Addressed issues found during the SuSE security review.

2007-02-02 23:02:43 +00:00
parent 77a151fa13
commit 791b0be583
14 changed files with 456 additions and 320 deletions
--- a/CASA-auth-token/client/library/linux/platform.c
+++ b/CASA-auth-token/client/library/linux/platform.c
@@ -36,7 +36,7 @@ typedef struct _NormalizedHostNameCacheEntry
   LIST_ENTRY  listEntry;
   char        *pHostName;
   char        *pNormalizedHostName;
-   int         buffLengthRequired;
+   size_t      buffLengthRequired;
    
 } NormalizedHostNameCacheEntry, *PNormalizedHostNameCacheEntry;

@@ -720,7 +720,7 @@ NormalizeHostName(
                                  NI_NAMEREQD) == 0)
                  {
                     // We resolved the address to a DNS name, use it as the normalized name.
-                     pEntry->buffLengthRequired = (int) strlen(pDnsHostName) + 1;
+                     pEntry->buffLengthRequired = strlen(pDnsHostName) + 1;
                     pEntry->pNormalizedHostName = (char*) malloc(pEntry->buffLengthRequired);
                     if (pEntry->pNormalizedHostName)
                     {
@@ -738,7 +738,7 @@ NormalizeHostName(

                     // Not able to resolve the name in DNS, just use the host name as
                     // the normalized name.
-                     pEntry->buffLengthRequired = (int) strlen(pHostName) + 1;
+                     pEntry->buffLengthRequired = strlen(pHostName) + 1;
                     pEntry->pNormalizedHostName = (char*) malloc(pEntry->buffLengthRequired);
                     if (pEntry->pNormalizedHostName)
                     {
--- a/CASA-auth-token/client/library/linux/platform.h
+++ b/CASA-auth-token/client/library/linux/platform.h
@@ -83,12 +83,12 @@ typedef struct _RpcSession
 {
   CURL                 *hCurl;
   char                 *pPartialHttpUrl;
-   int                  partialHttpUrlLen;
+   size_t               partialHttpUrlLen;
   char                 *pPartialHttpsUrl;
-   int                  partialHttpsUrlLen;
+   size_t               partialHttpsUrlLen;
   struct curl_slist    *headers;
   char                 *pRecvData;
-   int                  recvDataLen;
+   size_t               recvDataLen;

 } RpcSession, *PRpcSession;

--- a/CASA-auth-token/client/library/linux/rpc.c
+++ b/CASA-auth-token/client/library/linux/rpc.c
@@ -79,34 +79,56 @@ CurlWriteCallback(
   if (pSession->pRecvData == NULL)
   {
      // We have not yet consumed receive data for the current Rpc
-      pSession->pRecvData = (char*) malloc(numDataItems * dataItemSz);
-      if (pSession->pRecvData)
+      // if the data does not exceed our maximum Rpc reply size.
+      if ((numDataItems * dataItemSz) <= MAX_RPC_REPLY_SZ)
      {
-         // Consume the data
-         memcpy(pSession->pRecvData, pData, numDataItems * dataItemSz);
-         pSession->recvDataLen = numDataItems * dataItemSz;
+         pSession->pRecvData = (char*) malloc(numDataItems * dataItemSz);
+         if (pSession->pRecvData)
+         {
+            // Consume the data
+            memcpy(pSession->pRecvData, pData, numDataItems * dataItemSz);
+            pSession->recvDataLen = numDataItems * dataItemSz;
+         }
+         else
+         {
+            DbgTrace(0, "-CurlWriteCallback- Buffer allocation error\n", 0);
+            dataConsumed = CURLE_WRITE_ERROR; // To abort RPC
+         }
      }
      else
      {
-         DbgTrace(0, "-CurlWriteCallback- Buffer allocation error\n", 0);
+         DbgTrace(0, "-CurlWriteCallback- Max Rpc reply size exceeded\n", 0);
         dataConsumed = CURLE_WRITE_ERROR; // To abort RPC
      }
   }
   else
   {
-      // We have already consumed receive data for the current Rpc, append the new data to it.
-      char  *pNewRecvDataBuf = (char*) malloc(pSession->recvDataLen + (numDataItems * dataItemSz));
-      if (pNewRecvDataBuf)
+      // We have already consumed receive data for the current Rpc, append the new data to it
+      // if the data does not exceed our maximum Rpc reply size.
+      if ((pSession->recvDataLen + (numDataItems * dataItemSz)) <= MAX_RPC_REPLY_SZ)
      {
-         memcpy(pNewRecvDataBuf, pSession->pRecvData, pSession->recvDataLen);
-         memcpy(pNewRecvDataBuf + pSession->recvDataLen, pData, numDataItems * dataItemSz);
-         pSession->recvDataLen +=  numDataItems * dataItemSz;
-         free(pSession->pRecvData);
-         pSession->pRecvData = pNewRecvDataBuf;
+         char  *pNewRecvDataBuf = (char*) malloc(pSession->recvDataLen + (numDataItems * dataItemSz));
+         if (pNewRecvDataBuf)
+         {
+            memcpy(pNewRecvDataBuf, pSession->pRecvData, pSession->recvDataLen);
+            memcpy(pNewRecvDataBuf + pSession->recvDataLen, pData, numDataItems * dataItemSz);
+            pSession->recvDataLen +=  numDataItems * dataItemSz;
+            free(pSession->pRecvData);
+            pSession->pRecvData = pNewRecvDataBuf;
+         }
+         else
+         {
+            DbgTrace(0, "-CurlWriteCallback- Buffer allocation error\n", 0);
+            dataConsumed = CURLE_WRITE_ERROR; // To abort RPC
+
+            // Forget about already consumed data
+            free(pSession->pRecvData);
+            pSession->pRecvData = NULL;
+         }
      }
      else
      {
-         DbgTrace(0, "-CurlWriteCallback- Buffer allocation error\n", 0);
+         DbgTrace(0, "-CurlWriteCallback- Max Rpc reply size exceeded\n", 0);
         dataConsumed = CURLE_WRITE_ERROR; // To abort RPC

         // Forget about already consumed data
@@ -308,7 +330,7 @@ InternalRpc(
   IN    long flags,
   IN    char *pRequestData,
   INOUT char **ppResponseData,
-   INOUT int *pResponseDataLen)
+   INOUT size_t *pResponseDataLen)
 //
 //  Arguments: 
 //
@@ -494,7 +516,7 @@ Rpc(
   IN    long flags,
   IN    char *pRequestData,
   INOUT char **ppResponseData,
-   INOUT int *pResponseDataLen)
+   INOUT size_t *pResponseDataLen)
 //
 //  Arguments: 
 //