fix double free, bad use of strtok

diff --git a/src/identity-provider/gnunet-identity-token.c b/src/identity-provider/gnunet-identity-token.c
index 3e7d5bd9b50d6cee955d38d06aab9ed68ef552e3..1f480aae0f4e2c5336b41e639add0e72806c3626 100644 (file)
--- a/src/identity-provider/gnunet-identity-token.c
+++ b/src/identity-provider/gnunet-identity-token.c
@@ -1,3 +1,29 @@
+/*
+   This file is part of GNUnet.
+   Copyright (C) 2012-2015 GNUnet e.V.
+
+   GNUnet is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published
+   by the Free Software Foundation; either version 3, or (at your
+   option) any later version.
+
+   GNUnet is distributed in the hope that it will be useful, but
+   WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with GNUnet; see the file COPYING.  If not, write to the
+   Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+   Boston, MA 02110-1301, USA.
+   */
+/**
+ * @author Martin Schanzenbach
+ * @file src/identity-provider/gnunet-service-identity-provider.c
+ * @brief Identity Token Service
+ *
+ */
+
 #include "platform.h"
 #include "gnunet_util_lib.h"
 #include <jansson.h>
@@ -19,25 +45,42 @@ run (void *cls,
      const char *cfgfile,
      const struct GNUNET_CONFIGURATION_Handle *c)
 {
-  char* payload;
-  char* header;
+  char *payload;
+  char *header;
   //Get token parts
-  char* header_b64 = strtok (token, ".");
-  char* payload_b64 = strtok(NULL, ".");
-  char* signature_b32 = strtok(NULL, ".");
-  const char* keystring;
-  char* data;
+  const char *header_b64;
+  const char *payload_b64;
+  const char *signature_b32;
+  const char *keystring;
+  char *data;
   json_t *payload_json;
   json_t *keystring_json;
   json_error_t error;
   struct GNUNET_CRYPTO_EcdsaPublicKey key;
   struct GNUNET_CRYPTO_EccSignaturePurpose *purpose;
   struct GNUNET_CRYPTO_EcdsaSignature sig;
-  
-  GNUNET_assert (NULL != header_b64);
-  GNUNET_assert (NULL != payload_b64);
-  GNUNET_assert (NULL != signature_b32);
-  
+
+  if (NULL == token)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
+                _("Option `-t' is required\n"));
+    return;
+  }
+  header_b64 = strtok (token, ".");
+  payload_b64 = strtok (NULL, ".");
+  signature_b32 = strtok (NULL, ".");
+  if ( (NULL != header_b64) ||
+       (NULL != payload_b64) ||
+       (NULL != signature_b32) )
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
+                _("Token `%s' is malformed\n"),
+                token);
+    GNUNET_free (token);
+    token = NULL;
+    return;
+  }
+
   //Decode payload
   GNUNET_STRINGS_base64_decode (payload_b64,
                                 strlen (payload_b64),
@@ -46,9 +89,7 @@ run (void *cls,
   GNUNET_STRINGS_base64_decode (header_b64,
                                 strlen (header_b64),
                                 &header);
-  if (NULL == token)
-    return;
-  
+
 
   GNUNET_asprintf(&data,
                   "%s,%s",
@@ -60,14 +101,14 @@ run (void *cls,
   purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN);
   GNUNET_memcpy (&purpose[1], data, strlen(data));
   GNUNET_free (data);
-  GNUNET_free (header_b64);
-  GNUNET_free (header_b64);
+  GNUNET_free (token);
+  token = NULL;
 
   if (print_token)
     printf ("Token:\nHeader:\t\t%s\nPayload:\t%s\n", header, payload);
   GNUNET_free (header);
   GNUNET_free (payload);
-  
+
   payload_json = json_loads (payload, 0, &error);
   if ((NULL == payload_json) || !json_is_object (payload_json))
   {
@@ -92,10 +133,10 @@ run (void *cls,
                                 strlen (signature_b32),
                                 &sig,
                                 sizeof (struct GNUNET_CRYPTO_EcdsaSignature));
-  
-  if (print_token) 
+
+  if (print_token)
     printf ("Signature:\t%s\n", keystring);
-  
+
   if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN,
                                               purpose,
                                               &sig,
@@ -106,6 +147,8 @@ run (void *cls,
   GNUNET_free (val);
   return;
 }
+
+
 int
 main(int argc, char *const argv[])
 {
@@ -123,5 +166,3 @@ main(int argc, char *const argv[])
                              "ct", options,
                              &run, NULL);
 }
-
-