Changes to address issues brought up by the security review.

2007-02-06 22:52:44 +00:00
parent 51ffdf0702
commit 44ee58ef5f
28 changed files with 386 additions and 344 deletions
--- a/CASA-auth-token/server/AuthTokenValidate/validate.c
+++ b/CASA-auth-token/server/AuthTokenValidate/validate.c
@@ -73,7 +73,7 @@ CasaStatus SSCS_CALL
 ValidateAuthToken(
   IN       const char     *pServiceName,
   IN       const char     *pTokenBuf,
-   IN       const int      tokenBufLen,
+   IN       const size_t   tokenBufLen,
   INOUT    PrincipalIf    **ppPrincipalIf)
 //
 // Arguments:  
@@ -108,7 +108,7 @@ ValidateAuthToken(
 {
   CasaStatus        retStatus;
   char              *pDecodedTokenBuf;
-   int32_t           decodedTokenBufLen;
+   uint32_t          decodedTokenBufLen;
   PrincipalIf       *pPrincipalIf;

   DbgTrace(1, "-ValidateAuthToken- Start\n", 0);
@@ -117,7 +117,8 @@ ValidateAuthToken(
   if (pServiceName == NULL
       || pTokenBuf == NULL
       || tokenBufLen == 0
-       || tokenBufLen > INT32_MAX 
+       || tokenBufLen > UINT32_MAX
+       || tokenBufLen == 0
       || ppPrincipalIf == NULL)
   {
      DbgTrace(0, "-ValidateAuthToken- Invalid input parameter\n", 0);
@@ -263,8 +264,8 @@ ValidateAuthToken(
                          &decodedTokenBufLen);
   if (CASA_SUCCESS(retStatus))
   {
-      char *pIdenTokenData;
-      int32_t idenTokenDataLen;
+      char     *pIdenTokenData;
+      uint32_t idenTokenDataLen;

      // Assume failure
      retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
@@ -289,7 +290,9 @@ ValidateAuthToken(
               // The authentication token was validated, now obtain
               // Identity Token Provider interface.
               retStatus = GetIdenTokenProviderInterface("CasaIdentityToken",    // tbd - Hard code until we enhance the protocol with the atvs to also return this information.
-                                                         &pIdenTokenProviderIf);
+                                                         &pIdenTokenProviderIf); // IMPORTANT: Protect against invalid token type names when this is implemented. Invalid token
+                                                                                 // names would contain something like "../" as part of the string to try to get us to open an
+                                                                                 // malicious token provider library.
               if (CASA_SUCCESS(retStatus))
               {
                  IdenTokenIf *pIdenTokenIf;