More changes to resolve issues brought up during the security
review of the code.
This commit is contained in:
Juan Carlos Luciani
parent
8719ce2410
commit
51ffdf0702
@ -280,7 +280,7 @@ GetAuthMechToken(
|
|||||||
if (CASA_SUCCESS(retStatus))
|
if (CASA_SUCCESS(retStatus))
|
||||||
{
|
{
|
||||||
char *pAuthToken = NULL;
|
char *pAuthToken = NULL;
|
||||||
int authTokenBufLen = 0;
|
uint32_t authTokenBufLen = 0;
|
||||||
|
|
||||||
// We found a provider for the service, query it for the buffer size
|
// We found a provider for the service, query it for the buffer size
|
||||||
// needed to obtain the authentication token.
|
// needed to obtain the authentication token.
|
||||||
|
|||||||
@ -60,11 +60,11 @@ typedef struct _AuthRespParse
|
|||||||
{
|
{
|
||||||
XML_Parser p;
|
XML_Parser p;
|
||||||
int state;
|
int state;
|
||||||
int elementDataProcessed;
|
size_t elementDataProcessed;
|
||||||
char *pStatusData;
|
char *pStatusData;
|
||||||
int statusDataLen;
|
size_t statusDataLen;
|
||||||
char *pLifetimeData;
|
char *pLifetimeData;
|
||||||
int lifetimeDataLen;
|
size_t lifetimeDataLen;
|
||||||
AuthenticateResp *pAuthenticateResp;
|
AuthenticateResp *pAuthenticateResp;
|
||||||
CasaStatus status;
|
CasaStatus status;
|
||||||
|
|
||||||
@ -305,7 +305,7 @@ ConsumeElementData(
|
|||||||
IN const XML_Char *s,
|
IN const XML_Char *s,
|
||||||
IN int len,
|
IN int len,
|
||||||
INOUT char **ppElementData,
|
INOUT char **ppElementData,
|
||||||
INOUT int *pElementDataLen)
|
INOUT size_t *pElementDataLen)
|
||||||
//
|
//
|
||||||
// Arguments:
|
// Arguments:
|
||||||
//
|
//
|
||||||
@ -352,7 +352,7 @@ ConsumeElementData(
|
|||||||
char *pNewBuf;
|
char *pNewBuf;
|
||||||
|
|
||||||
// We have already received token data, append this data to it.
|
// We have already received token data, append this data to it.
|
||||||
pNewBuf = (char*) malloc(pAuthRespParse->elementDataProcessed + len + 1);
|
pNewBuf = (char*) malloc((size_t)(pAuthRespParse->elementDataProcessed + len + 1));
|
||||||
if (pNewBuf)
|
if (pNewBuf)
|
||||||
{
|
{
|
||||||
memset(pNewBuf,
|
memset(pNewBuf,
|
||||||
@ -714,6 +714,16 @@ CreateAuthenticateResp(
|
|||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
// Verify that the response is not too large for the parser
|
||||||
|
if (respLen > INT_MAX)
|
||||||
|
{
|
||||||
|
DbgTrace(0, "-CreateAuthenticateResp- Response too large\n", 0);
|
||||||
|
retStatus = CasaStatusBuild(CASA_SEVERITY_INFORMATIONAL,
|
||||||
|
CASA_FACILITY_AUTHTOKEN,
|
||||||
|
CASA_STATUS_UNSUCCESSFUL);
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
// Allocate AuthenticateResp object
|
// Allocate AuthenticateResp object
|
||||||
pAuthenticateResp = malloc(sizeof(*pAuthenticateResp));
|
pAuthenticateResp = malloc(sizeof(*pAuthenticateResp));
|
||||||
if (pAuthenticateResp)
|
if (pAuthenticateResp)
|
||||||
@ -748,7 +758,7 @@ CreateAuthenticateResp(
|
|||||||
XML_SetUserData(p, &authRespParse);
|
XML_SetUserData(p, &authRespParse);
|
||||||
|
|
||||||
// Parse the document
|
// Parse the document
|
||||||
if (XML_Parse(p, pRespMsg, respLen, 1) == XML_STATUS_OK)
|
if (XML_Parse(p, pRespMsg, (int) respLen, 1) == XML_STATUS_OK)
|
||||||
{
|
{
|
||||||
// Verify that the parse operation completed successfully
|
// Verify that the parse operation completed successfully
|
||||||
if (authRespParse.state == DONE_PARSING)
|
if (authRespParse.state == DONE_PARSING)
|
||||||
@ -818,6 +828,8 @@ CreateAuthenticateResp(
|
|||||||
CASA_STATUS_INSUFFICIENT_RESOURCES);
|
CASA_STATUS_INSUFFICIENT_RESOURCES);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
exit:
|
||||||
|
|
||||||
DbgTrace(1, "-CreateAuthenticateResp- End, retStatus = %08X\n", retStatus);
|
DbgTrace(1, "-CreateAuthenticateResp- End, retStatus = %08X\n", retStatus);
|
||||||
|
|
||||||
return retStatus;
|
return retStatus;
|
||||||
|
|||||||
@ -57,7 +57,7 @@ typedef struct _AuthPolicyParse
|
|||||||
{
|
{
|
||||||
XML_Parser p;
|
XML_Parser p;
|
||||||
int state;
|
int state;
|
||||||
int elementDataProcessed;
|
size_t elementDataProcessed;
|
||||||
AuthPolicy *pAuthPolicy;
|
AuthPolicy *pAuthPolicy;
|
||||||
CasaStatus status;
|
CasaStatus status;
|
||||||
|
|
||||||
@ -206,7 +206,7 @@ ConsumeElementData(
|
|||||||
IN const XML_Char *s,
|
IN const XML_Char *s,
|
||||||
IN int len,
|
IN int len,
|
||||||
INOUT char **ppElementData,
|
INOUT char **ppElementData,
|
||||||
INOUT int *pElementDataLen)
|
INOUT size_t *pElementDataLen)
|
||||||
//
|
//
|
||||||
// Arguments:
|
// Arguments:
|
||||||
//
|
//
|
||||||
@ -253,7 +253,7 @@ ConsumeElementData(
|
|||||||
char *pNewBuf;
|
char *pNewBuf;
|
||||||
|
|
||||||
// We have already received token data, append this data to it.
|
// We have already received token data, append this data to it.
|
||||||
pNewBuf = (char*) malloc(pAuthPolicyParse->elementDataProcessed + len + 1);
|
pNewBuf = (char*) malloc((size_t)(pAuthPolicyParse->elementDataProcessed + len + 1));
|
||||||
if (pNewBuf)
|
if (pNewBuf)
|
||||||
{
|
{
|
||||||
memset(pNewBuf,
|
memset(pNewBuf,
|
||||||
@ -558,7 +558,7 @@ AuthPolicyEndElementHandler(
|
|||||||
CasaStatus
|
CasaStatus
|
||||||
CreateAuthPolicy(
|
CreateAuthPolicy(
|
||||||
IN char *pEncodedData,
|
IN char *pEncodedData,
|
||||||
IN int encodedDataLen,
|
IN size_t encodedDataLen,
|
||||||
INOUT AuthPolicy **ppAuthPolicy)
|
INOUT AuthPolicy **ppAuthPolicy)
|
||||||
//
|
//
|
||||||
// Arguments:
|
// Arguments:
|
||||||
@ -576,7 +576,7 @@ CreateAuthPolicy(
|
|||||||
AuthPolicy *pAuthPolicy = NULL;
|
AuthPolicy *pAuthPolicy = NULL;
|
||||||
AuthPolicyParse authPolicyParse = {0};
|
AuthPolicyParse authPolicyParse = {0};
|
||||||
char *pData = NULL;
|
char *pData = NULL;
|
||||||
int dataLen = 0;
|
uint32_t dataLen = 0;
|
||||||
|
|
||||||
DbgTrace(1, "-CreateAuthPolicy- Start\n", 0);
|
DbgTrace(1, "-CreateAuthPolicy- Start\n", 0);
|
||||||
|
|
||||||
@ -623,6 +623,16 @@ CreateAuthPolicy(
|
|||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
// Verify that the encoded data length is not too large
|
||||||
|
if (encodedDataLen > UINT32_MAX)
|
||||||
|
{
|
||||||
|
DbgTrace(0, "-CreateAuthPolicy- Encoded data length too large\n", 0);
|
||||||
|
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
||||||
|
CASA_FACILITY_AUTHTOKEN,
|
||||||
|
CASA_STATUS_UNSUCCESSFUL);
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
// Initialize output parameter
|
// Initialize output parameter
|
||||||
*ppAuthPolicy = NULL;
|
*ppAuthPolicy = NULL;
|
||||||
|
|
||||||
@ -668,7 +678,7 @@ CreateAuthPolicy(
|
|||||||
XML_SetUserData(p, &authPolicyParse);
|
XML_SetUserData(p, &authPolicyParse);
|
||||||
|
|
||||||
// Parse the document
|
// Parse the document
|
||||||
if (XML_Parse(p, pData, dataLen, 1) == XML_STATUS_OK)
|
if (XML_Parse(p, pData, (int) dataLen, 1) == XML_STATUS_OK)
|
||||||
{
|
{
|
||||||
// Verify that the parse operation completed successfully
|
// Verify that the parse operation completed successfully
|
||||||
if (authPolicyParse.state == DONE_PARSING)
|
if (authPolicyParse.state == DONE_PARSING)
|
||||||
@ -736,6 +746,8 @@ CreateAuthPolicy(
|
|||||||
if (pData)
|
if (pData)
|
||||||
free(pData);
|
free(pData);
|
||||||
|
|
||||||
|
exit:
|
||||||
|
|
||||||
DbgTrace(1, "-CreateAuthPolicy- End, retStatus = %08X\n", retStatus);
|
DbgTrace(1, "-CreateAuthPolicy- End, retStatus = %08X\n", retStatus);
|
||||||
|
|
||||||
return retStatus;
|
return retStatus;
|
||||||
|
|||||||
@ -96,7 +96,7 @@ CreateAuthTokenCacheEntry(
|
|||||||
wrapperEntrySize = tokenSize + sizeof(WrapperAuthCacheEntry);
|
wrapperEntrySize = tokenSize + sizeof(WrapperAuthCacheEntry);
|
||||||
|
|
||||||
// Verify that entrySize will not overflow
|
// Verify that entrySize will not overflow
|
||||||
if ((tokenSize + sizeof(AuthCacheEntry)) <= U32_MAX)
|
if ((tokenSize + sizeof(AuthCacheEntry)) <= UINT32_MAX)
|
||||||
{
|
{
|
||||||
entrySize = tokenSize + sizeof(AuthCacheEntry);
|
entrySize = tokenSize + sizeof(AuthCacheEntry);
|
||||||
|
|
||||||
@ -142,7 +142,7 @@ CreateAuthTokenCacheEntry(
|
|||||||
groupOrHostNameStrLen = strlen(pGroupOrHostName);
|
groupOrHostNameStrLen = strlen(pGroupOrHostName);
|
||||||
|
|
||||||
// Verify that keySize will not overflow
|
// Verify that keySize will not overflow
|
||||||
if ((cacheKeyStrLen + groupOrHostNameStrLen + 2) <= U32_MAX)
|
if ((cacheKeyStrLen + groupOrHostNameStrLen + 2) <= UINT32_MAX)
|
||||||
{
|
{
|
||||||
keySize = (uint32_t) (cacheKeyStrLen + groupOrHostNameStrLen + 2);
|
keySize = (uint32_t) (cacheKeyStrLen + groupOrHostNameStrLen + 2);
|
||||||
|
|
||||||
@ -239,7 +239,7 @@ CreateSessionTokenCacheEntry(
|
|||||||
wrapperEntrySize = tokenSize + sizeof(WrapperAuthCacheEntry);
|
wrapperEntrySize = tokenSize + sizeof(WrapperAuthCacheEntry);
|
||||||
|
|
||||||
// Verify that entrySize will not overflow
|
// Verify that entrySize will not overflow
|
||||||
if ((tokenSize + sizeof(AuthCacheEntry)) <= U32_MAX)
|
if ((tokenSize + sizeof(AuthCacheEntry)) <= UINT32_MAX)
|
||||||
{
|
{
|
||||||
entrySize = tokenSize + sizeof(AuthCacheEntry);
|
entrySize = tokenSize + sizeof(AuthCacheEntry);
|
||||||
|
|
||||||
@ -284,7 +284,7 @@ CreateSessionTokenCacheEntry(
|
|||||||
cacheKeyStrLen = strlen(pCacheKey) + 1;
|
cacheKeyStrLen = strlen(pCacheKey) + 1;
|
||||||
|
|
||||||
// Verify that the cacheKeyStrLen can be casted to a uint32_t
|
// Verify that the cacheKeyStrLen can be casted to a uint32_t
|
||||||
if (cacheKeyStrLen <= U32_MAX)
|
if (cacheKeyStrLen <= UINT32_MAX)
|
||||||
{
|
{
|
||||||
miCasaStatus = miCASAWriteBinaryKey(g_hCASAContext,
|
miCasaStatus = miCASAWriteBinaryKey(g_hCASAContext,
|
||||||
0,
|
0,
|
||||||
@ -455,7 +455,7 @@ FindSessionTokenEntryInCache(
|
|||||||
cacheKeyStrLen = strlen(pCacheKey) + 1;
|
cacheKeyStrLen = strlen(pCacheKey) + 1;
|
||||||
|
|
||||||
// Verify that the cacheKeyStrLen can be casted to a uint32_t
|
// Verify that the cacheKeyStrLen can be casted to a uint32_t
|
||||||
if (cacheKeyStrLen <= U32_MAX)
|
if (cacheKeyStrLen <= UINT32_MAX)
|
||||||
{
|
{
|
||||||
miCasaStatus = miCASAReadBinaryKey(g_hCASAContext,
|
miCasaStatus = miCASAReadBinaryKey(g_hCASAContext,
|
||||||
0,
|
0,
|
||||||
@ -569,7 +569,7 @@ FindAuthTokenEntryInCache(
|
|||||||
groupOrHostNameStrLen = strlen(pGroupOrHostName);
|
groupOrHostNameStrLen = strlen(pGroupOrHostName);
|
||||||
|
|
||||||
// Verify that keySize will not overflow
|
// Verify that keySize will not overflow
|
||||||
if ((cacheKeyStrLen + groupOrHostNameStrLen + 2) <= U32_MAX)
|
if ((cacheKeyStrLen + groupOrHostNameStrLen + 2) <= UINT32_MAX)
|
||||||
{
|
{
|
||||||
keySize = (uint32_t) (cacheKeyStrLen + groupOrHostNameStrLen + 2);
|
keySize = (uint32_t) (cacheKeyStrLen + groupOrHostNameStrLen + 2);
|
||||||
|
|
||||||
|
|||||||
@ -55,9 +55,9 @@ typedef struct _GetAuthPolicyRespParse
|
|||||||
{
|
{
|
||||||
XML_Parser p;
|
XML_Parser p;
|
||||||
int state;
|
int state;
|
||||||
int elementDataProcessed;
|
size_t elementDataProcessed;
|
||||||
char *pStatusData;
|
char *pStatusData;
|
||||||
int statusDataLen;
|
size_t statusDataLen;
|
||||||
GetAuthPolicyResp *pGetAuthPolicyResp;
|
GetAuthPolicyResp *pGetAuthPolicyResp;
|
||||||
CasaStatus status;
|
CasaStatus status;
|
||||||
|
|
||||||
@ -269,7 +269,7 @@ ConsumeElementData(
|
|||||||
IN const XML_Char *s,
|
IN const XML_Char *s,
|
||||||
IN int len,
|
IN int len,
|
||||||
INOUT char **ppElementData,
|
INOUT char **ppElementData,
|
||||||
INOUT int *pElementDataLen)
|
INOUT size_t *pElementDataLen)
|
||||||
//
|
//
|
||||||
// Arguments:
|
// Arguments:
|
||||||
//
|
//
|
||||||
@ -316,7 +316,7 @@ ConsumeElementData(
|
|||||||
char *pNewBuf;
|
char *pNewBuf;
|
||||||
|
|
||||||
// We have already received token data, append this data to it.
|
// We have already received token data, append this data to it.
|
||||||
pNewBuf = (char*) malloc(pGetAuthPolicyRespParse->elementDataProcessed + len + 1);
|
pNewBuf = (char*) malloc((size_t)(pGetAuthPolicyRespParse->elementDataProcessed + len + 1));
|
||||||
if (pNewBuf)
|
if (pNewBuf)
|
||||||
{
|
{
|
||||||
memset(pNewBuf,
|
memset(pNewBuf,
|
||||||
@ -590,7 +590,7 @@ GetAuthPolicyRespEndElementHandler(
|
|||||||
CasaStatus
|
CasaStatus
|
||||||
CreateGetAuthPolicyResp(
|
CreateGetAuthPolicyResp(
|
||||||
IN char *pRespMsg,
|
IN char *pRespMsg,
|
||||||
IN int respLen,
|
IN size_t respLen,
|
||||||
INOUT GetAuthPolicyResp **ppGetAuthPolicyResp)
|
INOUT GetAuthPolicyResp **ppGetAuthPolicyResp)
|
||||||
//
|
//
|
||||||
// Arguments:
|
// Arguments:
|
||||||
@ -634,6 +634,16 @@ CreateGetAuthPolicyResp(
|
|||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
// Verify that the response is not too large for the parser
|
||||||
|
if (respLen > INT_MAX)
|
||||||
|
{
|
||||||
|
DbgTrace(0, "-CreateGetAuthPolicyResp- Response too large\n", 0);
|
||||||
|
retStatus = CasaStatusBuild(CASA_SEVERITY_INFORMATIONAL,
|
||||||
|
CASA_FACILITY_AUTHTOKEN,
|
||||||
|
CASA_STATUS_UNSUCCESSFUL);
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
// Allocate GetAuthPolicyResp object
|
// Allocate GetAuthPolicyResp object
|
||||||
pGetAuthPolicyResp = malloc(sizeof(*pGetAuthPolicyResp));
|
pGetAuthPolicyResp = malloc(sizeof(*pGetAuthPolicyResp));
|
||||||
if (pGetAuthPolicyResp)
|
if (pGetAuthPolicyResp)
|
||||||
@ -734,6 +744,8 @@ CreateGetAuthPolicyResp(
|
|||||||
CASA_STATUS_INSUFFICIENT_RESOURCES);
|
CASA_STATUS_INSUFFICIENT_RESOURCES);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
exit:
|
||||||
|
|
||||||
DbgTrace(1, "-CreateGetAuthPolicyResp- End, retStatus = %08X\n", retStatus);
|
DbgTrace(1, "-CreateGetAuthPolicyResp- End, retStatus = %08X\n", retStatus);
|
||||||
|
|
||||||
return retStatus;
|
return retStatus;
|
||||||
|
|||||||
@ -55,11 +55,11 @@ typedef struct _GetAuthTokenRespParse
|
|||||||
{
|
{
|
||||||
XML_Parser p;
|
XML_Parser p;
|
||||||
int state;
|
int state;
|
||||||
int elementDataProcessed;
|
size_t elementDataProcessed;
|
||||||
char *pStatusData;
|
char *pStatusData;
|
||||||
int statusDataLen;
|
size_t statusDataLen;
|
||||||
char *pLifetimeData;
|
char *pLifetimeData;
|
||||||
int lifetimeDataLen;
|
size_t lifetimeDataLen;
|
||||||
GetAuthTokenResp *pGetAuthTokenResp;
|
GetAuthTokenResp *pGetAuthTokenResp;
|
||||||
CasaStatus status;
|
CasaStatus status;
|
||||||
|
|
||||||
@ -302,7 +302,7 @@ ConsumeElementData(
|
|||||||
IN const XML_Char *s,
|
IN const XML_Char *s,
|
||||||
IN int len,
|
IN int len,
|
||||||
INOUT char **ppElementData,
|
INOUT char **ppElementData,
|
||||||
INOUT int *pElementDataLen)
|
INOUT size_t *pElementDataLen)
|
||||||
//
|
//
|
||||||
// Arguments:
|
// Arguments:
|
||||||
//
|
//
|
||||||
@ -349,7 +349,7 @@ ConsumeElementData(
|
|||||||
char *pNewBuf;
|
char *pNewBuf;
|
||||||
|
|
||||||
// We have already received token data, append this data to it.
|
// We have already received token data, append this data to it.
|
||||||
pNewBuf = (char*) malloc(pGetAuthTokenRespParse->elementDataProcessed + len + 1);
|
pNewBuf = (char*) malloc((size_t)(pGetAuthTokenRespParse->elementDataProcessed + len + 1));
|
||||||
if (pNewBuf)
|
if (pNewBuf)
|
||||||
{
|
{
|
||||||
memset(pNewBuf,
|
memset(pNewBuf,
|
||||||
@ -657,7 +657,7 @@ GetAuthTokenRespEndElementHandler(
|
|||||||
CasaStatus
|
CasaStatus
|
||||||
CreateGetAuthTokenResp(
|
CreateGetAuthTokenResp(
|
||||||
IN char *pRespMsg,
|
IN char *pRespMsg,
|
||||||
IN int respLen,
|
IN size_t respLen,
|
||||||
INOUT GetAuthTokenResp **ppGetAuthTokenResp)
|
INOUT GetAuthTokenResp **ppGetAuthTokenResp)
|
||||||
//
|
//
|
||||||
// Arguments:
|
// Arguments:
|
||||||
@ -701,6 +701,16 @@ CreateGetAuthTokenResp(
|
|||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
// Verify that the response is not too large for the parser
|
||||||
|
if (respLen > INT_MAX)
|
||||||
|
{
|
||||||
|
DbgTrace(0, "-CreateGetAuthTokenResp- Response too large\n", 0);
|
||||||
|
retStatus = CasaStatusBuild(CASA_SEVERITY_INFORMATIONAL,
|
||||||
|
CASA_FACILITY_AUTHTOKEN,
|
||||||
|
CASA_STATUS_UNSUCCESSFUL);
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
// Allocate GetAuthTokenResp object
|
// Allocate GetAuthTokenResp object
|
||||||
pGetAuthTokenResp = malloc(sizeof(*pGetAuthTokenResp));
|
pGetAuthTokenResp = malloc(sizeof(*pGetAuthTokenResp));
|
||||||
if (pGetAuthTokenResp)
|
if (pGetAuthTokenResp)
|
||||||
@ -734,7 +744,7 @@ CreateGetAuthTokenResp(
|
|||||||
XML_SetUserData(p, &getAuthTokenRespParse);
|
XML_SetUserData(p, &getAuthTokenRespParse);
|
||||||
|
|
||||||
// Parse the document
|
// Parse the document
|
||||||
if (XML_Parse(p, pRespMsg, respLen, 1) == XML_STATUS_OK)
|
if (XML_Parse(p, pRespMsg, (int) respLen, 1) == XML_STATUS_OK)
|
||||||
{
|
{
|
||||||
// Verify that the parse operation completed successfully
|
// Verify that the parse operation completed successfully
|
||||||
if (getAuthTokenRespParse.state == DONE_PARSING)
|
if (getAuthTokenRespParse.state == DONE_PARSING)
|
||||||
@ -803,6 +813,9 @@ CreateGetAuthTokenResp(
|
|||||||
CASA_FACILITY_AUTHTOKEN,
|
CASA_FACILITY_AUTHTOKEN,
|
||||||
CASA_STATUS_INSUFFICIENT_RESOURCES);
|
CASA_STATUS_INSUFFICIENT_RESOURCES);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
exit:
|
||||||
|
|
||||||
DbgTrace(1, "-CreateGetAuthTokenResp- End, retStatus = %08X\n", retStatus);
|
DbgTrace(1, "-CreateGetAuthTokenResp- End, retStatus = %08X\n", retStatus);
|
||||||
|
|
||||||
return retStatus;
|
return retStatus;
|
||||||
|
|||||||
@ -41,10 +41,6 @@
|
|||||||
|
|
||||||
#define MAX_RPC_REPLY_SZ (256 * 1024)
|
#define MAX_RPC_REPLY_SZ (256 * 1024)
|
||||||
|
|
||||||
#ifndef U32_MAX
|
|
||||||
#define U32_MAX (~(uint32_t)0)
|
|
||||||
#endif
|
|
||||||
|
|
||||||
//
|
//
|
||||||
// Authentication Context structure
|
// Authentication Context structure
|
||||||
//
|
//
|
||||||
@ -52,11 +48,11 @@ typedef struct _AuthContext
|
|||||||
{
|
{
|
||||||
LIST_ENTRY listEntry;
|
LIST_ENTRY listEntry;
|
||||||
char *pContext;
|
char *pContext;
|
||||||
int contextLen;
|
size_t contextLen;
|
||||||
char *pMechanism;
|
char *pMechanism;
|
||||||
int mechanismLen;
|
size_t mechanismLen;
|
||||||
char *pMechInfo;
|
char *pMechInfo;
|
||||||
int mechInfoLen;
|
size_t mechInfoLen;
|
||||||
|
|
||||||
} AuthContext, *PAuthContext;
|
} AuthContext, *PAuthContext;
|
||||||
|
|
||||||
@ -75,7 +71,7 @@ typedef struct _AuthPolicy
|
|||||||
typedef struct _GetAuthPolicyResp
|
typedef struct _GetAuthPolicyResp
|
||||||
{
|
{
|
||||||
char *pPolicy;
|
char *pPolicy;
|
||||||
int policyLen;
|
size_t policyLen;
|
||||||
|
|
||||||
} GetAuthPolicyResp, *PGetAuthPolicyResp;
|
} GetAuthPolicyResp, *PGetAuthPolicyResp;
|
||||||
|
|
||||||
@ -85,7 +81,7 @@ typedef struct _GetAuthPolicyResp
|
|||||||
typedef struct _GetAuthTokenResp
|
typedef struct _GetAuthTokenResp
|
||||||
{
|
{
|
||||||
char *pToken;
|
char *pToken;
|
||||||
int tokenLen;
|
size_t tokenLen;
|
||||||
int tokenLifetime;
|
int tokenLifetime;
|
||||||
|
|
||||||
} GetAuthTokenResp, *PGetAuthTokenResp;
|
} GetAuthTokenResp, *PGetAuthTokenResp;
|
||||||
@ -96,7 +92,7 @@ typedef struct _GetAuthTokenResp
|
|||||||
typedef struct _AuthenticateResp
|
typedef struct _AuthenticateResp
|
||||||
{
|
{
|
||||||
char *pToken;
|
char *pToken;
|
||||||
int tokenLen;
|
size_t tokenLen;
|
||||||
int tokenLifetime;
|
int tokenLifetime;
|
||||||
|
|
||||||
} AuthenticateResp, *PAuthenticateResp;
|
} AuthenticateResp, *PAuthenticateResp;
|
||||||
@ -177,7 +173,7 @@ extern
|
|||||||
CasaStatus
|
CasaStatus
|
||||||
CreateGetAuthPolicyResp(
|
CreateGetAuthPolicyResp(
|
||||||
IN char *pRespMsg,
|
IN char *pRespMsg,
|
||||||
IN int respLen,
|
IN size_t respLen,
|
||||||
INOUT GetAuthPolicyResp **ppGetAuthPolicyResp);
|
INOUT GetAuthPolicyResp **ppGetAuthPolicyResp);
|
||||||
|
|
||||||
extern
|
extern
|
||||||
@ -202,7 +198,7 @@ extern
|
|||||||
CasaStatus
|
CasaStatus
|
||||||
CreateAuthPolicy(
|
CreateAuthPolicy(
|
||||||
IN char *pEncodedData,
|
IN char *pEncodedData,
|
||||||
IN int encodedDataLen,
|
IN size_t encodedDataLen,
|
||||||
INOUT AuthPolicy **ppAuthPolicy);
|
INOUT AuthPolicy **ppAuthPolicy);
|
||||||
|
|
||||||
extern
|
extern
|
||||||
@ -247,7 +243,7 @@ extern
|
|||||||
CasaStatus
|
CasaStatus
|
||||||
CreateGetAuthTokenResp(
|
CreateGetAuthTokenResp(
|
||||||
IN char *pRespMsg,
|
IN char *pRespMsg,
|
||||||
IN int respLen,
|
IN size_t respLen,
|
||||||
INOUT GetAuthTokenResp **ppGetAuthTokenResp);
|
INOUT GetAuthTokenResp **ppGetAuthTokenResp);
|
||||||
|
|
||||||
extern
|
extern
|
||||||
@ -425,17 +421,17 @@ extern
|
|||||||
CasaStatus
|
CasaStatus
|
||||||
EncodeData(
|
EncodeData(
|
||||||
IN const void *pData,
|
IN const void *pData,
|
||||||
IN const int32_t dataLen,
|
IN const uint32_t dataLen,
|
||||||
INOUT char **ppEncodedData,
|
INOUT char **ppEncodedData,
|
||||||
INOUT int32_t *pEncodedDataLen);
|
INOUT uint32_t *pEncodedDataLen);
|
||||||
|
|
||||||
extern
|
extern
|
||||||
CasaStatus
|
CasaStatus
|
||||||
DecodeData(
|
DecodeData(
|
||||||
IN const char *pEncodedData,
|
IN const char *pEncodedData,
|
||||||
IN const int32_t encodedDataLen, // Does not include NULL terminator
|
IN const uint32_t encodedDataLen, // Does not include NULL terminator
|
||||||
INOUT void **ppData,
|
INOUT void **ppData,
|
||||||
INOUT int32_t *pDataLen);
|
INOUT uint32_t *pDataLen);
|
||||||
|
|
||||||
extern
|
extern
|
||||||
int
|
int
|
||||||
|
|||||||
@ -91,7 +91,7 @@ CasaStatus
|
|||||||
IN const char *pHostName,
|
IN const char *pHostName,
|
||||||
IN void *pCredStoreScope,
|
IN void *pCredStoreScope,
|
||||||
INOUT char *pTokenBuf,
|
INOUT char *pTokenBuf,
|
||||||
INOUT int *pTokenBufLen);
|
INOUT uint32_t *pTokenBufLen);
|
||||||
//
|
//
|
||||||
// Arguments:
|
// Arguments:
|
||||||
// pIfInstance -
|
// pIfInstance -
|
||||||
|
|||||||
@ -60,7 +60,7 @@ AuthTokenIf_GetAuthToken(
|
|||||||
IN const char *pHostName,
|
IN const char *pHostName,
|
||||||
IN void *pCredStoreScope,
|
IN void *pCredStoreScope,
|
||||||
INOUT char *pTokenBuf,
|
INOUT char *pTokenBuf,
|
||||||
INOUT int *pTokenBufLen);
|
INOUT size_t *pTokenBufLen);
|
||||||
|
|
||||||
extern
|
extern
|
||||||
int
|
int
|
||||||
@ -74,17 +74,17 @@ extern
|
|||||||
CasaStatus
|
CasaStatus
|
||||||
EncodeData(
|
EncodeData(
|
||||||
IN const void *pData,
|
IN const void *pData,
|
||||||
IN const int32_t dataLen,
|
IN const uint32_t dataLen,
|
||||||
INOUT char **ppEncodedData,
|
INOUT char **ppEncodedData,
|
||||||
INOUT int32_t *pEncodedDataLen);
|
INOUT uint32_t *pEncodedDataLen);
|
||||||
|
|
||||||
extern
|
extern
|
||||||
CasaStatus
|
CasaStatus
|
||||||
DecodeData(
|
DecodeData(
|
||||||
IN const char *pEncodedData,
|
IN const char *pEncodedData,
|
||||||
IN const int32_t encodedDataLen, // Does not include NULL terminator
|
IN const uint32_t encodedDataLen, // Does not include NULL terminator
|
||||||
INOUT void **ppData,
|
INOUT void **ppData,
|
||||||
INOUT int32_t *pDataLen);
|
INOUT uint32_t *pDataLen);
|
||||||
|
|
||||||
extern
|
extern
|
||||||
int
|
int
|
||||||
|
|||||||
@ -129,7 +129,7 @@ AuthTokenIf_GetAuthToken(
|
|||||||
IN const char *pHostName,
|
IN const char *pHostName,
|
||||||
IN void *pCredStoreScope,
|
IN void *pCredStoreScope,
|
||||||
INOUT char *pTokenBuf,
|
INOUT char *pTokenBuf,
|
||||||
INOUT int *pTokenBufLen)
|
INOUT uint32_t *pTokenBufLen)
|
||||||
//
|
//
|
||||||
// Arguments:
|
// Arguments:
|
||||||
// pIfInstance -
|
// pIfInstance -
|
||||||
@ -186,7 +186,7 @@ AuthTokenIf_GetAuthToken(
|
|||||||
//=======================================================================--
|
//=======================================================================--
|
||||||
{
|
{
|
||||||
CasaStatus retStatus;
|
CasaStatus retStatus;
|
||||||
char const *pKrbServiceName = pMechInfo;
|
char *pKrbServiceName = (char*) pMechInfo;
|
||||||
OM_uint32 gssMajStat;
|
OM_uint32 gssMajStat;
|
||||||
OM_uint32 gssMinStat;
|
OM_uint32 gssMinStat;
|
||||||
gss_buffer_desc gssBuffer;
|
gss_buffer_desc gssBuffer;
|
||||||
@ -271,9 +271,12 @@ AuthTokenIf_GetAuthToken(
|
|||||||
// Proceed based on the result of the gss_init_sec_context operation
|
// Proceed based on the result of the gss_init_sec_context operation
|
||||||
if (gssMajStat == GSS_S_COMPLETE
|
if (gssMajStat == GSS_S_COMPLETE
|
||||||
&& gssSendToken.length != 0)
|
&& gssSendToken.length != 0)
|
||||||
|
{
|
||||||
|
// Make sure that the token is not too large
|
||||||
|
if (gssSendToken.length <= UINT32_MAX)
|
||||||
{
|
{
|
||||||
char *pEncodedToken;
|
char *pEncodedToken;
|
||||||
int encodedTokenLen;
|
uint32_t encodedTokenLen;
|
||||||
|
|
||||||
// The security context was initialized, now return the token to the
|
// The security context was initialized, now return the token to the
|
||||||
// caller after base64 encoding it.
|
// caller after base64 encoding it.
|
||||||
@ -314,6 +317,14 @@ AuthTokenIf_GetAuthToken(
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
{
|
||||||
|
DbgTrace(0, "-AuthTokenIf_GetAuthToken- GSS Token too large\n", 0);
|
||||||
|
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
||||||
|
CASA_FACILITY_KRB5TOKEN,
|
||||||
|
CASA_STATUS_UNSUCCESSFUL);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
{
|
{
|
||||||
DbgTrace(0, "-AuthTokenIf_GetAuthToken- Error initing sec context\n", 0);
|
DbgTrace(0, "-AuthTokenIf_GetAuthToken- Error initing sec context\n", 0);
|
||||||
LogGssStatuses("initializing context", gssMajStat, gssMinStat);
|
LogGssStatuses("initializing context", gssMajStat, gssMinStat);
|
||||||
|
|||||||
@ -65,9 +65,9 @@ static const uint8_t g_Expand64[256] =
|
|||||||
CasaStatus
|
CasaStatus
|
||||||
EncodeData(
|
EncodeData(
|
||||||
IN const void *pData,
|
IN const void *pData,
|
||||||
IN const int32_t dataLen,
|
IN const uint32_t dataLen,
|
||||||
INOUT char **ppEncodedData,
|
INOUT char **ppEncodedData,
|
||||||
INOUT int32_t *pEncodedDataLen)
|
INOUT uint32_t *pEncodedDataLen)
|
||||||
//
|
//
|
||||||
// Arguments:
|
// Arguments:
|
||||||
//
|
//
|
||||||
@ -150,9 +150,9 @@ EncodeData(
|
|||||||
CasaStatus
|
CasaStatus
|
||||||
DecodeData(
|
DecodeData(
|
||||||
IN const char *pEncodedData,
|
IN const char *pEncodedData,
|
||||||
IN const int32_t encodedDataLen, // Does not include NULL terminator
|
IN const uint32_t encodedDataLen, // Does not include NULL terminator
|
||||||
INOUT void **ppData,
|
INOUT void **ppData,
|
||||||
INOUT int32_t *pDataLen)
|
INOUT uint32_t *pDataLen)
|
||||||
//
|
//
|
||||||
// Arguments:
|
// Arguments:
|
||||||
//
|
//
|
||||||
@ -164,8 +164,8 @@ DecodeData(
|
|||||||
//=======================================================================--
|
//=======================================================================--
|
||||||
{
|
{
|
||||||
CasaStatus retStatus;
|
CasaStatus retStatus;
|
||||||
int i, j;
|
uint32_t i, j;
|
||||||
int decodedSize;
|
size_t decodedSize;
|
||||||
|
|
||||||
DbgTrace(3, "-DecodeData- Start\n", 0);
|
DbgTrace(3, "-DecodeData- Start\n", 0);
|
||||||
|
|
||||||
@ -175,6 +175,9 @@ DecodeData(
|
|||||||
j++;
|
j++;
|
||||||
decodedSize = (j * 3 + 3) / 4;
|
decodedSize = (j * 3 + 3) / 4;
|
||||||
|
|
||||||
|
// Verify that we are not going to overflow the uint32
|
||||||
|
if (decodedSize <= UINT32_MAX)
|
||||||
|
{
|
||||||
// Allocate buffer to hold the decoded data
|
// Allocate buffer to hold the decoded data
|
||||||
*ppData = malloc(decodedSize);
|
*ppData = malloc(decodedSize);
|
||||||
if (*ppData)
|
if (*ppData)
|
||||||
@ -265,9 +268,18 @@ DecodeData(
|
|||||||
DbgTrace(0, "-DecodeData- Buffer allocation failure\n", 0);
|
DbgTrace(0, "-DecodeData- Buffer allocation failure\n", 0);
|
||||||
|
|
||||||
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
||||||
CASA_FACILITY_PWTOKEN,
|
CASA_FACILITY_AUTHTOKEN,
|
||||||
CASA_STATUS_INSUFFICIENT_RESOURCES);
|
CASA_STATUS_INSUFFICIENT_RESOURCES);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
DbgTrace(0, "-DecodeData- Prevented uint32 overflow\n", 0);
|
||||||
|
|
||||||
|
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
||||||
|
CASA_FACILITY_AUTHTOKEN,
|
||||||
|
CASA_STATUS_UNSUCCESSFUL);
|
||||||
|
}
|
||||||
|
|
||||||
DbgTrace(3, "-DecodeData- End, retStatus = %0X\n", retStatus);
|
DbgTrace(3, "-DecodeData- End, retStatus = %0X\n", retStatus);
|
||||||
|
|
||||||
|
|||||||
@ -43,7 +43,7 @@ AuthTokenIf_GetAuthToken(
|
|||||||
IN const char *pHostName,
|
IN const char *pHostName,
|
||||||
IN void *pCredStoreScope,
|
IN void *pCredStoreScope,
|
||||||
INOUT char *pTokenBuf,
|
INOUT char *pTokenBuf,
|
||||||
INOUT int *pTokenBufLen)
|
INOUT uint32_t *pTokenBufLen)
|
||||||
//
|
//
|
||||||
// Arguments:
|
// Arguments:
|
||||||
// pIfInstance -
|
// pIfInstance -
|
||||||
@ -131,6 +131,9 @@ AuthTokenIf_GetAuthToken(
|
|||||||
else
|
else
|
||||||
{
|
{
|
||||||
DbgTrace(0, "-AuthTokenIf_GetAuthToken- Memory allocation failure\n", 0);
|
DbgTrace(0, "-AuthTokenIf_GetAuthToken- Memory allocation failure\n", 0);
|
||||||
|
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
||||||
|
CASA_FACILITY_KRB5TOKEN,
|
||||||
|
CASA_STATUS_INSUFFICIENT_RESOURCES);
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -180,12 +183,15 @@ AuthTokenIf_GetAuthToken(
|
|||||||
&expiry);
|
&expiry);
|
||||||
if (secStatus == SEC_E_OK)
|
if (secStatus == SEC_E_OK)
|
||||||
{
|
{
|
||||||
|
// Make sure that the token is not too large
|
||||||
|
if (sendTok.cbBuffer <= UINT32_MAX)
|
||||||
|
{
|
||||||
|
uint32_t encodedTokenLen;
|
||||||
char *pEncodedToken;
|
char *pEncodedToken;
|
||||||
int encodedTokenLen;
|
|
||||||
|
|
||||||
// The security context was initialized, now return it to the caller after base64 encoding it.
|
// The security context was initialized, now return it to the caller after base64 encoding it.
|
||||||
retStatus = EncodeData(sendTok.pvBuffer,
|
retStatus = EncodeData(sendTok.pvBuffer,
|
||||||
(const int) sendTok.cbBuffer,
|
(const uint32_t) sendTok.cbBuffer,
|
||||||
&pEncodedToken,
|
&pEncodedToken,
|
||||||
&encodedTokenLen);
|
&encodedTokenLen);
|
||||||
if (CASA_SUCCESS(retStatus))
|
if (CASA_SUCCESS(retStatus))
|
||||||
@ -215,6 +221,18 @@ AuthTokenIf_GetAuthToken(
|
|||||||
memset(pEncodedToken, 0, strlen(pEncodedToken));
|
memset(pEncodedToken, 0, strlen(pEncodedToken));
|
||||||
free(pEncodedToken);
|
free(pEncodedToken);
|
||||||
}
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
DbgTrace(1, "-AuthTokenIf_GetAuthToken- Encoding failed\n", 0);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
DbgTrace(0, "-AuthTokenIf_GetAuthToken- GSS Token too large\n", 0);
|
||||||
|
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
||||||
|
CASA_FACILITY_KRB5TOKEN,
|
||||||
|
CASA_STATUS_UNSUCCESSFUL);
|
||||||
|
}
|
||||||
|
|
||||||
// Delete the security context
|
// Delete the security context
|
||||||
DeleteSecurityContext(&hContext);
|
DeleteSecurityContext(&hContext);
|
||||||
|
|||||||
@ -87,7 +87,7 @@ GetUserCredentials(
|
|||||||
// Get the length of the realm string into the secret id structure
|
// Get the length of the realm string into the secret id structure
|
||||||
// and verify thatr it is not too long.
|
// and verify thatr it is not too long.
|
||||||
secretIdLen = sscs_Utf8Strlen(pRealm) + 1;
|
secretIdLen = sscs_Utf8Strlen(pRealm) + 1;
|
||||||
if (secretIdLen <= U32_MAX)
|
if (secretIdLen <= UINT32_MAX)
|
||||||
{
|
{
|
||||||
secretId.len = secretIdLen;
|
secretId.len = secretIdLen;
|
||||||
if (secretId.len <= NSSCS_MAX_SECRET_ID_LEN)
|
if (secretId.len <= NSSCS_MAX_SECRET_ID_LEN)
|
||||||
@ -219,7 +219,7 @@ AuthTokenIf_GetAuthToken(
|
|||||||
IN const char *pHostName,
|
IN const char *pHostName,
|
||||||
IN void *pCredStoreScope,
|
IN void *pCredStoreScope,
|
||||||
INOUT char *pTokenBuf,
|
INOUT char *pTokenBuf,
|
||||||
INOUT int *pTokenBufLen)
|
INOUT size_t *pTokenBufLen)
|
||||||
//
|
//
|
||||||
// Arguments:
|
// Arguments:
|
||||||
// pIfInstance -
|
// pIfInstance -
|
||||||
@ -299,6 +299,11 @@ AuthTokenIf_GetAuthToken(
|
|||||||
&pUsername,
|
&pUsername,
|
||||||
&pPassword);
|
&pPassword);
|
||||||
if (CASA_SUCCESS(retStatus))
|
if (CASA_SUCCESS(retStatus))
|
||||||
|
{
|
||||||
|
size_t tokenLen = strlen(pUsername) + 2 + strlen(pPassword) + 2 + 1;
|
||||||
|
|
||||||
|
// Make sure that the token is not too large
|
||||||
|
if (tokenLen <= UINT32_MAX)
|
||||||
{
|
{
|
||||||
// Now construct the PW token with the following format:
|
// Now construct the PW token with the following format:
|
||||||
// "username\r\n" + "password\r\n"
|
// "username\r\n" + "password\r\n"
|
||||||
@ -308,14 +313,14 @@ AuthTokenIf_GetAuthToken(
|
|||||||
if (pToken)
|
if (pToken)
|
||||||
{
|
{
|
||||||
char *pEncodedToken;
|
char *pEncodedToken;
|
||||||
int encodedTokenLen;
|
uint32_t encodedTokenLen;
|
||||||
|
|
||||||
// Now assemble the token
|
// Now assemble the token
|
||||||
sprintf(pToken, "%s\r\n%s\r\n", pUsername, pPassword);
|
sprintf(pToken, "%s\r\n%s\r\n", pUsername, pPassword);
|
||||||
|
|
||||||
// The token has been assembled, now encode it.
|
// The token has been assembled, now encode it.
|
||||||
retStatus = EncodeData(pToken,
|
retStatus = EncodeData(pToken,
|
||||||
(const int) strlen(pToken),
|
(const uint32_t) tokenLen,
|
||||||
&pEncodedToken,
|
&pEncodedToken,
|
||||||
&encodedTokenLen);
|
&encodedTokenLen);
|
||||||
if (CASA_SUCCESS(retStatus))
|
if (CASA_SUCCESS(retStatus))
|
||||||
@ -345,6 +350,10 @@ AuthTokenIf_GetAuthToken(
|
|||||||
memset(pEncodedToken, 0, strlen(pEncodedToken));
|
memset(pEncodedToken, 0, strlen(pEncodedToken));
|
||||||
free(pEncodedToken);
|
free(pEncodedToken);
|
||||||
}
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
DbgTrace(1, "-AuthTokenIf_GetAuthToken- Encoding failed\n", 0);
|
||||||
|
}
|
||||||
|
|
||||||
// Free the buffer allocated for the token after clearing it
|
// Free the buffer allocated for the token after clearing it
|
||||||
// to avoid leaving sensitive information behind.
|
// to avoid leaving sensitive information behind.
|
||||||
@ -358,6 +367,14 @@ AuthTokenIf_GetAuthToken(
|
|||||||
CASA_FACILITY_PWTOKEN,
|
CASA_FACILITY_PWTOKEN,
|
||||||
CASA_STATUS_INSUFFICIENT_RESOURCES);
|
CASA_STATUS_INSUFFICIENT_RESOURCES);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
DbgTrace(0, "-AuthTokenIf_GetAuthToken- Token too large\n", 0);
|
||||||
|
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
||||||
|
CASA_FACILITY_KRB5TOKEN,
|
||||||
|
CASA_STATUS_UNSUCCESSFUL);
|
||||||
|
}
|
||||||
|
|
||||||
// Free allocated buffers after clearing memory holding the password
|
// Free allocated buffers after clearing memory holding the password
|
||||||
free(pUsername);
|
free(pUsername);
|
||||||
|
|||||||
@ -37,10 +37,6 @@
|
|||||||
|
|
||||||
//===[ Type definitions ]==================================================
|
//===[ Type definitions ]==================================================
|
||||||
|
|
||||||
#ifndef U32_MAX
|
|
||||||
#define U32_MAX (~(uint32_t)0)
|
|
||||||
#endif
|
|
||||||
|
|
||||||
//===[ Inlines functions ]===============================================
|
//===[ Inlines functions ]===============================================
|
||||||
|
|
||||||
//===[ Function prototypes ]===============================================
|
//===[ Function prototypes ]===============================================
|
||||||
@ -66,7 +62,7 @@ AuthTokenIf_GetAuthToken(
|
|||||||
IN const char *pHostName,
|
IN const char *pHostName,
|
||||||
IN void *pCredStoreScope,
|
IN void *pCredStoreScope,
|
||||||
INOUT char *pTokenBuf,
|
INOUT char *pTokenBuf,
|
||||||
INOUT int *pTokenBufLen);
|
INOUT size_t *pTokenBufLen);
|
||||||
|
|
||||||
//
|
//
|
||||||
// Defined in utils.c
|
// Defined in utils.c
|
||||||
@ -76,17 +72,17 @@ extern
|
|||||||
CasaStatus
|
CasaStatus
|
||||||
EncodeData(
|
EncodeData(
|
||||||
IN const void *pData,
|
IN const void *pData,
|
||||||
IN const int32_t dataLen,
|
IN const uint32_t dataLen,
|
||||||
INOUT char **ppEncodedData,
|
INOUT char **ppEncodedData,
|
||||||
INOUT int32_t *pEncodedDataLen);
|
INOUT uint32_t *pEncodedDataLen);
|
||||||
|
|
||||||
extern
|
extern
|
||||||
CasaStatus
|
CasaStatus
|
||||||
DecodeData(
|
DecodeData(
|
||||||
IN const char *pEncodedData,
|
IN const char *pEncodedData,
|
||||||
IN const int32_t encodedDataLen, // Does not include NULL terminator
|
IN const uint32_t encodedDataLen, // Does not include NULL terminator
|
||||||
INOUT void **ppData,
|
INOUT void **ppData,
|
||||||
INOUT int32_t *pDataLen);
|
INOUT uint32_t *pDataLen);
|
||||||
|
|
||||||
extern
|
extern
|
||||||
int
|
int
|
||||||
|
|||||||
@ -65,9 +65,9 @@ static const uint8_t g_Expand64[256] =
|
|||||||
CasaStatus
|
CasaStatus
|
||||||
EncodeData(
|
EncodeData(
|
||||||
IN const void *pData,
|
IN const void *pData,
|
||||||
IN const int32_t dataLen,
|
IN const uint32_t dataLen,
|
||||||
INOUT char **ppEncodedData,
|
INOUT char **ppEncodedData,
|
||||||
INOUT int32_t *pEncodedDataLen)
|
INOUT uint32_t *pEncodedDataLen)
|
||||||
//
|
//
|
||||||
// Arguments:
|
// Arguments:
|
||||||
//
|
//
|
||||||
@ -150,9 +150,9 @@ EncodeData(
|
|||||||
CasaStatus
|
CasaStatus
|
||||||
DecodeData(
|
DecodeData(
|
||||||
IN const char *pEncodedData,
|
IN const char *pEncodedData,
|
||||||
IN const int32_t encodedDataLen, // Does not include NULL terminator
|
IN const uint32_t encodedDataLen, // Does not include NULL terminator
|
||||||
INOUT void **ppData,
|
INOUT void **ppData,
|
||||||
INOUT int32_t *pDataLen)
|
INOUT uint32_t *pDataLen)
|
||||||
//
|
//
|
||||||
// Arguments:
|
// Arguments:
|
||||||
//
|
//
|
||||||
@ -164,8 +164,8 @@ DecodeData(
|
|||||||
//=======================================================================--
|
//=======================================================================--
|
||||||
{
|
{
|
||||||
CasaStatus retStatus;
|
CasaStatus retStatus;
|
||||||
int i, j;
|
uint32_t i, j;
|
||||||
int decodedSize;
|
size_t decodedSize;
|
||||||
|
|
||||||
DbgTrace(3, "-DecodeData- Start\n", 0);
|
DbgTrace(3, "-DecodeData- Start\n", 0);
|
||||||
|
|
||||||
@ -175,6 +175,9 @@ DecodeData(
|
|||||||
j++;
|
j++;
|
||||||
decodedSize = (j * 3 + 3) / 4;
|
decodedSize = (j * 3 + 3) / 4;
|
||||||
|
|
||||||
|
// Verify that we are not going to overflow the uint32
|
||||||
|
if (decodedSize <= UINT32_MAX)
|
||||||
|
{
|
||||||
// Allocate buffer to hold the decoded data
|
// Allocate buffer to hold the decoded data
|
||||||
*ppData = malloc(decodedSize);
|
*ppData = malloc(decodedSize);
|
||||||
if (*ppData)
|
if (*ppData)
|
||||||
@ -265,9 +268,18 @@ DecodeData(
|
|||||||
DbgTrace(0, "-DecodeData- Buffer allocation failure\n", 0);
|
DbgTrace(0, "-DecodeData- Buffer allocation failure\n", 0);
|
||||||
|
|
||||||
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
||||||
CASA_FACILITY_PWTOKEN,
|
CASA_FACILITY_AUTHTOKEN,
|
||||||
CASA_STATUS_INSUFFICIENT_RESOURCES);
|
CASA_STATUS_INSUFFICIENT_RESOURCES);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
DbgTrace(0, "-DecodeData- Prevented uint32 overflow\n", 0);
|
||||||
|
|
||||||
|
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
||||||
|
CASA_FACILITY_AUTHTOKEN,
|
||||||
|
CASA_STATUS_UNSUCCESSFUL);
|
||||||
|
}
|
||||||
|
|
||||||
DbgTrace(3, "-DecodeData- End, retStatus = %0X\n", retStatus);
|
DbgTrace(3, "-DecodeData- End, retStatus = %0X\n", retStatus);
|
||||||
|
|
||||||
|
|||||||
@ -62,9 +62,9 @@ static const uint8_t g_Expand64[256] =
|
|||||||
CasaStatus
|
CasaStatus
|
||||||
EncodeData(
|
EncodeData(
|
||||||
IN const void *pData,
|
IN const void *pData,
|
||||||
IN const int32_t dataLen,
|
IN const uint32_t dataLen,
|
||||||
INOUT char **ppEncodedData,
|
INOUT char **ppEncodedData,
|
||||||
INOUT int32_t *pEncodedDataLen)
|
INOUT uint32_t *pEncodedDataLen)
|
||||||
//
|
//
|
||||||
// Arguments:
|
// Arguments:
|
||||||
//
|
//
|
||||||
@ -147,9 +147,9 @@ EncodeData(
|
|||||||
CasaStatus
|
CasaStatus
|
||||||
DecodeData(
|
DecodeData(
|
||||||
IN const char *pEncodedData,
|
IN const char *pEncodedData,
|
||||||
IN const int32_t encodedDataLen, // Does not include NULL terminator
|
IN const uint32_t encodedDataLen, // Does not include NULL terminator
|
||||||
INOUT void **ppData,
|
INOUT void **ppData,
|
||||||
INOUT int32_t *pDataLen)
|
INOUT uint32_t *pDataLen)
|
||||||
//
|
//
|
||||||
// Arguments:
|
// Arguments:
|
||||||
//
|
//
|
||||||
@ -161,8 +161,8 @@ DecodeData(
|
|||||||
//=======================================================================--
|
//=======================================================================--
|
||||||
{
|
{
|
||||||
CasaStatus retStatus;
|
CasaStatus retStatus;
|
||||||
int i, j;
|
uint32_t i, j;
|
||||||
int decodedSize;
|
size_t decodedSize;
|
||||||
|
|
||||||
DbgTrace(3, "-DecodeData- Start\n", 0);
|
DbgTrace(3, "-DecodeData- Start\n", 0);
|
||||||
|
|
||||||
@ -172,6 +172,9 @@ DecodeData(
|
|||||||
j++;
|
j++;
|
||||||
decodedSize = (j * 3 + 3) / 4;
|
decodedSize = (j * 3 + 3) / 4;
|
||||||
|
|
||||||
|
// Verify that we are not going to overflow the uint32
|
||||||
|
if (decodedSize <= UINT32_MAX)
|
||||||
|
{
|
||||||
// Allocate buffer to hold the decoded data
|
// Allocate buffer to hold the decoded data
|
||||||
*ppData = malloc(decodedSize);
|
*ppData = malloc(decodedSize);
|
||||||
if (*ppData)
|
if (*ppData)
|
||||||
@ -265,6 +268,15 @@ DecodeData(
|
|||||||
CASA_FACILITY_AUTHTOKEN,
|
CASA_FACILITY_AUTHTOKEN,
|
||||||
CASA_STATUS_INSUFFICIENT_RESOURCES);
|
CASA_STATUS_INSUFFICIENT_RESOURCES);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
DbgTrace(0, "-DecodeData- Prevented uint32 overflow\n", 0);
|
||||||
|
|
||||||
|
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
||||||
|
CASA_FACILITY_AUTHTOKEN,
|
||||||
|
CASA_STATUS_UNSUCCESSFUL);
|
||||||
|
}
|
||||||
|
|
||||||
DbgTrace(3, "-DecodeData- End, retStatus = %0X\n", retStatus);
|
DbgTrace(3, "-DecodeData- End, retStatus = %0X\n", retStatus);
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user