geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix for bug 242410 of Suse review on item 4.7 of the audit list.

Browse Source
This commit is contained in:
Cameron (Kamran) Mashayekhi 2007-02-13 22:58:24 +00:00
parent 37c54b1167
commit d5f2ad902e
1 changed files with 243 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

323
CASA/micasacache/sscs_unx_ipc_client.c
View File

@ -268,6 +268,12 @@ int32_t ipc_OpenSecretStore
MSG_STRING_LEN + MSG_STRING_LEN +
ssNameLen; ssNameLen;
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf; pReq = gpReqBuf;
msgid = REQ_CACHE_OPEN_SECRET_STORE_MSGID; msgid = REQ_CACHE_OPEN_SECRET_STORE_MSGID;
@ -401,6 +407,12 @@ int32_t ipc_CloseSecretStore
// Prepare Request buffer // Prepare Request buffer
msgLen = MSGID_LEN + MSG_LEN + MSG_DWORD_LEN; msgLen = MSGID_LEN + MSG_LEN + MSG_DWORD_LEN;
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf; pReq = gpReqBuf;
msgid = REQ_CACHE_CLOSE_SECRET_STORE_MSGID; msgid = REQ_CACHE_CLOSE_SECRET_STORE_MSGID;
@ -507,6 +519,11 @@ int32_t ipc_RemoveSecretStore
// Prepare Request buffer // Prepare Request buffer
msgLen = MSGID_LEN + MSG_LEN; msgLen = MSGID_LEN + MSG_LEN;
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf; pReq = gpReqBuf;
@ -617,6 +634,11 @@ int32_t ipc_EnumerateKeychainIDs
// Prepare Request buffer // Prepare Request buffer
msgLen = MSGID_LEN + MSG_LEN; msgLen = MSGID_LEN + MSG_LEN;
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf; pReq = gpReqBuf;
@ -648,7 +670,7 @@ int32_t ipc_EnumerateKeychainIDs
pReply += MSG_LEN; pReply += MSG_LEN;
// I would like to get return code here itself // I would like to get return code here itself
// so that I need not check for other things. // so that I need not check for other things.
memcpy(&bufLen,pReply, MSG_DWORD_LEN); memcpy(&bufLen, pReply, MSG_DWORD_LEN);
if( 0 == bufLen ) if( 0 == bufLen )
{ {
retVal = IPC_READ(ssHandle->platHandle,&sockReturn, MSG_DWORD_LEN); retVal = IPC_READ(ssHandle->platHandle,&sockReturn, MSG_DWORD_LEN);
@ -666,7 +688,14 @@ int32_t ipc_EnumerateKeychainIDs
pReply = gpReplyBuf; pReply = gpReplyBuf;
else else
{ {
pReply = (Byte *)malloc( (bufLen+1) * sizeof(char));
if((bufLen + 1) >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReply = (Byte *)malloc( (bufLen + 1) * sizeof(char));
if( NULL == pReply ) if( NULL == pReply )
{ {
// Cleanup the channel by reading the remaining and return error. // Cleanup the channel by reading the remaining and return error.
@ -823,6 +852,12 @@ int32_t ipc_AddKeychain
MSG_STRING_LEN + MSG_STRING_LEN +
keychainIDLen; // Keychain ID keychainIDLen; // Keychain ID
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf; pReq = gpReqBuf;
msgid = REQ_CACHE_ADD_KEYCHAIN_MSGID; msgid = REQ_CACHE_ADD_KEYCHAIN_MSGID;
@ -939,6 +974,12 @@ int32_t ipc_RemoveKeychain
MSG_STRING_LEN + MSG_STRING_LEN +
keychainIDLen; // Keychain ID keychainIDLen; // Keychain ID
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf; pReq = gpReqBuf;
msgid = REQ_CACHE_REMOVE_KEYCHAIN_MSGID; msgid = REQ_CACHE_REMOVE_KEYCHAIN_MSGID;
@ -1064,6 +1105,12 @@ int32_t ipc_EnumerateSecretIDs
MSG_STRING_LEN + MSG_STRING_LEN +
keychainIDLen; // Keychain ID keychainIDLen; // Keychain ID
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf; pReq = gpReqBuf;
msgid = REQ_CACHE_ENUMERATE_SECRETIDS_MSGID; msgid = REQ_CACHE_ENUMERATE_SECRETIDS_MSGID;
@ -1113,7 +1160,13 @@ int32_t ipc_EnumerateSecretIDs
pReply = gpReplyBuf; pReply = gpReplyBuf;
else else
{ {
pReply = (Byte *)malloc( (bufLen+1) * sizeof(SS_UTF8_T)); if((bufLen + 1) >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReply = (Byte *)malloc( (bufLen + 1) * sizeof(SS_UTF8_T));
if(pReply == NULL) if(pReply == NULL)
{ {
// Cleanup the channel by reading the remaining and return error. // Cleanup the channel by reading the remaining and return error.
@ -1308,6 +1361,12 @@ int32_t ipc_ReadSecret
msgLen += MSG_DWORD_LEN; msgLen += MSG_DWORD_LEN;
} }
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf; pReq = gpReqBuf;
msgid = REQ_CACHE_READ_SECRET_MSGID; msgid = REQ_CACHE_READ_SECRET_MSGID;
memcpy(pReq, &msgid, MSGID_LEN); memcpy(pReq, &msgid, MSGID_LEN);
@ -1579,6 +1638,12 @@ int ipc_WriteSecret
pReq = gpReqBuf; pReq = gpReqBuf;
} }
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
msgid = REQ_CACHE_WRITE_SECRET_MSGID; msgid = REQ_CACHE_WRITE_SECRET_MSGID;
memcpy(pReq, &msgid, MSGID_LEN); memcpy(pReq, &msgid, MSGID_LEN);
pReq += MSGID_LEN; pReq += MSGID_LEN;
@ -1781,6 +1846,12 @@ int32_t ipc_RemoveSecret
msgLen += MSG_DWORD_LEN; msgLen += MSG_DWORD_LEN;
} }
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf; pReq = gpReqBuf;
msgid = REQ_CACHE_REMOVE_SECRET_MSGID; msgid = REQ_CACHE_REMOVE_SECRET_MSGID;
@ -1836,7 +1907,7 @@ int32_t ipc_RemoveSecret
} }
else else
{ {
uint32_t extID = 0; uint32_t extID = 0;
memcpy(pReq,&extID,MSG_DWORD_LEN); memcpy(pReq,&extID,MSG_DWORD_LEN);
} }
@ -1940,10 +2011,12 @@ int32_t ipc_GetSecretStoreInfo
// Prepare Request buffer // Prepare Request buffer
msgLen = MSGID_LEN + MSG_LEN; msgLen = MSGID_LEN + MSG_LEN;
if( msgLen > MIN_REQUEST_BUF_LEN ) if(msgLen >= MIN_REQUEST_BUF_LEN)
{ {
//Allocate more memory for gpReqBuf retCode = NSSCS_E_SYSTEM_FAILURE;
} break;
}
pReq = gpReqBuf; pReq = gpReqBuf;
msgid = REQ_GET_SECRETSTORE_INFO_MSGID; msgid = REQ_GET_SECRETSTORE_INFO_MSGID;
memcpy(pReq, &msgid, MSGID_LEN); memcpy(pReq, &msgid, MSGID_LEN);
@ -1951,6 +2024,7 @@ int32_t ipc_GetSecretStoreInfo
memcpy(pReq, &msgLen, MSG_LEN); memcpy(pReq, &msgLen, MSG_LEN);
pReq += MSG_LEN; pReq += MSG_LEN;
retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen); retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen);
if(retVal < 0) if(retVal < 0)
{ {
@ -2061,10 +2135,12 @@ int32_t ipc_GetKeychainInfo
msgLen = MSGID_LEN + MSG_LEN + MSG_DWORD_LEN + msgLen = MSGID_LEN + MSG_LEN + MSG_DWORD_LEN +
(keychainID->len ); (keychainID->len );
if( msgLen > MIN_REQUEST_BUF_LEN ) if(msgLen >= MIN_REQUEST_BUF_LEN)
{ {
//Allocate more memory for gpReqBuf retCode = NSSCS_E_SYSTEM_FAILURE;
} break;
}
pReq = gpReqBuf; pReq = gpReqBuf;
msgid = REQ_GET_KEYCHAIN_INFO_MSGID; msgid = REQ_GET_KEYCHAIN_INFO_MSGID;
memcpy(pReq, &msgid, MSGID_LEN); memcpy(pReq, &msgid, MSGID_LEN);
@ -2180,6 +2256,12 @@ int32_t ipc_LockCache
// Prepare Request buffer // Prepare Request buffer
msgLen = MSGID_LEN + MSG_LEN; msgLen = MSGID_LEN + MSG_LEN;
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf; pReq = gpReqBuf;
msgid = REQ_LOCK_CACHE_MSGID; msgid = REQ_LOCK_CACHE_MSGID;
memcpy(pReq, &msgid, MSGID_LEN); memcpy(pReq, &msgid, MSGID_LEN);
@ -2284,6 +2366,12 @@ int32_t ipc_UnlockCache
// Prepare Request buffer // Prepare Request buffer
msgLen = MSGID_LEN + MSG_LEN; msgLen = MSGID_LEN + MSG_LEN;
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf; pReq = gpReqBuf;
msgid = REQ_UNLOCK_CACHE_MSGID; msgid = REQ_UNLOCK_CACHE_MSGID;
memcpy(pReq, &msgid, MSGID_LEN); memcpy(pReq, &msgid, MSGID_LEN);
@ -2400,6 +2488,12 @@ int32_t ipc_SetMasterPasscode
MSG_STRING_LEN + //passcodeLen MSG_STRING_LEN + //passcodeLen
passcodeLen; passcodeLen;
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf; pReq = gpReqBuf;
msgid = REQ_SET_MASTER_PASSCODE; msgid = REQ_SET_MASTER_PASSCODE;
@ -2572,6 +2666,12 @@ int32_t ipc_RemoveKey
msgLen += MSG_DWORD_LEN; msgLen += MSG_DWORD_LEN;
} }
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf; pReq = gpReqBuf;
msgid = REQ_REMOVE_KEY_MSGID; msgid = REQ_REMOVE_KEY_MSGID;
memcpy(pReq, &msgid, MSGID_LEN); memcpy(pReq, &msgid, MSGID_LEN);
@ -2776,6 +2876,12 @@ int32_t ipc_ReadKey
msgLen += MSG_DWORD_LEN; msgLen += MSG_DWORD_LEN;
} }
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf; pReq = gpReqBuf;
msgid = REQ_READ_KEY_MSGID; msgid = REQ_READ_KEY_MSGID;
memcpy(pReq, &msgid, MSGID_LEN); memcpy(pReq, &msgid, MSGID_LEN);
@ -3029,6 +3135,11 @@ int32_t ipc_ReadBinaryKey
msgLen += MSG_DWORD_LEN; msgLen += MSG_DWORD_LEN;
} }
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf; pReq = gpReqBuf;
msgid = REQ_READ_BINARY_KEY_MSGID; msgid = REQ_READ_BINARY_KEY_MSGID;
@ -3268,30 +3379,30 @@ int ipc_WriteKey
MSG_STRING_LEN + // epPassword len MSG_STRING_LEN + // epPassword len
epPassword->pwordLen; epPassword->pwordLen;
// is there an ext, account for it // is there an ext, account for it
if (ext) if (ext)
{
// The login capture on Windows determines the LUID of the user
// and sends it as an Extension, marshall it across the pipe
// see the WriteSecret verb for handling it.
if (ext->extID == WINDOWS_LOGIN_ID)
{ {
// 4 byte ext type, 4 byte len and 8 bytes of LUID // The login capture on Windows determines the LUID of the user
msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN; // and sends it as an Extension, marshall it across the pipe
// as setup in the capture module // see the WriteSecret verb for handling it.
//ext.extID = WINDOWS_LOGON_ID; if (ext->extID == WINDOWS_LOGIN_ID)
//ext.version = 0x00010000; // 1.0.0 {
//ext.ext = (void *)lpLogonId; // 4 byte ext type, 4 byte len and 8 bytes of LUID
// _LUID { DWORD LowPart; LONG HighPart; // 8 byte msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN;
// as setup in the capture module
//ext.extID = WINDOWS_LOGON_ID;
//ext.version = 0x00010000; // 1.0.0
//ext.ext = (void *)lpLogonId;
// _LUID { DWORD LowPart; LONG HighPart; // 8 byte
}
else
msgLen += MSG_DWORD_LEN;
}
else
{
// the cache daemon expects a ext, add it here
msgLen += MSG_DWORD_LEN;
} }
else
msgLen += MSG_DWORD_LEN;
}
else
{
// the cache daemon expects a ext, add it here
msgLen += MSG_DWORD_LEN;
}
if( msgLen > MIN_REQUEST_BUF_LEN ) if( msgLen > MIN_REQUEST_BUF_LEN )
{ {
@ -3309,7 +3420,13 @@ int ipc_WriteKey
pReq = gpReqBuf; pReq = gpReqBuf;
} }
msgid = REQ_WRITE_KEY_MSGID; if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
msgid = REQ_WRITE_KEY_MSGID;
memcpy(pReq, &msgid, MSGID_LEN); memcpy(pReq, &msgid, MSGID_LEN);
pReq += MSGID_LEN; pReq += MSGID_LEN;
@ -3339,28 +3456,28 @@ int ipc_WriteKey
pReq += epPassword->pwordLen; pReq += epPassword->pwordLen;
// marshall the extension if there is one // marshall the extension if there is one
if (ext) if (ext)
{
if (ext->extID == WINDOWS_LOGIN_ID)
{ {
extID = EXT_TYPE_WINDOWS_LUID; if (ext->extID == WINDOWS_LOGIN_ID)
memcpy(pReq, &extID, MSG_DWORD_LEN); {
pReq += MSG_DWORD_LEN; extID = EXT_TYPE_WINDOWS_LUID;
memcpy(pReq, &extID, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
luidLen = WINDOWS_LUID_LEN; luidLen = WINDOWS_LUID_LEN;
memcpy(pReq, &luidLen, MSG_DWORD_LEN); memcpy(pReq, &luidLen, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN; pReq += MSG_DWORD_LEN;
memcpy(pReq, ext->ext, 8); memcpy(pReq, ext->ext, 8);
pReq += 8; pReq += 8;
} }
else else
{ {
uint32_t extID = 0; uint32_t extID = 0;
memcpy(pReq,&extID,MSG_DWORD_LEN); memcpy(pReq,&extID,MSG_DWORD_LEN);
} }
} }
else else
{ {
uint32_t extID = 0; uint32_t extID = 0;
@ -3516,30 +3633,30 @@ int ipc_WriteBinaryKey
MSG_STRING_LEN + // epPassword len MSG_STRING_LEN + // epPassword len
epPassword->pwordLen; epPassword->pwordLen;
// is there an ext, account for it // is there an ext, account for it
if (ext) if (ext)
{
// The login capture on Windows determines the LUID of the user
// and sends it as an Extension, marshall it across the pipe
// see the WriteSecret verb for handling it.
if (ext->extID == WINDOWS_LOGIN_ID)
{ {
// 4 byte ext type, 4 byte len and 8 bytes of LUID // The login capture on Windows determines the LUID of the user
msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN; // and sends it as an Extension, marshall it across the pipe
// as setup in the capture module // see the WriteSecret verb for handling it.
//ext.extID = WINDOWS_LOGON_ID; if (ext->extID == WINDOWS_LOGIN_ID)
//ext.version = 0x00010000; // 1.0.0 {
//ext.ext = (void *)lpLogonId; // 4 byte ext type, 4 byte len and 8 bytes of LUID
// _LUID { DWORD LowPart; LONG HighPart; // 8 byte msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN;
// as setup in the capture module
//ext.extID = WINDOWS_LOGON_ID;
//ext.version = 0x00010000; // 1.0.0
//ext.ext = (void *)lpLogonId;
// _LUID { DWORD LowPart; LONG HighPart; // 8 byte
}
else
msgLen += MSG_DWORD_LEN;
}
else
{
// the cache daemon expects a ext, add it here
msgLen += MSG_DWORD_LEN;
} }
else
msgLen += MSG_DWORD_LEN;
}
else
{
// the cache daemon expects a ext, add it here
msgLen += MSG_DWORD_LEN;
}
if( msgLen > MIN_REQUEST_BUF_LEN ) if( msgLen > MIN_REQUEST_BUF_LEN )
{ {
@ -3558,7 +3675,13 @@ int ipc_WriteBinaryKey
} }
msgid = REQ_WRITE_BINARY_KEY_MSGID; if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
msgid = REQ_WRITE_BINARY_KEY_MSGID;
memcpy(pReq, &msgid, MSGID_LEN); memcpy(pReq, &msgid, MSGID_LEN);
pReq += MSGID_LEN; pReq += MSGID_LEN;
@ -3588,28 +3711,28 @@ int ipc_WriteBinaryKey
pReq += epPassword->pwordLen; pReq += epPassword->pwordLen;
// marshall the extension if there is one // marshall the extension if there is one
if (ext) if (ext)
{
if (ext->extID == WINDOWS_LOGIN_ID)
{ {
extID = EXT_TYPE_WINDOWS_LUID; if (ext->extID == WINDOWS_LOGIN_ID)
memcpy(pReq, &extID, MSG_DWORD_LEN); {
pReq += MSG_DWORD_LEN; extID = EXT_TYPE_WINDOWS_LUID;
memcpy(pReq, &extID, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
luidLen = WINDOWS_LUID_LEN; luidLen = WINDOWS_LUID_LEN;
memcpy(pReq, &luidLen, MSG_DWORD_LEN); memcpy(pReq, &luidLen, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN; pReq += MSG_DWORD_LEN;
memcpy(pReq, ext->ext, 8); memcpy(pReq, ext->ext, 8);
pReq += 8; pReq += 8;
} }
else else
{ {
uint32_t extID = 0; uint32_t extID = 0;
memcpy(pReq,&extID,MSG_DWORD_LEN); memcpy(pReq,&extID,MSG_DWORD_LEN);
} }
} }
else else
{ {
uint32_t extID = 0; uint32_t extID = 0;
@ -3735,6 +3858,12 @@ int32_t ipc_SetMasterPassword
pReq = gpReqBuf; pReq = gpReqBuf;
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
msgid = REQ_SET_MASTER_PASSWORD; msgid = REQ_SET_MASTER_PASSWORD;
memcpy(pReq, &msgid, MSGID_LEN); memcpy(pReq, &msgid, MSGID_LEN);
pReq += MSGID_LEN; pReq += MSGID_LEN;
@ -3897,6 +4026,12 @@ int ipc_IsSecretPersistent
pReq = gpReqBuf; pReq = gpReqBuf;
} }
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
msgid = REQ_IS_SECRET_PERSISTENT; msgid = REQ_IS_SECRET_PERSISTENT;
memcpy(pReq, &msgid, MSGID_LEN); memcpy(pReq, &msgid, MSGID_LEN);
pReq += MSGID_LEN; pReq += MSGID_LEN;