Changes to address issues brought up by the security review.

2007-02-06 22:52:44 +00:00
parent 51ffdf0702
commit 44ee58ef5f
28 changed files with 386 additions and 344 deletions
--- a/CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/identoken.c
+++ b/CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/identoken.c
@@ -73,9 +73,9 @@ typedef struct _Attribute
 {
   LIST_ENTRY  listEntry;
   char        *pAttribName;
-   int         attribNameLen;
+   size_t      attribNameLen;
   char        *pAttribValue;
-   int         attribValueLen;
+   size_t      attribValueLen;

 } Attribute, *PAttribute;

@@ -87,15 +87,15 @@ typedef struct _IdenTokenIfInstance
 {
   int            refCount;
   char           *pIdentId;
-   int            identIdLen;
+   size_t         identIdLen;
   char           *pIdentSourceName;
-   int            identSourceNameLen;
+   size_t         identSourceNameLen;
   char           *pIdentSourceUrl;
-   int            identSourceUrlLen;
+   size_t         identSourceUrlLen;
   char           *pTargetService;
-   int            targetServiceLen;
+   size_t         targetServiceLen;
   char           *pTargetHost;
-   int            targetHostLen;
+   size_t         targetHostLen;
   LIST_ENTRY     attributeListHead;
   IdenTokenIf    idenTokenIf;

@@ -109,7 +109,7 @@ typedef struct _IdenTokenParse
 {
   XML_Parser           p;
   int                  state;
-   int                  elementDataProcessed;
+   size_t               elementDataProcessed;
   IdenTokenIfInstance  *pIdenTokenIfInstance;
   CasaStatus           status;

@@ -377,7 +377,7 @@ ConsumeElementData(
   IN    const XML_Char *s,
   IN    int len,
   INOUT char **ppElementData,
-   INOUT int *pElementDataLen)
+   INOUT size_t *pElementDataLen)
 //
 //  Arguments: 
 //
@@ -424,7 +424,7 @@ ConsumeElementData(
      char  *pNewBuf;

      // We have already received token data, append this data to it.
-      pNewBuf = (char*) malloc(pIdenTokenParse->elementDataProcessed + len + 1);
+      pNewBuf = (char*) malloc((size_t)(pIdenTokenParse->elementDataProcessed + len + 1));
      if (pNewBuf)
      {
         memset(pNewBuf,
@@ -860,7 +860,7 @@ CasaStatus SSCS_CALL
 GetIdentityId(
   IN       const void  *pIfInstance,
   INOUT    char        *pIdentIdBuf,
-   INOUT    int         *pIdentIdLen)
+   INOUT    size_t      *pIdentIdLen)
 //
 // Arguments:  
 //    pIfInstance -
@@ -935,7 +935,7 @@ CasaStatus SSCS_CALL
 GetSourceName(
   IN       const void  *pIfInstance,
   INOUT    char        *pSourceNameBuf,
-   INOUT    int         *pSourceNameLen)
+   INOUT    size_t      *pSourceNameLen)
 //
 // Arguments:  
 //    pIfInstance -
@@ -1011,7 +1011,7 @@ CasaStatus SSCS_CALL
 GetSourceUrl(
   IN       const void  *pIfInstance,
   INOUT    char        *pSourceUrlBuf,
-   INOUT    int         *pSourceUrlLen)
+   INOUT    size_t      *pSourceUrlLen)
 //
 // Arguments:  
 //    pIfInstance -
@@ -1085,12 +1085,12 @@ exit:
 static
 CasaStatus SSCS_CALL
 AttributeEnumerate(
-   IN       const void  *pIfInstance,
-   INOUT    int         *pEnumHandle,       
-   INOUT    char        *pAttribNameBuf,
-   INOUT    int         *pAttribNameLen,
-   INOUT    char        *pAttribValueBuf,
-   INOUT    int         *pAttribValueLen)
+   IN       const void     *pIfInstance,
+   INOUT    unsigned int   *pEnumHandle,       
+   INOUT    char           *pAttribNameBuf,
+   INOUT    size_t         *pAttribNameLen,
+   INOUT    char           *pAttribValueBuf,
+   INOUT    size_t         *pAttribValueLen)
 //
 // Arguments:  
 //    pIfInstance -
@@ -1231,9 +1231,9 @@ exit:
 //++=======================================================================
 CasaStatus
 GetIdenTokenInterface(
-   IN       const char   *pTokenBuf,
-   IN       const int    tokenLen,
-   INOUT    IdenTokenIf  **ppIdenTokenIf)
+   IN       const char     *pTokenBuf,
+   IN       const size_t   tokenLen,
+   INOUT    IdenTokenIf    **ppIdenTokenIf)
 //
 // Arguments:  
 //   
@@ -1252,6 +1252,16 @@ GetIdenTokenInterface(

   DbgTrace(2, "-GetIdenTokenInterface- Start\n", 0);

+   // Verify that the token is not too large for the parser
+   if (tokenLen > INT32_MAX)
+   {
+      DbgTrace(0, "-GetIdenTokenInterface- Token too large\n", 0);
+      retStatus = CasaStatusBuild(CASA_SEVERITY_INFORMATIONAL,
+                                  CASA_FACILITY_AUTHTOKEN,
+                                  CASA_STATUS_UNSUCCESSFUL);
+      goto exit;
+   }
+
   // Create a IdenTokenIfInstance object for it.
   pIdenTokenIfInstance = malloc(sizeof(*pIdenTokenIfInstance));
   if (pIdenTokenIfInstance)
@@ -1314,7 +1324,7 @@ GetIdenTokenInterface(
         XML_SetUserData(p, &idenTokenParse);

         // Parse the document
-         if (XML_Parse(p, pTokenBuf, tokenLen, 1) == XML_STATUS_OK)
+         if (XML_Parse(p, pTokenBuf, (int) tokenLen, 1) == XML_STATUS_OK)
         {
            // Verify that the parse operation completed successfully
            if (idenTokenParse.state == DONE_PARSING)
@@ -1385,6 +1395,8 @@ GetIdenTokenInterface(
                                  CASA_STATUS_INSUFFICIENT_RESOURCES);
   }

+exit:
+
   DbgTrace(2, "-GetIdenTokenInterface- End, retStatus = %0X\n", retStatus);

   return retStatus;