geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

More changes to resolve issues brought up during the security

Browse Source 
review of the code.
This commit is contained in:
Juan Carlos Luciani 2007-02-06 22:09:00 +00:00
parent 8719ce2410
commit 51ffdf0702
16 changed files with 550 additions and 427 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CASA-auth-token/client/library/authmech.c
View File

@ -279,8 +279,8 @@ GetAuthMechToken(
&pAuthTokenIf); &pAuthTokenIf);
if (CASA_SUCCESS(retStatus)) if (CASA_SUCCESS(retStatus))
{ {
char *pAuthToken = NULL; char *pAuthToken = NULL;
int authTokenBufLen = 0; uint32_t authTokenBufLen = 0;
// We found a provider for the service, query it for the buffer size // We found a provider for the service, query it for the buffer size
// needed to obtain the authentication token. // needed to obtain the authentication token.

24
CASA-auth-token/client/library/authmsg.c
View File

@ -60,11 +60,11 @@ typedef struct _AuthRespParse
{ {
XML_Parser p; XML_Parser p;
int state; int state;
int elementDataProcessed; size_t elementDataProcessed;
char *pStatusData; char *pStatusData;
int statusDataLen; size_t statusDataLen;
char *pLifetimeData; char *pLifetimeData;
int lifetimeDataLen; size_t lifetimeDataLen;
AuthenticateResp *pAuthenticateResp; AuthenticateResp *pAuthenticateResp;
CasaStatus status; CasaStatus status;
@ -305,7 +305,7 @@ ConsumeElementData(
IN const XML_Char *s, IN const XML_Char *s,
IN int len, IN int len,
INOUT char **ppElementData, INOUT char **ppElementData,
INOUT int *pElementDataLen) INOUT size_t *pElementDataLen)
// //
// Arguments: // Arguments:
// //
@ -352,7 +352,7 @@ ConsumeElementData(
char *pNewBuf; char *pNewBuf;
// We have already received token data, append this data to it. // We have already received token data, append this data to it.
pNewBuf = (char*) malloc(pAuthRespParse->elementDataProcessed + len + 1); pNewBuf = (char*) malloc((size_t)(pAuthRespParse->elementDataProcessed + len + 1));
if (pNewBuf) if (pNewBuf)
{ {
memset(pNewBuf, memset(pNewBuf,
@ -714,6 +714,16 @@ CreateAuthenticateResp(
* *
*/ */
// Verify that the response is not too large for the parser
if (respLen > INT_MAX)
{
DbgTrace(0, "-CreateAuthenticateResp- Response too large\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_INFORMATIONAL,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_UNSUCCESSFUL);
goto exit;
}
// Allocate AuthenticateResp object // Allocate AuthenticateResp object
pAuthenticateResp = malloc(sizeof(*pAuthenticateResp)); pAuthenticateResp = malloc(sizeof(*pAuthenticateResp));
if (pAuthenticateResp) if (pAuthenticateResp)
@ -748,7 +758,7 @@ CreateAuthenticateResp(
XML_SetUserData(p, &authRespParse); XML_SetUserData(p, &authRespParse);
// Parse the document // Parse the document
if (XML_Parse(p, pRespMsg, respLen, 1) == XML_STATUS_OK) if (XML_Parse(p, pRespMsg, (int) respLen, 1) == XML_STATUS_OK)
{ {
// Verify that the parse operation completed successfully // Verify that the parse operation completed successfully
if (authRespParse.state == DONE_PARSING) if (authRespParse.state == DONE_PARSING)
@ -818,6 +828,8 @@ CreateAuthenticateResp(
CASA_STATUS_INSUFFICIENT_RESOURCES); CASA_STATUS_INSUFFICIENT_RESOURCES);
} }
exit:
DbgTrace(1, "-CreateAuthenticateResp- End, retStatus = %08X\n", retStatus); DbgTrace(1, "-CreateAuthenticateResp- End, retStatus = %08X\n", retStatus);
return retStatus; return retStatus;

24
CASA-auth-token/client/library/authpolicy.c
View File

@ -57,7 +57,7 @@ typedef struct _AuthPolicyParse
{ {
XML_Parser p; XML_Parser p;
int state; int state;
int elementDataProcessed; size_t elementDataProcessed;
AuthPolicy *pAuthPolicy; AuthPolicy *pAuthPolicy;
CasaStatus status; CasaStatus status;
@ -206,7 +206,7 @@ ConsumeElementData(
IN const XML_Char *s, IN const XML_Char *s,
IN int len, IN int len,
INOUT char **ppElementData, INOUT char **ppElementData,
INOUT int *pElementDataLen) INOUT size_t *pElementDataLen)
// //
// Arguments: // Arguments:
// //
@ -253,7 +253,7 @@ ConsumeElementData(
char *pNewBuf; char *pNewBuf;
// We have already received token data, append this data to it. // We have already received token data, append this data to it.
pNewBuf = (char*) malloc(pAuthPolicyParse->elementDataProcessed + len + 1); pNewBuf = (char*) malloc((size_t)(pAuthPolicyParse->elementDataProcessed + len + 1));
if (pNewBuf) if (pNewBuf)
{ {
memset(pNewBuf, memset(pNewBuf,
@ -558,7 +558,7 @@ AuthPolicyEndElementHandler(
CasaStatus CasaStatus
CreateAuthPolicy( CreateAuthPolicy(
IN char *pEncodedData, IN char *pEncodedData,
IN int encodedDataLen, IN size_t encodedDataLen,
INOUT AuthPolicy **ppAuthPolicy) INOUT AuthPolicy **ppAuthPolicy)
// //
// Arguments: // Arguments:
@ -576,7 +576,7 @@ CreateAuthPolicy(
AuthPolicy *pAuthPolicy = NULL; AuthPolicy *pAuthPolicy = NULL;
AuthPolicyParse authPolicyParse = {0}; AuthPolicyParse authPolicyParse = {0};
char *pData = NULL; char *pData = NULL;
int dataLen = 0; uint32_t dataLen = 0;
DbgTrace(1, "-CreateAuthPolicy- Start\n", 0); DbgTrace(1, "-CreateAuthPolicy- Start\n", 0);
@ -623,6 +623,16 @@ CreateAuthPolicy(
* *
*/ */
// Verify that the encoded data length is not too large
if (encodedDataLen > UINT32_MAX)
{
DbgTrace(0, "-CreateAuthPolicy- Encoded data length too large\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_UNSUCCESSFUL);
goto exit;
}
// Initialize output parameter // Initialize output parameter
*ppAuthPolicy = NULL; *ppAuthPolicy = NULL;
@ -668,7 +678,7 @@ CreateAuthPolicy(
XML_SetUserData(p, &authPolicyParse); XML_SetUserData(p, &authPolicyParse);
// Parse the document // Parse the document
if (XML_Parse(p, pData, dataLen, 1) == XML_STATUS_OK) if (XML_Parse(p, pData, (int) dataLen, 1) == XML_STATUS_OK)
{ {
// Verify that the parse operation completed successfully // Verify that the parse operation completed successfully
if (authPolicyParse.state == DONE_PARSING) if (authPolicyParse.state == DONE_PARSING)
@ -736,6 +746,8 @@ CreateAuthPolicy(
if (pData) if (pData)
free(pData); free(pData);
exit:
DbgTrace(1, "-CreateAuthPolicy- End, retStatus = %08X\n", retStatus); DbgTrace(1, "-CreateAuthPolicy- End, retStatus = %08X\n", retStatus);
return retStatus; return retStatus;

12
CASA-auth-token/client/library/cache.c
View File

@ -96,7 +96,7 @@ CreateAuthTokenCacheEntry(
wrapperEntrySize = tokenSize + sizeof(WrapperAuthCacheEntry); wrapperEntrySize = tokenSize + sizeof(WrapperAuthCacheEntry);
// Verify that entrySize will not overflow // Verify that entrySize will not overflow
if ((tokenSize + sizeof(AuthCacheEntry)) <= U32_MAX) if ((tokenSize + sizeof(AuthCacheEntry)) <= UINT32_MAX)
{ {
entrySize = tokenSize + sizeof(AuthCacheEntry); entrySize = tokenSize + sizeof(AuthCacheEntry);
@ -142,7 +142,7 @@ CreateAuthTokenCacheEntry(
groupOrHostNameStrLen = strlen(pGroupOrHostName); groupOrHostNameStrLen = strlen(pGroupOrHostName);
// Verify that keySize will not overflow // Verify that keySize will not overflow
if ((cacheKeyStrLen + groupOrHostNameStrLen + 2) <= U32_MAX) if ((cacheKeyStrLen + groupOrHostNameStrLen + 2) <= UINT32_MAX)
{ {
keySize = (uint32_t) (cacheKeyStrLen + groupOrHostNameStrLen + 2); keySize = (uint32_t) (cacheKeyStrLen + groupOrHostNameStrLen + 2);
@ -239,7 +239,7 @@ CreateSessionTokenCacheEntry(
wrapperEntrySize = tokenSize + sizeof(WrapperAuthCacheEntry); wrapperEntrySize = tokenSize + sizeof(WrapperAuthCacheEntry);
// Verify that entrySize will not overflow // Verify that entrySize will not overflow
if ((tokenSize + sizeof(AuthCacheEntry)) <= U32_MAX) if ((tokenSize + sizeof(AuthCacheEntry)) <= UINT32_MAX)
{ {
entrySize = tokenSize + sizeof(AuthCacheEntry); entrySize = tokenSize + sizeof(AuthCacheEntry);
@ -284,7 +284,7 @@ CreateSessionTokenCacheEntry(
cacheKeyStrLen = strlen(pCacheKey) + 1; cacheKeyStrLen = strlen(pCacheKey) + 1;
// Verify that the cacheKeyStrLen can be casted to a uint32_t // Verify that the cacheKeyStrLen can be casted to a uint32_t
if (cacheKeyStrLen <= U32_MAX) if (cacheKeyStrLen <= UINT32_MAX)
{ {
miCasaStatus = miCASAWriteBinaryKey(g_hCASAContext, miCasaStatus = miCASAWriteBinaryKey(g_hCASAContext,
0, 0,
@ -455,7 +455,7 @@ FindSessionTokenEntryInCache(
cacheKeyStrLen = strlen(pCacheKey) + 1; cacheKeyStrLen = strlen(pCacheKey) + 1;
// Verify that the cacheKeyStrLen can be casted to a uint32_t // Verify that the cacheKeyStrLen can be casted to a uint32_t
if (cacheKeyStrLen <= U32_MAX) if (cacheKeyStrLen <= UINT32_MAX)
{ {
miCasaStatus = miCASAReadBinaryKey(g_hCASAContext, miCasaStatus = miCASAReadBinaryKey(g_hCASAContext,
0, 0,
@ -569,7 +569,7 @@ FindAuthTokenEntryInCache(
groupOrHostNameStrLen = strlen(pGroupOrHostName); groupOrHostNameStrLen = strlen(pGroupOrHostName);
// Verify that keySize will not overflow // Verify that keySize will not overflow
if ((cacheKeyStrLen + groupOrHostNameStrLen + 2) <= U32_MAX) if ((cacheKeyStrLen + groupOrHostNameStrLen + 2) <= UINT32_MAX)
{ {
keySize = (uint32_t) (cacheKeyStrLen + groupOrHostNameStrLen + 2); keySize = (uint32_t) (cacheKeyStrLen + groupOrHostNameStrLen + 2);

22
CASA-auth-token/client/library/getpolicymsg.c
View File

@ -55,9 +55,9 @@ typedef struct _GetAuthPolicyRespParse
{ {
XML_Parser p; XML_Parser p;
int state; int state;
int elementDataProcessed; size_t elementDataProcessed;
char *pStatusData; char *pStatusData;
int statusDataLen; size_t statusDataLen;
GetAuthPolicyResp *pGetAuthPolicyResp; GetAuthPolicyResp *pGetAuthPolicyResp;
CasaStatus status; CasaStatus status;
@ -269,7 +269,7 @@ ConsumeElementData(
IN const XML_Char *s, IN const XML_Char *s,
IN int len, IN int len,
INOUT char **ppElementData, INOUT char **ppElementData,
INOUT int *pElementDataLen) INOUT size_t *pElementDataLen)
// //
// Arguments: // Arguments:
// //
@ -316,7 +316,7 @@ ConsumeElementData(
char *pNewBuf; char *pNewBuf;
// We have already received token data, append this data to it. // We have already received token data, append this data to it.
pNewBuf = (char*) malloc(pGetAuthPolicyRespParse->elementDataProcessed + len + 1); pNewBuf = (char*) malloc((size_t)(pGetAuthPolicyRespParse->elementDataProcessed + len + 1));
if (pNewBuf) if (pNewBuf)
{ {
memset(pNewBuf, memset(pNewBuf,
@ -590,7 +590,7 @@ GetAuthPolicyRespEndElementHandler(
CasaStatus CasaStatus
CreateGetAuthPolicyResp( CreateGetAuthPolicyResp(
IN char *pRespMsg, IN char *pRespMsg,
IN int respLen, IN size_t respLen,
INOUT GetAuthPolicyResp **ppGetAuthPolicyResp) INOUT GetAuthPolicyResp **ppGetAuthPolicyResp)
// //
// Arguments: // Arguments:
@ -634,6 +634,16 @@ CreateGetAuthPolicyResp(
* *
*/ */
// Verify that the response is not too large for the parser
if (respLen > INT_MAX)
{
DbgTrace(0, "-CreateGetAuthPolicyResp- Response too large\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_INFORMATIONAL,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_UNSUCCESSFUL);
goto exit;
}
// Allocate GetAuthPolicyResp object // Allocate GetAuthPolicyResp object
pGetAuthPolicyResp = malloc(sizeof(*pGetAuthPolicyResp)); pGetAuthPolicyResp = malloc(sizeof(*pGetAuthPolicyResp));
if (pGetAuthPolicyResp) if (pGetAuthPolicyResp)
@ -734,6 +744,8 @@ CreateGetAuthPolicyResp(
CASA_STATUS_INSUFFICIENT_RESOURCES); CASA_STATUS_INSUFFICIENT_RESOURCES);
} }
exit:
DbgTrace(1, "-CreateGetAuthPolicyResp- End, retStatus = %08X\n", retStatus); DbgTrace(1, "-CreateGetAuthPolicyResp- End, retStatus = %08X\n", retStatus);
return retStatus; return retStatus;

27
CASA-auth-token/client/library/gettokenmsg.c
View File

@ -55,11 +55,11 @@ typedef struct _GetAuthTokenRespParse
{ {
XML_Parser p; XML_Parser p;
int state; int state;
int elementDataProcessed; size_t elementDataProcessed;
char *pStatusData; char *pStatusData;
int statusDataLen; size_t statusDataLen;
char *pLifetimeData; char *pLifetimeData;
int lifetimeDataLen; size_t lifetimeDataLen;
GetAuthTokenResp *pGetAuthTokenResp; GetAuthTokenResp *pGetAuthTokenResp;
CasaStatus status; CasaStatus status;
@ -302,7 +302,7 @@ ConsumeElementData(
IN const XML_Char *s, IN const XML_Char *s,
IN int len, IN int len,
INOUT char **ppElementData, INOUT char **ppElementData,
INOUT int *pElementDataLen) INOUT size_t *pElementDataLen)
// //
// Arguments: // Arguments:
// //
@ -349,7 +349,7 @@ ConsumeElementData(
char *pNewBuf; char *pNewBuf;
// We have already received token data, append this data to it. // We have already received token data, append this data to it.
pNewBuf = (char*) malloc(pGetAuthTokenRespParse->elementDataProcessed + len + 1); pNewBuf = (char*) malloc((size_t)(pGetAuthTokenRespParse->elementDataProcessed + len + 1));
if (pNewBuf) if (pNewBuf)
{ {
memset(pNewBuf, memset(pNewBuf,
@ -657,7 +657,7 @@ GetAuthTokenRespEndElementHandler(
CasaStatus CasaStatus
CreateGetAuthTokenResp( CreateGetAuthTokenResp(
IN char *pRespMsg, IN char *pRespMsg,
IN int respLen, IN size_t respLen,
INOUT GetAuthTokenResp **ppGetAuthTokenResp) INOUT GetAuthTokenResp **ppGetAuthTokenResp)
// //
// Arguments: // Arguments:
@ -701,6 +701,16 @@ CreateGetAuthTokenResp(
* *
*/ */
// Verify that the response is not too large for the parser
if (respLen > INT_MAX)
{
DbgTrace(0, "-CreateGetAuthTokenResp- Response too large\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_INFORMATIONAL,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_UNSUCCESSFUL);
goto exit;
}
// Allocate GetAuthTokenResp object // Allocate GetAuthTokenResp object
pGetAuthTokenResp = malloc(sizeof(*pGetAuthTokenResp)); pGetAuthTokenResp = malloc(sizeof(*pGetAuthTokenResp));
if (pGetAuthTokenResp) if (pGetAuthTokenResp)
@ -734,7 +744,7 @@ CreateGetAuthTokenResp(
XML_SetUserData(p, &getAuthTokenRespParse); XML_SetUserData(p, &getAuthTokenRespParse);
// Parse the document // Parse the document
if (XML_Parse(p, pRespMsg, respLen, 1) == XML_STATUS_OK) if (XML_Parse(p, pRespMsg, (int) respLen, 1) == XML_STATUS_OK)
{ {
// Verify that the parse operation completed successfully // Verify that the parse operation completed successfully
if (getAuthTokenRespParse.state == DONE_PARSING) if (getAuthTokenRespParse.state == DONE_PARSING)
@ -803,6 +813,9 @@ CreateGetAuthTokenResp(
CASA_FACILITY_AUTHTOKEN, CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES); CASA_STATUS_INSUFFICIENT_RESOURCES);
} }
exit:
DbgTrace(1, "-CreateGetAuthTokenResp- End, retStatus = %08X\n", retStatus); DbgTrace(1, "-CreateGetAuthTokenResp- End, retStatus = %08X\n", retStatus);
return retStatus; return retStatus;

40
CASA-auth-token/client/library/internal.h
View File

@ -41,10 +41,6 @@
#define MAX_RPC_REPLY_SZ (256 * 1024) #define MAX_RPC_REPLY_SZ (256 * 1024)
#ifndef U32_MAX
#define U32_MAX (~(uint32_t)0)
#endif
// //
// Authentication Context structure // Authentication Context structure
// //
@ -52,11 +48,11 @@ typedef struct _AuthContext
{ {
LIST_ENTRY listEntry; LIST_ENTRY listEntry;
char *pContext; char *pContext;
int contextLen; size_t contextLen;
char *pMechanism; char *pMechanism;
int mechanismLen; size_t mechanismLen;
char *pMechInfo; char *pMechInfo;
int mechInfoLen; size_t mechInfoLen;
} AuthContext, *PAuthContext; } AuthContext, *PAuthContext;
@ -74,8 +70,8 @@ typedef struct _AuthPolicy
// //
typedef struct _GetAuthPolicyResp typedef struct _GetAuthPolicyResp
{ {
char *pPolicy; char *pPolicy;
int policyLen; size_t policyLen;
} GetAuthPolicyResp, *PGetAuthPolicyResp; } GetAuthPolicyResp, *PGetAuthPolicyResp;
@ -84,9 +80,9 @@ typedef struct _GetAuthPolicyResp
// //
typedef struct _GetAuthTokenResp typedef struct _GetAuthTokenResp
{ {
char *pToken; char *pToken;
int tokenLen; size_t tokenLen;
int tokenLifetime; int tokenLifetime;
} GetAuthTokenResp, *PGetAuthTokenResp; } GetAuthTokenResp, *PGetAuthTokenResp;
@ -95,9 +91,9 @@ typedef struct _GetAuthTokenResp
// //
typedef struct _AuthenticateResp typedef struct _AuthenticateResp
{ {
char *pToken; char *pToken;
int tokenLen; size_t tokenLen;
int tokenLifetime; int tokenLifetime;
} AuthenticateResp, *PAuthenticateResp; } AuthenticateResp, *PAuthenticateResp;
@ -177,7 +173,7 @@ extern
CasaStatus CasaStatus
CreateGetAuthPolicyResp( CreateGetAuthPolicyResp(
IN char *pRespMsg, IN char *pRespMsg,
IN int respLen, IN size_t respLen,
INOUT GetAuthPolicyResp **ppGetAuthPolicyResp); INOUT GetAuthPolicyResp **ppGetAuthPolicyResp);
extern extern
@ -202,7 +198,7 @@ extern
CasaStatus CasaStatus
CreateAuthPolicy( CreateAuthPolicy(
IN char *pEncodedData, IN char *pEncodedData,
IN int encodedDataLen, IN size_t encodedDataLen,
INOUT AuthPolicy **ppAuthPolicy); INOUT AuthPolicy **ppAuthPolicy);
extern extern
@ -247,7 +243,7 @@ extern
CasaStatus CasaStatus
CreateGetAuthTokenResp( CreateGetAuthTokenResp(
IN char *pRespMsg, IN char *pRespMsg,
IN int respLen, IN size_t respLen,
INOUT GetAuthTokenResp **ppGetAuthTokenResp); INOUT GetAuthTokenResp **ppGetAuthTokenResp);
extern extern
@ -425,17 +421,17 @@ extern
CasaStatus CasaStatus
EncodeData( EncodeData(
IN const void *pData, IN const void *pData,
IN const int32_t dataLen, IN const uint32_t dataLen,
INOUT char **ppEncodedData, INOUT char **ppEncodedData,
INOUT int32_t *pEncodedDataLen); INOUT uint32_t *pEncodedDataLen);
extern extern
CasaStatus CasaStatus
DecodeData( DecodeData(
IN const char *pEncodedData, IN const char *pEncodedData,
IN const int32_t encodedDataLen, // Does not include NULL terminator IN const uint32_t encodedDataLen, // Does not include NULL terminator
INOUT void **ppData, INOUT void **ppData,
INOUT int32_t *pDataLen); INOUT uint32_t *pDataLen);
extern extern
int int

2
CASA-auth-token/client/library/mech_if.h
View File

@ -91,7 +91,7 @@ CasaStatus
IN const char *pHostName, IN const char *pHostName,
IN void *pCredStoreScope, IN void *pCredStoreScope,
INOUT char *pTokenBuf, INOUT char *pTokenBuf,
INOUT int *pTokenBufLen); INOUT uint32_t *pTokenBufLen);
// //
// Arguments: // Arguments:
// pIfInstance - // pIfInstance -

10
CASA-auth-token/client/library/mechanisms/krb5/internal.h
View File

@ -60,7 +60,7 @@ AuthTokenIf_GetAuthToken(
IN const char *pHostName, IN const char *pHostName,
IN void *pCredStoreScope, IN void *pCredStoreScope,
INOUT char *pTokenBuf, INOUT char *pTokenBuf,
INOUT int *pTokenBufLen); INOUT size_t *pTokenBufLen);
extern extern
int int
@ -74,17 +74,17 @@ extern
CasaStatus CasaStatus
EncodeData( EncodeData(
IN const void *pData, IN const void *pData,
IN const int32_t dataLen, IN const uint32_t dataLen,
INOUT char **ppEncodedData, INOUT char **ppEncodedData,
INOUT int32_t *pEncodedDataLen); INOUT uint32_t *pEncodedDataLen);
extern extern
CasaStatus CasaStatus
DecodeData( DecodeData(
IN const char *pEncodedData, IN const char *pEncodedData,
IN const int32_t encodedDataLen, // Does not include NULL terminator IN const uint32_t encodedDataLen, // Does not include NULL terminator
INOUT void **ppData, INOUT void **ppData,
INOUT int32_t *pDataLen); INOUT uint32_t *pDataLen);
extern extern
int int

75
CASA-auth-token/client/library/mechanisms/krb5/linux/get.c
View File

@ -129,7 +129,7 @@ AuthTokenIf_GetAuthToken(
IN const char *pHostName, IN const char *pHostName,
IN void *pCredStoreScope, IN void *pCredStoreScope,
INOUT char *pTokenBuf, INOUT char *pTokenBuf,
INOUT int *pTokenBufLen) INOUT uint32_t *pTokenBufLen)
// //
// Arguments: // Arguments:
// pIfInstance - // pIfInstance -
@ -186,7 +186,7 @@ AuthTokenIf_GetAuthToken(
//=======================================================================-- //=======================================================================--
{ {
CasaStatus retStatus; CasaStatus retStatus;
char const *pKrbServiceName = pMechInfo; char *pKrbServiceName = (char*) pMechInfo;
OM_uint32 gssMajStat; OM_uint32 gssMajStat;
OM_uint32 gssMinStat; OM_uint32 gssMinStat;
gss_buffer_desc gssBuffer; gss_buffer_desc gssBuffer;
@ -272,45 +272,56 @@ AuthTokenIf_GetAuthToken(
if (gssMajStat == GSS_S_COMPLETE if (gssMajStat == GSS_S_COMPLETE
&& gssSendToken.length != 0) && gssSendToken.length != 0)
{ {
char *pEncodedToken; // Make sure that the token is not too large
int encodedTokenLen; if (gssSendToken.length <= UINT32_MAX)
// The security context was initialized, now return the token to the
// caller after base64 encoding it.
retStatus = EncodeData(gssSendToken.value,
gssSendToken.length,
&pEncodedToken,
&encodedTokenLen);
if (CASA_SUCCESS(retStatus))
{ {
// Verify that the caller provided a buffer that is big enough char *pEncodedToken;
if (encodedTokenLen > *pTokenBufLen) uint32_t encodedTokenLen;
{
// At least one of the supplied buffers is not big enough
DbgTrace(1, "-AuthTokenIf_GetAuthToken- Insufficient buffer space provided\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, // The security context was initialized, now return the token to the
CASA_FACILITY_KRB5TOKEN, // caller after base64 encoding it.
CASA_STATUS_BUFFER_OVERFLOW); retStatus = EncodeData(gssSendToken.value,
gssSendToken.length,
&pEncodedToken,
&encodedTokenLen);
if (CASA_SUCCESS(retStatus))
{
// Verify that the caller provided a buffer that is big enough
if (encodedTokenLen > *pTokenBufLen)
{
// At least one of the supplied buffers is not big enough
DbgTrace(1, "-AuthTokenIf_GetAuthToken- Insufficient buffer space provided\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_KRB5TOKEN,
CASA_STATUS_BUFFER_OVERFLOW);
}
else
{
// The buffer provided is large enough, copy the data and return the actual size.
memcpy((void*) pTokenBuf, pEncodedToken, encodedTokenLen);
// Success
retStatus = CASA_STATUS_SUCCESS;
}
// Return the actual size or the size required
*pTokenBufLen = encodedTokenLen;
// Free the buffer containing the encoded token
free(pEncodedToken);
} }
else else
{ {
// The buffer provided is large enough, copy the data and return the actual size. DbgTrace(1, "-AuthTokenIf_GetAuthToken- Encoding failed\n", 0);
memcpy((void*) pTokenBuf, pEncodedToken, encodedTokenLen);
// Success
retStatus = CASA_STATUS_SUCCESS;
} }
// Return the actual size or the size required
*pTokenBufLen = encodedTokenLen;
// Free the buffer containing the encoded token
free(pEncodedToken);
} }
else else
{ {
DbgTrace(1, "-AuthTokenIf_GetAuthToken- Encoding failed\n", 0); DbgTrace(0, "-AuthTokenIf_GetAuthToken- GSS Token too large\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_KRB5TOKEN,
CASA_STATUS_UNSUCCESSFUL);
} }
} }
else else

180
CASA-auth-token/client/library/mechanisms/krb5/util.c
View File

@ -65,9 +65,9 @@ static const uint8_t g_Expand64[256] =
CasaStatus CasaStatus
EncodeData( EncodeData(
IN const void *pData, IN const void *pData,
IN const int32_t dataLen, IN const uint32_t dataLen,
INOUT char **ppEncodedData, INOUT char **ppEncodedData,
INOUT int32_t *pEncodedDataLen) INOUT uint32_t *pEncodedDataLen)
// //
// Arguments: // Arguments:
// //
@ -150,9 +150,9 @@ EncodeData(
CasaStatus CasaStatus
DecodeData( DecodeData(
IN const char *pEncodedData, IN const char *pEncodedData,
IN const int32_t encodedDataLen, // Does not include NULL terminator IN const uint32_t encodedDataLen, // Does not include NULL terminator
INOUT void **ppData, INOUT void **ppData,
INOUT int32_t *pDataLen) INOUT uint32_t *pDataLen)
// //
// Arguments: // Arguments:
// //
@ -164,8 +164,8 @@ DecodeData(
//=======================================================================-- //=======================================================================--
{ {
CasaStatus retStatus; CasaStatus retStatus;
int i, j; uint32_t i, j;
int decodedSize; size_t decodedSize;
DbgTrace(3, "-DecodeData- Start\n", 0); DbgTrace(3, "-DecodeData- Start\n", 0);
@ -175,98 +175,110 @@ DecodeData(
j++; j++;
decodedSize = (j * 3 + 3) / 4; decodedSize = (j * 3 + 3) / 4;
// Allocate buffer to hold the decoded data // Verify that we are not going to overflow the uint32
*ppData = malloc(decodedSize); if (decodedSize <= UINT32_MAX)
if (*ppData)
{ {
bool endReached = false; // Allocate buffer to hold the decoded data
uint8_t c0, c1, c2, c3; *ppData = malloc(decodedSize);
uint8_t *p, *q; if (*ppData)
// Initialize parameters that will be used during the decode operation
c0 = c1 = c2 = c3 = 0;
p = (uint8_t*) pEncodedData;
q = (uint8_t*) *ppData;
// Decode the data
//
// Loop through the data, piecing back information. Any newlines, and/or
// carriage returns need to be skipped.
while (j > 4)
{ {
while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p))) bool endReached = false;
p++; uint8_t c0, c1, c2, c3;
if (64 == g_Expand64[*p]) uint8_t *p, *q;
{
endReached = true;
break;
}
c0 = *(p++);
while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p))) // Initialize parameters that will be used during the decode operation
p++; c0 = c1 = c2 = c3 = 0;
if (64 == g_Expand64[*p]) p = (uint8_t*) pEncodedData;
{ q = (uint8_t*) *ppData;
*(q++) = (uint8_t)(g_Expand64[c0] << 2);
j--;
endReached = true;
break;
}
c1 = *(p++);
while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p))) // Decode the data
p++; //
if (64 == g_Expand64[*p]) // Loop through the data, piecing back information. Any newlines, and/or
{ // carriage returns need to be skipped.
*(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4); while (j > 4)
*(q++) = (uint8_t)(g_Expand64[c1] << 4); {
j -= 2; while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p)))
endReached = true; p++;
break; if (64 == g_Expand64[*p])
} {
c2 = *(p++); endReached = true;
break;
}
c0 = *(p++);
while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p))) while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p)))
p++; p++;
if (64 == g_Expand64[*p]) if (64 == g_Expand64[*p])
{ {
*(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4); *(q++) = (uint8_t)(g_Expand64[c0] << 2);
*(q++) = (uint8_t)(g_Expand64[c1] << 4 | g_Expand64[c2] >> 2); j--;
*(q++) = (uint8_t)(g_Expand64[c2] << 6); endReached = true;
j -= 3; break;
endReached = true; }
break; c1 = *(p++);
}
c3 = *(p++);
*(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4); while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p)))
*(q++) = (uint8_t)(g_Expand64[c1] << 4 | g_Expand64[c2] >> 2); p++;
*(q++) = (uint8_t)(g_Expand64[c2] << 6 | g_Expand64[c3]); if (64 == g_Expand64[*p])
j -= 4; {
*(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4);
*(q++) = (uint8_t)(g_Expand64[c1] << 4);
j -= 2;
endReached = true;
break;
}
c2 = *(p++);
while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p)))
p++;
if (64 == g_Expand64[*p])
{
*(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4);
*(q++) = (uint8_t)(g_Expand64[c1] << 4 | g_Expand64[c2] >> 2);
*(q++) = (uint8_t)(g_Expand64[c2] << 6);
j -= 3;
endReached = true;
break;
}
c3 = *(p++);
*(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4);
*(q++) = (uint8_t)(g_Expand64[c1] << 4 | g_Expand64[c2] >> 2);
*(q++) = (uint8_t)(g_Expand64[c2] << 6 | g_Expand64[c3]);
j -= 4;
}
if (!endReached)
{
if (j > 1)
*(q++) = (uint8_t)(g_Expand64[*p] << 2 | g_Expand64[p[1]] >> 4);
if (j > 2)
*(q++) = (uint8_t)(g_Expand64[p[1]] << 4 | g_Expand64[p[2]] >> 2);
if (j > 3)
*(q++) = (uint8_t)(g_Expand64[p[2]] << 6 | g_Expand64[p[3]]);
}
// Return the length of the decoded data
*pDataLen = (int32_t)(q - (uint8_t*)*ppData);
// Success
retStatus = CASA_STATUS_SUCCESS;
} }
if (!endReached) else
{ {
if (j > 1) DbgTrace(0, "-DecodeData- Buffer allocation failure\n", 0);
*(q++) = (uint8_t)(g_Expand64[*p] << 2 | g_Expand64[p[1]] >> 4);
if (j > 2) retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
*(q++) = (uint8_t)(g_Expand64[p[1]] << 4 | g_Expand64[p[2]] >> 2); CASA_FACILITY_AUTHTOKEN,
if (j > 3) CASA_STATUS_INSUFFICIENT_RESOURCES);
*(q++) = (uint8_t)(g_Expand64[p[2]] << 6 | g_Expand64[p[3]]);
} }
// Return the length of the decoded data
*pDataLen = (int32_t)(q - (uint8_t*)*ppData);
// Success
retStatus = CASA_STATUS_SUCCESS;
} }
else else
{ {
DbgTrace(0, "-DecodeData- Buffer allocation failure\n", 0); DbgTrace(0, "-DecodeData- Prevented uint32 overflow\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_PWTOKEN, CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES); CASA_STATUS_UNSUCCESSFUL);
} }
DbgTrace(3, "-DecodeData- End, retStatus = %0X\n", retStatus); DbgTrace(3, "-DecodeData- End, retStatus = %0X\n", retStatus);

76
CASA-auth-token/client/library/mechanisms/krb5/windows/get.c
View File

@ -43,7 +43,7 @@ AuthTokenIf_GetAuthToken(
IN const char *pHostName, IN const char *pHostName,
IN void *pCredStoreScope, IN void *pCredStoreScope,
INOUT char *pTokenBuf, INOUT char *pTokenBuf,
INOUT int *pTokenBufLen) INOUT uint32_t *pTokenBufLen)
// //
// Arguments: // Arguments:
// pIfInstance - // pIfInstance -
@ -131,6 +131,9 @@ AuthTokenIf_GetAuthToken(
else else
{ {
DbgTrace(0, "-AuthTokenIf_GetAuthToken- Memory allocation failure\n", 0); DbgTrace(0, "-AuthTokenIf_GetAuthToken- Memory allocation failure\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_KRB5TOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES);
goto exit; goto exit;
} }
} }
@ -180,40 +183,55 @@ AuthTokenIf_GetAuthToken(
&expiry); &expiry);
if (secStatus == SEC_E_OK) if (secStatus == SEC_E_OK)
{ {
char *pEncodedToken; // Make sure that the token is not too large
int encodedTokenLen; if (sendTok.cbBuffer <= UINT32_MAX)
// The security context was initialized, now return it to the caller after base64 encoding it.
retStatus = EncodeData(sendTok.pvBuffer,
(const int) sendTok.cbBuffer,
&pEncodedToken,
&encodedTokenLen);
if (CASA_SUCCESS(retStatus))
{ {
// Verify that the caller provided a buffer that is big enough uint32_t encodedTokenLen;
if (encodedTokenLen > *pTokenBufLen) char *pEncodedToken;
// The security context was initialized, now return it to the caller after base64 encoding it.
retStatus = EncodeData(sendTok.pvBuffer,
(const uint32_t) sendTok.cbBuffer,
&pEncodedToken,
&encodedTokenLen);
if (CASA_SUCCESS(retStatus))
{ {
// The buffer is not big enough // Verify that the caller provided a buffer that is big enough
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, if (encodedTokenLen > *pTokenBufLen)
CASA_FACILITY_KRB5TOKEN, {
CASA_STATUS_BUFFER_OVERFLOW); // The buffer is not big enough
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_KRB5TOKEN,
CASA_STATUS_BUFFER_OVERFLOW);
}
else
{
// The buffer provided is large enough, copy the data.
memcpy((void*) pTokenBuf, pEncodedToken, encodedTokenLen);
// Success
retStatus = CASA_STATUS_SUCCESS;
}
// Return the actual size or the size required
*pTokenBufLen = encodedTokenLen;
// Free the buffer containing the encoded token after clearing
// its memory to avoid leaking sensitive information.
memset(pEncodedToken, 0, strlen(pEncodedToken));
free(pEncodedToken);
} }
else else
{ {
// The buffer provided is large enough, copy the data. DbgTrace(1, "-AuthTokenIf_GetAuthToken- Encoding failed\n", 0);
memcpy((void*) pTokenBuf, pEncodedToken, encodedTokenLen);
// Success
retStatus = CASA_STATUS_SUCCESS;
} }
}
// Return the actual size or the size required else
*pTokenBufLen = encodedTokenLen; {
DbgTrace(0, "-AuthTokenIf_GetAuthToken- GSS Token too large\n", 0);
// Free the buffer containing the encoded token after clearing retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
// its memory to avoid leaking sensitive information. CASA_FACILITY_KRB5TOKEN,
memset(pEncodedToken, 0, strlen(pEncodedToken)); CASA_STATUS_UNSUCCESSFUL);
free(pEncodedToken);
} }
// Delete the security context // Delete the security context

109
CASA-auth-token/client/library/mechanisms/pwd/get.c
View File

@ -87,7 +87,7 @@ GetUserCredentials(
// Get the length of the realm string into the secret id structure // Get the length of the realm string into the secret id structure
// and verify thatr it is not too long. // and verify thatr it is not too long.
secretIdLen = sscs_Utf8Strlen(pRealm) + 1; secretIdLen = sscs_Utf8Strlen(pRealm) + 1;
if (secretIdLen <= U32_MAX) if (secretIdLen <= UINT32_MAX)
{ {
secretId.len = secretIdLen; secretId.len = secretIdLen;
if (secretId.len <= NSSCS_MAX_SECRET_ID_LEN) if (secretId.len <= NSSCS_MAX_SECRET_ID_LEN)
@ -219,7 +219,7 @@ AuthTokenIf_GetAuthToken(
IN const char *pHostName, IN const char *pHostName,
IN void *pCredStoreScope, IN void *pCredStoreScope,
INOUT char *pTokenBuf, INOUT char *pTokenBuf,
INOUT int *pTokenBufLen) INOUT size_t *pTokenBufLen)
// //
// Arguments: // Arguments:
// pIfInstance - // pIfInstance -
@ -300,63 +300,80 @@ AuthTokenIf_GetAuthToken(
&pPassword); &pPassword);
if (CASA_SUCCESS(retStatus)) if (CASA_SUCCESS(retStatus))
{ {
// Now construct the PW token with the following format: size_t tokenLen = strlen(pUsername) + 2 + strlen(pPassword) + 2 + 1;
// "username\r\n" + "password\r\n"
// // Make sure that the token is not too large
// First allocate a buffer large enough to hold the token if (tokenLen <= UINT32_MAX)
pToken = (char*) malloc(strlen(pUsername) + 2 + strlen(pPassword) + 2 + 1);
if (pToken)
{ {
char *pEncodedToken; // Now construct the PW token with the following format:
int encodedTokenLen; // "username\r\n" + "password\r\n"
//
// Now assemble the token // First allocate a buffer large enough to hold the token
sprintf(pToken, "%s\r\n%s\r\n", pUsername, pPassword); pToken = (char*) malloc(strlen(pUsername) + 2 + strlen(pPassword) + 2 + 1);
if (pToken)
// The token has been assembled, now encode it.
retStatus = EncodeData(pToken,
(const int) strlen(pToken),
&pEncodedToken,
&encodedTokenLen);
if (CASA_SUCCESS(retStatus))
{ {
// Verify that the caller provided a buffer that is big enough char *pEncodedToken;
if (encodedTokenLen > *pTokenBufLen) uint32_t encodedTokenLen;
// Now assemble the token
sprintf(pToken, "%s\r\n%s\r\n", pUsername, pPassword);
// The token has been assembled, now encode it.
retStatus = EncodeData(pToken,
(const uint32_t) tokenLen,
&pEncodedToken,
&encodedTokenLen);
if (CASA_SUCCESS(retStatus))
{ {
// The buffer is not big enough // Verify that the caller provided a buffer that is big enough
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, if (encodedTokenLen > *pTokenBufLen)
CASA_FACILITY_PWTOKEN, {
CASA_STATUS_BUFFER_OVERFLOW); // The buffer is not big enough
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_PWTOKEN,
CASA_STATUS_BUFFER_OVERFLOW);
}
else
{
// The buffer provided is large enough, copy the data.
memcpy((void*) pTokenBuf, pEncodedToken, encodedTokenLen);
// Success
retStatus = CASA_STATUS_SUCCESS;
}
// Return the actual size or the size required
*pTokenBufLen = encodedTokenLen;
// Free the buffer containing the encoded token after clearing
// it to avoid leaking sensitive information.
memset(pEncodedToken, 0, strlen(pEncodedToken));
free(pEncodedToken);
} }
else else
{ {
// The buffer provided is large enough, copy the data. DbgTrace(1, "-AuthTokenIf_GetAuthToken- Encoding failed\n", 0);
memcpy((void*) pTokenBuf, pEncodedToken, encodedTokenLen);
// Success
retStatus = CASA_STATUS_SUCCESS;
} }
// Return the actual size or the size required // Free the buffer allocated for the token after clearing it
*pTokenBufLen = encodedTokenLen; // to avoid leaving sensitive information behind.
memset(pToken, 0, strlen(pToken));
// Free the buffer containing the encoded token after clearing free(pToken);
// it to avoid leaking sensitive information. }
memset(pEncodedToken, 0, strlen(pEncodedToken)); else
free(pEncodedToken); {
DbgTrace(0, "-AuthTokenIf_GetAuthToken- Buffer allocation error\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_PWTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES);
} }
// Free the buffer allocated for the token after clearing it
// to avoid leaving sensitive information behind.
memset(pToken, 0, strlen(pToken));
free(pToken);
} }
else else
{ {
DbgTrace(0, "-AuthTokenIf_GetAuthToken- Buffer allocation error\n", 0); DbgTrace(0, "-AuthTokenIf_GetAuthToken- Token too large\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_PWTOKEN, CASA_FACILITY_KRB5TOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES); CASA_STATUS_UNSUCCESSFUL);
} }
// Free allocated buffers after clearing memory holding the password // Free allocated buffers after clearing memory holding the password

14
CASA-auth-token/client/library/mechanisms/pwd/internal.h
View File

@ -37,10 +37,6 @@
//===[ Type definitions ]================================================== //===[ Type definitions ]==================================================
#ifndef U32_MAX
#define U32_MAX (~(uint32_t)0)
#endif
//===[ Inlines functions ]=============================================== //===[ Inlines functions ]===============================================
//===[ Function prototypes ]=============================================== //===[ Function prototypes ]===============================================
@ -66,7 +62,7 @@ AuthTokenIf_GetAuthToken(
IN const char *pHostName, IN const char *pHostName,
IN void *pCredStoreScope, IN void *pCredStoreScope,
INOUT char *pTokenBuf, INOUT char *pTokenBuf,
INOUT int *pTokenBufLen); INOUT size_t *pTokenBufLen);
// //
// Defined in utils.c // Defined in utils.c
@ -76,17 +72,17 @@ extern
CasaStatus CasaStatus
EncodeData( EncodeData(
IN const void *pData, IN const void *pData,
IN const int32_t dataLen, IN const uint32_t dataLen,
INOUT char **ppEncodedData, INOUT char **ppEncodedData,
INOUT int32_t *pEncodedDataLen); INOUT uint32_t *pEncodedDataLen);
extern extern
CasaStatus CasaStatus
DecodeData( DecodeData(
IN const char *pEncodedData, IN const char *pEncodedData,
IN const int32_t encodedDataLen, // Does not include NULL terminator IN const uint32_t encodedDataLen, // Does not include NULL terminator
INOUT void **ppData, INOUT void **ppData,
INOUT int32_t *pDataLen); INOUT uint32_t *pDataLen);
extern extern
int int

180
CASA-auth-token/client/library/mechanisms/pwd/util.c
View File

@ -65,9 +65,9 @@ static const uint8_t g_Expand64[256] =
CasaStatus CasaStatus
EncodeData( EncodeData(
IN const void *pData, IN const void *pData,
IN const int32_t dataLen, IN const uint32_t dataLen,
INOUT char **ppEncodedData, INOUT char **ppEncodedData,
INOUT int32_t *pEncodedDataLen) INOUT uint32_t *pEncodedDataLen)
// //
// Arguments: // Arguments:
// //
@ -150,9 +150,9 @@ EncodeData(
CasaStatus CasaStatus
DecodeData( DecodeData(
IN const char *pEncodedData, IN const char *pEncodedData,
IN const int32_t encodedDataLen, // Does not include NULL terminator IN const uint32_t encodedDataLen, // Does not include NULL terminator
INOUT void **ppData, INOUT void **ppData,
INOUT int32_t *pDataLen) INOUT uint32_t *pDataLen)
// //
// Arguments: // Arguments:
// //
@ -164,8 +164,8 @@ DecodeData(
//=======================================================================-- //=======================================================================--
{ {
CasaStatus retStatus; CasaStatus retStatus;
int i, j; uint32_t i, j;
int decodedSize; size_t decodedSize;
DbgTrace(3, "-DecodeData- Start\n", 0); DbgTrace(3, "-DecodeData- Start\n", 0);
@ -175,98 +175,110 @@ DecodeData(
j++; j++;
decodedSize = (j * 3 + 3) / 4; decodedSize = (j * 3 + 3) / 4;
// Allocate buffer to hold the decoded data // Verify that we are not going to overflow the uint32
*ppData = malloc(decodedSize); if (decodedSize <= UINT32_MAX)
if (*ppData)
{ {
bool endReached = false; // Allocate buffer to hold the decoded data
uint8_t c0, c1, c2, c3; *ppData = malloc(decodedSize);
uint8_t *p, *q; if (*ppData)
// Initialize parameters that will be used during the decode operation
c0 = c1 = c2 = c3 = 0;
p = (uint8_t*) pEncodedData;
q = (uint8_t*) *ppData;
// Decode the data
//
// Loop through the data, piecing back information. Any newlines, and/or
// carriage returns need to be skipped.
while (j > 4)
{ {
while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p))) bool endReached = false;
p++; uint8_t c0, c1, c2, c3;
if (64 == g_Expand64[*p]) uint8_t *p, *q;
{
endReached = true;
break;
}
c0 = *(p++);
while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p))) // Initialize parameters that will be used during the decode operation
p++; c0 = c1 = c2 = c3 = 0;
if (64 == g_Expand64[*p]) p = (uint8_t*) pEncodedData;
{ q = (uint8_t*) *ppData;
*(q++) = (uint8_t)(g_Expand64[c0] << 2);
j--;
endReached = true;
break;
}
c1 = *(p++);
while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p))) // Decode the data
p++; //
if (64 == g_Expand64[*p]) // Loop through the data, piecing back information. Any newlines, and/or
{ // carriage returns need to be skipped.
*(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4); while (j > 4)
*(q++) = (uint8_t)(g_Expand64[c1] << 4); {
j -= 2; while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p)))
endReached = true; p++;
break; if (64 == g_Expand64[*p])
} {
c2 = *(p++); endReached = true;
break;
}
c0 = *(p++);
while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p))) while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p)))
p++; p++;
if (64 == g_Expand64[*p]) if (64 == g_Expand64[*p])
{ {
*(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4); *(q++) = (uint8_t)(g_Expand64[c0] << 2);
*(q++) = (uint8_t)(g_Expand64[c1] << 4 | g_Expand64[c2] >> 2); j--;
*(q++) = (uint8_t)(g_Expand64[c2] << 6); endReached = true;
j -= 3; break;
endReached = true; }
break; c1 = *(p++);
}
c3 = *(p++);
*(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4); while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p)))
*(q++) = (uint8_t)(g_Expand64[c1] << 4 | g_Expand64[c2] >> 2); p++;
*(q++) = (uint8_t)(g_Expand64[c2] << 6 | g_Expand64[c3]); if (64 == g_Expand64[*p])
j -= 4; {
*(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4);
*(q++) = (uint8_t)(g_Expand64[c1] << 4);
j -= 2;
endReached = true;
break;
}
c2 = *(p++);
while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p)))
p++;
if (64 == g_Expand64[*p])
{
*(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4);
*(q++) = (uint8_t)(g_Expand64[c1] << 4 | g_Expand64[c2] >> 2);
*(q++) = (uint8_t)(g_Expand64[c2] << 6);
j -= 3;
endReached = true;
break;
}
c3 = *(p++);
*(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4);
*(q++) = (uint8_t)(g_Expand64[c1] << 4 | g_Expand64[c2] >> 2);
*(q++) = (uint8_t)(g_Expand64[c2] << 6 | g_Expand64[c3]);
j -= 4;
}
if (!endReached)
{
if (j > 1)
*(q++) = (uint8_t)(g_Expand64[*p] << 2 | g_Expand64[p[1]] >> 4);
if (j > 2)
*(q++) = (uint8_t)(g_Expand64[p[1]] << 4 | g_Expand64[p[2]] >> 2);
if (j > 3)
*(q++) = (uint8_t)(g_Expand64[p[2]] << 6 | g_Expand64[p[3]]);
}
// Return the length of the decoded data
*pDataLen = (int32_t)(q - (uint8_t*)*ppData);
// Success
retStatus = CASA_STATUS_SUCCESS;
} }
if (!endReached) else
{ {
if (j > 1) DbgTrace(0, "-DecodeData- Buffer allocation failure\n", 0);
*(q++) = (uint8_t)(g_Expand64[*p] << 2 | g_Expand64[p[1]] >> 4);
if (j > 2) retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
*(q++) = (uint8_t)(g_Expand64[p[1]] << 4 | g_Expand64[p[2]] >> 2); CASA_FACILITY_AUTHTOKEN,
if (j > 3) CASA_STATUS_INSUFFICIENT_RESOURCES);
*(q++) = (uint8_t)(g_Expand64[p[2]] << 6 | g_Expand64[p[3]]);
} }
// Return the length of the decoded data
*pDataLen = (int32_t)(q - (uint8_t*)*ppData);
// Success
retStatus = CASA_STATUS_SUCCESS;
} }
else else
{ {
DbgTrace(0, "-DecodeData- Buffer allocation failure\n", 0); DbgTrace(0, "-DecodeData- Prevented uint32 overflow\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_PWTOKEN, CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES); CASA_STATUS_UNSUCCESSFUL);
} }
DbgTrace(3, "-DecodeData- End, retStatus = %0X\n", retStatus); DbgTrace(3, "-DecodeData- End, retStatus = %0X\n", retStatus);

178
CASA-auth-token/client/library/util.c
View File

@ -62,9 +62,9 @@ static const uint8_t g_Expand64[256] =
CasaStatus CasaStatus
EncodeData( EncodeData(
IN const void *pData, IN const void *pData,
IN const int32_t dataLen, IN const uint32_t dataLen,
INOUT char **ppEncodedData, INOUT char **ppEncodedData,
INOUT int32_t *pEncodedDataLen) INOUT uint32_t *pEncodedDataLen)
// //
// Arguments: // Arguments:
// //
@ -147,9 +147,9 @@ EncodeData(
CasaStatus CasaStatus
DecodeData( DecodeData(
IN const char *pEncodedData, IN const char *pEncodedData,
IN const int32_t encodedDataLen, // Does not include NULL terminator IN const uint32_t encodedDataLen, // Does not include NULL terminator
INOUT void **ppData, INOUT void **ppData,
INOUT int32_t *pDataLen) INOUT uint32_t *pDataLen)
// //
// Arguments: // Arguments:
// //
@ -161,8 +161,8 @@ DecodeData(
//=======================================================================-- //=======================================================================--
{ {
CasaStatus retStatus; CasaStatus retStatus;
int i, j; uint32_t i, j;
int decodedSize; size_t decodedSize;
DbgTrace(3, "-DecodeData- Start\n", 0); DbgTrace(3, "-DecodeData- Start\n", 0);
@ -172,98 +172,110 @@ DecodeData(
j++; j++;
decodedSize = (j * 3 + 3) / 4; decodedSize = (j * 3 + 3) / 4;
// Allocate buffer to hold the decoded data // Verify that we are not going to overflow the uint32
*ppData = malloc(decodedSize); if (decodedSize <= UINT32_MAX)
if (*ppData)
{ {
bool endReached = false; // Allocate buffer to hold the decoded data
uint8_t c0, c1, c2, c3; *ppData = malloc(decodedSize);
uint8_t *p, *q; if (*ppData)
// Initialize parameters that will be used during the decode operation
c0 = c1 = c2 = c3 = 0;
p = (uint8_t*) pEncodedData;
q = (uint8_t*) *ppData;
// Decode the data
//
// Loop through the data, piecing back information. Any newlines, and/or
// carriage returns need to be skipped.
while (j > 4)
{ {
while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p))) bool endReached = false;
p++; uint8_t c0, c1, c2, c3;
if (64 == g_Expand64[*p]) uint8_t *p, *q;
{
endReached = true;
break;
}
c0 = *(p++);
while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p))) // Initialize parameters that will be used during the decode operation
p++; c0 = c1 = c2 = c3 = 0;
if (64 == g_Expand64[*p]) p = (uint8_t*) pEncodedData;
{ q = (uint8_t*) *ppData;
*(q++) = (uint8_t)(g_Expand64[c0] << 2);
j--;
endReached = true;
break;
}
c1 = *(p++);
while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p))) // Decode the data
p++; //
if (64 == g_Expand64[*p]) // Loop through the data, piecing back information. Any newlines, and/or
{ // carriage returns need to be skipped.
*(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4); while (j > 4)
*(q++) = (uint8_t)(g_Expand64[c1] << 4); {
j -= 2; while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p)))
endReached = true; p++;
break; if (64 == g_Expand64[*p])
} {
c2 = *(p++); endReached = true;
break;
}
c0 = *(p++);
while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p))) while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p)))
p++; p++;
if (64 == g_Expand64[*p]) if (64 == g_Expand64[*p])
{ {
*(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4); *(q++) = (uint8_t)(g_Expand64[c0] << 2);
*(q++) = (uint8_t)(g_Expand64[c1] << 4 | g_Expand64[c2] >> 2); j--;
*(q++) = (uint8_t)(g_Expand64[c2] << 6); endReached = true;
j -= 3; break;
endReached = true; }
break; c1 = *(p++);
}
c3 = *(p++);
*(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4); while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p)))
*(q++) = (uint8_t)(g_Expand64[c1] << 4 | g_Expand64[c2] >> 2); p++;
*(q++) = (uint8_t)(g_Expand64[c2] << 6 | g_Expand64[c3]); if (64 == g_Expand64[*p])
j -= 4; {
*(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4);
*(q++) = (uint8_t)(g_Expand64[c1] << 4);
j -= 2;
endReached = true;
break;
}
c2 = *(p++);
while ((64 == g_Expand64[*p]) && (('\n' == *p) || ('\r' == *p)))
p++;
if (64 == g_Expand64[*p])
{
*(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4);
*(q++) = (uint8_t)(g_Expand64[c1] << 4 | g_Expand64[c2] >> 2);
*(q++) = (uint8_t)(g_Expand64[c2] << 6);
j -= 3;
endReached = true;
break;
}
c3 = *(p++);
*(q++) = (uint8_t)(g_Expand64[c0] << 2 | g_Expand64[c1] >> 4);
*(q++) = (uint8_t)(g_Expand64[c1] << 4 | g_Expand64[c2] >> 2);
*(q++) = (uint8_t)(g_Expand64[c2] << 6 | g_Expand64[c3]);
j -= 4;
}
if (!endReached)
{
if (j > 1)
*(q++) = (uint8_t)(g_Expand64[*p] << 2 | g_Expand64[p[1]] >> 4);
if (j > 2)
*(q++) = (uint8_t)(g_Expand64[p[1]] << 4 | g_Expand64[p[2]] >> 2);
if (j > 3)
*(q++) = (uint8_t)(g_Expand64[p[2]] << 6 | g_Expand64[p[3]]);
}
// Return the length of the decoded data
*pDataLen = (int32_t)(q - (uint8_t*)*ppData);
// Success
retStatus = CASA_STATUS_SUCCESS;
} }
if (!endReached) else
{ {
if (j > 1) DbgTrace(0, "-DecodeData- Buffer allocation failure\n", 0);
*(q++) = (uint8_t)(g_Expand64[*p] << 2 | g_Expand64[p[1]] >> 4);
if (j > 2) retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
*(q++) = (uint8_t)(g_Expand64[p[1]] << 4 | g_Expand64[p[2]] >> 2); CASA_FACILITY_AUTHTOKEN,
if (j > 3) CASA_STATUS_INSUFFICIENT_RESOURCES);
*(q++) = (uint8_t)(g_Expand64[p[2]] << 6 | g_Expand64[p[3]]);
} }
// Return the length of the decoded data
*pDataLen = (int32_t)(q - (uint8_t*)*ppData);
// Success
retStatus = CASA_STATUS_SUCCESS;
} }
else else
{ {
DbgTrace(0, "-DecodeData- Buffer allocation failure\n", 0); DbgTrace(0, "-DecodeData- Prevented uint32 overflow\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN, CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES); CASA_STATUS_UNSUCCESSFUL);
} }
DbgTrace(3, "-DecodeData- End, retStatus = %0X\n", retStatus); DbgTrace(3, "-DecodeData- End, retStatus = %0X\n", retStatus);