Patches sent by India based on Security review.

2006-04-06 20:09:26 +00:00
parent 861619e231
commit b2b5903126
7 changed files with 816 additions and 686 deletions
--- a/c_micasacache/sscs_ipc.c
+++ b/c_micasacache/sscs_ipc.c
@@ -181,7 +181,12 @@ int ipc_unx_read(int fd, Byte *pData, int bytes)
    for(bytesToRead = bytes; bytesToRead;)
    {
-        bytesRead = read(fd, pData, bytesToRead);
+        if ((bytesRead = read(fd, pData, bytesToRead)) == 0) 
 		{
 			break;
 		} 
 		else 
 		{
 	        if(bytesRead < 0)
 	        {
        	    return -1;
@@ -189,6 +194,7 @@ int ipc_unx_read(int fd, Byte *pData, int bytes)
        	bytesToRead -= bytesRead;
 	        pData += bytesRead;
 		}
    }
    return bytesRead;
 }
 //#endif
--- a/c_micasad/communication/UnixCommunication.cs
+++ b/c_micasad/communication/UnixCommunication.cs
@@ -24,6 +24,7 @@
 using System;
 using System.Net;
 using System.Net.Sockets;
 using Mono.Unix;
 using Mono.Unix.Native;
 using System.IO;
 using System.Text;
@@ -53,7 +54,9 @@ namespace sscs.communication
            CSSSLogger.ExecutionTrace(this);
            Syscall.umask(0);
 			if(File.Exists(socketFileName))
 			{
 				File.Delete(socketFileName);
 			}
            listeningSocket = new Socket( AddressFamily.Unix,
                                          SocketType.Stream,
                                          ProtocolType.IP );
@@ -76,6 +79,15 @@ namespace sscs.communication
            CSSSLogger.ExecutionTrace(this);
            try
            {
            	UnixFileSystemInfo sockFileInfo = new UnixFileInfo(socketFileName);
                UnixUserInfo sockFileOwner = sockFileInfo.OwnerUser;
 				// check if ROOT is the owner of the file: /tmp/.novellCASA
 				if (sockFileOwner.UserId != 0)
 				{
 					File.Delete(socketFileName);
 				}
                listeningSocket.Bind(sockEndPoint);
                listeningSocket.Listen(50);
            }
--- a/c_micasad/init/Main.cs
+++ b/c_micasad/init/Main.cs
@@ -49,7 +49,10 @@ class SecretStoreClientService
            }
            RegisterSignals();
-
+			Mono.Unix.Native.Syscall.umask( Mono.Unix.Native.FilePermissions.S_IRGRP | 
 											Mono.Unix.Native.FilePermissions.S_IWGRP | 
 											Mono.Unix.Native.FilePermissions.S_IROTH | 
 											Mono.Unix.Native.FilePermissions.S_IWOTH);
            CSSSLogger.DbgLog("Client Side SecretStore Service has started.");
            server = CommunicationFactory.CreateCommunicationEndPoint();
--- a/c_micasad/lib/communication/UnixIPCClientChannel.cs
+++ b/c_micasad/lib/communication/UnixIPCClientChannel.cs
@@ -48,10 +48,26 @@ namespace Novell.CASA.MiCasa.Communication
                            SocketType.Stream,
                            ProtocolType.IP );
-            if (mSocket == null) throw new Exception("could not get socket");
+			if (mSocket == null)
 			{
 				throw new Exception("could not get socket");
 			}
 			sockEndPoint = new UnixEndPoint(socketFileName);            
 			UnixFileSystemInfo sockFileInfo = new UnixFileInfo(socketFileName);
            UnixUserInfo sockFileOwner = sockFileInfo.OwnerUser;
            // root is the owner of the file "/tmp/.novellCASA"
 			if (sockFileOwner.UserId == 0)
 			{
 				mSocket.Connect(sockEndPoint);
 			}
 			else
 			{
 				throw new Exception("not a valid miCASA service");
 			}
        }
        public int Read(byte[] buf)
        {
--- a/c_micasad/lss/CASACrypto.cs
+++ b/c_micasad/lss/CASACrypto.cs
@@ -24,6 +24,9 @@ using System;
 using System.IO;
 using System.Text;
 using System.Security.Cryptography;
 #if LINUX
 using Mono.Unix;
 #endif
 using sscs.common;
 using sscs.constants;
@@ -69,9 +72,7 @@ namespace sscs.crypto
                //Encrypt the data to a file            
                fsEncrypt = new FileStream(fileName, FileMode.Create);
-#if LINUX
+
                Mono.Unix.Native.Syscall.chmod(fileName,Mono.Unix.Native.FilePermissions.S_IRUSR | Mono.Unix.Native.FilePermissions.S_IWUSR);
 #endif                      
 				// make hidden
 				File.SetAttributes(fileName, FileAttributes.Hidden);
@@ -107,9 +108,15 @@ namespace sscs.crypto
            byte[] baSavedKey = null;
            FileStream fsDecrypt = null;
            CryptoStream csDecrypt = null;
            try
            {
 #if LINUX
 				UnixFileInfo fsTest = new UnixFileInfo (fileName);
                if((fsTest == null) || !(fsTest.Exists) || fsTest.IsSymbolicLink)
 #else
                if(!File.Exists(fileName))
 #endif
                {
                    return null;
                }
@@ -180,9 +187,7 @@ namespace sscs.crypto
                //Encrypt the data to a file            
                fsEncrypt = new FileStream(fileName, FileMode.Create);
-#if LINUX
+
                Mono.Unix.Native.Syscall.chmod(fileName,Mono.Unix.Native.FilePermissions.S_IRUSR | Mono.Unix.Native.FilePermissions.S_IWUSR);
 #endif                                
 				// make hidden
 				File.SetAttributes(fileName, FileAttributes.Hidden);
@@ -224,7 +229,12 @@ namespace sscs.crypto
                //Get a decryptor that uses the same key and IV as the encryptor.
                RijndaelManaged myRijndael = new RijndaelManaged();
                ICryptoTransform decryptor = myRijndael.CreateDecryptor(key, IV);
 #if LINUX
 				UnixFileInfo fsTest = new UnixFileInfo (fileName);
                if((fsTest == null) || !(fsTest.Exists) || fsTest.IsSymbolicLink)
 #else
 				if(!File.Exists(fileName))
 #endif
 				{
                    return null;
                }
@@ -241,6 +251,7 @@ namespace sscs.crypto
 								fsDecrypt.Close();                        
 								return null;
 				}
 				ulong fileLen = (ulong)(fsDecrypt.Length - HASH_SIZE);
 				byte[] fromEncrypt = new byte[fileLen];
@@ -393,9 +404,7 @@ namespace sscs.crypto
                //Encrypt the data to a file
                fsEncrypt = new FileStream(fileName,FileMode.Create);
-#if LINUX
+
                Mono.Unix.Native.Syscall.chmod(fileName,Mono.Unix.Native.FilePermissions.S_IRUSR | Mono.Unix.Native.FilePermissions.S_IWUSR);
 #endif                                
 				// make hidden
 				File.SetAttributes(fileName, FileAttributes.Hidden);
@@ -441,6 +450,16 @@ namespace sscs.crypto
                ICryptoTransform decryptor = myRijndael.CreateDecryptor(baKey,
                    baKey);
                //Now decrypt
 #if LINUX
 				UnixFileInfo fsTest = new UnixFileInfo (fileName);
                if((fsTest == null) || !(fsTest.Exists) || fsTest.IsSymbolicLink)
 #else
 				if(!File.Exists(fileName))
 #endif
 				{
                    return null;
                }
                fsDecrypt = new FileStream(fileName, FileMode.Open);
                csDecrypt = new CryptoStream(fsDecrypt, decryptor,
                    CryptoStreamMode.Read);
--- a/c_micasad/lss/LocalStorage.cs
+++ b/c_micasad/lss/LocalStorage.cs
@@ -27,6 +27,9 @@ using System.Collections;
 using System.Threading;
 using System.Security.Cryptography;
 using System.Xml;
 #if LINUX
 using Mono.Unix.Native;
 #endif
 using sscs.cache;
 using sscs.crypto;
 using sscs.common;
@@ -62,6 +65,11 @@ namespace sscs.lss
        private int persistThreadSleepTime = 1000 * 60 * 5; //1000 * 30; 
        private Thread persistThread = null;       
 #if LINUX
 		Mono.Unix.UnixFileSystemInfo sockFileInfo;
 		Mono.Unix.UnixUserInfo sockFileOwner;
 #endif
        private static string LINUXID = "Unix";         
 		internal LocalStorage(SecretStore store,byte[] baMasterPasscode)
@@ -120,23 +128,59 @@ namespace sscs.lss
 			}
 			return true;
 		}
 		public bool IsOwnedByRoot(string fileName)		
 		{
 #if LINUX
 			sockFileInfo = new Mono.Unix.UnixFileInfo(fileName);
 		    sockFileOwner = sockFileInfo.OwnerUser;
 			if(0==sockFileOwner.UserId)
 			    return true;
 		    else
 		        return false;
 #else
 			return true;
 #endif
 		}
        private string GetDecryptedXml()
        {
            try
            {
 				string fileName = userStore.GetPersistenceFilePath();
 				string tempFile = fileName;
 				int count = 0;
 				if(!File.Exists(fileName))
 				{
 					while(true)
 					{
 						// check for tmp file
-					if (File.Exists(fileName+".tmp"))
+						if (File.Exists(tempFile+".tmp"))
-						File.Move(fileName+".tmp", fileName);
+						{
 							if(IsOwnedByRoot(tempFile+".tmp"))
 							{
 								File.Move(tempFile+".tmp", fileName);
 								break;
 							}
 							else
 							{
 								count++;
 								tempFile = fileName + count.ToString();
 							}
 						}
 						else
 							return null;
 					}
 					// delete tmp file if there
-				if (File.Exists(fileName+".tmp"))
+					if (File.Exists(tempFile+".tmp"))
-					File.Delete(fileName+".tmp");
+					{
 						if(IsOwnedByRoot(tempFile+".tmp"))
 							File.Delete(tempFile+".tmp");
 					}
 				}
 				byte[] baPasscode = null;
 				if (null != m_baGeneratedKey)
@@ -427,22 +471,40 @@ namespace sscs.lss
 				byte[] key = CASACrypto.GetKeySetFromFile(m_baGeneratedKey, userStore.GetKeyFilePath());
 				string fileName = userStore.GetPersistenceFilePath();
 				string tempFile = fileName;
 				int count=0;
 				// rename existing file
 				if(File.Exists(fileName))
 				{
-					if (File.Exists(fileName+".tmp"))
+					while(true)
-						File.Delete(fileName+".tmp");
+					{
-
+						if (File.Exists(tempFile+".tmp"))
-					File.Move(fileName, fileName+".tmp");
+						{
 							if(IsOwnedByRoot(tempFile+".tmp"))
 							{
 								File.Delete(tempFile+".tmp");
 								break;
 							}
 							else
 							{
 								count++;
 								tempFile = fileName + count.ToString();
 							}
 						}
 						else
 							break;
 					}
 					File.Move(fileName, tempFile+".tmp");
 				}
 				CASACrypto.EncryptDataAndWriteToFile(ms1.ToArray(),key,fileName);
 				//remove temp
-				if(File.Exists(fileName+".tmp"))
+				if(File.Exists(tempFile+".tmp"))
 				{
-					File.Delete(fileName+".tmp");
+					if(IsOwnedByRoot(tempFile+".tmp"))
 						File.Delete(tempFile+".tmp");
 				}
 			}
 			catch(Exception e)
--- a/c_micasadk/sscs_ndk.c
+++ b/c_micasadk/sscs_ndk.c
@@ -221,42 +221,50 @@ static int32_t sscsshs_GetNextSHSEntry
 *	 Internal function that escapes delimited characters in a string.
 *
 */
-static void sscsshs_ChkEscapeString(SS_UTF8_T	*entryBuf)
+static void sscsshs_ChkEscapeString(SS_UTF8_T	**entryBuf)
 { /* beginning of the call */
 /* ########################## DECLARATIONS START HERE ######################### */
-	int 			len = 0, i, k = 0;
+	int 			len = 0, i, k = 0, tmplen = 0, escaped = 0;
 	SS_UTF8_T	 	*tempBuf = NULL;
 /* ############################## CODE STARTS HERE ############################ */
-	if(!(tempBuf = (SS_UTF8_T *)malloc(NSSCS_MAX_SECRET_BUF_LEN - SSCS_CRED_SET_LEN)))
+	len = sscs_Utf8Strlen(*entryBuf) + 1;
 	if (len > (NSSCS_MAX_SECRET_BUF_LEN - SSCS_CRED_SET_LEN))
 		return;
 	/* We assume that all the chars in entryBuf might need escaping */
 	if(!(tempBuf = (SS_UTF8_T *)malloc(2 * (NSSCS_MAX_SECRET_BUF_LEN - SSCS_CRED_SET_LEN))))
 	{
 		return;
 	}
-	memset(tempBuf, 0, NSSCS_MAX_SECRET_BUF_LEN - SSCS_CRED_SET_LEN);
+	memset(tempBuf, 0, 2 * (NSSCS_MAX_SECRET_BUF_LEN - SSCS_CRED_SET_LEN));
 	len = sscs_Utf8Strlen(entryBuf) + 1;
 	for(i = 0; i < len; i++)
 	{
-		SS_UTF8_T c = entryBuf[i];
+		SS_UTF8_T c = *((*entryBuf)+i);
 		switch(c)
 		{
 			case (SS_UTF8_T)'\\':
 				tempBuf[k++] = (SS_UTF8_T)'\\';
 				tempBuf[k++] = (SS_UTF8_T)'\\';
 				escaped = 1;
 				break;
 			 case (SS_UTF8_T)':':
 				tempBuf[k++] = (SS_UTF8_T)'\\';
 				tempBuf[k++] = (SS_UTF8_T)':';
 				escaped = 1;
 				break;
 			 case (SS_UTF8_T)'=':
 				tempBuf[k++] = (SS_UTF8_T)'\\';
 				tempBuf[k++] = (SS_UTF8_T)'=';
 				escaped = 1;
 				break;
 			 default:
@@ -264,7 +272,11 @@ static void sscsshs_ChkEscapeString(SS_UTF8_T	*entryBuf)
 		}
 	}
-	sscs_Utf8Strcpy(entryBuf, tempBuf);
+	if (escaped) {
 		free (*entryBuf);
 		*entryBuf = tempBuf;
 		return;
 	}
 /* ############################### CODE EXITS HERE ############################# */
@@ -310,7 +322,7 @@ static int32_t sscsshs_PopulateSecretBuf
 		retBuffer[sscs_Utf8Strlen(retBuffer)] = (SS_UTF8_T)0x0A; // add a line feed delimiter
 	}
-	sscsshs_ChkEscapeString(key);
+	sscsshs_ChkEscapeString(&key);
 	if(sscs_Utf8Strcmp(key, SSCS_CRED_SET))
 	{
@@ -328,7 +340,7 @@ static int32_t sscsshs_PopulateSecretBuf
 		sscs_Utf8Strcat(retBuffer, APP_DELIMITER);
 	}
-	sscsshs_ChkEscapeString(val);
+	sscsshs_ChkEscapeString(&val);
 	if((*bufLen + (sscs_Utf8StrSize(val))) < NSSCS_MAX_SECRET_BUF_LEN)
 	{
 		sscs_Utf8Strcat(retBuffer, val);
@@ -385,7 +397,7 @@ static int32_t sscsshs_PopulateBinarySecretBuf
 			return(NSSCS_E_PARSER_FAILURE);  // create error stating non-binary buffer
 		}		
-		sscsshs_ChkEscapeString(key);	
+		sscsshs_ChkEscapeString(&key);	
 		sscs_Utf8Strcpy((SS_UTF8_T *)retBuffer, key);
 		sscs_Utf8Strcat((SS_UTF8_T *)retBuffer, BINARY_DELIMITER);
 		len = sscs_Utf8StrSize((SS_UTF8_T *)retBuffer);
@@ -1057,7 +1069,7 @@ miCASAReadSecret
 	// escape delimited characters
 	memcpy(escapedSHSName, sharedSecretID->name, sscs_Utf8StrSize((SS_UTF8_T *)sharedSecretID->name));
-	sscsshs_ChkEscapeString(escapedSHSName);
+	sscsshs_ChkEscapeString(&escapedSHSName);
 	if((escNameLen = sscs_Utf8Strlen((SS_UTF8_T *)escapedSHSName)) < 1)
 	{
@@ -1227,7 +1239,7 @@ miCASARemoveSecret
 	// escape delimited characters
 	memcpy(escapedSHSName, sharedSecretID->name, sscs_Utf8StrSize((SS_UTF8_T *)sharedSecretID->name));
-	sscsshs_ChkEscapeString(escapedSHSName);
+	sscsshs_ChkEscapeString(&escapedSHSName);
 	if((escNameLen = sscs_Utf8Strlen((SS_UTF8_T *)escapedSHSName)) < 1)
 	{
@@ -1373,7 +1385,7 @@ miCASAWriteSecret
 	// escape delimited characters
 	memcpy(escapedSHSName, sharedSecretID->name, sscs_Utf8StrSize((SS_UTF8_T *)sharedSecretID->name));
-	sscsshs_ChkEscapeString(escapedSHSName);
+	sscsshs_ChkEscapeString(&escapedSHSName);
 	if((escNameLen = sscs_Utf8Strlen((SS_UTF8_T *)escapedSHSName)) < 1)
 	{
@@ -1575,13 +1587,13 @@ miCASAWriteKey
 	// escape delimited characters
 	memcpy(escapedSHSName, sharedSecretID->id, sscs_Utf8StrSize((SS_UTF8_T *)sharedSecretID->id));
-	sscsshs_ChkEscapeString(escapedSHSName);
+	sscsshs_ChkEscapeString(&escapedSHSName);
 	memcpy(escapedSHSKey, key, keyLen);
-	sscsshs_ChkEscapeString(escapedSHSKey);
+	sscsshs_ChkEscapeString(&escapedSHSKey);
 	memcpy(escapedSHSValue, val, valLen);
-	sscsshs_ChkEscapeString(escapedSHSValue);
+	sscsshs_ChkEscapeString(&escapedSHSValue);
 	if((escNameLen = sscs_Utf8Strlen((SS_UTF8_T *)escapedSHSName)) < 1)
 	{
@@ -1701,10 +1713,10 @@ miCASAWriteBinaryKey
 	// escape delimited characters
 	memcpy(escapedSHSName, sharedSecretID->id, sscs_Utf8StrSize((SS_UTF8_T *)sharedSecretID->id));
-	sscsshs_ChkEscapeString(escapedSHSName);
+	sscsshs_ChkEscapeString(&escapedSHSName);
 	memcpy(escapedSHSKey, key, keyLen);
-	sscsshs_ChkEscapeString(escapedSHSKey);
+	sscsshs_ChkEscapeString(&escapedSHSKey);
 	if((escNameLen = sscs_Utf8Strlen((SS_UTF8_T *)escapedSHSName)) < 1)
 	{
@@ -1821,10 +1833,10 @@ miCASAReadKey
 	// escape delimited characters
 	memcpy(escapedSHSName, sharedSecretID->id, sscs_Utf8StrSize((SS_UTF8_T *)sharedSecretID->id));
-	sscsshs_ChkEscapeString(escapedSHSName);
+	sscsshs_ChkEscapeString(&escapedSHSName);
 	memcpy(escapedSHSKey, key, keyLen);
-	sscsshs_ChkEscapeString(escapedSHSKey);	
+	sscsshs_ChkEscapeString(&escapedSHSKey);	
 	if((escNameLen = sscs_Utf8Strlen((SS_UTF8_T *)escapedSHSName)) < 1)
 	{
@@ -1939,10 +1951,10 @@ miCASAReadBinaryKey
 	// escape delimited characters
 	memcpy(escapedSHSName, sharedSecretID->id, sscs_Utf8StrSize((SS_UTF8_T *)sharedSecretID->id));
-	sscsshs_ChkEscapeString(escapedSHSName);
+	sscsshs_ChkEscapeString(&escapedSHSName);
 	memcpy(escapedSHSKey, key, keyLen);
-	sscsshs_ChkEscapeString(escapedSHSKey);	
+	sscsshs_ChkEscapeString(&escapedSHSKey);	
 	if((escNameLen = sscs_Utf8Strlen((SS_UTF8_T *)escapedSHSName)) < 1)
 	{