summaryrefslogtreecommitdiff
path: root/server
diff options
context:
space:
mode:
Diffstat (limited to 'server')
-rw-r--r--server/providers/krb5/krb5_auth.c59
-rw-r--r--server/providers/krb5/krb5_child.c67
-rw-r--r--server/providers/ldap/ldap_child.c30
-rw-r--r--server/providers/ldap/sdap_child_helpers.c42
-rw-r--r--server/util/util.h22
5 files changed, 71 insertions, 149 deletions
diff --git a/server/providers/krb5/krb5_auth.c b/server/providers/krb5/krb5_auth.c
index 50f033eb..a2dadc80 100644
--- a/server/providers/krb5/krb5_auth.c
+++ b/server/providers/krb5/krb5_auth.c
@@ -301,7 +301,6 @@ errno_t create_send_buffer(struct krb5child_req *kr, struct io_buffer **io_buf)
size_t rp;
const char *keytab;
uint32_t validate;
- uint32_t c = 0;
keytab = dp_opt_get_cstring(kr->krb5_ctx->opts, KRB5_KEYTAB);
if (keytab == NULL) {
@@ -332,54 +331,28 @@ errno_t create_send_buffer(struct krb5child_req *kr, struct io_buffer **io_buf)
}
rp = 0;
- memcpy(&buf->data[rp], &kr->pd->cmd, sizeof(uint32_t));
- rp += sizeof(uint32_t);
+ COPY_UINT32(&buf->data[rp], &kr->pd->cmd, rp);
+ COPY_UINT32(&buf->data[rp], &kr->pd->pw_uid, rp);
+ COPY_UINT32(&buf->data[rp], &kr->pd->gr_gid, rp);
+ COPY_UINT32(&buf->data[rp], &validate, rp);
+ COPY_UINT32(&buf->data[rp], &kr->is_offline, rp);
- memcpy(&buf->data[rp], &kr->pd->pw_uid, sizeof(uint32_t));
- rp += sizeof(uint32_t);
+ COPY_UINT32_VALUE(&buf->data[rp], strlen(kr->pd->upn), rp);
+ COPY_MEM(&buf->data[rp], kr->pd->upn, rp, strlen(kr->pd->upn));
- memcpy(&buf->data[rp], &kr->pd->gr_gid, sizeof(uint32_t));
- rp += sizeof(uint32_t);
+ COPY_UINT32_VALUE(&buf->data[rp], strlen(kr->ccname), rp);
+ COPY_MEM(&buf->data[rp], kr->ccname, rp, strlen(kr->ccname));
- memcpy(&buf->data[rp], &validate, sizeof(uint32_t));
- rp += sizeof(uint32_t);
+ COPY_UINT32_VALUE(&buf->data[rp], strlen(keytab), rp);
+ COPY_MEM(&buf->data[rp], keytab, rp, strlen(keytab));
- memcpy(&buf->data[rp], &kr->is_offline, sizeof(uint32_t));
- rp += sizeof(uint32_t);
-
- c = (uint32_t) strlen(kr->pd->upn);
- memcpy(&buf->data[rp], &c, sizeof(uint32_t));
- rp += sizeof(uint32_t);
-
- memcpy(&buf->data[rp], kr->pd->upn, c);
- rp += c;
-
- c = (uint32_t) strlen(kr->ccname);
- memcpy(&buf->data[rp], &c, sizeof(uint32_t));
- rp += sizeof(uint32_t);
-
- memcpy(&buf->data[rp], kr->ccname, c);
- rp += strlen(kr->ccname);
-
- c = (uint32_t) strlen(keytab);
- memcpy(&buf->data[rp], &c, sizeof(uint32_t));
- rp += sizeof(uint32_t);
-
- memcpy(&buf->data[rp], keytab, c);
- rp += strlen(keytab);
-
- memcpy(&buf->data[rp], &kr->pd->authtok_size, sizeof(uint32_t));
- rp += sizeof(uint32_t);
-
- memcpy(&buf->data[rp], kr->pd->authtok, kr->pd->authtok_size);
- rp += kr->pd->authtok_size;
+ COPY_UINT32(&buf->data[rp], &kr->pd->authtok_size, rp);
+ COPY_MEM(&buf->data[rp], kr->pd->authtok, rp, kr->pd->authtok_size);
if (kr->pd->cmd == SSS_PAM_CHAUTHTOK) {
- memcpy(&buf->data[rp], &kr->pd->newauthtok_size, sizeof(uint32_t));
- rp += sizeof(uint32_t);
-
- memcpy(&buf->data[rp], kr->pd->newauthtok, kr->pd->newauthtok_size);
- rp += kr->pd->newauthtok_size;
+ COPY_UINT32(&buf->data[rp], &kr->pd->newauthtok_size, rp);
+ COPY_MEM(&buf->data[rp], kr->pd->newauthtok,
+ rp, kr->pd->newauthtok_size);
}
*io_buf = buf;
diff --git a/server/providers/krb5/krb5_child.c b/server/providers/krb5/krb5_child.c
index 645274b3..5e185940 100644
--- a/server/providers/krb5/krb5_child.c
+++ b/server/providers/krb5/krb5_child.c
@@ -261,27 +261,16 @@ static errno_t pack_response_packet(struct response *resp, int status, int type,
size_t len, const uint8_t *data)
{
int p=0;
- int32_t c;
if ((3*sizeof(int32_t) + len +1) > resp->max_size) {
DEBUG(1, ("response message too big.\n"));
return ENOMEM;
}
- c = status;
- memcpy(&resp->buf[p], &c, sizeof(int32_t));
- p += sizeof(int32_t);
-
- c = type;
- memcpy(&resp->buf[p], &c, sizeof(int32_t));
- p += sizeof(int32_t);
-
- c = len;
- memcpy(&resp->buf[p], &c, sizeof(int32_t));
- p += sizeof(int32_t);
-
- memcpy(&resp->buf[p], data, len);
- p += len;
+ COPY_INT32_VALUE(&resp->buf[p], status, p);
+ COPY_INT32_VALUE(&resp->buf[p], type, p);
+ COPY_INT32_VALUE(&resp->buf[p], len, p);
+ COPY_MEM(&resp->buf[p], data, p, len);
resp->size = p;
@@ -740,57 +729,31 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size, struct pam_data *pd,
size_t p = 0;
uint32_t len;
- if ((p + sizeof(uint32_t)) > size) return EINVAL;
- memcpy(&pd->cmd, buf + p, sizeof(uint32_t));
- p += sizeof(uint32_t);
-
- if ((p + sizeof(uint32_t)) > size) return EINVAL;
- memcpy(&pd->pw_uid, buf + p, sizeof(uint32_t));
- p += sizeof(uint32_t);
-
- if ((p + sizeof(uint32_t)) > size) return EINVAL;
- memcpy(&pd->gr_gid, buf + p, sizeof(uint32_t));
- p += sizeof(uint32_t);
-
- if ((p + sizeof(uint32_t)) > size) return EINVAL;
- memcpy(validate, buf + p, sizeof(uint32_t));
- p += sizeof(uint32_t);
-
- if ((p + sizeof(uint32_t)) > size) return EINVAL;
- memcpy(offline, buf + p, sizeof(uint32_t));
- p += sizeof(uint32_t);
-
- if ((p + sizeof(uint32_t)) > size) return EINVAL;
- memcpy(&len, buf + p, sizeof(uint32_t));
- p += sizeof(uint32_t);
+ COPY_UINT32_CHECK(&pd->cmd, buf + p, p, size);
+ COPY_UINT32_CHECK(&pd->pw_uid, buf + p, p, size);
+ COPY_UINT32_CHECK(&pd->gr_gid, buf + p, p, size);
+ COPY_UINT32_CHECK(validate, buf + p, p, size);
+ COPY_UINT32_CHECK(offline, buf + p, p, size);
+ COPY_UINT32_CHECK(&len, buf + p, p, size);
if ((p + len ) > size) return EINVAL;
pd->upn = talloc_strndup(pd, (char *)(buf + p), len);
if (pd->upn == NULL) return ENOMEM;
p += len;
- if ((p + sizeof(uint32_t)) > size) return EINVAL;
- memcpy(&len, buf + p, sizeof(uint32_t));
- p += sizeof(uint32_t);
-
+ COPY_UINT32_CHECK(&len, buf + p, p, size);
if ((p + len ) > size) return EINVAL;
*ccname = talloc_strndup(pd, (char *)(buf + p), len);
if (*ccname == NULL) return ENOMEM;
p += len;
- if ((p + sizeof(uint32_t)) > size) return EINVAL;
- memcpy(&len, buf + p, sizeof(uint32_t));
- p += sizeof(uint32_t);
-
+ COPY_UINT32_CHECK(&len, buf + p, p, size);
if ((p + len ) > size) return EINVAL;
*keytab = talloc_strndup(pd, (char *)(buf + p), len);
if (*keytab == NULL) return ENOMEM;
p += len;
- if ((p + sizeof(uint32_t)) > size) return EINVAL;
- memcpy(&len, buf + p, sizeof(uint32_t));
- p += sizeof(uint32_t);
-
+ COPY_UINT32_CHECK(&len, buf + p, p, size);
if ((p + len) > size) return EINVAL;
pd->authtok = (uint8_t *)talloc_strndup(pd, (char *)(buf + p), len);
if (pd->authtok == NULL) return ENOMEM;
@@ -798,9 +761,7 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size, struct pam_data *pd,
p += len;
if (pd->cmd == SSS_PAM_CHAUTHTOK) {
- if ((p + sizeof(uint32_t)) > size) return EINVAL;
- memcpy(&len, buf + p, sizeof(uint32_t));
- p += sizeof(uint32_t);
+ COPY_UINT32_CHECK(&len, buf + p, p, size);
if ((p + len) > size) return EINVAL;
pd->newauthtok = (uint8_t *)talloc_strndup(pd, (char *)(buf + p), len);
diff --git a/server/providers/ldap/ldap_child.c b/server/providers/ldap/ldap_child.c
index 448a9cc6..0d34be2c 100644
--- a/server/providers/ldap/ldap_child.c
+++ b/server/providers/ldap/ldap_child.c
@@ -48,14 +48,10 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size,
size_t p = 0;
uint32_t len;
- /* realm_str size and length */
DEBUG(7, ("total buffer size: %d\n", size));
- if ((p + sizeof(uint32_t)) > size) {
- DEBUG(1, ("Error: buffer too big!\n"));
- return EINVAL;
- }
- memcpy(&len, buf + p, sizeof(uint32_t));
- p += sizeof(uint32_t);
+
+ /* realm_str size and length */
+ COPY_UINT32_CHECK(&len, buf + p, p, size);
DEBUG(7, ("realm_str size: %d\n", len));
if (len) {
@@ -67,9 +63,7 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size,
}
/* princ_str size and length */
- if ((p + sizeof(uint32_t)) > size) return EINVAL;
- memcpy(&len, buf + p, sizeof(uint32_t));
- p += sizeof(uint32_t);
+ COPY_UINT32_CHECK(&len, buf + p, p, size);
DEBUG(7, ("princ_str size: %d\n", len));
if (len) {
@@ -81,9 +75,7 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size,
}
/* keytab_name size and length */
- if ((p + sizeof(uint32_t)) > size) return EINVAL;
- memcpy(&len, buf + p, sizeof(uint32_t));
- p += sizeof(uint32_t);
+ COPY_UINT32_CHECK(&len, buf + p, p, size);
DEBUG(7, ("keytab_name size: %d\n", len));
if (len) {
@@ -101,24 +93,18 @@ static int pack_buffer(struct response *r, int result, const char *msg)
{
int len;
int p = 0;
- uint32_t c;
len = strlen(msg);
r->size = 2 * sizeof(uint32_t) + len;
/* result */
- c = result;
- memcpy(&r->buf[p], &c, sizeof(uint32_t));
- p += sizeof(uint32_t);
+ COPY_UINT32_VALUE(&r->buf[p], result, p);
/* message size */
- c = len;
- memcpy(&r->buf[p], &c, sizeof(uint32_t));
- p += sizeof(uint32_t);
+ COPY_UINT32_VALUE(&r->buf[p], len, p);
/* message itself */
- memcpy(&r->buf[p], msg, len);
- p += len;
+ COPY_MEM(&r->buf[p], msg, p, len);
return EOK;
}
diff --git a/server/providers/ldap/sdap_child_helpers.c b/server/providers/ldap/sdap_child_helpers.c
index 7f743d7f..0a95c8a0 100644
--- a/server/providers/ldap/sdap_child_helpers.c
+++ b/server/providers/ldap/sdap_child_helpers.c
@@ -135,7 +135,6 @@ static errno_t create_tgt_req_send_buffer(TALLOC_CTX *mem_ctx,
{
struct io_buffer *buf;
size_t rp;
- int len;
buf = talloc(mem_ctx, struct io_buffer);
if (buf == NULL) {
@@ -167,41 +166,26 @@ static errno_t create_tgt_req_send_buffer(TALLOC_CTX *mem_ctx,
/* realm */
if (realm_str) {
- len = strlen(realm_str);
- memcpy(&buf->data[rp], &len, sizeof(uint32_t));
- rp += sizeof(uint32_t);
- memcpy(&buf->data[rp], realm_str, len);
- rp += len;
+ COPY_UINT32_VALUE(&buf->data[rp], strlen(realm_str), rp);
+ COPY_MEM(&buf->data[rp], realm_str, rp, strlen(realm_str));
} else {
- len = 0;
- memcpy(&buf->data[rp], &len, sizeof(uint32_t));
- rp += sizeof(uint32_t);
+ COPY_UINT32_VALUE(&buf->data[rp], 0, rp);
}
/* principal */
if (princ_str) {
- len = strlen(princ_str);
- memcpy(&buf->data[rp], &len, sizeof(uint32_t));
- rp += sizeof(uint32_t);
- memcpy(&buf->data[rp], princ_str, len);
- rp += len;
+ COPY_UINT32_VALUE(&buf->data[rp], strlen(princ_str), rp);
+ COPY_MEM(&buf->data[rp], princ_str, rp, strlen(princ_str));
} else {
- len = 0;
- memcpy(&buf->data[rp], &len, sizeof(uint32_t));
- rp += sizeof(uint32_t);
+ COPY_UINT32_VALUE(&buf->data[rp], 0, rp);
}
/* keytab */
if (keytab_name) {
- len = strlen(keytab_name);
- memcpy(&buf->data[rp], &len, sizeof(uint32_t));
- rp += sizeof(uint32_t);
- memcpy(&buf->data[rp], keytab_name, len);
- rp += len;
+ COPY_UINT32_VALUE(&buf->data[rp], strlen(keytab_name), rp);
+ COPY_MEM(&buf->data[rp], keytab_name, rp, strlen(realm_str));
} else {
- len = 0;
- memcpy(&buf->data[rp], &len, sizeof(uint32_t));
- rp += sizeof(uint32_t);
+ COPY_UINT32_VALUE(&buf->data[rp], 0, rp);
}
*io_buf = buf;
@@ -218,14 +202,10 @@ static int parse_child_response(TALLOC_CTX *mem_ctx,
char *ccn;
/* operation result code */
- if ((p + sizeof(uint32_t)) > size) return EINVAL;
- memcpy(&res, buf + p, sizeof(uint32_t));
- p += sizeof(uint32_t);
+ COPY_UINT32_CHECK(&res, buf + p, p, size);
/* ccache name size */
- if ((p + sizeof(uint32_t)) > size) return EINVAL;
- memcpy(&len, buf + p, sizeof(uint32_t));
- p += sizeof(uint32_t);
+ COPY_UINT32_CHECK(&len, buf + p, p, size);
if ((p + len ) > size) return EINVAL;
diff --git a/server/util/util.h b/server/util/util.h
index 9c8679ec..945e20d0 100644
--- a/server/util/util.h
+++ b/server/util/util.h
@@ -162,6 +162,28 @@ errno_t set_debug_file_from_fd(const int fd);
#define OUT_OF_ID_RANGE(id, min, max) \
(id == 0 || (min && (id < min)) || (max && (id > max)))
+#define COPY_MEM(to, from, ptr, size) do { \
+ memcpy(to, from, size); \
+ ptr += size; \
+} while(0)
+
+#define COPY_TYPE(to, from, ptr, type) COPY_MEM(to, from, ptr, sizeof(type))
+
+#define COPY_VALUE(to, value, ptr, type) do { \
+ type CV_MACRO_val = (type) value; \
+ COPY_TYPE(to, &CV_MACRO_val, ptr, type); \
+} while(0)
+
+#define COPY_UINT32(to, from, ptr) COPY_TYPE(to, from, ptr, uint32_t)
+#define COPY_UINT32_VALUE(to, value, ptr) COPY_VALUE(to, value, ptr, uint32_t)
+#define COPY_INT32(to, from, ptr) COPY_TYPE(to, from, ptr, int32_t)
+#define COPY_INT32_VALUE(to, value, ptr) COPY_VALUE(to, value, ptr, int32_t)
+
+#define COPY_UINT32_CHECK(to, from, ptr, size) do { \
+ if ((ptr + sizeof(uint32_t)) > size) return EINVAL; \
+ COPY_UINT32(to, from, ptr); \
+} while(0)
+
#include "util/dlinklist.h"
/* From debug.c */