diff options
-rw-r--r-- | server/providers/krb5/krb5_auth.c | 59 | ||||
-rw-r--r-- | server/providers/krb5/krb5_child.c | 67 | ||||
-rw-r--r-- | server/providers/ldap/ldap_child.c | 30 | ||||
-rw-r--r-- | server/providers/ldap/sdap_child_helpers.c | 42 | ||||
-rw-r--r-- | server/util/util.h | 22 |
5 files changed, 71 insertions, 149 deletions
diff --git a/server/providers/krb5/krb5_auth.c b/server/providers/krb5/krb5_auth.c index 50f033eb..a2dadc80 100644 --- a/server/providers/krb5/krb5_auth.c +++ b/server/providers/krb5/krb5_auth.c @@ -301,7 +301,6 @@ errno_t create_send_buffer(struct krb5child_req *kr, struct io_buffer **io_buf) size_t rp; const char *keytab; uint32_t validate; - uint32_t c = 0; keytab = dp_opt_get_cstring(kr->krb5_ctx->opts, KRB5_KEYTAB); if (keytab == NULL) { @@ -332,54 +331,28 @@ errno_t create_send_buffer(struct krb5child_req *kr, struct io_buffer **io_buf) } rp = 0; - memcpy(&buf->data[rp], &kr->pd->cmd, sizeof(uint32_t)); - rp += sizeof(uint32_t); + COPY_UINT32(&buf->data[rp], &kr->pd->cmd, rp); + COPY_UINT32(&buf->data[rp], &kr->pd->pw_uid, rp); + COPY_UINT32(&buf->data[rp], &kr->pd->gr_gid, rp); + COPY_UINT32(&buf->data[rp], &validate, rp); + COPY_UINT32(&buf->data[rp], &kr->is_offline, rp); - memcpy(&buf->data[rp], &kr->pd->pw_uid, sizeof(uint32_t)); - rp += sizeof(uint32_t); + COPY_UINT32_VALUE(&buf->data[rp], strlen(kr->pd->upn), rp); + COPY_MEM(&buf->data[rp], kr->pd->upn, rp, strlen(kr->pd->upn)); - memcpy(&buf->data[rp], &kr->pd->gr_gid, sizeof(uint32_t)); - rp += sizeof(uint32_t); + COPY_UINT32_VALUE(&buf->data[rp], strlen(kr->ccname), rp); + COPY_MEM(&buf->data[rp], kr->ccname, rp, strlen(kr->ccname)); - memcpy(&buf->data[rp], &validate, sizeof(uint32_t)); - rp += sizeof(uint32_t); + COPY_UINT32_VALUE(&buf->data[rp], strlen(keytab), rp); + COPY_MEM(&buf->data[rp], keytab, rp, strlen(keytab)); - memcpy(&buf->data[rp], &kr->is_offline, sizeof(uint32_t)); - rp += sizeof(uint32_t); - - c = (uint32_t) strlen(kr->pd->upn); - memcpy(&buf->data[rp], &c, sizeof(uint32_t)); - rp += sizeof(uint32_t); - - memcpy(&buf->data[rp], kr->pd->upn, c); - rp += c; - - c = (uint32_t) strlen(kr->ccname); - memcpy(&buf->data[rp], &c, sizeof(uint32_t)); - rp += sizeof(uint32_t); - - memcpy(&buf->data[rp], kr->ccname, c); - rp += strlen(kr->ccname); - - c = (uint32_t) strlen(keytab); - memcpy(&buf->data[rp], &c, sizeof(uint32_t)); - rp += sizeof(uint32_t); - - memcpy(&buf->data[rp], keytab, c); - rp += strlen(keytab); - - memcpy(&buf->data[rp], &kr->pd->authtok_size, sizeof(uint32_t)); - rp += sizeof(uint32_t); - - memcpy(&buf->data[rp], kr->pd->authtok, kr->pd->authtok_size); - rp += kr->pd->authtok_size; + COPY_UINT32(&buf->data[rp], &kr->pd->authtok_size, rp); + COPY_MEM(&buf->data[rp], kr->pd->authtok, rp, kr->pd->authtok_size); if (kr->pd->cmd == SSS_PAM_CHAUTHTOK) { - memcpy(&buf->data[rp], &kr->pd->newauthtok_size, sizeof(uint32_t)); - rp += sizeof(uint32_t); - - memcpy(&buf->data[rp], kr->pd->newauthtok, kr->pd->newauthtok_size); - rp += kr->pd->newauthtok_size; + COPY_UINT32(&buf->data[rp], &kr->pd->newauthtok_size, rp); + COPY_MEM(&buf->data[rp], kr->pd->newauthtok, + rp, kr->pd->newauthtok_size); } *io_buf = buf; diff --git a/server/providers/krb5/krb5_child.c b/server/providers/krb5/krb5_child.c index 645274b3..5e185940 100644 --- a/server/providers/krb5/krb5_child.c +++ b/server/providers/krb5/krb5_child.c @@ -261,27 +261,16 @@ static errno_t pack_response_packet(struct response *resp, int status, int type, size_t len, const uint8_t *data) { int p=0; - int32_t c; if ((3*sizeof(int32_t) + len +1) > resp->max_size) { DEBUG(1, ("response message too big.\n")); return ENOMEM; } - c = status; - memcpy(&resp->buf[p], &c, sizeof(int32_t)); - p += sizeof(int32_t); - - c = type; - memcpy(&resp->buf[p], &c, sizeof(int32_t)); - p += sizeof(int32_t); - - c = len; - memcpy(&resp->buf[p], &c, sizeof(int32_t)); - p += sizeof(int32_t); - - memcpy(&resp->buf[p], data, len); - p += len; + COPY_INT32_VALUE(&resp->buf[p], status, p); + COPY_INT32_VALUE(&resp->buf[p], type, p); + COPY_INT32_VALUE(&resp->buf[p], len, p); + COPY_MEM(&resp->buf[p], data, p, len); resp->size = p; @@ -740,57 +729,31 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size, struct pam_data *pd, size_t p = 0; uint32_t len; - if ((p + sizeof(uint32_t)) > size) return EINVAL; - memcpy(&pd->cmd, buf + p, sizeof(uint32_t)); - p += sizeof(uint32_t); - - if ((p + sizeof(uint32_t)) > size) return EINVAL; - memcpy(&pd->pw_uid, buf + p, sizeof(uint32_t)); - p += sizeof(uint32_t); - - if ((p + sizeof(uint32_t)) > size) return EINVAL; - memcpy(&pd->gr_gid, buf + p, sizeof(uint32_t)); - p += sizeof(uint32_t); - - if ((p + sizeof(uint32_t)) > size) return EINVAL; - memcpy(validate, buf + p, sizeof(uint32_t)); - p += sizeof(uint32_t); - - if ((p + sizeof(uint32_t)) > size) return EINVAL; - memcpy(offline, buf + p, sizeof(uint32_t)); - p += sizeof(uint32_t); - - if ((p + sizeof(uint32_t)) > size) return EINVAL; - memcpy(&len, buf + p, sizeof(uint32_t)); - p += sizeof(uint32_t); + COPY_UINT32_CHECK(&pd->cmd, buf + p, p, size); + COPY_UINT32_CHECK(&pd->pw_uid, buf + p, p, size); + COPY_UINT32_CHECK(&pd->gr_gid, buf + p, p, size); + COPY_UINT32_CHECK(validate, buf + p, p, size); + COPY_UINT32_CHECK(offline, buf + p, p, size); + COPY_UINT32_CHECK(&len, buf + p, p, size); if ((p + len ) > size) return EINVAL; pd->upn = talloc_strndup(pd, (char *)(buf + p), len); if (pd->upn == NULL) return ENOMEM; p += len; - if ((p + sizeof(uint32_t)) > size) return EINVAL; - memcpy(&len, buf + p, sizeof(uint32_t)); - p += sizeof(uint32_t); - + COPY_UINT32_CHECK(&len, buf + p, p, size); if ((p + len ) > size) return EINVAL; *ccname = talloc_strndup(pd, (char *)(buf + p), len); if (*ccname == NULL) return ENOMEM; p += len; - if ((p + sizeof(uint32_t)) > size) return EINVAL; - memcpy(&len, buf + p, sizeof(uint32_t)); - p += sizeof(uint32_t); - + COPY_UINT32_CHECK(&len, buf + p, p, size); if ((p + len ) > size) return EINVAL; *keytab = talloc_strndup(pd, (char *)(buf + p), len); if (*keytab == NULL) return ENOMEM; p += len; - if ((p + sizeof(uint32_t)) > size) return EINVAL; - memcpy(&len, buf + p, sizeof(uint32_t)); - p += sizeof(uint32_t); - + COPY_UINT32_CHECK(&len, buf + p, p, size); if ((p + len) > size) return EINVAL; pd->authtok = (uint8_t *)talloc_strndup(pd, (char *)(buf + p), len); if (pd->authtok == NULL) return ENOMEM; @@ -798,9 +761,7 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size, struct pam_data *pd, p += len; if (pd->cmd == SSS_PAM_CHAUTHTOK) { - if ((p + sizeof(uint32_t)) > size) return EINVAL; - memcpy(&len, buf + p, sizeof(uint32_t)); - p += sizeof(uint32_t); + COPY_UINT32_CHECK(&len, buf + p, p, size); if ((p + len) > size) return EINVAL; pd->newauthtok = (uint8_t *)talloc_strndup(pd, (char *)(buf + p), len); diff --git a/server/providers/ldap/ldap_child.c b/server/providers/ldap/ldap_child.c index 448a9cc6..0d34be2c 100644 --- a/server/providers/ldap/ldap_child.c +++ b/server/providers/ldap/ldap_child.c @@ -48,14 +48,10 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size, size_t p = 0; uint32_t len; - /* realm_str size and length */ DEBUG(7, ("total buffer size: %d\n", size)); - if ((p + sizeof(uint32_t)) > size) { - DEBUG(1, ("Error: buffer too big!\n")); - return EINVAL; - } - memcpy(&len, buf + p, sizeof(uint32_t)); - p += sizeof(uint32_t); + + /* realm_str size and length */ + COPY_UINT32_CHECK(&len, buf + p, p, size); DEBUG(7, ("realm_str size: %d\n", len)); if (len) { @@ -67,9 +63,7 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size, } /* princ_str size and length */ - if ((p + sizeof(uint32_t)) > size) return EINVAL; - memcpy(&len, buf + p, sizeof(uint32_t)); - p += sizeof(uint32_t); + COPY_UINT32_CHECK(&len, buf + p, p, size); DEBUG(7, ("princ_str size: %d\n", len)); if (len) { @@ -81,9 +75,7 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size, } /* keytab_name size and length */ - if ((p + sizeof(uint32_t)) > size) return EINVAL; - memcpy(&len, buf + p, sizeof(uint32_t)); - p += sizeof(uint32_t); + COPY_UINT32_CHECK(&len, buf + p, p, size); DEBUG(7, ("keytab_name size: %d\n", len)); if (len) { @@ -101,24 +93,18 @@ static int pack_buffer(struct response *r, int result, const char *msg) { int len; int p = 0; - uint32_t c; len = strlen(msg); r->size = 2 * sizeof(uint32_t) + len; /* result */ - c = result; - memcpy(&r->buf[p], &c, sizeof(uint32_t)); - p += sizeof(uint32_t); + COPY_UINT32_VALUE(&r->buf[p], result, p); /* message size */ - c = len; - memcpy(&r->buf[p], &c, sizeof(uint32_t)); - p += sizeof(uint32_t); + COPY_UINT32_VALUE(&r->buf[p], len, p); /* message itself */ - memcpy(&r->buf[p], msg, len); - p += len; + COPY_MEM(&r->buf[p], msg, p, len); return EOK; } diff --git a/server/providers/ldap/sdap_child_helpers.c b/server/providers/ldap/sdap_child_helpers.c index 7f743d7f..0a95c8a0 100644 --- a/server/providers/ldap/sdap_child_helpers.c +++ b/server/providers/ldap/sdap_child_helpers.c @@ -135,7 +135,6 @@ static errno_t create_tgt_req_send_buffer(TALLOC_CTX *mem_ctx, { struct io_buffer *buf; size_t rp; - int len; buf = talloc(mem_ctx, struct io_buffer); if (buf == NULL) { @@ -167,41 +166,26 @@ static errno_t create_tgt_req_send_buffer(TALLOC_CTX *mem_ctx, /* realm */ if (realm_str) { - len = strlen(realm_str); - memcpy(&buf->data[rp], &len, sizeof(uint32_t)); - rp += sizeof(uint32_t); - memcpy(&buf->data[rp], realm_str, len); - rp += len; + COPY_UINT32_VALUE(&buf->data[rp], strlen(realm_str), rp); + COPY_MEM(&buf->data[rp], realm_str, rp, strlen(realm_str)); } else { - len = 0; - memcpy(&buf->data[rp], &len, sizeof(uint32_t)); - rp += sizeof(uint32_t); + COPY_UINT32_VALUE(&buf->data[rp], 0, rp); } /* principal */ if (princ_str) { - len = strlen(princ_str); - memcpy(&buf->data[rp], &len, sizeof(uint32_t)); - rp += sizeof(uint32_t); - memcpy(&buf->data[rp], princ_str, len); - rp += len; + COPY_UINT32_VALUE(&buf->data[rp], strlen(princ_str), rp); + COPY_MEM(&buf->data[rp], princ_str, rp, strlen(princ_str)); } else { - len = 0; - memcpy(&buf->data[rp], &len, sizeof(uint32_t)); - rp += sizeof(uint32_t); + COPY_UINT32_VALUE(&buf->data[rp], 0, rp); } /* keytab */ if (keytab_name) { - len = strlen(keytab_name); - memcpy(&buf->data[rp], &len, sizeof(uint32_t)); - rp += sizeof(uint32_t); - memcpy(&buf->data[rp], keytab_name, len); - rp += len; + COPY_UINT32_VALUE(&buf->data[rp], strlen(keytab_name), rp); + COPY_MEM(&buf->data[rp], keytab_name, rp, strlen(realm_str)); } else { - len = 0; - memcpy(&buf->data[rp], &len, sizeof(uint32_t)); - rp += sizeof(uint32_t); + COPY_UINT32_VALUE(&buf->data[rp], 0, rp); } *io_buf = buf; @@ -218,14 +202,10 @@ static int parse_child_response(TALLOC_CTX *mem_ctx, char *ccn; /* operation result code */ - if ((p + sizeof(uint32_t)) > size) return EINVAL; - memcpy(&res, buf + p, sizeof(uint32_t)); - p += sizeof(uint32_t); + COPY_UINT32_CHECK(&res, buf + p, p, size); /* ccache name size */ - if ((p + sizeof(uint32_t)) > size) return EINVAL; - memcpy(&len, buf + p, sizeof(uint32_t)); - p += sizeof(uint32_t); + COPY_UINT32_CHECK(&len, buf + p, p, size); if ((p + len ) > size) return EINVAL; diff --git a/server/util/util.h b/server/util/util.h index 9c8679ec..945e20d0 100644 --- a/server/util/util.h +++ b/server/util/util.h @@ -162,6 +162,28 @@ errno_t set_debug_file_from_fd(const int fd); #define OUT_OF_ID_RANGE(id, min, max) \ (id == 0 || (min && (id < min)) || (max && (id > max))) +#define COPY_MEM(to, from, ptr, size) do { \ + memcpy(to, from, size); \ + ptr += size; \ +} while(0) + +#define COPY_TYPE(to, from, ptr, type) COPY_MEM(to, from, ptr, sizeof(type)) + +#define COPY_VALUE(to, value, ptr, type) do { \ + type CV_MACRO_val = (type) value; \ + COPY_TYPE(to, &CV_MACRO_val, ptr, type); \ +} while(0) + +#define COPY_UINT32(to, from, ptr) COPY_TYPE(to, from, ptr, uint32_t) +#define COPY_UINT32_VALUE(to, value, ptr) COPY_VALUE(to, value, ptr, uint32_t) +#define COPY_INT32(to, from, ptr) COPY_TYPE(to, from, ptr, int32_t) +#define COPY_INT32_VALUE(to, value, ptr) COPY_VALUE(to, value, ptr, int32_t) + +#define COPY_UINT32_CHECK(to, from, ptr, size) do { \ + if ((ptr + sizeof(uint32_t)) > size) return EINVAL; \ + COPY_UINT32(to, from, ptr); \ +} while(0) + #include "util/dlinklist.h" /* From debug.c */ |