Completed changes for clearing out memory associated with tokens.

This commit is contained in:
Juan Carlos Luciani 2007-01-04 13:27:31 +00:00
parent 834c6e0add
commit 717b3c1091
4 changed files with 84 additions and 47 deletions

View File

@ -31,6 +31,17 @@
//===[ Type definitions ]================================================== //===[ Type definitions ]==================================================
//
// Auth Cache Entry Wrapper definition
//
typedef struct _WrapperAuthCacheEntry
{
int size;
AuthCacheEntry entry;
} WrapperAuthCacheEntry, *PWrapperAuthCacheEntry;
//===[ Function prototypes ]=============================================== //===[ Function prototypes ]===============================================
//===[ Global variables ]================================================== //===[ Global variables ]==================================================
@ -63,7 +74,8 @@ CreateAuthTokenCacheEntry(
int32_t miCasaStatus; int32_t miCasaStatus;
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"}; SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
SSCS_SECRET_ID_T sharedId = {27, "CASA_AUTHENTICATION_TOKENS"}; SSCS_SECRET_ID_T sharedId = {27, "CASA_AUTHENTICATION_TOKENS"};
int32_t tokenSize, entrySize, keySize; int32_t tokenSize, wrapperEntrySize, entrySize, keySize;
WrapperAuthCacheEntry *pWrapperEntry = NULL;
AuthCacheEntry *pEntry = NULL; AuthCacheEntry *pEntry = NULL;
char *pKey; char *pKey;
@ -78,15 +90,20 @@ CreateAuthTokenCacheEntry(
tokenSize = 0; tokenSize = 0;
} }
wrapperEntrySize = tokenSize + sizeof(WrapperAuthCacheEntry);
entrySize = tokenSize + sizeof(AuthCacheEntry); entrySize = tokenSize + sizeof(AuthCacheEntry);
// Allocate space for the entry // Allocate space for the entry wrapper
// The AuthCacheEntry structure contains room for the tokens NULL terminator //
pEntry = (AuthCacheEntry*) malloc(entrySize); // The WrapperAuthCacheEntry structure contains room for the tokens NULL terminator
if (pEntry) pWrapperEntry = (WrapperAuthCacheEntry*) malloc(wrapperEntrySize);
if (pWrapperEntry)
{ {
// Save the entry size // Save the entry size
pEntry->size = entrySize; pWrapperEntry->size = wrapperEntrySize;
// Set the AuthCacheEntry pointer
pEntry = &pWrapperEntry->entry;
// Set the status // Set the status
pEntry->status = status; pEntry->status = status;
@ -180,7 +197,8 @@ CreateSessionTokenCacheEntry(
int32_t miCasaStatus; int32_t miCasaStatus;
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"}; SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
SSCS_SECRET_ID_T sharedId = {20, "CASA_SESSION_TOKENS"}; SSCS_SECRET_ID_T sharedId = {20, "CASA_SESSION_TOKENS"};
int32_t tokenSize, entrySize; int32_t tokenSize, wrapperEntrySize, entrySize;
WrapperAuthCacheEntry *pWrapperEntry = NULL;
AuthCacheEntry *pEntry = NULL; AuthCacheEntry *pEntry = NULL;
DbgTrace(1, "-CreateSessionTokenCacheEntry- Start\n", 0); DbgTrace(1, "-CreateSessionTokenCacheEntry- Start\n", 0);
@ -194,15 +212,20 @@ CreateSessionTokenCacheEntry(
tokenSize = 0; tokenSize = 0;
} }
wrapperEntrySize = tokenSize + sizeof(WrapperAuthCacheEntry);
entrySize = tokenSize + sizeof(AuthCacheEntry); entrySize = tokenSize + sizeof(AuthCacheEntry);
// Allocate space for the entry // Allocate space for the entry wrapper
// The AuthCacheEntry structure contains room for the tokens NULL terminator //
pEntry = (AuthCacheEntry*) malloc(entrySize); // The WrapperAuthCacheEntry structure contains room for the tokens NULL terminator
if (pEntry) pWrapperEntry = (WrapperAuthCacheEntry*) malloc(wrapperEntrySize);
if (pWrapperEntry)
{ {
// Save the entry size // Save the entry size
pEntry->size = entrySize; pWrapperEntry->size = wrapperEntrySize;
// Set the AuthCacheEntry pointer
pEntry = &pWrapperEntry->entry;
// Set the status // Set the status
pEntry->status = status; pEntry->status = status;
@ -273,12 +296,14 @@ FreeAuthCacheEntry(
// L2 // L2
//=======================================================================-- //=======================================================================--
{ {
WrapperAuthCacheEntry *pWrapperEntry = CONTAINING_RECORD(pEntry, WrapperAuthCacheEntry, entry);
DbgTrace(1, "-FreeAuthCacheEntry- Start, pEntry = %0lX\n", (long) pEntry); DbgTrace(1, "-FreeAuthCacheEntry- Start, pEntry = %0lX\n", (long) pEntry);
// Free the entry after clearing the memory holding it since it // Free the entry after clearing the memory holding it since it
// may contain security sensitive data. // may contain security sensitive data.
memset(pEntry, 0, pEntry->size); memset(pWrapperEntry, 0, pWrapperEntry->size);
free(pEntry); free(pWrapperEntry);
DbgTrace(1, "-FreeAuthCacheEntry- End\n", 0); DbgTrace(1, "-FreeAuthCacheEntry- End\n", 0);
} }
@ -374,7 +399,8 @@ FindSessionTokenEntryInCache(
int32_t miCasaStatus; int32_t miCasaStatus;
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"}; SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
SSCS_SECRET_ID_T sharedId = {20, "CASA_SESSION_TOKENS"}; SSCS_SECRET_ID_T sharedId = {20, "CASA_SESSION_TOKENS"};
int32_t valueLength, bytesRequired; int32_t valueLength, wrapperEntrySize, bytesRequired;
WrapperAuthCacheEntry *pWrapperEntry = NULL;
AuthCacheEntry *pEntry = NULL; AuthCacheEntry *pEntry = NULL;
DbgTrace(1, "-FindSessionTokenEntryInCache- Start\n", 0); DbgTrace(1, "-FindSessionTokenEntryInCache- Start\n", 0);
@ -397,10 +423,12 @@ FindSessionTokenEntryInCache(
if (miCasaStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT if (miCasaStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT
&& bytesRequired != 0) && bytesRequired != 0)
{ {
pEntry = (AuthCacheEntry*) malloc(bytesRequired); wrapperEntrySize = bytesRequired + sizeof(WrapperAuthCacheEntry) - sizeof(AuthCacheEntry);
if (pEntry) pWrapperEntry = (WrapperAuthCacheEntry*) malloc(wrapperEntrySize);
if (pWrapperEntry)
{ {
pEntry->size = bytesRequired; pWrapperEntry->size = wrapperEntrySize;
pEntry = &pWrapperEntry->entry;
valueLength = bytesRequired; valueLength = bytesRequired;
bytesRequired = 0; bytesRequired = 0;
@ -463,7 +491,8 @@ FindAuthTokenEntryInCache(
int32_t miCasaStatus; int32_t miCasaStatus;
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"}; SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
SSCS_SECRET_ID_T sharedId = {27, "CASA_AUTHENTICATION_TOKENS"}; SSCS_SECRET_ID_T sharedId = {27, "CASA_AUTHENTICATION_TOKENS"};
int32_t valueLength, bytesRequired, keySize; int32_t valueLength, wrapperEntrySize, bytesRequired, keySize;
WrapperAuthCacheEntry *pWrapperEntry = NULL;
AuthCacheEntry *pEntry = NULL; AuthCacheEntry *pEntry = NULL;
char *pKey; char *pKey;
@ -496,10 +525,12 @@ FindAuthTokenEntryInCache(
if (miCasaStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT if (miCasaStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT
&& bytesRequired != 0) && bytesRequired != 0)
{ {
pEntry = (AuthCacheEntry*) malloc(bytesRequired); wrapperEntrySize = bytesRequired + sizeof(WrapperAuthCacheEntry) - sizeof(AuthCacheEntry);
if (pEntry) pWrapperEntry = (WrapperAuthCacheEntry*) malloc(wrapperEntrySize);
if (pWrapperEntry)
{ {
pEntry->size = bytesRequired; pWrapperEntry->size = wrapperEntrySize;
pEntry = &pWrapperEntry->entry;
valueLength = bytesRequired; valueLength = bytesRequired;
bytesRequired = 0; bytesRequired = 0;

View File

@ -225,10 +225,13 @@ ObtainSessionToken(
} }
// Release the cache entry if the resulting status is not successful // Release the cache entry if the resulting status is not successful
if (pCacheEntry)
{
if (!CASA_SUCCESS(retStatus)) if (!CASA_SUCCESS(retStatus))
{ {
FreeAuthCacheEntry(pCacheEntry); FreeAuthCacheEntry(pCacheEntry);
} }
}
// Free up the buffer associated with the authentication mechanism token // Free up the buffer associated with the authentication mechanism token
// after clearing it since it may contain sensitive information. // after clearing it since it may contain sensitive information.
@ -423,7 +426,7 @@ ObtainAuthTokenFromServer(
{ {
// Clear the memory before freeing up the response message since it // Clear the memory before freeing up the response message since it
// may contain security sensitive data. // may contain security sensitive data.
memset(pRespMsg, 0, strlen(pRespMsg)); memset(pRespMsg, 0, respLen);
free(pRespMsg); free(pRespMsg);
} }

View File

@ -98,10 +98,13 @@ typedef struct _AuthenticateResp
// //
// Auth Cache Entry definition // Auth Cache Entry definition
// //
// IMPORTANT NOTE - If changes are made to this structure then you
// will need to deal with compatibility issues with cached tokens
// since the entries are stored binarily in the miCASA cache.
//
typedef struct _AuthCacheEntry typedef struct _AuthCacheEntry
{ {
int status; int status;
int size;
DWORD creationTime; DWORD creationTime;
DWORD expirationTime; DWORD expirationTime;
bool doesNotExpire; bool doesNotExpire;

View File

@ -251,7 +251,7 @@ void NonHttpTest(void)
} }
else else
{ {
printf("-NonHttpTest- ObtainAuthToken failed with status %d\n", retStatus); printf("-NonHttpTest- ObtainAuthToken failed with status %0X\n", retStatus);
} }
} }