More changes to resolve issues brought up during the security
review of the code.
This commit is contained in:
Juan Carlos Luciani
@@ -129,7 +129,7 @@ AuthTokenIf_GetAuthToken(
|
||||
IN const char *pHostName,
|
||||
IN void *pCredStoreScope,
|
||||
INOUT char *pTokenBuf,
|
||||
INOUT int *pTokenBufLen)
|
||||
INOUT uint32_t *pTokenBufLen)
|
||||
//
|
||||
// Arguments:
|
||||
// pIfInstance -
|
||||
@@ -186,7 +186,7 @@ AuthTokenIf_GetAuthToken(
|
||||
//=======================================================================--
|
||||
{
|
||||
CasaStatus retStatus;
|
||||
char const *pKrbServiceName = pMechInfo;
|
||||
char *pKrbServiceName = (char*) pMechInfo;
|
||||
OM_uint32 gssMajStat;
|
||||
OM_uint32 gssMinStat;
|
||||
gss_buffer_desc gssBuffer;
|
||||
@@ -272,45 +272,56 @@ AuthTokenIf_GetAuthToken(
|
||||
if (gssMajStat == GSS_S_COMPLETE
|
||||
&& gssSendToken.length != 0)
|
||||
{
|
||||
char *pEncodedToken;
|
||||
int encodedTokenLen;
|
||||
|
||||
// The security context was initialized, now return the token to the
|
||||
// caller after base64 encoding it.
|
||||
retStatus = EncodeData(gssSendToken.value,
|
||||
gssSendToken.length,
|
||||
&pEncodedToken,
|
||||
&encodedTokenLen);
|
||||
if (CASA_SUCCESS(retStatus))
|
||||
// Make sure that the token is not too large
|
||||
if (gssSendToken.length <= UINT32_MAX)
|
||||
{
|
||||
// Verify that the caller provided a buffer that is big enough
|
||||
if (encodedTokenLen > *pTokenBufLen)
|
||||
{
|
||||
// At least one of the supplied buffers is not big enough
|
||||
DbgTrace(1, "-AuthTokenIf_GetAuthToken- Insufficient buffer space provided\n", 0);
|
||||
char *pEncodedToken;
|
||||
uint32_t encodedTokenLen;
|
||||
|
||||
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
||||
CASA_FACILITY_KRB5TOKEN,
|
||||
CASA_STATUS_BUFFER_OVERFLOW);
|
||||
// The security context was initialized, now return the token to the
|
||||
// caller after base64 encoding it.
|
||||
retStatus = EncodeData(gssSendToken.value,
|
||||
gssSendToken.length,
|
||||
&pEncodedToken,
|
||||
&encodedTokenLen);
|
||||
if (CASA_SUCCESS(retStatus))
|
||||
{
|
||||
// Verify that the caller provided a buffer that is big enough
|
||||
if (encodedTokenLen > *pTokenBufLen)
|
||||
{
|
||||
// At least one of the supplied buffers is not big enough
|
||||
DbgTrace(1, "-AuthTokenIf_GetAuthToken- Insufficient buffer space provided\n", 0);
|
||||
|
||||
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
||||
CASA_FACILITY_KRB5TOKEN,
|
||||
CASA_STATUS_BUFFER_OVERFLOW);
|
||||
}
|
||||
else
|
||||
{
|
||||
// The buffer provided is large enough, copy the data and return the actual size.
|
||||
memcpy((void*) pTokenBuf, pEncodedToken, encodedTokenLen);
|
||||
|
||||
// Success
|
||||
retStatus = CASA_STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
// Return the actual size or the size required
|
||||
*pTokenBufLen = encodedTokenLen;
|
||||
|
||||
// Free the buffer containing the encoded token
|
||||
free(pEncodedToken);
|
||||
}
|
||||
else
|
||||
{
|
||||
// The buffer provided is large enough, copy the data and return the actual size.
|
||||
memcpy((void*) pTokenBuf, pEncodedToken, encodedTokenLen);
|
||||
|
||||
// Success
|
||||
retStatus = CASA_STATUS_SUCCESS;
|
||||
DbgTrace(1, "-AuthTokenIf_GetAuthToken- Encoding failed\n", 0);
|
||||
}
|
||||
|
||||
// Return the actual size or the size required
|
||||
*pTokenBufLen = encodedTokenLen;
|
||||
|
||||
// Free the buffer containing the encoded token
|
||||
free(pEncodedToken);
|
||||
}
|
||||
else
|
||||
{
|
||||
DbgTrace(1, "-AuthTokenIf_GetAuthToken- Encoding failed\n", 0);
|
||||
DbgTrace(0, "-AuthTokenIf_GetAuthToken- GSS Token too large\n", 0);
|
||||
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
||||
CASA_FACILITY_KRB5TOKEN,
|
||||
CASA_STATUS_UNSUCCESSFUL);
|
||||
}
|
||||
}
|
||||
else
|
||||
|
||||
Reference in New Issue
Block a user