Changes to address issues brought up by the security review.
This commit is contained in:
parent
51ffdf0702
commit
44ee58ef5f
@ -207,7 +207,7 @@ check_password(
|
||||
&pPrincipalIf);
|
||||
if (CASA_SUCCESS(casaStatus))
|
||||
{
|
||||
int buffLen = 0;
|
||||
size_t buffLen = 0;
|
||||
apr_table_t *e = r->subprocess_env;
|
||||
|
||||
// Associate necessary environment variables with the request block
|
||||
@ -336,8 +336,8 @@ check_password(
|
||||
if (retStatus == AUTH_GRANTED)
|
||||
{
|
||||
char *pAttribNameBuff, *pAttribValueBuff;
|
||||
int enumHandle = 0;
|
||||
int attribNameBuffLen, attribValueBuffLen;
|
||||
unsigned int enumHandle = 0;
|
||||
size_t attribNameBuffLen, attribValueBuffLen;
|
||||
|
||||
while (retStatus == AUTH_GRANTED)
|
||||
{
|
||||
|
@ -73,9 +73,9 @@ typedef struct _Attribute
|
||||
{
|
||||
LIST_ENTRY listEntry;
|
||||
char *pAttribName;
|
||||
int attribNameLen;
|
||||
size_t attribNameLen;
|
||||
char *pAttribValue;
|
||||
int attribValueLen;
|
||||
size_t attribValueLen;
|
||||
|
||||
} Attribute, *PAttribute;
|
||||
|
||||
@ -87,15 +87,15 @@ typedef struct _IdenTokenIfInstance
|
||||
{
|
||||
int refCount;
|
||||
char *pIdentId;
|
||||
int identIdLen;
|
||||
size_t identIdLen;
|
||||
char *pIdentSourceName;
|
||||
int identSourceNameLen;
|
||||
size_t identSourceNameLen;
|
||||
char *pIdentSourceUrl;
|
||||
int identSourceUrlLen;
|
||||
size_t identSourceUrlLen;
|
||||
char *pTargetService;
|
||||
int targetServiceLen;
|
||||
size_t targetServiceLen;
|
||||
char *pTargetHost;
|
||||
int targetHostLen;
|
||||
size_t targetHostLen;
|
||||
LIST_ENTRY attributeListHead;
|
||||
IdenTokenIf idenTokenIf;
|
||||
|
||||
@ -109,7 +109,7 @@ typedef struct _IdenTokenParse
|
||||
{
|
||||
XML_Parser p;
|
||||
int state;
|
||||
int elementDataProcessed;
|
||||
size_t elementDataProcessed;
|
||||
IdenTokenIfInstance *pIdenTokenIfInstance;
|
||||
CasaStatus status;
|
||||
|
||||
@ -377,7 +377,7 @@ ConsumeElementData(
|
||||
IN const XML_Char *s,
|
||||
IN int len,
|
||||
INOUT char **ppElementData,
|
||||
INOUT int *pElementDataLen)
|
||||
INOUT size_t *pElementDataLen)
|
||||
//
|
||||
// Arguments:
|
||||
//
|
||||
@ -424,7 +424,7 @@ ConsumeElementData(
|
||||
char *pNewBuf;
|
||||
|
||||
// We have already received token data, append this data to it.
|
||||
pNewBuf = (char*) malloc(pIdenTokenParse->elementDataProcessed + len + 1);
|
||||
pNewBuf = (char*) malloc((size_t)(pIdenTokenParse->elementDataProcessed + len + 1));
|
||||
if (pNewBuf)
|
||||
{
|
||||
memset(pNewBuf,
|
||||
@ -860,7 +860,7 @@ CasaStatus SSCS_CALL
|
||||
GetIdentityId(
|
||||
IN const void *pIfInstance,
|
||||
INOUT char *pIdentIdBuf,
|
||||
INOUT int *pIdentIdLen)
|
||||
INOUT size_t *pIdentIdLen)
|
||||
//
|
||||
// Arguments:
|
||||
// pIfInstance -
|
||||
@ -935,7 +935,7 @@ CasaStatus SSCS_CALL
|
||||
GetSourceName(
|
||||
IN const void *pIfInstance,
|
||||
INOUT char *pSourceNameBuf,
|
||||
INOUT int *pSourceNameLen)
|
||||
INOUT size_t *pSourceNameLen)
|
||||
//
|
||||
// Arguments:
|
||||
// pIfInstance -
|
||||
@ -1011,7 +1011,7 @@ CasaStatus SSCS_CALL
|
||||
GetSourceUrl(
|
||||
IN const void *pIfInstance,
|
||||
INOUT char *pSourceUrlBuf,
|
||||
INOUT int *pSourceUrlLen)
|
||||
INOUT size_t *pSourceUrlLen)
|
||||
//
|
||||
// Arguments:
|
||||
// pIfInstance -
|
||||
@ -1086,11 +1086,11 @@ static
|
||||
CasaStatus SSCS_CALL
|
||||
AttributeEnumerate(
|
||||
IN const void *pIfInstance,
|
||||
INOUT int *pEnumHandle,
|
||||
INOUT unsigned int *pEnumHandle,
|
||||
INOUT char *pAttribNameBuf,
|
||||
INOUT int *pAttribNameLen,
|
||||
INOUT size_t *pAttribNameLen,
|
||||
INOUT char *pAttribValueBuf,
|
||||
INOUT int *pAttribValueLen)
|
||||
INOUT size_t *pAttribValueLen)
|
||||
//
|
||||
// Arguments:
|
||||
// pIfInstance -
|
||||
@ -1232,7 +1232,7 @@ exit:
|
||||
CasaStatus
|
||||
GetIdenTokenInterface(
|
||||
IN const char *pTokenBuf,
|
||||
IN const int tokenLen,
|
||||
IN const size_t tokenLen,
|
||||
INOUT IdenTokenIf **ppIdenTokenIf)
|
||||
//
|
||||
// Arguments:
|
||||
@ -1252,6 +1252,16 @@ GetIdenTokenInterface(
|
||||
|
||||
DbgTrace(2, "-GetIdenTokenInterface- Start\n", 0);
|
||||
|
||||
// Verify that the token is not too large for the parser
|
||||
if (tokenLen > INT32_MAX)
|
||||
{
|
||||
DbgTrace(0, "-GetIdenTokenInterface- Token too large\n", 0);
|
||||
retStatus = CasaStatusBuild(CASA_SEVERITY_INFORMATIONAL,
|
||||
CASA_FACILITY_AUTHTOKEN,
|
||||
CASA_STATUS_UNSUCCESSFUL);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
// Create a IdenTokenIfInstance object for it.
|
||||
pIdenTokenIfInstance = malloc(sizeof(*pIdenTokenIfInstance));
|
||||
if (pIdenTokenIfInstance)
|
||||
@ -1314,7 +1324,7 @@ GetIdenTokenInterface(
|
||||
XML_SetUserData(p, &idenTokenParse);
|
||||
|
||||
// Parse the document
|
||||
if (XML_Parse(p, pTokenBuf, tokenLen, 1) == XML_STATUS_OK)
|
||||
if (XML_Parse(p, pTokenBuf, (int) tokenLen, 1) == XML_STATUS_OK)
|
||||
{
|
||||
// Verify that the parse operation completed successfully
|
||||
if (idenTokenParse.state == DONE_PARSING)
|
||||
@ -1385,6 +1395,8 @@ GetIdenTokenInterface(
|
||||
CASA_STATUS_INSUFFICIENT_RESOURCES);
|
||||
}
|
||||
|
||||
exit:
|
||||
|
||||
DbgTrace(2, "-GetIdenTokenInterface- End, retStatus = %0X\n", retStatus);
|
||||
|
||||
return retStatus;
|
||||
|
@ -147,7 +147,7 @@ CasaStatus
|
||||
GetIdentityTokenIf(
|
||||
IN const void *pIfInstance,
|
||||
IN const char *pTokenBuf,
|
||||
IN const int tokenLen,
|
||||
IN const size_t tokenLen,
|
||||
INOUT IdenTokenIf **ppIdenTokenIf)
|
||||
//
|
||||
// Arguments:
|
||||
@ -175,13 +175,14 @@ GetIdentityTokenIf(
|
||||
{
|
||||
CasaStatus retStatus;
|
||||
char *pDecodedTokenBuf;
|
||||
int decodedTokenBufLen;
|
||||
uint32_t decodedTokenBufLen;
|
||||
|
||||
DbgTrace(2, "-GetIdentityTokenIf- Start\n", 0);
|
||||
|
||||
// Validate input parameters
|
||||
if (pIfInstance == NULL
|
||||
|| pTokenBuf == NULL
|
||||
|| tokenLen > UINT32_MAX
|
||||
|| tokenLen == 0
|
||||
|| ppIdenTokenIf == NULL)
|
||||
{
|
||||
|
@ -58,7 +58,7 @@ extern
|
||||
CasaStatus
|
||||
GetIdenTokenInterface(
|
||||
IN const char *pTokenBuf,
|
||||
IN const int tokenLen,
|
||||
IN const uint32_t tokenLen,
|
||||
INOUT IdenTokenIf **ppIdenTokenIf);
|
||||
|
||||
extern
|
||||
@ -77,17 +77,17 @@ extern
|
||||
CasaStatus
|
||||
EncodeData(
|
||||
IN const void *pData,
|
||||
IN const int32_t dataLen,
|
||||
IN const uint32_t dataLen,
|
||||
INOUT char **ppEncodedData,
|
||||
INOUT int32_t *pEncodedDataLen);
|
||||
INOUT uint32_t *pEncodedDataLen);
|
||||
|
||||
extern
|
||||
CasaStatus
|
||||
DecodeData(
|
||||
IN const char *pEncodedData,
|
||||
IN const int32_t encodedDataLen, // Does not include NULL terminator
|
||||
IN const uint32_t encodedDataLen, // Does not include NULL terminator
|
||||
INOUT void **ppData,
|
||||
INOUT int32_t *pDataLen);
|
||||
INOUT uint32_t *pDataLen);
|
||||
|
||||
extern
|
||||
int
|
||||
|
@ -62,9 +62,9 @@ static const uint8_t g_Expand64[256] =
|
||||
CasaStatus
|
||||
EncodeData(
|
||||
IN const void *pData,
|
||||
IN const int32_t dataLen,
|
||||
IN const uint32_t dataLen,
|
||||
INOUT char **ppEncodedData,
|
||||
INOUT int32_t *pEncodedDataLen)
|
||||
INOUT uint32_t *pEncodedDataLen)
|
||||
//
|
||||
// Arguments:
|
||||
//
|
||||
@ -88,7 +88,7 @@ EncodeData(
|
||||
if (*ppEncodedData)
|
||||
{
|
||||
uint8_t *pOut, *pIn;
|
||||
int i;
|
||||
uint32_t i;
|
||||
|
||||
// Setup pointers to move through the buffers
|
||||
pIn = (uint8_t*) pData;
|
||||
@ -147,9 +147,9 @@ EncodeData(
|
||||
CasaStatus
|
||||
DecodeData(
|
||||
IN const char *pEncodedData,
|
||||
IN const int32_t encodedDataLen, // Does not include NULL terminator
|
||||
IN const uint32_t encodedDataLen, // Does not include NULL terminator
|
||||
INOUT void **ppData,
|
||||
INOUT int32_t *pDataLen)
|
||||
INOUT uint32_t *pDataLen)
|
||||
//
|
||||
// Arguments:
|
||||
//
|
||||
@ -161,8 +161,8 @@ DecodeData(
|
||||
//=======================================================================--
|
||||
{
|
||||
CasaStatus retStatus;
|
||||
int i, j;
|
||||
int decodedSize;
|
||||
uint32_t i, j;
|
||||
size_t decodedSize;
|
||||
|
||||
DbgTrace(3, "-DecodeData- Start\n", 0);
|
||||
|
||||
@ -172,6 +172,9 @@ DecodeData(
|
||||
j++;
|
||||
decodedSize = (j * 3 + 3) / 4;
|
||||
|
||||
// Verify that we are not going to overflow the uint32
|
||||
if (decodedSize <= UINT32_MAX)
|
||||
{
|
||||
// Allocate buffer to hold the decoded data
|
||||
*ppData = malloc(decodedSize);
|
||||
if (*ppData)
|
||||
@ -265,6 +268,15 @@ DecodeData(
|
||||
CASA_FACILITY_AUTHTOKEN,
|
||||
CASA_STATUS_INSUFFICIENT_RESOURCES);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
DbgTrace(0, "-DecodeData- Prevented uint32 overflow\n", 0);
|
||||
|
||||
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
||||
CASA_FACILITY_AUTHTOKEN,
|
||||
CASA_STATUS_UNSUCCESSFUL);
|
||||
}
|
||||
|
||||
DbgTrace(3, "-DecodeData- End, retStatus = %0X\n", retStatus);
|
||||
|
||||
|
@ -89,7 +89,7 @@ CasaStatus
|
||||
(SSCS_CALL *PFNIdenTokenIf_GetIdentityId)(
|
||||
IN const void *pIfInstance,
|
||||
INOUT char *pIdentIdBuf,
|
||||
INOUT int *pIdentIdLen);
|
||||
INOUT size_t *pIdentIdLen);
|
||||
//
|
||||
// Arguments:
|
||||
// pIfInstance -
|
||||
@ -119,7 +119,7 @@ CasaStatus
|
||||
(SSCS_CALL *PFNIdenTokenIf_GetSourceName)(
|
||||
IN const void *pIfInstance,
|
||||
INOUT char *pSourceNameBuf,
|
||||
INOUT int *pSourceNameLen);
|
||||
INOUT size_t *pSourceNameLen);
|
||||
//
|
||||
// Arguments:
|
||||
// pIfInstance -
|
||||
@ -150,7 +150,7 @@ CasaStatus
|
||||
(SSCS_CALL *PFNIdenTokenIf_GetSourceUrl)(
|
||||
IN const void *pIfInstance,
|
||||
INOUT char *pSourceUrlBuf,
|
||||
INOUT int *pSourceUrlLen);
|
||||
INOUT size_t *pSourceUrlLen);
|
||||
//
|
||||
// Arguments:
|
||||
// pIfInstance -
|
||||
@ -180,11 +180,11 @@ typedef
|
||||
CasaStatus
|
||||
(SSCS_CALL *PFNIdenTokenIf_AttributeEnumerate)(
|
||||
IN const void *pIfInstance,
|
||||
INOUT int *pEnumHandle,
|
||||
INOUT unsigned int *pEnumHandle,
|
||||
INOUT char *pAttribNameBuf,
|
||||
INOUT int *pAttribNameLen,
|
||||
INOUT size_t *pAttribNameLen,
|
||||
INOUT char *pAttribValueBuf,
|
||||
INOUT int *pAttribValueLen);
|
||||
INOUT size_t *pAttribValueLen);
|
||||
//
|
||||
// Arguments:
|
||||
// pIfInstance -
|
||||
@ -289,7 +289,7 @@ CasaStatus
|
||||
(SSCS_CALL *PFNIdenTokenProviderIf_GetIdentityTokenIf)(
|
||||
IN const void *pIfInstance,
|
||||
IN const char *pTokenBuf,
|
||||
IN const int tokenLen,
|
||||
IN const size_t tokenLen,
|
||||
INOUT IdenTokenIf **ppIdenTokenIf);
|
||||
//
|
||||
// Arguments:
|
||||
|
@ -168,7 +168,7 @@ CasaStatus SSCS_CALL
|
||||
ValidateAuthToken(
|
||||
IN const char *pServiceName,
|
||||
IN const char *pTokenBuf,
|
||||
IN const int tokenBufLen,
|
||||
IN const size_t tokenBufLen,
|
||||
INOUT PrincipalIf **ppPrincipalIf);
|
||||
|
||||
//
|
||||
@ -201,17 +201,17 @@ extern
|
||||
CasaStatus
|
||||
EncodeData(
|
||||
IN const void *pData,
|
||||
IN const int32_t dataLen,
|
||||
IN const uint32_t dataLen,
|
||||
INOUT char **ppEncodedData,
|
||||
INOUT int32_t *pEncodedDataLen);
|
||||
INOUT uint32_t *pEncodedDataLen);
|
||||
|
||||
extern
|
||||
CasaStatus
|
||||
DecodeData(
|
||||
IN const char *pEncodedData,
|
||||
IN const int32_t encodedDataLen, // Does not include NULL terminator
|
||||
IN const uint32_t encodedDataLen, // Does not include NULL terminator
|
||||
INOUT void **ppData,
|
||||
INOUT int32_t *pDataLen);
|
||||
INOUT uint32_t *pDataLen);
|
||||
|
||||
extern
|
||||
int
|
||||
|
@ -164,7 +164,7 @@ CasaStatus SSCS_CALL
|
||||
GetIdentityId(
|
||||
IN const void *pIfInstance,
|
||||
INOUT char *pIdentIdBuf,
|
||||
INOUT int *pIdentIdLen)
|
||||
INOUT size_t *pIdentIdLen)
|
||||
//
|
||||
// Arguments:
|
||||
// pIfInstance -
|
||||
@ -225,7 +225,7 @@ CasaStatus SSCS_CALL
|
||||
GetSourceName(
|
||||
IN const void *pIfInstance,
|
||||
INOUT char *pSourceNameBuf,
|
||||
INOUT int *pSourceNameLen)
|
||||
INOUT size_t *pSourceNameLen)
|
||||
//
|
||||
// Arguments:
|
||||
// pIfInstance -
|
||||
@ -287,7 +287,7 @@ CasaStatus SSCS_CALL
|
||||
GetSourceUrl(
|
||||
IN const void *pIfInstance,
|
||||
INOUT char *pSourceUrlBuf,
|
||||
INOUT int *pSourceUrlLen)
|
||||
INOUT size_t *pSourceUrlLen)
|
||||
//
|
||||
// Arguments:
|
||||
// pIfInstance -
|
||||
@ -348,11 +348,11 @@ static
|
||||
CasaStatus SSCS_CALL
|
||||
AttributeEnumerate(
|
||||
IN const void *pIfInstance,
|
||||
INOUT int *pEnumHandle,
|
||||
INOUT unsigned int *pEnumHandle,
|
||||
INOUT char *pAttribNameBuf,
|
||||
INOUT int *pAttribNameLen,
|
||||
INOUT size_t *pAttribNameLen,
|
||||
INOUT char *pAttribValueBuf,
|
||||
INOUT int *pAttribValueLen)
|
||||
INOUT size_t *pAttribValueLen)
|
||||
//
|
||||
// Arguments:
|
||||
// pIfInstance -
|
||||
@ -399,9 +399,9 @@ AttributeEnumerate(
|
||||
if (pIfInstance == NULL
|
||||
|| pEnumHandle == NULL
|
||||
|| pAttribNameLen == NULL
|
||||
|| (*pAttribNameLen != 0 && pAttribNameBuf == NULL
|
||||
|| (*pAttribNameLen != 0 && pAttribNameBuf == NULL)
|
||||
|| pAttribValueLen == NULL
|
||||
|| (*pAttribValueLen != 0 && pAttribValueBuf == NULL)))
|
||||
|| (*pAttribValueLen != 0 && pAttribValueBuf == NULL))
|
||||
{
|
||||
DbgTrace(0, "-AttributeEnumerate- Invalid parameter\n", 0);
|
||||
retStatus = CasaStatusBuild(CASA_SEVERITY_INFORMATIONAL,
|
||||
|
@ -62,9 +62,9 @@ static const uint8_t g_Expand64[256] =
|
||||
CasaStatus
|
||||
EncodeData(
|
||||
IN const void *pData,
|
||||
IN const int32_t dataLen,
|
||||
IN const uint32_t dataLen,
|
||||
INOUT char **ppEncodedData,
|
||||
INOUT int32_t *pEncodedDataLen)
|
||||
INOUT uint32_t *pEncodedDataLen)
|
||||
//
|
||||
// Arguments:
|
||||
//
|
||||
@ -76,7 +76,7 @@ EncodeData(
|
||||
//=======================================================================--
|
||||
{
|
||||
CasaStatus retStatus;
|
||||
int encodedSize;
|
||||
uint32_t encodedSize;
|
||||
char *pTmp;
|
||||
|
||||
DbgTrace(3, "-EncodeData- Start\n", 0);
|
||||
@ -88,7 +88,7 @@ EncodeData(
|
||||
if (*ppEncodedData)
|
||||
{
|
||||
uint8_t *pOut, *pIn;
|
||||
int i;
|
||||
uint32_t i;
|
||||
|
||||
// Setup pointers to move through the buffers
|
||||
pIn = (uint8_t*) pData;
|
||||
@ -147,9 +147,9 @@ EncodeData(
|
||||
CasaStatus
|
||||
DecodeData(
|
||||
IN const char *pEncodedData,
|
||||
IN const int32_t encodedDataLen, // Does not include NULL terminator
|
||||
IN const uint32_t encodedDataLen, // Does not include NULL terminator
|
||||
INOUT void **ppData,
|
||||
INOUT int32_t *pDataLen)
|
||||
INOUT uint32_t *pDataLen)
|
||||
//
|
||||
// Arguments:
|
||||
//
|
||||
@ -161,8 +161,8 @@ DecodeData(
|
||||
//=======================================================================--
|
||||
{
|
||||
CasaStatus retStatus;
|
||||
int i, j;
|
||||
int decodedSize;
|
||||
uint32_t i, j;
|
||||
size_t decodedSize;
|
||||
|
||||
DbgTrace(3, "-DecodeData- Start\n", 0);
|
||||
|
||||
@ -172,6 +172,9 @@ DecodeData(
|
||||
j++;
|
||||
decodedSize = (j * 3 + 3) / 4;
|
||||
|
||||
// Verify that we are not going to overflow the uint32
|
||||
if (decodedSize <= UINT32_MAX)
|
||||
{
|
||||
// Allocate buffer to hold the decoded data
|
||||
*ppData = malloc(decodedSize);
|
||||
if (*ppData)
|
||||
@ -265,6 +268,15 @@ DecodeData(
|
||||
CASA_FACILITY_AUTHTOKEN,
|
||||
CASA_STATUS_INSUFFICIENT_RESOURCES);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
DbgTrace(0, "-DecodeData- Prevented uint32 overflow\n", 0);
|
||||
|
||||
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
||||
CASA_FACILITY_AUTHTOKEN,
|
||||
CASA_STATUS_UNSUCCESSFUL);
|
||||
}
|
||||
|
||||
DbgTrace(3, "-DecodeData- End, retStatus = %0X\n", retStatus);
|
||||
|
||||
|
@ -73,7 +73,7 @@ CasaStatus SSCS_CALL
|
||||
ValidateAuthToken(
|
||||
IN const char *pServiceName,
|
||||
IN const char *pTokenBuf,
|
||||
IN const int tokenBufLen,
|
||||
IN const size_t tokenBufLen,
|
||||
INOUT PrincipalIf **ppPrincipalIf)
|
||||
//
|
||||
// Arguments:
|
||||
@ -108,7 +108,7 @@ ValidateAuthToken(
|
||||
{
|
||||
CasaStatus retStatus;
|
||||
char *pDecodedTokenBuf;
|
||||
int32_t decodedTokenBufLen;
|
||||
uint32_t decodedTokenBufLen;
|
||||
PrincipalIf *pPrincipalIf;
|
||||
|
||||
DbgTrace(1, "-ValidateAuthToken- Start\n", 0);
|
||||
@ -117,7 +117,8 @@ ValidateAuthToken(
|
||||
if (pServiceName == NULL
|
||||
|| pTokenBuf == NULL
|
||||
|| tokenBufLen == 0
|
||||
|| tokenBufLen > INT32_MAX
|
||||
|| tokenBufLen > UINT32_MAX
|
||||
|| tokenBufLen == 0
|
||||
|| ppPrincipalIf == NULL)
|
||||
{
|
||||
DbgTrace(0, "-ValidateAuthToken- Invalid input parameter\n", 0);
|
||||
@ -264,7 +265,7 @@ ValidateAuthToken(
|
||||
if (CASA_SUCCESS(retStatus))
|
||||
{
|
||||
char *pIdenTokenData;
|
||||
int32_t idenTokenDataLen;
|
||||
uint32_t idenTokenDataLen;
|
||||
|
||||
// Assume failure
|
||||
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
||||
@ -289,7 +290,9 @@ ValidateAuthToken(
|
||||
// The authentication token was validated, now obtain
|
||||
// Identity Token Provider interface.
|
||||
retStatus = GetIdenTokenProviderInterface("CasaIdentityToken", // tbd - Hard code until we enhance the protocol with the atvs to also return this information.
|
||||
&pIdenTokenProviderIf);
|
||||
&pIdenTokenProviderIf); // IMPORTANT: Protect against invalid token type names when this is implemented. Invalid token
|
||||
// names would contain something like "../" as part of the string to try to get us to open an
|
||||
// malicious token provider library.
|
||||
if (CASA_SUCCESS(retStatus))
|
||||
{
|
||||
IdenTokenIf *pIdenTokenIf;
|
||||
|
@ -280,7 +280,7 @@ pam_sm_authenticate(pam_handle_t *pamh,
|
||||
&pPrincipalIf);
|
||||
if (CASA_SUCCESS(casaStatus))
|
||||
{
|
||||
int buffLen;
|
||||
size_t buffLen;
|
||||
|
||||
// Assume success
|
||||
retStatus = PAM_SUCCESS;
|
||||
@ -445,8 +445,8 @@ pam_sm_authenticate(pam_handle_t *pamh,
|
||||
if (retStatus == PAM_SUCCESS)
|
||||
{
|
||||
char *pBuff;
|
||||
int enumHandle = 0;
|
||||
int buff2Len;
|
||||
unsigned int enumHandle = 0;
|
||||
size_t buff2Len;
|
||||
|
||||
while (retStatus == PAM_SUCCESS)
|
||||
{
|
||||
|
@ -75,7 +75,6 @@ IpcClientOpenUnixRemoteEndPoint(
|
||||
// this procedure.
|
||||
//
|
||||
//=======================================================================--
|
||||
|
||||
typedef
|
||||
int
|
||||
(*PFN_IpcClientOpenUnixRemoteEndPoint)(
|
||||
@ -160,9 +159,9 @@ int
|
||||
IpcClientSubmitReq(
|
||||
IN uint32_t endPointHandle,
|
||||
IN char *pClientData,
|
||||
IN int32_t clientDataLen,
|
||||
IN uint32_t clientDataLen,
|
||||
INOUT char **ppServerData,
|
||||
INOUT int32_t *pServerDataLen);
|
||||
INOUT uint32_t *pServerDataLen);
|
||||
//
|
||||
// Arguments In: endPointHandle - Handle of the remote endpoint that will
|
||||
// be the target of the request.
|
||||
@ -202,9 +201,9 @@ int
|
||||
(*PFN_IpcClientSubmitReq)(
|
||||
IN uint32_t endPointHandle,
|
||||
IN char *pClientData,
|
||||
IN int32_t clientDataLen,
|
||||
IN uint32_t clientDataLen,
|
||||
INOUT char **ppServerData,
|
||||
INOUT int32_t *pServerDataLen);
|
||||
INOUT uint32_t *pServerDataLen);
|
||||
|
||||
|
||||
//++=======================================================================
|
||||
|
@ -102,7 +102,7 @@ CasaStatus
|
||||
(SSCS_CALL *PFNPrincipalIf_GetIdentityId)(
|
||||
IN const void *pIfInstance,
|
||||
INOUT char *pIdentIdBuf,
|
||||
INOUT int *pIdentIdLen);
|
||||
INOUT size_t *pIdentIdLen);
|
||||
//
|
||||
// Arguments:
|
||||
// pIfInstance -
|
||||
@ -132,7 +132,7 @@ CasaStatus
|
||||
(SSCS_CALL *PFNPrincipalIf_GetSourceName)(
|
||||
IN const void *pIfInstance,
|
||||
INOUT char *pSourceNameBuf,
|
||||
INOUT int *pSourceNameLen);
|
||||
INOUT size_t *pSourceNameLen);
|
||||
//
|
||||
// Arguments:
|
||||
// pIfInstance -
|
||||
@ -163,7 +163,7 @@ CasaStatus
|
||||
(SSCS_CALL *PFNPrincipalIf_GetSourceUrl)(
|
||||
IN const void *pIfInstance,
|
||||
INOUT char *pSourceUrlBuf,
|
||||
INOUT int *pSourceUrlLen);
|
||||
INOUT size_t *pSourceUrlLen);
|
||||
//
|
||||
// Arguments:
|
||||
// pIfInstance -
|
||||
@ -193,11 +193,11 @@ typedef
|
||||
CasaStatus
|
||||
(SSCS_CALL *PFNPrincipalIf_AttributeEnumerate)(
|
||||
IN const void *pIfInstance,
|
||||
INOUT int *pEnumHandle,
|
||||
INOUT unsigned int *pEnumHandle,
|
||||
INOUT char *pAttribNameBuf,
|
||||
INOUT int *pAttribNameLen,
|
||||
INOUT size_t *pAttribNameLen,
|
||||
INOUT char *pAttribValueBuf,
|
||||
INOUT int *pAttribValueLen);
|
||||
INOUT size_t *pAttribValueLen);
|
||||
//
|
||||
// Arguments:
|
||||
// pIfInstance -
|
||||
@ -264,7 +264,7 @@ extern CasaStatus SSCS_CALL
|
||||
ValidateAuthToken(
|
||||
IN const char *pServiceName,
|
||||
IN const char *pTokenBuf,
|
||||
IN const int tokenBufLen,
|
||||
IN const size_t tokenBufLen,
|
||||
INOUT PrincipalIf **ppPrincipalIf);
|
||||
//
|
||||
// Arguments:
|
||||
|
@ -390,9 +390,9 @@ CChannel::connectionThread(
|
||||
{
|
||||
CChannel *pCChannel = *pSmartCChannel;
|
||||
bool doneReceivingData = false;
|
||||
int32_t bytesReceived;
|
||||
size_t bytesReceived;
|
||||
uint32_t reqId;
|
||||
int32_t payloadLength;
|
||||
uint32_t payloadLength;
|
||||
unsigned long totalPayloadBytesReceived = 0;
|
||||
char reqDataPktHdr[ReqDataPktHdrTemplate.length()];
|
||||
char *pRecvBuff;
|
||||
@ -747,7 +747,7 @@ CChannel::submitReq(
|
||||
uint32_t reqId,
|
||||
ClientReq &clientReq,
|
||||
char *pClientData,
|
||||
int32_t clientDataLen)
|
||||
uint32_t clientDataLen)
|
||||
//
|
||||
// Arguments:
|
||||
//
|
||||
|
@ -222,7 +222,7 @@ public:
|
||||
int submitReq(uint32_t reqId,
|
||||
ClientReq &clientReq,
|
||||
char *pClientData,
|
||||
int32_t clientDataLen);
|
||||
uint32_t clientDataLen);
|
||||
|
||||
//
|
||||
// Remove Request routine
|
||||
@ -237,30 +237,6 @@ public:
|
||||
//
|
||||
void removeReq(uint32_t reqId);
|
||||
|
||||
//
|
||||
// Send Data routine
|
||||
//
|
||||
// Parameters:
|
||||
// reqId (input) -
|
||||
// Id of the Request.
|
||||
//
|
||||
// pClientData (input) -
|
||||
// Pointer to client data that must be sent to
|
||||
// the server. Buffer is NEVER released
|
||||
// by the procedure.
|
||||
//
|
||||
// clientDataLen (input) -
|
||||
// Length of the client data.
|
||||
//
|
||||
//
|
||||
// Abstract: Sends data to the server for a previously
|
||||
// submitted Request.
|
||||
//
|
||||
// Returns: 0 if successful.
|
||||
//
|
||||
int sendData(uint32_t reqId,
|
||||
char *pClientData,
|
||||
int clientDataLen);
|
||||
};
|
||||
typedef SmartPtr<CChannel> SmartCChannel;
|
||||
|
||||
|
@ -152,8 +152,11 @@ IpcClientOpenUnixRemoteEndPoint(
|
||||
pSocketFileName));
|
||||
|
||||
// Allocate a handle for the endpoint
|
||||
uint32_t handle = remoteEndPointHandleAllocator ++;
|
||||
uint32_t handle = remoteEndPointHandleAllocator + 1;
|
||||
|
||||
// Protect against wrap-around
|
||||
if (handle != 0)
|
||||
{
|
||||
// Insert the new RemoteEndPoint into the REP map
|
||||
REPIterBoolPair insertResult;
|
||||
insertResult = repMap.insert(make_pair(handle, pSmartRemoteEndPoint));
|
||||
@ -166,9 +169,20 @@ IpcClientOpenUnixRemoteEndPoint(
|
||||
else
|
||||
{
|
||||
// RemoteEndPoint inserted in the REP map, success.
|
||||
//
|
||||
// Consume the allocated handle
|
||||
remoteEndPointHandleAllocator ++;
|
||||
*pEndPointHandle = handle;
|
||||
|
||||
retStatus = 0;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
// Handle allocator wrap-around prevented
|
||||
DbgTrace(0, "IpcClientOpenUnixRemoteEndPoint- Handle allocator wrap-around prevented\n", 0);
|
||||
delete pSmartRemoteEndPoint;
|
||||
}
|
||||
} catch (...) {
|
||||
DbgTrace(0, "IpcClientOpenUnixRemoteEndPoint- Exception caught\n", 0);
|
||||
}
|
||||
@ -254,8 +268,11 @@ IpcClientOpenInetRemoteEndPoint(
|
||||
address));
|
||||
|
||||
// Allocate a handle for the endpoint
|
||||
uint32_t handle = remoteEndPointHandleAllocator ++;
|
||||
uint32_t handle = remoteEndPointHandleAllocator + 1;
|
||||
|
||||
// Protect against wrap-around
|
||||
if (handle != 0)
|
||||
{
|
||||
// Insert the new RemoteEndPoint into the REP map
|
||||
REPIterBoolPair insertResult;
|
||||
insertResult = repMap.insert(make_pair(handle, pSmartRemoteEndPoint));
|
||||
@ -268,9 +285,19 @@ IpcClientOpenInetRemoteEndPoint(
|
||||
else
|
||||
{
|
||||
// RemoteEndPoint inserted in the REP map, success.
|
||||
//
|
||||
// Consume the allocated handle
|
||||
remoteEndPointHandleAllocator ++;
|
||||
*pEndPointHandle = handle;
|
||||
retStatus = 0;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
// Handle allocator wrap-around prevented
|
||||
DbgTrace(0, "IpcClientOpenInetRemoteEndPoint- Handle allocator wrap-around prevented\n", 0);
|
||||
delete pSmartRemoteEndPoint;
|
||||
}
|
||||
} catch (...) {
|
||||
DbgTrace(0, "IpcClientOpenInetRemoteEndPoint- Exception caught\n", 0);
|
||||
}
|
||||
@ -366,9 +393,9 @@ int
|
||||
IpcClientSubmitReq(
|
||||
IN uint32_t endPointHandle,
|
||||
IN char *pClientData,
|
||||
IN int32_t clientDataLen,
|
||||
IN uint32_t clientDataLen,
|
||||
INOUT char **ppServerData,
|
||||
INOUT int32_t *pServerDataLen)
|
||||
INOUT uint32_t *pServerDataLen)
|
||||
//
|
||||
// Arguments In: endPointHandle - Handle of the remote endpoint that will
|
||||
// be the target of the request.
|
||||
|
@ -142,7 +142,7 @@ ClientReq::~ClientReq(void)
|
||||
void
|
||||
ClientReq::processServerData(
|
||||
char *pServerData,
|
||||
int32_t serverDataLength)
|
||||
uint32_t serverDataLength)
|
||||
//
|
||||
// Arguments:
|
||||
//
|
||||
@ -230,7 +230,7 @@ ClientReq::processError(void)
|
||||
int
|
||||
ClientReq::waitForCompletion(
|
||||
char **ppResponseData,
|
||||
int32_t *pResponseDataLength)
|
||||
uint32_t *pResponseDataLength)
|
||||
//
|
||||
// Arguments:
|
||||
//
|
||||
|
@ -52,7 +52,7 @@ class ClientReq
|
||||
|
||||
// Server Data
|
||||
char *m_pServerData;
|
||||
int32_t m_serverDataLen;
|
||||
uint32_t m_serverDataLen;
|
||||
|
||||
// Flag indicating the state of the submitting
|
||||
// thread.
|
||||
@ -114,7 +114,7 @@ public:
|
||||
// Returns: Nothing.
|
||||
//
|
||||
void processServerData(char *pServerData,
|
||||
int32_t serverDataLength);
|
||||
uint32_t serverDataLength);
|
||||
|
||||
//
|
||||
// Process Error routine
|
||||
@ -147,7 +147,7 @@ public:
|
||||
// -1 == Request did not complete gracefully
|
||||
//
|
||||
int waitForCompletion(char **ppResponseData,
|
||||
int32_t *pResponseDataLength);
|
||||
uint32_t *pResponseDataLength);
|
||||
|
||||
//
|
||||
// Completion status
|
||||
|
@ -336,9 +336,9 @@ RemoteEndPoint::getCChannel(void)
|
||||
int
|
||||
RemoteEndPoint::submitReq(
|
||||
char *pClientData,
|
||||
int32_t clientDataLen,
|
||||
uint32_t clientDataLen,
|
||||
char **ppServerData,
|
||||
int32_t *pServerDataLen)
|
||||
uint32_t *pServerDataLen)
|
||||
//
|
||||
// Arguments:
|
||||
//
|
||||
|
@ -186,9 +186,9 @@ public:
|
||||
// Note: The routine blocks until the request completes.
|
||||
//
|
||||
int submitReq(char *pClientData,
|
||||
int32_t clientDataLen,
|
||||
uint32_t clientDataLen,
|
||||
char **ppServerData,
|
||||
int32_t *pServerDataLen);
|
||||
uint32_t *pServerDataLen);
|
||||
};
|
||||
typedef SmartPtr<RemoteEndPoint> SmartRemoteEndPoint;
|
||||
|
||||
|
@ -60,7 +60,7 @@ string ReqErrorPktHdrTemplate = "Type02\r\nReqIdHdr =XXXXXXXX\r\nPayloadLength
|
||||
int
|
||||
ChannelProto::buildReqDataPktHdr(
|
||||
uint32_t reqId,
|
||||
int32_t payloadLength,
|
||||
uint32_t payloadLength,
|
||||
char *pPktHdr)
|
||||
//
|
||||
// Arguments:
|
||||
@ -133,7 +133,7 @@ ChannelProto::buildReqDataPktHdr(
|
||||
int
|
||||
ChannelProto::buildReqErrorPktHdr(
|
||||
uint32_t reqId,
|
||||
int32_t payloadLength,
|
||||
uint32_t payloadLength,
|
||||
char *pPktHdr)
|
||||
//
|
||||
// Arguments:
|
||||
@ -281,7 +281,7 @@ ChannelProto::getReqIdAndPayloadLength(
|
||||
char *pBuff,
|
||||
int hdrLength,
|
||||
uint32_t *pReqId,
|
||||
int32_t *pPayloadLength)
|
||||
uint32_t *pPayloadLength)
|
||||
//
|
||||
// Arguments:
|
||||
//
|
||||
@ -385,16 +385,16 @@ ChannelProto::getReqIdAndPayloadLength(
|
||||
|
||||
// Convert the value to hex
|
||||
errno = 0;
|
||||
long int value = strtol(pValue, NULL, 16);
|
||||
unsigned long int value = strtoul(pValue, NULL, 16);
|
||||
if (errno != 0
|
||||
|| value > INT32_MAX)
|
||||
|| value > UINT32_MAX)
|
||||
{
|
||||
DbgTrace(0, "ChannelProto::getReqIdAndPayloadLength- Invalid payloadLength value, %s\n", pValue);
|
||||
break;
|
||||
}
|
||||
|
||||
// Use the value
|
||||
*pPayloadLength = (int32_t) value;
|
||||
*pPayloadLength = (uint32_t) value;
|
||||
|
||||
// Undo the damage that we did
|
||||
*(pCurr-2) = '\r';
|
||||
|
@ -80,7 +80,7 @@ public:
|
||||
// Returns: 0 if successful.
|
||||
//
|
||||
static int buildReqDataPktHdr(uint32_t reqId,
|
||||
int32_t payloadLength,
|
||||
uint32_t payloadLength,
|
||||
char *pPktHdr);
|
||||
|
||||
//
|
||||
@ -104,7 +104,7 @@ public:
|
||||
// Returns: 0 if successful.
|
||||
//
|
||||
static int buildReqErrorPktHdr(uint32_t reqId,
|
||||
int32_t payloadLength,
|
||||
uint32_t payloadLength,
|
||||
char *pPktHdr);
|
||||
|
||||
//
|
||||
@ -148,7 +148,7 @@ public:
|
||||
static bool getReqIdAndPayloadLength(char *pBuff,
|
||||
int hdrLength,
|
||||
uint32_t *pReqId,
|
||||
int32_t *pPayloadLength);
|
||||
uint32_t *pPayloadLength);
|
||||
};
|
||||
|
||||
|
||||
|
@ -234,10 +234,10 @@ SChannel::connectionThread(
|
||||
{
|
||||
SChannel *pSChannel = *pSmartSChannel;
|
||||
bool doneReceivingData = false;
|
||||
int32_t bytesReceived;
|
||||
size_t bytesReceived;
|
||||
unsigned long bytesSent;
|
||||
uint32_t reqId;
|
||||
int32_t payloadLength;
|
||||
uint32_t payloadLength;
|
||||
unsigned long totalPayloadBytesReceived = 0;
|
||||
char reqDataPktHdr[ReqDataPktHdrTemplate.length()];
|
||||
char reqErrorPktHdr[ReqErrorPktHdrTemplate.length()];
|
||||
@ -520,7 +520,7 @@ int
|
||||
SChannel::sendReplyData(
|
||||
uint32_t reqId,
|
||||
char *pServerData,
|
||||
int32_t serverDataLen)
|
||||
uint32_t serverDataLen)
|
||||
//
|
||||
// Arguments:
|
||||
//
|
||||
|
@ -150,7 +150,7 @@ public:
|
||||
//
|
||||
int sendReplyData(uint32_t reqId,
|
||||
char *pServerData,
|
||||
int32_t serverDataLen);
|
||||
uint32_t serverDataLen);
|
||||
|
||||
//
|
||||
// Send Reply Error routine
|
||||
|
@ -847,7 +847,7 @@ IpcServerGetRequestData(
|
||||
// L2
|
||||
//=======================================================================--
|
||||
{
|
||||
int32_t reqDataLen = 0;
|
||||
uint32_t reqDataLen = 0;
|
||||
|
||||
DbgTrace(1, "IpcServerGetRequestData- Start, requestId = %0X\n", requestId);
|
||||
|
||||
|
@ -61,7 +61,7 @@ ServerReq::ServerReq(
|
||||
SChannel *pSChannel,
|
||||
uint32_t reqId,
|
||||
char *pClientData,
|
||||
int32_t clientDataLength) :
|
||||
uint32_t clientDataLength) :
|
||||
|
||||
m_signature (SERVER_REQ_SIGNATURE),
|
||||
m_reqId (reqId),
|
||||
@ -125,7 +125,7 @@ ServerReq::~ServerReq(void)
|
||||
|
||||
|
||||
//++=======================================================================
|
||||
int
|
||||
uint32_t
|
||||
ServerReq::getReqData(
|
||||
char **ppClientData)
|
||||
//
|
||||
|
@ -58,7 +58,7 @@ class ServerReq
|
||||
|
||||
// Request Client Data
|
||||
char *m_pClientData;
|
||||
int32_t m_clientDataLength;
|
||||
uint32_t m_clientDataLength;
|
||||
|
||||
public:
|
||||
|
||||
@ -90,7 +90,7 @@ public:
|
||||
ServerReq(SChannel *pSChannel,
|
||||
uint32_t reqId,
|
||||
char *pClientData,
|
||||
int32_t clientDataLength);
|
||||
uint32_t clientDataLength);
|
||||
|
||||
//
|
||||
// Get request Data routine
|
||||
@ -105,7 +105,7 @@ public:
|
||||
//
|
||||
// Returns: The length of the client request data. 0 if not successful.
|
||||
//
|
||||
int getReqData(char **ppClientData);
|
||||
uint32_t getReqData(char **ppClientData);
|
||||
|
||||
//
|
||||
// Complete Request routine
|
||||
|
Loading…
Reference in New Issue
Block a user