Commit 36243851 authored by Pekka Pessi's avatar Pekka Pessi

iptsec: using isize_t, usize_t, issize_t in API.

Fixed basic authentication crashing with too long username/password.

darcs-hash:20060906220220-65a35-0b0945975325002a818338ef48589c9c8fb20c46.gz
parent 0869349d
......@@ -163,6 +163,9 @@ int ca_challenge(auth_client_t *ca,
ca->ca_credential_class != credential_class)
return 0;
if (!ca->ca_auc)
return 1;
if (ca->ca_auc->auc_challenge)
stale = ca->ca_auc->auc_challenge(ca, ch);
if (stale < 0)
......@@ -559,25 +562,47 @@ int auc_basic_authorization(auth_client_t *ca,
msg_payload_t const *body,
msg_header_t **return_headers)
{
char userpass[49]; /* "reasonable" maximum */
char base64[65];
msg_hclass_t *hc = ca->ca_credential_class;
char const *user = ca->ca_user;
char const *pass = ca->ca_pass;
size_t ulen, plen, uplen, b64len, basiclen;
char *basic, *base64, *userpass;
char buffer[71];
if (user == NULL || pass == NULL)
return -1;
ulen = strlen(user), plen = strlen(pass), uplen = ulen + 1 + plen;
b64len = BASE64_SIZE(uplen);
basiclen = strlen("Basic ") + b64len;
if (sizeof(buffer) > basiclen + 1)
basic = buffer;
else
basic = malloc(basiclen + 1);
userpass[sizeof(userpass) - 1] = 0;
base64[sizeof(base64) - 1] = 0;
/*
* Basic authentication consists of username and password separated by
* colon and then base64 encoded.
*/
snprintf(userpass, sizeof(userpass) - 1, "%s:%s", user, pass);
base64_e(base64, sizeof(base64), userpass, strlen(userpass));
strcpy(basic, "Basic ");
base64 = basic + strlen("Basic ");
userpass = base64 + b64len - uplen;
memcpy(userpass, user, ulen);
userpass[ulen] = ':';
memcpy(userpass + ulen + 1, pass, plen);
userpass[uplen] = '\0';
base64_e(base64, b64len + 1, userpass, uplen);
if (!(*return_headers = msg_header_format(home, hc, "Basic %s", base64)))
return -1;
return 0;
base64[b64len] = '\0';
*return_headers = msg_header_make(home, hc, basic);
if (buffer != basic)
free(basic);
return *return_headers ? 0 : -1;
}
/* ---------------------------------------------------------------------- */
......@@ -807,7 +832,8 @@ auth_client_t *ca_create(su_home_t *home,
{
auth_client_plugin_t const *auc = NULL;
auth_client_t *ca;
size_t realmlen;
size_t aucsize = (sizeof *ca), realmlen, size;
char *s;
int i;
if (scheme == NULL || realm == NULL)
......@@ -821,24 +847,19 @@ auth_client_t *ca_create(su_home_t *home,
break;
}
if (auc) {
ca = su_home_clone(home, auc->auc_size + realmlen);
if (!ca)
return ca;
ca->ca_auc = auc;
ca->ca_scheme = auc->auc_name;
ca->ca_realm = strcpy((char *)ca + auc->auc_size, realm);
}
else {
size_t schemelen = strlen(scheme) + 1;
size_t size = sizeof (auth_client_t) + schemelen + realmlen;
ca = su_home_clone(home, size);
if (!ca)
return ca;
ca->ca_scheme = strcpy((char *)(ca + 1), scheme);
ca->ca_realm = strcpy((char *)(ca + 1) + schemelen, realm);
}
aucsize = auc ? auc->auc_size : (sizeof *ca);
size = aucsize + realmlen;
if (!auc)
size += strlen(scheme) + 1;
ca = su_home_clone(home, (isize_t)size);
if (!ca)
return ca;
s = (char *)ca + aucsize;
ca->ca_auc = auc;
ca->ca_realm = strcpy(s, realm);
ca->ca_scheme = auc ? auc->auc_name : strcpy(s + realmlen, scheme);
return ca;
}
......
......@@ -60,11 +60,12 @@ static inline int has_token(char const *qstring, char const *token);
* The function auth_get_params() returns number of parameters found in
* params, or -1 upon an error.
*/
int auth_get_params(su_home_t *home,
char const * const params[], ...
/* char const *fmt, char const **return_value */)
issize_t auth_get_params(su_home_t *home,
char const * const params[], ...
/* char const *fmt, char const **return_value */)
{
int n, j, len, namelen;
int n, j;
size_t len, namelen;
char const *fmt, *expected;
char const *value, *p, **return_value;
va_list(ap);
......@@ -143,10 +144,13 @@ int auth_get_params(su_home_t *home,
return n;
}
int auth_struct_copy(void *dst, void const *src, int s_size)
int auth_struct_copy(void *dst, void const *src, isize_t s_size)
{
int d_size = *(int *)dst;
if (d_size < 0)
return -1;
if (d_size > s_size) {
memcpy(dst, src, s_size);
memset((char *)dst + s_size, 0, d_size - s_size);
......@@ -161,7 +165,7 @@ int auth_struct_copy(void *dst, void const *src, int s_size)
#if !HAVE_STRCASESTR
static inline char const *strcasestr(char const *haystack, char const *pin)
{
int i, m ,n;
size_t i, m, n;
m = strlen(haystack);
n = strlen(pin);
......@@ -179,7 +183,7 @@ static inline char const *strcasestr(char const *haystack, char const *pin)
static inline int has_token(char const *qstring, char const *token)
{
int n = strlen(token);
size_t n = strlen(token);
char const *q;
q = strcasestr(qstring, token);
......@@ -192,7 +196,7 @@ static inline int has_token(char const *qstring, char const *token)
/** Compare two strings, even if they are quoted */
int auth_strcmp(char const *quoted, char const *unquoted)
{
int i, j;
size_t i, j;
if (quoted[0] != '"')
return strcmp(quoted, unquoted);
......
......@@ -33,10 +33,6 @@
#include "config.h"
#include <string.h>
#include <stdarg.h>
#include <assert.h>
#include <sofia-sip/su_md5.h>
#include "sofia-sip/auth_common.h"
#include "sofia-sip/auth_digest.h"
......@@ -45,6 +41,11 @@
#include "iptsec_debug.h"
#include <string.h>
#include <stdarg.h>
#include <limits.h>
#include <assert.h>
/**Get digest-challenge parameters.
*
* The function digest_challenge_get() searches for the digest authentication
......@@ -56,11 +57,11 @@
* The function digest_challenge_get() returns number of parameters
* found, or -1 upon an error.
*/
int auth_digest_challenge_get(su_home_t *home,
auth_challenge_t *ac0,
char const * const params[])
issize_t auth_digest_challenge_get(su_home_t *home,
auth_challenge_t *ac0,
char const * const params[])
{
int n;
ssize_t n;
auth_challenge_t ac[1] = {{ 0 }};
char const *md5 = NULL, *md5sess = NULL, *sha1 = NULL,
*stale = NULL,
......@@ -100,7 +101,7 @@ int auth_digest_challenge_get(su_home_t *home,
auth_struct_copy(ac0, ac, sizeof(ac));
SU_DEBUG_5(("%s(): got %d\n", "auth_digest_challenge_get", n));
SU_DEBUG_5(("%s(): got %zd\n", "auth_digest_challenge_get", n));
return n;
}
......@@ -133,11 +134,11 @@ void auth_digest_challenge_free_params(su_home_t *home, auth_challenge_t *ac)
* The function auth_response_get() returns number of parameters
* found, or -1 upon an error.
*/
int auth_digest_response_get(su_home_t *home,
auth_response_t *ar0,
char const *const params[])
issize_t auth_digest_response_get(su_home_t *home,
auth_response_t *ar0,
char const *const params[])
{
int n;
ssize_t n;
auth_response_t ar[1] = {{ 0 }};
char const *md5 = NULL, *md5sess = NULL, *sha1 = NULL,
*qop_auth = NULL, *qop_auth_int = NULL;
......@@ -177,7 +178,7 @@ int auth_digest_response_get(su_home_t *home,
auth_struct_copy(ar0, ar, sizeof(ar));
SU_DEBUG_7(("%s: %d\n", "auth_digest_response_get", n));
SU_DEBUG_7(("%s: %zd\n", "auth_digest_response_get", n));
return n;
}
......@@ -188,7 +189,7 @@ static void unquote_update(su_md5_t md5[1], char const *quoted)
/*xyzzy*/;
else if (quoted[0] == '"') {
char const *q;
int n;
size_t n;
for (q = quoted + 1; *q; q += n + 2) {
n = strcspn(q, "\"\\");
......@@ -278,7 +279,7 @@ int auth_digest_response(auth_response_t *ar,
auth_hexmd5_t response,
auth_hexmd5_t const ha1,
char const *method_name,
void const *data, int dlen)
void const *data, isize_t dlen)
{
su_md5_t md5[1];
auth_hexmd5_t Hentity, HA2;
......
This diff is collapsed.
......@@ -57,11 +57,11 @@ static inline int has_token(char const *qstring, char const *token);
* The function ntlm_challenge_get() returns number of parameters
* found, or -1 upon an error.
*/
int auth_ntlm_challenge_get(su_home_t *home,
auth_challenge_t *ac0,
char const * const params[])
issize_t auth_ntlm_challenge_get(su_home_t *home,
auth_challenge_t *ac0,
char const * const params[])
{
int n;
ssize_t n;
auth_challenge_t ac[1] = {{ 0 }};
char const *md5 = NULL, *md5sess = NULL, *sha1 = NULL,
*qop_auth = NULL, *qop_auth_int = NULL;
......@@ -118,11 +118,11 @@ int auth_ntlm_challenge_get(su_home_t *home,
* The function auth_response_get() returns number of parameters
* found, or -1 upon an error.
*/
int auth_ntlm_response_get(su_home_t *home,
auth_response_t *ar0,
char const *const params[])
issize_t auth_ntlm_response_get(su_home_t *home,
auth_response_t *ar0,
char const *const params[])
{
int n;
ssize_t n;
auth_response_t ar[1] = {{ 0 }};
char const *md5 = NULL, *md5sess = NULL, *sha1 = NULL,
*qop_auth = NULL, *qop_auth_int = NULL;
......@@ -250,7 +250,7 @@ int auth_digest_response(auth_response_t *ar,
auth_hexmd5_t response,
auth_hexmd5_t const ha1,
char const *method_name,
void const *data, int dlen)
void const *data, issize_t dlen)
{
su_md5_t md5[1];
auth_hexmd5_t Hentity, HA2;
......
......@@ -120,7 +120,7 @@ auth_mod_t *auth_mod_create(su_root_t *root,
if (method) {
auth_scheme_t *bscheme = NULL;
char const *base;
unsigned len;
size_t len;
base = strrchr(method, '+');
if (base)
......
......@@ -41,12 +41,12 @@
SOFIA_BEGIN_DECLS
SOFIAPUBFUN int auth_get_params(su_home_t *home,
char const * const params[], ...
/* char const * name,
char const **return_value */);
SOFIAPUBFUN issize_t auth_get_params(su_home_t *home,
char const * const params[], ...
/* char const * name,
char const **return_value */);
SOFIAPUBFUN int auth_struct_copy(void *dst, void const *src, int s_size);
SOFIAPUBFUN int auth_struct_copy(void *dst, void const *src, isize_t s_size);
SOFIAPUBFUN int auth_strcmp(char const *quoted, char const *unquoted);
......
......@@ -136,12 +136,12 @@ typedef struct {
typedef char auth_hexmd5_t[33];
SOFIAPUBFUN int auth_digest_challenge_get(su_home_t *, auth_challenge_t *,
char const * const params[]);
SOFIAPUBFUN issize_t auth_digest_challenge_get(su_home_t *, auth_challenge_t *,
char const * const params[]);
SOFIAPUBFUN void auth_digest_challenge_free_params(su_home_t *home,
auth_challenge_t *ac);
SOFIAPUBFUN int auth_digest_response_get(su_home_t *, auth_response_t *,
char const * const params[]);
SOFIAPUBFUN issize_t auth_digest_response_get(su_home_t *, auth_response_t *,
char const * const params[]);
SOFIAPUBFUN int auth_digest_a1(auth_response_t *ar,
auth_hexmd5_t ha1,
......@@ -156,9 +156,9 @@ SOFIAPUBFUN int auth_digest_sessionkey(auth_response_t *, auth_hexmd5_t ha1,
SOFIAPUBFUN int auth_digest_response(auth_response_t *, auth_hexmd5_t response,
auth_hexmd5_t const ha1,
char const *method_name,
void const *data, int dlen);
void const *data, isize_t dlen);
SOFIAPUBFUN int auth_struct_copy(void *dst, void const *src, int s_size);
SOFIAPUBFUN int auth_struct_copy(void *dst, void const *src, isize_t s_size);
SOFIAPUBFUN int auth_strcmp(char const *quoted, char const *unquoted);
......
......@@ -115,7 +115,7 @@ struct auth_status_t
char const *as_method; /**< Method name to authenticate [in] */
void const *as_body; /**< Message body to protect [in] */
int as_bodylen; /**< Length of message body [in] */
isize_t as_bodylen; /**< Length of message body [in] */
msg_time_t as_nonce_issued; /**< Nonce issue time [out] */
unsigned as_blacklist; /**< Blacklist time [out] */
......@@ -174,8 +174,8 @@ SOFIAPUBFUN void auth_mod_destroy(auth_mod_t *);
SOFIAPUBFUN auth_mod_t *auth_mod_ref(auth_mod_t *am);
SOFIAPUBFUN void auth_mod_unref(auth_mod_t *am);
SOFIAPUBFUN auth_status_t *auth_status_init(void *, int size);
SOFIAPUBFUN auth_status_t *auth_status_init_with(void *, int size,
SOFIAPUBFUN auth_status_t *auth_status_init(void *, isize_t size);
SOFIAPUBFUN auth_status_t *auth_status_init_with(void *, isize_t size,
int status,
char const *phrase);
......
......@@ -55,11 +55,10 @@
SOFIA_BEGIN_DECLS
int auth_ntlm_challenge_get(su_home_t *, auth_challenge_t *,
char const * const params[]);
int auth_ntlm_response_get(su_home_t *, auth_response_t *,
char const * const params[]);
issize_t auth_ntlm_challenge_get(su_home_t *, auth_challenge_t *,
char const * const params[]);
issize_t auth_ntlm_response_get(su_home_t *, auth_response_t *,
char const * const params[]);
int auth_ntlm_a1(auth_response_t *ar,
auth_hexmd5_t ha1,
......@@ -72,8 +71,8 @@ int auth_ntlm_a1sess(auth_response_t *ar,
int auth_ntlm_sessionkey(auth_response_t *, auth_hexmd5_t ha1,
char const *secret);
int auth_ntlm_response(auth_response_t *, auth_hexmd5_t response,
auth_hexmd5_t const ha1,
char const *method_name, void const *data, int dlen);
auth_hexmd5_t const ha1,
char const *method_name, void const *data, issize_t dlen);
/** NTLM scheme */
msg_auth_t *auth_ntlm_credentials(msg_auth_t *auth,
......
......@@ -68,7 +68,7 @@ struct auth_scheme
char const *asch_method;
/** Size of module object */
unsigned asch_size;
usize_t asch_size;
/** Initialize module. Invoked by auth_mod_create(). */
int (*asch_init)(auth_mod_t *am,
......
......@@ -645,6 +645,11 @@ int test_digest_client()
TEST(as->as_status, 401);
}
as->as_response = (msg_header_t *)
sip_www_authenticate_make(as->as_home, "Unknown realm=\"huu haa\"");
TEST_1(as->as_response);
TEST(auc_challenge(&aucs, home, (msg_auth_t *)as->as_response,
sip_authorization_class), 1);
aucs = NULL;
reinit_as(as);
......@@ -887,6 +892,28 @@ int test_digest_client()
auth_mod_check_client(am, as, sip->sip_authorization, ach);
TEST(as->as_status, 0);
aucs = NULL;
reinit_as(as);
auth_mod_check_client(am, as, NULL, ach);
TEST(as->as_status, 401);
TEST(auc_challenge(&aucs, home, (msg_auth_t *)as->as_response,
sip_authorization_class), 1);
reinit_as(as);
TEST(auc_all_credentials(&aucs, "Basic", "\"ims3.so.noklab.net\"",
"very-long-user-name-that-surely-exceeds-the-static-buffer",
"at-least-when-used-with-the-even-longer-password"), 1);
msg_header_remove(m2, (void *)sip, (void *)sip->sip_authorization);
TEST(auc_authorization(&aucs, m2, (msg_pub_t*)sip, rq->rq_method_name,
(url_t *)"sip:surf3@ims3.so.noklab.net",
sip->sip_payload), 1);
TEST_1(sip->sip_authorization);
auth_mod_check_client(am, as, sip->sip_authorization, ach);
TEST(as->as_status, 0);
auth_mod_destroy(am); deinit_as(as); aucs = NULL;
/* Test asynchronous operation */
......
user1:secret:
user2:fish:
very-long-user-name-that-surely-exceeds-the-static-buffer:at-least-when-used-with-the-even-longer-password:
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment