geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix for bug 242410 of Suse review on item 4.7 of the audit list.

Browse Source
This commit is contained in:
Cameron (Kamran) Mashayekhi 2007-02-13 22:58:24 +00:00
parent 37c54b1167
commit d5f2ad902e
1 changed files with 243 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

351
CASA/micasacache/sscs_unx_ipc_client.c
View File

@ -266,7 +266,13 @@ int32_t ipc_OpenSecretStore
msgLen = MSGID_LEN + MSG_LEN + msgLen = MSGID_LEN + MSG_LEN +
MSG_DWORD_LEN + MSG_DWORD_LEN +
MSG_STRING_LEN + MSG_STRING_LEN +
ssNameLen; ssNameLen;
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf; pReq = gpReqBuf;
@ -401,6 +407,12 @@ int32_t ipc_CloseSecretStore
// Prepare Request buffer // Prepare Request buffer
msgLen = MSGID_LEN + MSG_LEN + MSG_DWORD_LEN; msgLen = MSGID_LEN + MSG_LEN + MSG_DWORD_LEN;
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf; pReq = gpReqBuf;
msgid = REQ_CACHE_CLOSE_SECRET_STORE_MSGID; msgid = REQ_CACHE_CLOSE_SECRET_STORE_MSGID;
@ -507,6 +519,11 @@ int32_t ipc_RemoveSecretStore
// Prepare Request buffer // Prepare Request buffer
msgLen = MSGID_LEN + MSG_LEN; msgLen = MSGID_LEN + MSG_LEN;
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf; pReq = gpReqBuf;
@ -617,6 +634,11 @@ int32_t ipc_EnumerateKeychainIDs
// Prepare Request buffer // Prepare Request buffer
msgLen = MSGID_LEN + MSG_LEN; msgLen = MSGID_LEN + MSG_LEN;
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf; pReq = gpReqBuf;
@ -648,7 +670,7 @@ int32_t ipc_EnumerateKeychainIDs
pReply += MSG_LEN; pReply += MSG_LEN;
// I would like to get return code here itself // I would like to get return code here itself
// so that I need not check for other things. // so that I need not check for other things.
memcpy(&bufLen,pReply, MSG_DWORD_LEN); memcpy(&bufLen, pReply, MSG_DWORD_LEN);
if( 0 == bufLen ) if( 0 == bufLen )
{ {
retVal = IPC_READ(ssHandle->platHandle,&sockReturn, MSG_DWORD_LEN); retVal = IPC_READ(ssHandle->platHandle,&sockReturn, MSG_DWORD_LEN);
@ -665,8 +687,15 @@ int32_t ipc_EnumerateKeychainIDs
if( bufLen < MIN_REPLY_BUF_LEN/(sizeof(char)) ) if( bufLen < MIN_REPLY_BUF_LEN/(sizeof(char)) )
pReply = gpReplyBuf; pReply = gpReplyBuf;
else else
{ {
pReply = (Byte *)malloc( (bufLen+1) * sizeof(char));
if((bufLen + 1) >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReply = (Byte *)malloc( (bufLen + 1) * sizeof(char));
if( NULL == pReply ) if( NULL == pReply )
{ {
// Cleanup the channel by reading the remaining and return error. // Cleanup the channel by reading the remaining and return error.
@ -822,6 +851,12 @@ int32_t ipc_AddKeychain
MSG_DWORD_LEN + // flags MSG_DWORD_LEN + // flags
MSG_STRING_LEN + MSG_STRING_LEN +
keychainIDLen; // Keychain ID keychainIDLen; // Keychain ID
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf; pReq = gpReqBuf;
@ -938,6 +973,12 @@ int32_t ipc_RemoveKeychain
msgLen = MSGID_LEN + MSG_LEN + msgLen = MSGID_LEN + MSG_LEN +
MSG_STRING_LEN + MSG_STRING_LEN +
keychainIDLen; // Keychain ID keychainIDLen; // Keychain ID
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf; pReq = gpReqBuf;
@ -1063,6 +1104,12 @@ int32_t ipc_EnumerateSecretIDs
msgLen = MSGID_LEN + MSG_LEN + msgLen = MSGID_LEN + MSG_LEN +
MSG_STRING_LEN + MSG_STRING_LEN +
keychainIDLen; // Keychain ID keychainIDLen; // Keychain ID
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf; pReq = gpReqBuf;
@ -1113,7 +1160,13 @@ int32_t ipc_EnumerateSecretIDs
pReply = gpReplyBuf; pReply = gpReplyBuf;
else else
{ {
pReply = (Byte *)malloc( (bufLen+1) * sizeof(SS_UTF8_T)); if((bufLen + 1) >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReply = (Byte *)malloc( (bufLen + 1) * sizeof(SS_UTF8_T));
if(pReply == NULL) if(pReply == NULL)
{ {
// Cleanup the channel by reading the remaining and return error. // Cleanup the channel by reading the remaining and return error.
@ -1290,7 +1343,7 @@ int32_t ipc_ReadSecret
secretIDLen + // SecretID secretIDLen + // SecretID
MSG_STRING_LEN + // epPassword len MSG_STRING_LEN + // epPassword len
epPassword->pwordLen; epPassword->pwordLen;
// is there an ext, account for it // is there an ext, account for it
if (ext) if (ext)
{ {
@ -1307,7 +1360,13 @@ int32_t ipc_ReadSecret
// the cache daemon expects a ext, add it here // the cache daemon expects a ext, add it here
msgLen += MSG_DWORD_LEN; msgLen += MSG_DWORD_LEN;
} }
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf; pReq = gpReqBuf;
msgid = REQ_CACHE_READ_SECRET_MSGID; msgid = REQ_CACHE_READ_SECRET_MSGID;
memcpy(pReq, &msgid, MSGID_LEN); memcpy(pReq, &msgid, MSGID_LEN);
@ -1537,7 +1596,7 @@ int ipc_WriteSecret
secretData->len + secretData->len +
MSG_STRING_LEN + // epPassword len MSG_STRING_LEN + // epPassword len
epPassword->pwordLen; epPassword->pwordLen;
// is there an ext // is there an ext
if (ext) if (ext)
{ {
@ -1578,7 +1637,13 @@ int ipc_WriteSecret
{ {
pReq = gpReqBuf; pReq = gpReqBuf;
} }
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
msgid = REQ_CACHE_WRITE_SECRET_MSGID; msgid = REQ_CACHE_WRITE_SECRET_MSGID;
memcpy(pReq, &msgid, MSGID_LEN); memcpy(pReq, &msgid, MSGID_LEN);
pReq += MSGID_LEN; pReq += MSGID_LEN;
@ -1780,6 +1845,12 @@ int32_t ipc_RemoveSecret
// the cache daemon expects a ext, add it here // the cache daemon expects a ext, add it here
msgLen += MSG_DWORD_LEN; msgLen += MSG_DWORD_LEN;
} }
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf; pReq = gpReqBuf;
@ -1836,7 +1907,7 @@ int32_t ipc_RemoveSecret
} }
else else
{ {
uint32_t extID = 0; uint32_t extID = 0;
memcpy(pReq,&extID,MSG_DWORD_LEN); memcpy(pReq,&extID,MSG_DWORD_LEN);
} }
@ -1939,11 +2010,13 @@ int32_t ipc_GetSecretStoreInfo
// Prepare Request buffer // Prepare Request buffer
msgLen = MSGID_LEN + MSG_LEN; msgLen = MSGID_LEN + MSG_LEN;
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
if( msgLen > MIN_REQUEST_BUF_LEN )
{
//Allocate more memory for gpReqBuf
}
pReq = gpReqBuf; pReq = gpReqBuf;
msgid = REQ_GET_SECRETSTORE_INFO_MSGID; msgid = REQ_GET_SECRETSTORE_INFO_MSGID;
memcpy(pReq, &msgid, MSGID_LEN); memcpy(pReq, &msgid, MSGID_LEN);
@ -1951,6 +2024,7 @@ int32_t ipc_GetSecretStoreInfo
memcpy(pReq, &msgLen, MSG_LEN); memcpy(pReq, &msgLen, MSG_LEN);
pReq += MSG_LEN; pReq += MSG_LEN;
retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen); retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen);
if(retVal < 0) if(retVal < 0)
{ {
@ -2061,10 +2135,12 @@ int32_t ipc_GetKeychainInfo
msgLen = MSGID_LEN + MSG_LEN + MSG_DWORD_LEN + msgLen = MSGID_LEN + MSG_LEN + MSG_DWORD_LEN +
(keychainID->len ); (keychainID->len );
if( msgLen > MIN_REQUEST_BUF_LEN ) if(msgLen >= MIN_REQUEST_BUF_LEN)
{ {
//Allocate more memory for gpReqBuf retCode = NSSCS_E_SYSTEM_FAILURE;
} break;
}
pReq = gpReqBuf; pReq = gpReqBuf;
msgid = REQ_GET_KEYCHAIN_INFO_MSGID; msgid = REQ_GET_KEYCHAIN_INFO_MSGID;
memcpy(pReq, &msgid, MSGID_LEN); memcpy(pReq, &msgid, MSGID_LEN);
@ -2180,6 +2256,12 @@ int32_t ipc_LockCache
// Prepare Request buffer // Prepare Request buffer
msgLen = MSGID_LEN + MSG_LEN; msgLen = MSGID_LEN + MSG_LEN;
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf; pReq = gpReqBuf;
msgid = REQ_LOCK_CACHE_MSGID; msgid = REQ_LOCK_CACHE_MSGID;
memcpy(pReq, &msgid, MSGID_LEN); memcpy(pReq, &msgid, MSGID_LEN);
@ -2284,6 +2366,12 @@ int32_t ipc_UnlockCache
// Prepare Request buffer // Prepare Request buffer
msgLen = MSGID_LEN + MSG_LEN; msgLen = MSGID_LEN + MSG_LEN;
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf; pReq = gpReqBuf;
msgid = REQ_UNLOCK_CACHE_MSGID; msgid = REQ_UNLOCK_CACHE_MSGID;
memcpy(pReq, &msgid, MSGID_LEN); memcpy(pReq, &msgid, MSGID_LEN);
@ -2399,6 +2487,12 @@ int32_t ipc_SetMasterPasscode
MSG_DWORD_LEN + // passcodetype MSG_DWORD_LEN + // passcodetype
MSG_STRING_LEN + //passcodeLen MSG_STRING_LEN + //passcodeLen
passcodeLen; passcodeLen;
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf; pReq = gpReqBuf;
@ -2571,6 +2665,12 @@ int32_t ipc_RemoveKey
// the cache daemon expects a ext, add it here // the cache daemon expects a ext, add it here
msgLen += MSG_DWORD_LEN; msgLen += MSG_DWORD_LEN;
} }
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf; pReq = gpReqBuf;
msgid = REQ_REMOVE_KEY_MSGID; msgid = REQ_REMOVE_KEY_MSGID;
@ -2775,6 +2875,12 @@ int32_t ipc_ReadKey
// the cache daemon expects a ext, add it here // the cache daemon expects a ext, add it here
msgLen += MSG_DWORD_LEN; msgLen += MSG_DWORD_LEN;
} }
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf; pReq = gpReqBuf;
msgid = REQ_READ_KEY_MSGID; msgid = REQ_READ_KEY_MSGID;
@ -3029,6 +3135,11 @@ int32_t ipc_ReadBinaryKey
msgLen += MSG_DWORD_LEN; msgLen += MSG_DWORD_LEN;
} }
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf; pReq = gpReqBuf;
msgid = REQ_READ_BINARY_KEY_MSGID; msgid = REQ_READ_BINARY_KEY_MSGID;
@ -3268,30 +3379,30 @@ int ipc_WriteKey
MSG_STRING_LEN + // epPassword len MSG_STRING_LEN + // epPassword len
epPassword->pwordLen; epPassword->pwordLen;
// is there an ext, account for it // is there an ext, account for it
if (ext) if (ext)
{
// The login capture on Windows determines the LUID of the user
// and sends it as an Extension, marshall it across the pipe
// see the WriteSecret verb for handling it.
if (ext->extID == WINDOWS_LOGIN_ID)
{ {
// 4 byte ext type, 4 byte len and 8 bytes of LUID // The login capture on Windows determines the LUID of the user
msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN; // and sends it as an Extension, marshall it across the pipe
// as setup in the capture module // see the WriteSecret verb for handling it.
//ext.extID = WINDOWS_LOGON_ID; if (ext->extID == WINDOWS_LOGIN_ID)
//ext.version = 0x00010000; // 1.0.0 {
//ext.ext = (void *)lpLogonId; // 4 byte ext type, 4 byte len and 8 bytes of LUID
// _LUID { DWORD LowPart; LONG HighPart; // 8 byte msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN;
} // as setup in the capture module
else //ext.extID = WINDOWS_LOGON_ID;
msgLen += MSG_DWORD_LEN; //ext.version = 0x00010000; // 1.0.0
} //ext.ext = (void *)lpLogonId;
else // _LUID { DWORD LowPart; LONG HighPart; // 8 byte
{ }
// the cache daemon expects a ext, add it here else
msgLen += MSG_DWORD_LEN; msgLen += MSG_DWORD_LEN;
} }
else
{
// the cache daemon expects a ext, add it here
msgLen += MSG_DWORD_LEN;
}
if( msgLen > MIN_REQUEST_BUF_LEN ) if( msgLen > MIN_REQUEST_BUF_LEN )
{ {
@ -3308,8 +3419,14 @@ int ipc_WriteKey
{ {
pReq = gpReqBuf; pReq = gpReqBuf;
} }
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
msgid = REQ_WRITE_KEY_MSGID; msgid = REQ_WRITE_KEY_MSGID;
memcpy(pReq, &msgid, MSGID_LEN); memcpy(pReq, &msgid, MSGID_LEN);
pReq += MSGID_LEN; pReq += MSGID_LEN;
@ -3339,28 +3456,28 @@ int ipc_WriteKey
pReq += epPassword->pwordLen; pReq += epPassword->pwordLen;
// marshall the extension if there is one // marshall the extension if there is one
if (ext) if (ext)
{
if (ext->extID == WINDOWS_LOGIN_ID)
{ {
extID = EXT_TYPE_WINDOWS_LUID; if (ext->extID == WINDOWS_LOGIN_ID)
memcpy(pReq, &extID, MSG_DWORD_LEN); {
pReq += MSG_DWORD_LEN; extID = EXT_TYPE_WINDOWS_LUID;
memcpy(pReq, &extID, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
luidLen = WINDOWS_LUID_LEN; luidLen = WINDOWS_LUID_LEN;
memcpy(pReq, &luidLen, MSG_DWORD_LEN); memcpy(pReq, &luidLen, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN; pReq += MSG_DWORD_LEN;
memcpy(pReq, ext->ext, 8); memcpy(pReq, ext->ext, 8);
pReq += 8; pReq += 8;
} }
else else
{ {
uint32_t extID = 0; uint32_t extID = 0;
memcpy(pReq,&extID,MSG_DWORD_LEN); memcpy(pReq,&extID,MSG_DWORD_LEN);
} }
} }
else else
{ {
uint32_t extID = 0; uint32_t extID = 0;
@ -3516,30 +3633,30 @@ int ipc_WriteBinaryKey
MSG_STRING_LEN + // epPassword len MSG_STRING_LEN + // epPassword len
epPassword->pwordLen; epPassword->pwordLen;
// is there an ext, account for it // is there an ext, account for it
if (ext) if (ext)
{
// The login capture on Windows determines the LUID of the user
// and sends it as an Extension, marshall it across the pipe
// see the WriteSecret verb for handling it.
if (ext->extID == WINDOWS_LOGIN_ID)
{ {
// 4 byte ext type, 4 byte len and 8 bytes of LUID // The login capture on Windows determines the LUID of the user
msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN; // and sends it as an Extension, marshall it across the pipe
// as setup in the capture module // see the WriteSecret verb for handling it.
//ext.extID = WINDOWS_LOGON_ID; if (ext->extID == WINDOWS_LOGIN_ID)
//ext.version = 0x00010000; // 1.0.0 {
//ext.ext = (void *)lpLogonId; // 4 byte ext type, 4 byte len and 8 bytes of LUID
// _LUID { DWORD LowPart; LONG HighPart; // 8 byte msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN;
} // as setup in the capture module
else //ext.extID = WINDOWS_LOGON_ID;
msgLen += MSG_DWORD_LEN; //ext.version = 0x00010000; // 1.0.0
} //ext.ext = (void *)lpLogonId;
else // _LUID { DWORD LowPart; LONG HighPart; // 8 byte
{ }
// the cache daemon expects a ext, add it here else
msgLen += MSG_DWORD_LEN; msgLen += MSG_DWORD_LEN;
} }
else
{
// the cache daemon expects a ext, add it here
msgLen += MSG_DWORD_LEN;
}
if( msgLen > MIN_REQUEST_BUF_LEN ) if( msgLen > MIN_REQUEST_BUF_LEN )
{ {
@ -3557,8 +3674,14 @@ int ipc_WriteBinaryKey
pReq = gpReqBuf; pReq = gpReqBuf;
} }
msgid = REQ_WRITE_BINARY_KEY_MSGID; if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
msgid = REQ_WRITE_BINARY_KEY_MSGID;
memcpy(pReq, &msgid, MSGID_LEN); memcpy(pReq, &msgid, MSGID_LEN);
pReq += MSGID_LEN; pReq += MSGID_LEN;
@ -3588,28 +3711,28 @@ int ipc_WriteBinaryKey
pReq += epPassword->pwordLen; pReq += epPassword->pwordLen;
// marshall the extension if there is one // marshall the extension if there is one
if (ext) if (ext)
{
if (ext->extID == WINDOWS_LOGIN_ID)
{ {
extID = EXT_TYPE_WINDOWS_LUID; if (ext->extID == WINDOWS_LOGIN_ID)
memcpy(pReq, &extID, MSG_DWORD_LEN); {
pReq += MSG_DWORD_LEN; extID = EXT_TYPE_WINDOWS_LUID;
memcpy(pReq, &extID, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
luidLen = WINDOWS_LUID_LEN; luidLen = WINDOWS_LUID_LEN;
memcpy(pReq, &luidLen, MSG_DWORD_LEN); memcpy(pReq, &luidLen, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN; pReq += MSG_DWORD_LEN;
memcpy(pReq, ext->ext, 8); memcpy(pReq, ext->ext, 8);
pReq += 8; pReq += 8;
} }
else else
{ {
uint32_t extID = 0; uint32_t extID = 0;
memcpy(pReq,&extID,MSG_DWORD_LEN); memcpy(pReq,&extID,MSG_DWORD_LEN);
} }
} }
else else
{ {
uint32_t extID = 0; uint32_t extID = 0;
@ -3734,7 +3857,13 @@ int32_t ipc_SetMasterPassword
passwdLen; passwdLen;
pReq = gpReqBuf; pReq = gpReqBuf;
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
msgid = REQ_SET_MASTER_PASSWORD; msgid = REQ_SET_MASTER_PASSWORD;
memcpy(pReq, &msgid, MSGID_LEN); memcpy(pReq, &msgid, MSGID_LEN);
pReq += MSGID_LEN; pReq += MSGID_LEN;
@ -3896,6 +4025,12 @@ int ipc_IsSecretPersistent
{ {
pReq = gpReqBuf; pReq = gpReqBuf;
} }
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
msgid = REQ_IS_SECRET_PERSISTENT; msgid = REQ_IS_SECRET_PERSISTENT;
memcpy(pReq, &msgid, MSGID_LEN); memcpy(pReq, &msgid, MSGID_LEN);