geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix for bug 242410 of Suse review on item 4.7 of the audit list.

Browse Source
This commit is contained in:
Cameron (Kamran) Mashayekhi 2007-02-13 22:58:24 +00:00
parent 37c54b1167
commit d5f2ad902e
1 changed files with 243 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

351
CASA/micasacache/sscs_unx_ipc_client.c
View File

@ -266,7 +266,13 @@ int32_t ipc_OpenSecretStore
msgLen = MSGID_LEN + MSG_LEN +
MSG_DWORD_LEN +
MSG_STRING_LEN +
ssNameLen;
ssNameLen;
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf;
@ -401,6 +407,12 @@ int32_t ipc_CloseSecretStore
// Prepare Request buffer
msgLen = MSGID_LEN + MSG_LEN + MSG_DWORD_LEN;
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf;
msgid = REQ_CACHE_CLOSE_SECRET_STORE_MSGID;
@ -507,6 +519,11 @@ int32_t ipc_RemoveSecretStore
// Prepare Request buffer
msgLen = MSGID_LEN + MSG_LEN;
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf;
@ -617,6 +634,11 @@ int32_t ipc_EnumerateKeychainIDs
// Prepare Request buffer
msgLen = MSGID_LEN + MSG_LEN;
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf;
@ -648,7 +670,7 @@ int32_t ipc_EnumerateKeychainIDs
pReply += MSG_LEN;
// I would like to get return code here itself
// so that I need not check for other things.
memcpy(&bufLen,pReply, MSG_DWORD_LEN);
memcpy(&bufLen, pReply, MSG_DWORD_LEN);
if( 0 == bufLen )
{
retVal = IPC_READ(ssHandle->platHandle,&sockReturn, MSG_DWORD_LEN);
@ -665,8 +687,15 @@ int32_t ipc_EnumerateKeychainIDs
if( bufLen < MIN_REPLY_BUF_LEN/(sizeof(char)) )
pReply = gpReplyBuf;
else
{
pReply = (Byte *)malloc( (bufLen+1) * sizeof(char));
{
if((bufLen + 1) >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReply = (Byte *)malloc( (bufLen + 1) * sizeof(char));
if( NULL == pReply )
{
// Cleanup the channel by reading the remaining and return error.
@ -822,6 +851,12 @@ int32_t ipc_AddKeychain
MSG_DWORD_LEN + // flags
MSG_STRING_LEN +
keychainIDLen; // Keychain ID
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf;
@ -938,6 +973,12 @@ int32_t ipc_RemoveKeychain
msgLen = MSGID_LEN + MSG_LEN +
MSG_STRING_LEN +
keychainIDLen; // Keychain ID
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf;
@ -1063,6 +1104,12 @@ int32_t ipc_EnumerateSecretIDs
msgLen = MSGID_LEN + MSG_LEN +
MSG_STRING_LEN +
keychainIDLen; // Keychain ID
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf;
@ -1113,7 +1160,13 @@ int32_t ipc_EnumerateSecretIDs
pReply = gpReplyBuf;
else
{
pReply = (Byte *)malloc( (bufLen+1) * sizeof(SS_UTF8_T));
if((bufLen + 1) >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReply = (Byte *)malloc( (bufLen + 1) * sizeof(SS_UTF8_T));
if(pReply == NULL)
{
// Cleanup the channel by reading the remaining and return error.
@ -1290,7 +1343,7 @@ int32_t ipc_ReadSecret
secretIDLen + // SecretID
MSG_STRING_LEN + // epPassword len
epPassword->pwordLen;
// is there an ext, account for it
if (ext)
{
@ -1307,7 +1360,13 @@ int32_t ipc_ReadSecret
// the cache daemon expects a ext, add it here
msgLen += MSG_DWORD_LEN;
}
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf;
msgid = REQ_CACHE_READ_SECRET_MSGID;
memcpy(pReq, &msgid, MSGID_LEN);
@ -1537,7 +1596,7 @@ int ipc_WriteSecret
secretData->len +
MSG_STRING_LEN + // epPassword len
epPassword->pwordLen;
// is there an ext
if (ext)
{
@ -1578,7 +1637,13 @@ int ipc_WriteSecret
{
pReq = gpReqBuf;
}
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
msgid = REQ_CACHE_WRITE_SECRET_MSGID;
memcpy(pReq, &msgid, MSGID_LEN);
pReq += MSGID_LEN;
@ -1780,6 +1845,12 @@ int32_t ipc_RemoveSecret
// the cache daemon expects a ext, add it here
msgLen += MSG_DWORD_LEN;
}
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf;
@ -1836,7 +1907,7 @@ int32_t ipc_RemoveSecret
}
else
{
uint32_t extID = 0;
uint32_t extID = 0;
memcpy(pReq,&extID,MSG_DWORD_LEN);
}
@ -1939,11 +2010,13 @@ int32_t ipc_GetSecretStoreInfo
// Prepare Request buffer
msgLen = MSGID_LEN + MSG_LEN;
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
if( msgLen > MIN_REQUEST_BUF_LEN )
{
//Allocate more memory for gpReqBuf
}
pReq = gpReqBuf;
msgid = REQ_GET_SECRETSTORE_INFO_MSGID;
memcpy(pReq, &msgid, MSGID_LEN);
@ -1951,6 +2024,7 @@ int32_t ipc_GetSecretStoreInfo
memcpy(pReq, &msgLen, MSG_LEN);
pReq += MSG_LEN;
retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen);
if(retVal < 0)
{
@ -2061,10 +2135,12 @@ int32_t ipc_GetKeychainInfo
msgLen = MSGID_LEN + MSG_LEN + MSG_DWORD_LEN +
(keychainID->len );
if( msgLen > MIN_REQUEST_BUF_LEN )
{
//Allocate more memory for gpReqBuf
}
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf;
msgid = REQ_GET_KEYCHAIN_INFO_MSGID;
memcpy(pReq, &msgid, MSGID_LEN);
@ -2180,6 +2256,12 @@ int32_t ipc_LockCache
// Prepare Request buffer
msgLen = MSGID_LEN + MSG_LEN;
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf;
msgid = REQ_LOCK_CACHE_MSGID;
memcpy(pReq, &msgid, MSGID_LEN);
@ -2284,6 +2366,12 @@ int32_t ipc_UnlockCache
// Prepare Request buffer
msgLen = MSGID_LEN + MSG_LEN;
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf;
msgid = REQ_UNLOCK_CACHE_MSGID;
memcpy(pReq, &msgid, MSGID_LEN);
@ -2399,6 +2487,12 @@ int32_t ipc_SetMasterPasscode
MSG_DWORD_LEN + // passcodetype
MSG_STRING_LEN + //passcodeLen
passcodeLen;
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf;
@ -2571,6 +2665,12 @@ int32_t ipc_RemoveKey
// the cache daemon expects a ext, add it here
msgLen += MSG_DWORD_LEN;
}
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf;
msgid = REQ_REMOVE_KEY_MSGID;
@ -2775,6 +2875,12 @@ int32_t ipc_ReadKey
// the cache daemon expects a ext, add it here
msgLen += MSG_DWORD_LEN;
}
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf;
msgid = REQ_READ_KEY_MSGID;
@ -3029,6 +3135,11 @@ int32_t ipc_ReadBinaryKey
msgLen += MSG_DWORD_LEN;
}
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf;
msgid = REQ_READ_BINARY_KEY_MSGID;
@ -3268,30 +3379,30 @@ int ipc_WriteKey
MSG_STRING_LEN + // epPassword len
epPassword->pwordLen;
// is there an ext, account for it
if (ext)
{
// The login capture on Windows determines the LUID of the user
// and sends it as an Extension, marshall it across the pipe
// see the WriteSecret verb for handling it.
if (ext->extID == WINDOWS_LOGIN_ID)
// is there an ext, account for it
if (ext)
{
// 4 byte ext type, 4 byte len and 8 bytes of LUID
msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN;
// as setup in the capture module
//ext.extID = WINDOWS_LOGON_ID;
//ext.version = 0x00010000; // 1.0.0
//ext.ext = (void *)lpLogonId;
// _LUID { DWORD LowPart; LONG HighPart; // 8 byte
}
else
msgLen += MSG_DWORD_LEN;
}
else
{
// the cache daemon expects a ext, add it here
msgLen += MSG_DWORD_LEN;
}
// The login capture on Windows determines the LUID of the user
// and sends it as an Extension, marshall it across the pipe
// see the WriteSecret verb for handling it.
if (ext->extID == WINDOWS_LOGIN_ID)
{
// 4 byte ext type, 4 byte len and 8 bytes of LUID
msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN;
// as setup in the capture module
//ext.extID = WINDOWS_LOGON_ID;
//ext.version = 0x00010000; // 1.0.0
//ext.ext = (void *)lpLogonId;
// _LUID { DWORD LowPart; LONG HighPart; // 8 byte
}
else
msgLen += MSG_DWORD_LEN;
}
else
{
// the cache daemon expects a ext, add it here
msgLen += MSG_DWORD_LEN;
}
if( msgLen > MIN_REQUEST_BUF_LEN )
{
@ -3308,8 +3419,14 @@ int ipc_WriteKey
{
pReq = gpReqBuf;
}
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
msgid = REQ_WRITE_KEY_MSGID;
msgid = REQ_WRITE_KEY_MSGID;
memcpy(pReq, &msgid, MSGID_LEN);
pReq += MSGID_LEN;
@ -3339,28 +3456,28 @@ int ipc_WriteKey
pReq += epPassword->pwordLen;
// marshall the extension if there is one
if (ext)
{
if (ext->extID == WINDOWS_LOGIN_ID)
if (ext)
{
extID = EXT_TYPE_WINDOWS_LUID;
memcpy(pReq, &extID, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
if (ext->extID == WINDOWS_LOGIN_ID)
{
extID = EXT_TYPE_WINDOWS_LUID;
memcpy(pReq, &extID, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
luidLen = WINDOWS_LUID_LEN;
memcpy(pReq, &luidLen, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
memcpy(pReq, ext->ext, 8);
pReq += 8;
}
else
{
uint32_t extID = 0;
memcpy(pReq,&extID,MSG_DWORD_LEN);
}
}
luidLen = WINDOWS_LUID_LEN;
memcpy(pReq, &luidLen, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
memcpy(pReq, ext->ext, 8);
pReq += 8;
}
else
{
uint32_t extID = 0;
memcpy(pReq,&extID,MSG_DWORD_LEN);
}
}
else
{
uint32_t extID = 0;
@ -3516,30 +3633,30 @@ int ipc_WriteBinaryKey
MSG_STRING_LEN + // epPassword len
epPassword->pwordLen;
// is there an ext, account for it
if (ext)
{
// The login capture on Windows determines the LUID of the user
// and sends it as an Extension, marshall it across the pipe
// see the WriteSecret verb for handling it.
if (ext->extID == WINDOWS_LOGIN_ID)
// is there an ext, account for it
if (ext)
{
// 4 byte ext type, 4 byte len and 8 bytes of LUID
msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN;
// as setup in the capture module
//ext.extID = WINDOWS_LOGON_ID;
//ext.version = 0x00010000; // 1.0.0
//ext.ext = (void *)lpLogonId;
// _LUID { DWORD LowPart; LONG HighPart; // 8 byte
}
else
msgLen += MSG_DWORD_LEN;
}
else
{
// the cache daemon expects a ext, add it here
msgLen += MSG_DWORD_LEN;
}
// The login capture on Windows determines the LUID of the user
// and sends it as an Extension, marshall it across the pipe
// see the WriteSecret verb for handling it.
if (ext->extID == WINDOWS_LOGIN_ID)
{
// 4 byte ext type, 4 byte len and 8 bytes of LUID
msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN;
// as setup in the capture module
//ext.extID = WINDOWS_LOGON_ID;
//ext.version = 0x00010000; // 1.0.0
//ext.ext = (void *)lpLogonId;
// _LUID { DWORD LowPart; LONG HighPart; // 8 byte
}
else
msgLen += MSG_DWORD_LEN;
}
else
{
// the cache daemon expects a ext, add it here
msgLen += MSG_DWORD_LEN;
}
if( msgLen > MIN_REQUEST_BUF_LEN )
{
@ -3557,8 +3674,14 @@ int ipc_WriteBinaryKey
pReq = gpReqBuf;
}
msgid = REQ_WRITE_BINARY_KEY_MSGID;
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
msgid = REQ_WRITE_BINARY_KEY_MSGID;
memcpy(pReq, &msgid, MSGID_LEN);
pReq += MSGID_LEN;
@ -3588,28 +3711,28 @@ int ipc_WriteBinaryKey
pReq += epPassword->pwordLen;
// marshall the extension if there is one
if (ext)
{
if (ext->extID == WINDOWS_LOGIN_ID)
if (ext)
{
extID = EXT_TYPE_WINDOWS_LUID;
memcpy(pReq, &extID, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
if (ext->extID == WINDOWS_LOGIN_ID)
{
extID = EXT_TYPE_WINDOWS_LUID;
memcpy(pReq, &extID, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
luidLen = WINDOWS_LUID_LEN;
memcpy(pReq, &luidLen, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
memcpy(pReq, ext->ext, 8);
pReq += 8;
}
else
{
uint32_t extID = 0;
memcpy(pReq,&extID,MSG_DWORD_LEN);
}
}
luidLen = WINDOWS_LUID_LEN;
memcpy(pReq, &luidLen, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
memcpy(pReq, ext->ext, 8);
pReq += 8;
}
else
{
uint32_t extID = 0;
memcpy(pReq,&extID,MSG_DWORD_LEN);
}
}
else
{
uint32_t extID = 0;
@ -3734,7 +3857,13 @@ int32_t ipc_SetMasterPassword
passwdLen;
pReq = gpReqBuf;
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
msgid = REQ_SET_MASTER_PASSWORD;
memcpy(pReq, &msgid, MSGID_LEN);
pReq += MSGID_LEN;
@ -3896,6 +4025,12 @@ int ipc_IsSecretPersistent
{
pReq = gpReqBuf;
}
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
msgid = REQ_IS_SECRET_PERSISTENT;
memcpy(pReq, &msgid, MSGID_LEN);