf,
IN const int tokenLen,
INOUT IdenTokenIf **ppIdenTokenIf)
IN const char *pTokenBuf,
IN const size_t tokenLen,
INOUT IdenTokenIf **ppIdenTokenIf)
//
// Arguments:
//
@@ -1252,6 +1252,16 @@ GetIdenTokenInterface(
DbgTrace(2, "-GetIdenTokenInterface- Start\n", 0);
// Verify that the token is not too large for the parser
if (tokenLen > INT32_MAX)
{
DbgTrace(0, "-GetIdenTokenInterface- Token too large\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_INFORMATIONAL,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_UNSUCCESSFUL);
goto exit;
}
// Create a IdenTokenIfInstance object for it.
pIdenTokenIfInstance = malloc(sizeof(*pIdenTokenIfInstance));
if (pIdenTokenIfInstance)
@@ -1314,7 +1324,7 @@ GetIdenTokenInterface(
XML_SetUserData(p, &idenTokenParse);
// Parse the document
if (XML_Parse(p, pTokenBuf, tokenLen, 1) == XML_STATUS_OK)
if (XML_Parse(p, pTokenBuf, (int) tokenLen, 1) == XML_STATUS_OK)
{
// Verify that the parse operation completed successfully
if (idenTokenParse.state == DONE_PARSING)
@@ -1385,6 +1395,8 @@ GetIdenTokenInterface(
CASA_STATUS_INSUFFICIENT_RESOURCES);
}
exit:
DbgTrace(2, "-GetIdenTokenInterface- End, retStatus = %0X\n", retStatus);
return retStatus;

5
CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/identokenprovider.c
View File

@@ -147,7 +147,7 @@ CasaStatus
GetIdentityTokenIf(
IN const void *pIfInstance,
IN const char *pTokenBuf,
IN const int tokenLen,
IN const size_t tokenLen,
INOUT IdenTokenIf **ppIdenTokenIf)
//
// Arguments:
@@ -175,13 +175,14 @@ GetIdentityTokenIf(
{
CasaStatus retStatus;
char *pDecodedTokenBuf;
int decodedTokenBufLen;
uint32_t decodedTokenBufLen;
DbgTrace(2, "-GetIdentityTokenIf- Start\n", 0);
// Validate input parameters
if (pIfInstance == NULL
|| pTokenBuf == NULL
|| tokenLen > UINT32_MAX
|| tokenLen == 0
|| ppIdenTokenIf == NULL)
{

14
CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/internal.h
View File

@@ -57,9 +57,9 @@ extern int DebugLevel;
extern
CasaStatus
GetIdenTokenInterface(
IN const char *pTokenBuf,
IN const int tokenLen,
INOUT IdenTokenIf **ppIdenTokenIf);
IN const char *pTokenBuf,
IN const uint32_t tokenLen,
INOUT IdenTokenIf **ppIdenTokenIf);
extern
CasaStatus
@@ -77,17 +77,17 @@ extern
CasaStatus
EncodeData(
IN const void *pData,
IN const int32_t dataLen,
IN const uint32_t dataLen,
INOUT char **ppEncodedData,
INOUT int32_t *pEncodedDataLen);
INOUT uint32_t *pEncodedDataLen);
extern
CasaStatus
DecodeData(
IN const char *pEncodedData,
IN const int32_t encodedDataLen, // Does not include NULL terminator
IN const uint32_t encodedDataLen, // Does not include NULL terminator
INOUT void **ppData,
INOUT int32_t *pDataLen);
INOUT uint32_t *pDataLen);
extern
int

180
CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/util.c
View File

@@ -62,9 +62,9 @@ static const uint8_t g_Expand64[256] =
CasaStatus
EncodeData(
IN const void *pData,
IN const int32_t dataLen,
IN const uint32_t dataLen,
INOUT char **ppEncodedData,
INOUT int32_t *pEncodedDataLen)
INOUT uint32_t *pEncodedDataLen)
//
// Arguments:
//
@@ -88,7 +88,7 @@ EncodeData(
if (*ppEncodedData)
{
uint8_t *pOut, *pIn;
int i;
uint32_t i;
// Setup pointers to move through the buffers
pIn = (uint8_t*) pData;
@@ -147,9 +147,9 @@ EncodeData(
CasaStatus
DecodeData(
IN const char *pEncodedData,
IN const int32_t encodedDataLen, // Does not include NULL terminator
IN const uint32_t encodedDataLen, // Does not include NULL terminator
INOUT void **ppData,
INOUT int32_t *pDataLen)
INOUT uint32_t *pDataLen)
//
// Arguments:
//
@@ -161,8 +161,8 @@ DecodeData(
//=======================================================================--
{
CasaStatus retStatus;
int i, j;
int decodedSize;
uint32_t i, j;
size_t decodedSize;
DbgTrace(3, "-DecodeData- Start\n", 0);
@@ -172,98 +172,110 @@ DecodeData(
j++;
decodedSize = (j * 3 + 3) / 4;
// Allocate buffer to hold the decoded data
*ppData = malloc(decodedSize);
if (*ppData)
// Verify that we are not going to overflow the uint32
if (decodedSize <= UINT32_MAX)
{
bool endReached = false;
uint8_t c0, c1, c2, c3;
uint8_t *p, *q;
// Initialize parameters that will be used during the decode operation
c0 = c1 = c2 = c3 = 0;
p = (uint8_t*) pEncodedData;
q = (uint8_t*) *ppData;
// Decode the data
//
// Loop through the data, piecing back information. Any newlines, and/or
// carriage returns need to be skipped.
while (j > 4)
// Allocate buffer to hold the decoded data
*ppData = malloc(decodedSize);
if (*ppData)
{
while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p)))
p++;
if (64 == g_Expand64[*p])
{
endReached = true;
break;
}
c0 = *(p++);
bool endReached = false;
uint8_t c0, c1, c2, c3;
uint8_t *p, *q;
while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p)))
p++;
if (64 == g_Expand64[*p])
{
*(q++) = (uint8_t)(g_Expand64[c0] << 2);
j--;
endReached = true;
break;
}
c1 = *(p++);
// Initialize parameters that will be used during the decode operation
c0 = c1 = c2 = c3 = 0;
p = (uint8_t*) pEncodedData;
q = (uint8_t*) *ppData;
while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p)))
p++;
if (64 == g_Expand64[*p])
{
*(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4);
*(q++) = (uint8_t)(g_Expand64[c1] << 4);
j -= 2;
endReached = true;
break;
}
c2 = *(p++);
// Decode the data
//
// Loop through the data, piecing back information. Any newlines, and/or
// carriage returns need to be skipped.
while (j > 4)
{
while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p)))
p++;
if (64 == g_Expand64[*p])
{
endReached = true;
break;
}
c0 = *(p++);
while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p)))
p++;
if (64 == g_Expand64[*p])
{
*(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4);
*(q++) = (uint8_t)(g_Expand64[c1] << 4 | g_Expand64[c2] >> 2);
*(q++) = (uint8_t)(g_Expand64[c2] << 6);
j -= 3;
endReached = true;
break;
}
c3 = *(p++);
while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p)))
p++;
if (64 == g_Expand64[*p])
{
*(q++) = (uint8_t)(g_Expand64[c0] << 2);
j--;
endReached = true;
break;
}
c1 = *(p++);
*(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4);
*(q++) = (uint8_t)(g_Expand64[c1] << 4 | g_Expand64[c2] >> 2);
*(q++) = (uint8_t)(g_Expand64[c2] << 6 | g_Expand64[c3]);
j -= 4;
while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p)))
p++;
if (64 == g_Expand64[*p])
{
*(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4);
*(q++) = (uint8_t)(g_Expand64[c1] << 4);
j -= 2;
endReached = true;
break;
}
c2 = *(p++);
while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p)))
p++;
if (64 == g_Expand64[*p])
{
*(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4);
*(q++) = (uint8_t)(g_Expand64[c1] << 4 | g_Expand64[c2] >> 2);
*(q++) = (uint8_t)(g_Expand64[c2] << 6);
j -= 3;
endReached = true;
break;
}
c3 = *(p++);
*(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4);
*(q++) = (uint8_t)(g_Expand64[c1] << 4 | g_Expand64[c2] >> 2);
*(q++) = (uint8_t)(g_Expand64[c2] << 6 | g_Expand64[c3]);
j -= 4;
}
if (!endReached)
{
if (j > 1)
*(q++) = (uint8_t)(g_Expand64[*p] << 2 | g_Expand64[p[1]] >> 4);
if (j > 2)
*(q++) = (uint8_t)(g_Expand64[p[1]] << 4 | g_Expand64[p[2]] >> 2);
if (j > 3)
*(q++) = (uint8_t)(g_Expand64[p[2]] << 6 | g_Expand64[p[3]]);
}
// Return the length of the decoded data
*pDataLen = (int32_t)(q - (uint8_t*)*ppData);
// Success
retStatus = CASA_STATUS_SUCCESS;
}
if (!endReached)
else
{
if (j > 1)
*(q++) = (uint8_t)(g_Expand64[*p] << 2 | g_Expand64[p[1]] >> 4);
if (j > 2)
*(q++) = (uint8_t)(g_Expand64[p[1]] << 4 | g_Expand64[p[2]] >> 2);
if (j > 3)
*(q++) = (uint8_t)(g_Expand64[p[2]] << 6 | g_Expand64[p[3]]);
DbgTrace(0, "-DecodeData- Buffer allocation failure\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES);
}
// Return the length of the decoded data
*pDataLen = (int32_t)(q - (uint8_t*)*ppData);
// Success
retStatus = CASA_STATUS_SUCCESS;
}
else
{
DbgTrace(0, "-DecodeData- Buffer allocation failure\n", 0);
DbgTrace(0, "-DecodeData- Prevented uint32 overflow\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES);
CASA_STATUS_UNSUCCESSFUL);
}
DbgTrace(3, "-DecodeData- End, retStatus = %0X\n", retStatus);

20
CASA-auth-token/server/AuthTokenValidate/iden_token_provider_if.h
View File

@@ -89,7 +89,7 @@ CasaStatus
(SSCS_CALL *PFNIdenTokenIf_GetIdentityId)(
IN const void *pIfInstance,
INOUT char *pIdentIdBuf,
INOUT int *pIdentIdLen);
INOUT size_t *pIdentIdLen);
//
// Arguments:
// pIfInstance -
@@ -119,7 +119,7 @@ CasaStatus
(SSCS_CALL *PFNIdenTokenIf_GetSourceName)(
IN const void *pIfInstance,
INOUT char *pSourceNameBuf,
INOUT int *pSourceNameLen);
INOUT size_t *pSourceNameLen);
//
// Arguments:
// pIfInstance -
@@ -150,7 +150,7 @@ CasaStatus
(SSCS_CALL *PFNIdenTokenIf_GetSourceUrl)(
IN const void *pIfInstance,
INOUT char *pSourceUrlBuf,
INOUT int *pSourceUrlLen);
INOUT size_t *pSourceUrlLen);
//
// Arguments:
// pIfInstance -
@@ -179,12 +179,12 @@ CasaStatus
typedef
CasaStatus
(SSCS_CALL *PFNIdenTokenIf_AttributeEnumerate)(
IN const void *pIfInstance,
INOUT int *pEnumHandle,
INOUT char *pAttribNameBuf,
INOUT int *pAttribNameLen,
INOUT char *pAttribValueBuf,
INOUT int *pAttribValueLen);
IN const void *pIfInstance,
INOUT unsigned int *pEnumHandle,
INOUT char *pAttribNameBuf,
INOUT size_t *pAttribNameLen,
INOUT char *pAttribValueBuf,
INOUT size_t *pAttribValueLen);
//
// Arguments:
// pIfInstance -
@@ -289,7 +289,7 @@ CasaStatus
(SSCS_CALL *PFNIdenTokenProviderIf_GetIdentityTokenIf)(
IN const void *pIfInstance,
IN const char *pTokenBuf,
IN const int tokenLen,
IN const size_t tokenLen,
INOUT IdenTokenIf **ppIdenTokenIf);
//
// Arguments:

16
CASA-auth-token/server/AuthTokenValidate/internal.h
View File

@@ -166,10 +166,10 @@ PrincipalIfUninit(void);
extern
CasaStatus SSCS_CALL
ValidateAuthToken(
IN const char *pServiceName,
IN const char *pTokenBuf,
IN const int tokenBufLen,
INOUT PrincipalIf **ppPrincipalIf);
IN const char *pServiceName,
IN const char *pTokenBuf,
IN const size_t tokenBufLen,
INOUT PrincipalIf **ppPrincipalIf);
//
// Functions exported by authtoken.c
@@ -201,17 +201,17 @@ extern
CasaStatus
EncodeData(
IN const void *pData,
IN const int32_t dataLen,
IN const uint32_t dataLen,
INOUT char **ppEncodedData,
INOUT int32_t *pEncodedDataLen);
INOUT uint32_t *pEncodedDataLen);
extern
CasaStatus
DecodeData(
IN const char *pEncodedData,
IN const int32_t encodedDataLen, // Does not include NULL terminator
IN const uint32_t encodedDataLen, // Does not include NULL terminator
INOUT void **ppData,
INOUT int32_t *pDataLen);
INOUT uint32_t *pDataLen);
extern
int

22
CASA-auth-token/server/AuthTokenValidate/principal.c
View File

@@ -164,7 +164,7 @@ CasaStatus SSCS_CALL
GetIdentityId(
IN const void *pIfInstance,
INOUT char *pIdentIdBuf,
INOUT int *pIdentIdLen)
INOUT size_t *pIdentIdLen)
//
// Arguments:
// pIfInstance -
@@ -225,7 +225,7 @@ CasaStatus SSCS_CALL
GetSourceName(
IN const void *pIfInstance,
INOUT char *pSourceNameBuf,
INOUT int *pSourceNameLen)
INOUT size_t *pSourceNameLen)
//
// Arguments:
// pIfInstance -
@@ -287,7 +287,7 @@ CasaStatus SSCS_CALL
GetSourceUrl(
IN const void *pIfInstance,
INOUT char *pSourceUrlBuf,
INOUT int *pSourceUrlLen)
INOUT size_t *pSourceUrlLen)
//
// Arguments:
// pIfInstance -
@@ -347,12 +347,12 @@ exit:
static
CasaStatus SSCS_CALL
AttributeEnumerate(
IN const void *pIfInstance,
INOUT int *pEnumHandle,
INOUT char *pAttribNameBuf,
INOUT int *pAttribNameLen,
INOUT char *pAttribValueBuf,
INOUT int *pAttribValueLen)
IN const void *pIfInstance,
INOUT unsigned int *pEnumHandle,
INOUT char *pAttribNameBuf,
INOUT size_t *pAttribNameLen,
INOUT char *pAttribValueBuf,
INOUT size_t *pAttribValueLen)
//
// Arguments:
// pIfInstance -
@@ -399,9 +399,9 @@ AttributeEnumerate(
if (pIfInstance == NULL
|| pEnumHandle == NULL
|| pAttribNameLen == NULL
|| (*pAttribNameLen != 0 && pAttribNameBuf == NULL
|| (*pAttribNameLen != 0 && pAttribNameBuf == NULL)
|| pAttribValueLen == NULL
|| (*pAttribValueLen != 0 && pAttribValueBuf == NULL)))
|| (*pAttribValueLen != 0 && pAttribValueBuf == NULL))
{
DbgTrace(0, "-AttributeEnumerate- Invalid parameter\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_INFORMATIONAL,

182
CASA-auth-token/server/AuthTokenValidate/util.c
View File

@@ -62,9 +62,9 @@ static const uint8_t g_Expand64[256] =
CasaStatus
EncodeData(
IN const void *pData,
IN const int32_t dataLen,
IN const uint32_t dataLen,
INOUT char **ppEncodedData,
INOUT int32_t *pEncodedDataLen)
INOUT uint32_t *pEncodedDataLen)
//
// Arguments:
//
@@ -76,7 +76,7 @@ EncodeData(
//=======================================================================--
{
CasaStatus retStatus;
int encodedSize;
uint32_t encodedSize;
char *pTmp;
DbgTrace(3, "-EncodeData- Start\n", 0);
@@ -88,7 +88,7 @@ EncodeData(
if (*ppEncodedData)
{
uint8_t *pOut, *pIn;
int i;
uint32_t i;
// Setup pointers to move through the buffers
pIn = (uint8_t*) pData;
@@ -147,9 +147,9 @@ EncodeData(
CasaStatus
DecodeData(
IN const char *pEncodedData,
IN const int32_t encodedDataLen, // Does not include NULL terminator
IN const uint32_t encodedDataLen, // Does not include NULL terminator
INOUT void **ppData,
INOUT int32_t *pDataLen)
INOUT uint32_t *pDataLen)
//
// Arguments:
//
@@ -161,8 +161,8 @@ DecodeData(
//=======================================================================--
{
CasaStatus retStatus;
int i, j;
int decodedSize;
uint32_t i, j;
size_t decodedSize;
DbgTrace(3, "-DecodeData- Start\n", 0);
@@ -172,98 +172,110 @@ DecodeData(
j++;
decodedSize = (j * 3 + 3) / 4;
// Allocate buffer to hold the decoded data
*ppData = malloc(decodedSize);
if (*ppData)
// Verify that we are not going to overflow the uint32
if (decodedSize <= UINT32_MAX)
{
bool endReached = false;
uint8_t c0, c1, c2, c3;
uint8_t *p, *q;
// Initialize parameters that will be used during the decode operation
c0 = c1 = c2 = c3 = 0;
p = (uint8_t*) pEncodedData;
q = (uint8_t*) *ppData;
// Decode the data
//
// Loop through the data, piecing back information. Any newlines, and/or
// carriage returns need to be skipped.
while (j > 4)
// Allocate buffer to hold the decoded data
*ppData = malloc(decodedSize);
if (*ppData)
{
while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p)))
p++;
if (64 == g_Expand64[*p])
{
endReached = true;
break;
}
c0 = *(p++);
bool endReached = false;
uint8_t c0, c1, c2, c3;
uint8_t *p, *q;
while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p)))
p++;
if (64 == g_Expand64[*p])
{
*(q++) = (uint8_t)(g_Expand64[c0] << 2);
j--;
endReached = true;
break;
}
c1 = *(p++);
// Initialize parameters that will be used during the decode operation
c0 = c1 = c2 = c3 = 0;
p = (uint8_t*) pEncodedData;
q = (uint8_t*) *ppData;
while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p)))
p++;
if (64 == g_Expand64[*p])
{
*(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4);
*(q++) = (uint8_t)(g_Expand64[c1] << 4);
j -= 2;
endReached = true;
break;
}
c2 = *(p++);
// Decode the data
//
// Loop through the data, piecing back information. Any newlines, and/or
// carriage returns need to be skipped.
while (j > 4)
{
while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p)))
p++;
if (64 == g_Expand64[*p])
{
endReached = true;
break;
}
c0 = *(p++);
while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p)))
p++;
if (64 == g_Expand64[*p])
{
*(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4);
*(q++) = (uint8_t)(g_Expand64[c1] << 4 | g_Expand64[c2] >> 2);
*(q++) = (uint8_t)(g_Expand64[c2] << 6);
j -= 3;
endReached = true;
break;
}
c3 = *(p++);
while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p)))
p++;
if (64 == g_Expand64[*p])
{
*(q++) = (uint8_t)(g_Expand64[c0] << 2);
j--;
endReached = true;
break;
}
c1 = *(p++);
*(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4);
*(q++) = (uint8_t)(g_Expand64[c1] << 4 | g_Expand64[c2] >> 2);
*(q++) = (uint8_t)(g_Expand64[c2] << 6 | g_Expand64[c3]);
j -= 4;
while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p)))
p++;
if (64 == g_Expand64[*p])
{
*(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4);
*(q++) = (uint8_t)(g_Expand64[c1] << 4);
j -= 2;
endReached = true;
break;
}
c2 = *(p++);
while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p)))
p++;
if (64 == g_Expand64[*p])
{
*(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4);
*(q++) = (uint8_t)(g_Expand64[c1] << 4 | g_Expand64[c2] >> 2);
*(q++) = (uint8_t)(g_Expand64[c2] << 6);
j -= 3;
endReached = true;
break;
}
c3 = *(p++);
*(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4);
*(q++) = (uint8_t)(g_Expand64[c1] << 4 | g_Expand64[c2] >> 2);
*(q++) = (uint8_t)(g_Expand64[c2] << 6 | g_Expand64[c3]);
j -= 4;
}
if (!endReached)
{
if (j > 1)
*(q++) = (uint8_t)(g_Expand64[*p] << 2 | g_Expand64[p[1]] >> 4);
if (j > 2)
*(q++) = (uint8_t)(g_Expand64[p[1]] << 4 | g_Expand64[p[2]] >> 2);
if (j > 3)
*(q++) = (uint8_t)(g_Expand64[p[2]] << 6 | g_Expand64[p[3]]);
}
// Return the length of the decoded data
*pDataLen = (int32_t)(q - (uint8_t*)*ppData);
// Success
retStatus = CASA_STATUS_SUCCESS;
}
if (!endReached)
else
{
if (j > 1)
*(q++) = (uint8_t)(g_Expand64[*p] << 2 | g_Expand64[p[1]] >> 4);
if (j > 2)
*(q++) = (uint8_t)(g_Expand64[p[1]] << 4 | g_Expand64[p[2]] >> 2);
if (j > 3)
*(q++) = (uint8_t)(g_Expand64[p[2]] << 6 | g_Expand64[p[3]]);
DbgTrace(0, "-DecodeData- Buffer allocation failure\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES);
}
// Return the length of the decoded data
*pDataLen = (int32_t)(q - (uint8_t*)*ppData);
// Success
retStatus = CASA_STATUS_SUCCESS;
}
else
{
DbgTrace(0, "-DecodeData- Buffer allocation failure\n", 0);
DbgTrace(0, "-DecodeData- Prevented uint32 overflow\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES);
CASA_STATUS_UNSUCCESSFUL);
}
DbgTrace(3, "-DecodeData- End, retStatus = %0X\n", retStatus);

15
CASA-auth-token/server/AuthTokenValidate/validate.c
View File

@@ -73,7 +73,7 @@ CasaStatus SSCS_CALL
ValidateAuthToken(
IN const char *pServiceName,
IN const char *pTokenBuf,
IN const int tokenBufLen,
IN const size_t tokenBufLen,
INOUT PrincipalIf **ppPrincipalIf)
//
// Arguments:
@@ -108,7 +108,7 @@ ValidateAuthToken(
{
CasaStatus retStatus;
char *pDecodedTokenBuf;
int32_t decodedTokenBufLen;
uint32_t decodedTokenBufLen;
PrincipalIf *pPrincipalIf;
DbgTrace(1, "-ValidateAuthToken- Start\n", 0);
@@ -117,7 +117,8 @@ ValidateAuthToken(
if (pServiceName == NULL
|| pTokenBuf == NULL
|| tokenBufLen == 0
|| tokenBufLen > INT32_MAX
|| tokenBufLen > UINT32_MAX
|| tokenBufLen == 0
|| ppPrincipalIf == NULL)
{
DbgTrace(0, "-ValidateAuthToken- Invalid input parameter\n", 0);
@@ -263,8 +264,8 @@ ValidateAuthToken(
&decodedTokenBufLen);
if (CASA_SUCCESS(retStatus))
{
char *pIdenTokenData;
int32_t idenTokenDataLen;
char *pIdenTokenData;
uint32_t idenTokenDataLen;
// Assume failure
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
@@ -289,7 +290,9 @@ ValidateAuthToken(
// The authentication token was validated, now obtain
// Identity Token Provider interface.
retStatus = GetIdenTokenProviderInterface("CasaIdentityToken", // tbd - Hard code until we enhance the protocol with the atvs to also return this information.
&pIdenTokenProviderIf);
&pIdenTokenProviderIf); // IMPORTANT: Protect against invalid token type names when this is implemented. Invalid token
// names would contain something like "../" as part of the string to try to get us to open an
// malicious token provider library.
if (CASA_SUCCESS(retStatus))
{
IdenTokenIf *pIdenTokenIf;