Commit c2d56b22 authored by Simon Morlat's avatar Simon Morlat

Fix buffer overflows.

parent 98fe86f4
......@@ -116,7 +116,6 @@ void FileAuthDb::sync() {
string version;
string passwd_tag;
int i;
char user_ref[MAX_USERNAME_LENGTH];
LOGD("Opening file %s", mFileString.c_str());
file.open(mFileString);
......@@ -170,7 +169,9 @@ void FileAuthDb::sync() {
}
// if user with space, replace %20 by space
url_unescape(user_ref, user.c_str());
string user_ref;
user_ref.resize(user.size());
url_unescape(&user_ref[0], user.c_str());
if (!ss.eof()) {
// TODO read userid with space
getline(ss, userid, ' ');
......@@ -185,7 +186,7 @@ void FileAuthDb::sync() {
}
cacheUserWithPhone(phone, domain, user);
parsePasswd(pass, (string)user_ref, domain, &password);
parsePasswd(pass, user_ref, domain, &password);
if (find(domains.begin(), domains.end(), domain) != domains.end()) {
string key(createPasswordKey(user, userid));
......
......@@ -158,11 +158,12 @@ void SociAuthDB::getPasswordWithPool(const std::string &id, const std::string &d
SLOGD << "[SOCI] Pool acquired in " << DURATION_MS(start, stop) << "ms";
start = stop;
char unescapedId[MAX_USERNAME_LENGTH];
// WARNING: it is necessary to create a temporary string here because use() function creates
// and returns an object that stores a reference on it. So, it must absolutely be destroyed
// at the end of this function.
string unescapedIdStr(url_unescape(unescapedId, id.c_str()));
string unescapedIdStr;
unescapedIdStr.resize(id.size());
url_unescape(&unescapedIdStr[0], id.c_str());
*sql << get_password_request, into(passwd.pass), use(unescapedIdStr, "id"), use(domain, "domain"), use(authid, "authid");
passwd.passmd5 = passwd.pass; // TODO
......
......@@ -91,9 +91,11 @@ void AuthDbBackend::declareConfig(GenericStruct *mc) {
string AuthDbBackend::createPasswordKey(const string &user, const string &auth_username) {
ostringstream key;
char unescapedId[MAX_USERNAME_LENGTH];
url_unescape(unescapedId, auth_username.c_str());
key << user << "#" << unescapedId;
string unescapedUsername;
unescapedUsername.resize(auth_username.size());
url_unescape(&unescapedUsername[0], auth_username.c_str());
key << user << "#" << unescapedUsername;
return key.str();
}
......
......@@ -40,8 +40,6 @@
#include "sofia-sip/auth_module.h"
#include "sofia-sip/auth_plugin.h"
#define MAX_USERNAME_LENGTH 30
enum AuthDbResult { PENDING, PASSWORD_FOUND, PASSWORD_NOT_FOUND, AUTH_ERROR };
struct passwd_algo_t {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment