Addressed issues found during the SuSE security review.
This commit is contained in:
Juan Carlos Luciani
@@ -76,6 +76,7 @@ GetUserCredentials(
|
||||
uint32_t credtype = SSCS_CRED_TYPE_BASIC_F;
|
||||
SSCS_BASIC_CREDENTIAL credential = {0};
|
||||
SSCS_SECRET_ID_T secretId = {0};
|
||||
size_t secretIdLen;
|
||||
|
||||
DbgTrace(1, "-GetUserCredentials- Start\n", 0);
|
||||
|
||||
@@ -85,45 +86,56 @@ GetUserCredentials(
|
||||
|
||||
// Get the length of the realm string into the secret id structure
|
||||
// and verify thatr it is not too long.
|
||||
secretId.len = sscs_Utf8Strlen(pRealm) + 1;
|
||||
if (secretId.len <= NSSCS_MAX_SECRET_ID_LEN)
|
||||
secretIdLen = sscs_Utf8Strlen(pRealm) + 1;
|
||||
if (secretIdLen <= U32_MAX)
|
||||
{
|
||||
// Set the secret id in the structure
|
||||
sscs_Utf8Strcpy((char*) secretId.id, pRealm);
|
||||
|
||||
// Specify that we want the common name
|
||||
credential.unFlags = USERNAME_TYPE_CN_F;
|
||||
|
||||
// Now try to get the credentials
|
||||
rcode = miCASAGetCredential(0,
|
||||
&secretId,
|
||||
NULL,
|
||||
&credtype,
|
||||
&credential,
|
||||
(SSCS_EXT_T*) pCredStoreScope);
|
||||
if (rcode != NSSCS_SUCCESS)
|
||||
secretId.len = secretIdLen;
|
||||
if (secretId.len <= NSSCS_MAX_SECRET_ID_LEN)
|
||||
{
|
||||
// There were no credentials for the realm, now try to obtain the
|
||||
// desktop credentials.
|
||||
secretId.len = sscs_Utf8Strlen("Desktop") + 1;
|
||||
if (secretId.len <= NSSCS_MAX_SECRET_ID_LEN)
|
||||
// Set the secret id in the structure
|
||||
sscs_Utf8Strcpy((char*) secretId.id, pRealm);
|
||||
|
||||
// Specify that we want the common name
|
||||
credential.unFlags = USERNAME_TYPE_CN_F;
|
||||
|
||||
// Now try to get the credentials
|
||||
rcode = miCASAGetCredential(0,
|
||||
&secretId,
|
||||
NULL,
|
||||
&credtype,
|
||||
&credential,
|
||||
(SSCS_EXT_T*) pCredStoreScope);
|
||||
if (rcode != NSSCS_SUCCESS)
|
||||
{
|
||||
sscs_Utf8Strcpy((char*) secretId.id, "Desktop");
|
||||
rcode = miCASAGetCredential(0,
|
||||
&secretId,
|
||||
NULL,
|
||||
&credtype,
|
||||
&credential,
|
||||
(SSCS_EXT_T*) pCredStoreScope);
|
||||
}
|
||||
else
|
||||
{
|
||||
DbgTrace(0, "-GetUserCredentials- Desktop name too long\n", 0);
|
||||
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
||||
CASA_FACILITY_PWTOKEN,
|
||||
CASA_STATUS_UNSUCCESSFUL);
|
||||
// There were no credentials for the realm, now try to obtain the
|
||||
// desktop credentials.
|
||||
secretId.len = sscs_Utf8Strlen("Desktop") + 1;
|
||||
if (secretId.len <= NSSCS_MAX_SECRET_ID_LEN)
|
||||
{
|
||||
sscs_Utf8Strcpy((char*) secretId.id, "Desktop");
|
||||
rcode = miCASAGetCredential(0,
|
||||
&secretId,
|
||||
NULL,
|
||||
&credtype,
|
||||
&credential,
|
||||
(SSCS_EXT_T*) pCredStoreScope);
|
||||
}
|
||||
else
|
||||
{
|
||||
DbgTrace(0, "-GetUserCredentials- Desktop name too long\n", 0);
|
||||
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
||||
CASA_FACILITY_PWTOKEN,
|
||||
CASA_STATUS_UNSUCCESSFUL);
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
DbgTrace(0, "-GetUserCredentials- Realm name too long\n", 0);
|
||||
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
||||
CASA_FACILITY_PWTOKEN,
|
||||
CASA_STATUS_UNSUCCESSFUL);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
@@ -37,6 +37,10 @@
|
||||
|
||||
//===[ Type definitions ]==================================================
|
||||
|
||||
#ifndef U32_MAX
|
||||
#define U32_MAX (~(uint32_t)0)
|
||||
#endif
|
||||
|
||||
//===[ Inlines functions ]===============================================
|
||||
|
||||
//===[ Function prototypes ]===============================================
|
||||
|
||||
Reference in New Issue
Block a user