summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/providers/krb5/krb5_auth.c33
-rw-r--r--src/providers/krb5/krb5_child.c30
-rw-r--r--src/providers/ldap/ldap_child.c14
-rw-r--r--src/providers/ldap/sdap_child_helpers.c22
-rw-r--r--src/util/util.h39
5 files changed, 74 insertions, 64 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index 0e5230c6..e46ee2b4 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -331,28 +331,29 @@ errno_t create_send_buffer(struct krb5child_req *kr, struct io_buffer **io_buf)
}
rp = 0;
- COPY_UINT32(&buf->data[rp], &kr->pd->cmd, rp);
- COPY_UINT32(&buf->data[rp], &kr->uid, rp);
- COPY_UINT32(&buf->data[rp], &kr->gid, rp);
- COPY_UINT32(&buf->data[rp], &validate, rp);
- COPY_UINT32(&buf->data[rp], &kr->is_offline, rp);
+ SAFEALIGN_COPY_UINT32(&buf->data[rp], &kr->pd->cmd, &rp);
+ SAFEALIGN_COPY_UINT32(&buf->data[rp], &kr->uid, &rp);
+ SAFEALIGN_COPY_UINT32(&buf->data[rp], &kr->gid, &rp);
+ SAFEALIGN_COPY_UINT32(&buf->data[rp], &validate, &rp);
+ SAFEALIGN_COPY_UINT32(&buf->data[rp], &kr->is_offline, &rp);
- COPY_UINT32_VALUE(&buf->data[rp], strlen(kr->upn), rp);
- COPY_MEM(&buf->data[rp], kr->upn, rp, strlen(kr->upn));
+ SAFEALIGN_SET_UINT32(&buf->data[rp], strlen(kr->upn), &rp);
+ safealign_memcpy(&buf->data[rp], kr->upn, strlen(kr->upn), &rp);
- COPY_UINT32_VALUE(&buf->data[rp], strlen(kr->ccname), rp);
- COPY_MEM(&buf->data[rp], kr->ccname, rp, strlen(kr->ccname));
+ SAFEALIGN_SET_UINT32(&buf->data[rp], strlen(kr->ccname), &rp);
+ safealign_memcpy(&buf->data[rp], kr->ccname, strlen(kr->ccname), &rp);
- COPY_UINT32_VALUE(&buf->data[rp], strlen(keytab), rp);
- COPY_MEM(&buf->data[rp], keytab, rp, strlen(keytab));
+ SAFEALIGN_SET_UINT32(&buf->data[rp], strlen(keytab), &rp);
+ safealign_memcpy(&buf->data[rp], keytab, strlen(keytab), &rp);
- COPY_UINT32(&buf->data[rp], &kr->pd->authtok_size, rp);
- COPY_MEM(&buf->data[rp], kr->pd->authtok, rp, kr->pd->authtok_size);
+ SAFEALIGN_COPY_UINT32(&buf->data[rp], &kr->pd->authtok_size, &rp);
+ safealign_memcpy(&buf->data[rp], kr->pd->authtok,
+ kr->pd->authtok_size, &rp);
if (kr->pd->cmd == SSS_PAM_CHAUTHTOK) {
- COPY_UINT32(&buf->data[rp], &kr->pd->newauthtok_size, rp);
- COPY_MEM(&buf->data[rp], kr->pd->newauthtok,
- rp, kr->pd->newauthtok_size);
+ SAFEALIGN_COPY_UINT32(&buf->data[rp], &kr->pd->newauthtok_size, &rp);
+ safealign_memcpy(&buf->data[rp], kr->pd->newauthtok,
+ kr->pd->newauthtok_size, &rp);
}
*io_buf = buf;
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index 08df5984..234b8389 100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -264,17 +264,17 @@ static struct response *init_response(TALLOC_CTX *mem_ctx) {
static errno_t pack_response_packet(struct response *resp, int status, int type,
size_t len, const uint8_t *data)
{
- int p=0;
+ size_t p = 0;
if ((3*sizeof(int32_t) + len +1) > resp->max_size) {
DEBUG(1, ("response message too big.\n"));
return ENOMEM;
}
- COPY_INT32_VALUE(&resp->buf[p], status, p);
- COPY_INT32_VALUE(&resp->buf[p], type, p);
- COPY_INT32_VALUE(&resp->buf[p], len, p);
- COPY_MEM(&resp->buf[p], data, p, len);
+ SAFEALIGN_SET_INT32(&resp->buf[p], status, &p);
+ SAFEALIGN_SET_INT32(&resp->buf[p], type, &p);
+ SAFEALIGN_SET_INT32(&resp->buf[p], len, &p);
+ safealign_memcpy(&resp->buf[p], data, len, &p);
resp->size = p;
@@ -733,32 +733,32 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size, struct pam_data *pd,
uint32_t len;
uint32_t validate;
- COPY_UINT32_CHECK(&pd->cmd, buf + p, p, size);
- COPY_UINT32_CHECK(&kr->uid, buf + p, p, size);
- COPY_UINT32_CHECK(&kr->gid, buf + p, p, size);
- COPY_UINT32_CHECK(&validate, buf + p, p, size);
+ SAFEALIGN_COPY_UINT32_CHECK(&pd->cmd, buf + p, size, &p);
+ SAFEALIGN_COPY_UINT32_CHECK(&kr->uid, buf + p, size, &p);
+ SAFEALIGN_COPY_UINT32_CHECK(&kr->gid, buf + p, size, &p);
+ SAFEALIGN_COPY_UINT32_CHECK(&validate, buf + p, size, &p);
kr->validate = (validate == 0) ? false : true;
- COPY_UINT32_CHECK(offline, buf + p, p, size);
+ SAFEALIGN_COPY_UINT32_CHECK(offline, buf + p, size, &p);
- COPY_UINT32_CHECK(&len, buf + p, p, size);
+ SAFEALIGN_COPY_UINT32_CHECK(&len, buf + p, size, &p);
if ((p + len ) > size) return EINVAL;
kr->upn = talloc_strndup(pd, (char *)(buf + p), len);
if (kr->upn == NULL) return ENOMEM;
p += len;
- COPY_UINT32_CHECK(&len, buf + p, p, size);
+ SAFEALIGN_COPY_UINT32_CHECK(&len, buf + p, size, &p);
if ((p + len ) > size) return EINVAL;
kr->ccname = talloc_strndup(pd, (char *)(buf + p), len);
if (kr->ccname == NULL) return ENOMEM;
p += len;
- COPY_UINT32_CHECK(&len, buf + p, p, size);
+ SAFEALIGN_COPY_UINT32_CHECK(&len, buf + p, size, &p);
if ((p + len ) > size) return EINVAL;
kr->keytab = talloc_strndup(pd, (char *)(buf + p), len);
if (kr->keytab == NULL) return ENOMEM;
p += len;
- COPY_UINT32_CHECK(&len, buf + p, p, size);
+ SAFEALIGN_COPY_UINT32_CHECK(&len, buf + p, size, &p);
if ((p + len) > size) return EINVAL;
pd->authtok = (uint8_t *)talloc_strndup(pd, (char *)(buf + p), len);
if (pd->authtok == NULL) return ENOMEM;
@@ -766,7 +766,7 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size, struct pam_data *pd,
p += len;
if (pd->cmd == SSS_PAM_CHAUTHTOK) {
- COPY_UINT32_CHECK(&len, buf + p, p, size);
+ SAFEALIGN_COPY_UINT32_CHECK(&len, buf + p, size, &p);
if ((p + len) > size) return EINVAL;
pd->newauthtok = (uint8_t *)talloc_strndup(pd, (char *)(buf + p), len);
diff --git a/src/providers/ldap/ldap_child.c b/src/providers/ldap/ldap_child.c
index 0d34be2c..069fbcfe 100644
--- a/src/providers/ldap/ldap_child.c
+++ b/src/providers/ldap/ldap_child.c
@@ -51,7 +51,7 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size,
DEBUG(7, ("total buffer size: %d\n", size));
/* realm_str size and length */
- COPY_UINT32_CHECK(&len, buf + p, p, size);
+ SAFEALIGN_COPY_UINT32_CHECK(&len, buf + p, size, &p);
DEBUG(7, ("realm_str size: %d\n", len));
if (len) {
@@ -63,7 +63,7 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size,
}
/* princ_str size and length */
- COPY_UINT32_CHECK(&len, buf + p, p, size);
+ SAFEALIGN_COPY_UINT32_CHECK(&len, buf + p, size, &p);
DEBUG(7, ("princ_str size: %d\n", len));
if (len) {
@@ -75,7 +75,7 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size,
}
/* keytab_name size and length */
- COPY_UINT32_CHECK(&len, buf + p, p, size);
+ SAFEALIGN_COPY_UINT32_CHECK(&len, buf + p, size, &p);
DEBUG(7, ("keytab_name size: %d\n", len));
if (len) {
@@ -92,19 +92,19 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size,
static int pack_buffer(struct response *r, int result, const char *msg)
{
int len;
- int p = 0;
+ size_t p = 0;
len = strlen(msg);
r->size = 2 * sizeof(uint32_t) + len;
/* result */
- COPY_UINT32_VALUE(&r->buf[p], result, p);
+ SAFEALIGN_SET_UINT32(&r->buf[p], result, &p);
/* message size */
- COPY_UINT32_VALUE(&r->buf[p], len, p);
+ SAFEALIGN_SET_UINT32(&r->buf[p], len, &p);
/* message itself */
- COPY_MEM(&r->buf[p], msg, p, len);
+ safealign_memcpy(&r->buf[p], msg, len, &p);
return EOK;
}
diff --git a/src/providers/ldap/sdap_child_helpers.c b/src/providers/ldap/sdap_child_helpers.c
index 0a95c8a0..273fc678 100644
--- a/src/providers/ldap/sdap_child_helpers.c
+++ b/src/providers/ldap/sdap_child_helpers.c
@@ -166,26 +166,26 @@ static errno_t create_tgt_req_send_buffer(TALLOC_CTX *mem_ctx,
/* realm */
if (realm_str) {
- COPY_UINT32_VALUE(&buf->data[rp], strlen(realm_str), rp);
- COPY_MEM(&buf->data[rp], realm_str, rp, strlen(realm_str));
+ SAFEALIGN_SET_UINT32(&buf->data[rp], strlen(realm_str), &rp);
+ safealign_memcpy(&buf->data[rp], realm_str, strlen(realm_str), &rp);
} else {
- COPY_UINT32_VALUE(&buf->data[rp], 0, rp);
+ SAFEALIGN_SET_UINT32(&buf->data[rp], 0, &rp);
}
/* principal */
if (princ_str) {
- COPY_UINT32_VALUE(&buf->data[rp], strlen(princ_str), rp);
- COPY_MEM(&buf->data[rp], princ_str, rp, strlen(princ_str));
+ SAFEALIGN_SET_UINT32(&buf->data[rp], strlen(princ_str), &rp);
+ safealign_memcpy(&buf->data[rp], princ_str, strlen(princ_str), &rp);
} else {
- COPY_UINT32_VALUE(&buf->data[rp], 0, rp);
+ SAFEALIGN_SET_UINT32(&buf->data[rp], 0, &rp);
}
/* keytab */
if (keytab_name) {
- COPY_UINT32_VALUE(&buf->data[rp], strlen(keytab_name), rp);
- COPY_MEM(&buf->data[rp], keytab_name, rp, strlen(realm_str));
+ SAFEALIGN_SET_UINT32(&buf->data[rp], strlen(keytab_name), &rp);
+ safealign_memcpy(&buf->data[rp], keytab_name, strlen(realm_str), &rp);
} else {
- COPY_UINT32_VALUE(&buf->data[rp], 0, rp);
+ SAFEALIGN_SET_UINT32(&buf->data[rp], 0, &rp);
}
*io_buf = buf;
@@ -202,10 +202,10 @@ static int parse_child_response(TALLOC_CTX *mem_ctx,
char *ccn;
/* operation result code */
- COPY_UINT32_CHECK(&res, buf + p, p, size);
+ SAFEALIGN_COPY_UINT32_CHECK(&res, buf + p, size, &p);
/* ccache name size */
- COPY_UINT32_CHECK(&len, buf + p, p, size);
+ SAFEALIGN_COPY_UINT32_CHECK(&len, buf + p, size, &p);
if ((p + len ) > size) return EINVAL;
diff --git a/src/util/util.h b/src/util/util.h
index 5d2dff28..1f5573d4 100644
--- a/src/util/util.h
+++ b/src/util/util.h
@@ -163,26 +163,35 @@ errno_t set_debug_file_from_fd(const int fd);
#define OUT_OF_ID_RANGE(id, min, max) \
(id == 0 || (min && (id < min)) || (max && (id > max)))
-#define COPY_MEM(to, from, ptr, size) do { \
- memcpy(to, from, size); \
- ptr += size; \
+static inline void
+safealign_memcpy(void *dest, const void *src, size_t n, size_t *counter)
+{
+ memcpy(dest, src, n);
+ if (counter) {
+ *counter += n;
+ }
+}
+
+#define SAFEALIGN_SET_VALUE(dest, value, type, pctr) do { \
+ type CV_MACRO_val = (type)(value); \
+ safealign_memcpy(dest, &CV_MACRO_val, sizeof(type), pctr); \
} while(0)
-#define COPY_TYPE(to, from, ptr, type) COPY_MEM(to, from, ptr, sizeof(type))
+#define SAFEALIGN_COPY_UINT32(dest, src, pctr) \
+ safealign_memcpy(dest, src, sizeof(uint32_t), pctr)
-#define COPY_VALUE(to, value, ptr, type) do { \
- type CV_MACRO_val = (type) value; \
- COPY_TYPE(to, &CV_MACRO_val, ptr, type); \
-} while(0)
+#define SAFEALIGN_SET_UINT32(dest, value, pctr) \
+ SAFEALIGN_SET_VALUE(dest, value, uint32_t, pctr)
+
+#define SAFEALIGN_COPY_INT32(dest, src, pctr) \
+ safealign_memcpy(dest, src, sizeof(int32_t), pctr)
-#define COPY_UINT32(to, from, ptr) COPY_TYPE(to, from, ptr, uint32_t)
-#define COPY_UINT32_VALUE(to, value, ptr) COPY_VALUE(to, value, ptr, uint32_t)
-#define COPY_INT32(to, from, ptr) COPY_TYPE(to, from, ptr, int32_t)
-#define COPY_INT32_VALUE(to, value, ptr) COPY_VALUE(to, value, ptr, int32_t)
+#define SAFEALIGN_SET_INT32(dest, value, pctr) \
+ SAFEALIGN_SET_VALUE(dest, value, int32_t, pctr)
-#define COPY_UINT32_CHECK(to, from, ptr, size) do { \
- if ((ptr + sizeof(uint32_t)) > size) return EINVAL; \
- COPY_UINT32(to, from, ptr); \
+#define SAFEALIGN_COPY_UINT32_CHECK(dest, src, len, pctr) do { \
+ if ((*(pctr) + sizeof(uint32_t)) > (len)) return EINVAL; \
+ safealign_memcpy(dest, src, sizeof(uint32_t), pctr); \
} while(0)
#include "util/dlinklist.h"