From: Christian Grothoff Date: Fri, 26 Aug 2016 11:55:54 +0000 (+0000) Subject: fix double free, bad use of strtok X-Git-Tag: initial-import-from-subversion-38251~343 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=871d289fbe7629caa39aeb7e9bb30d7d48864d62;p=oweals%2Fgnunet.git fix double free, bad use of strtok --- diff --git a/src/identity-provider/gnunet-identity-token.c b/src/identity-provider/gnunet-identity-token.c index 3e7d5bd9b..1f480aae0 100644 --- a/src/identity-provider/gnunet-identity-token.c +++ b/src/identity-provider/gnunet-identity-token.c @@ -1,3 +1,29 @@ +/* + This file is part of GNUnet. + Copyright (C) 2012-2015 GNUnet e.V. + + GNUnet is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 3, or (at your + option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNUnet; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. + */ +/** + * @author Martin Schanzenbach + * @file src/identity-provider/gnunet-service-identity-provider.c + * @brief Identity Token Service + * + */ + #include "platform.h" #include "gnunet_util_lib.h" #include @@ -19,25 +45,42 @@ run (void *cls, const char *cfgfile, const struct GNUNET_CONFIGURATION_Handle *c) { - char* payload; - char* header; + char *payload; + char *header; //Get token parts - char* header_b64 = strtok (token, "."); - char* payload_b64 = strtok(NULL, "."); - char* signature_b32 = strtok(NULL, "."); - const char* keystring; - char* data; + const char *header_b64; + const char *payload_b64; + const char *signature_b32; + const char *keystring; + char *data; json_t *payload_json; json_t *keystring_json; json_error_t error; struct GNUNET_CRYPTO_EcdsaPublicKey key; struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; struct GNUNET_CRYPTO_EcdsaSignature sig; - - GNUNET_assert (NULL != header_b64); - GNUNET_assert (NULL != payload_b64); - GNUNET_assert (NULL != signature_b32); - + + if (NULL == token) + { + GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + _("Option `-t' is required\n")); + return; + } + header_b64 = strtok (token, "."); + payload_b64 = strtok (NULL, "."); + signature_b32 = strtok (NULL, "."); + if ( (NULL != header_b64) || + (NULL != payload_b64) || + (NULL != signature_b32) ) + { + GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + _("Token `%s' is malformed\n"), + token); + GNUNET_free (token); + token = NULL; + return; + } + //Decode payload GNUNET_STRINGS_base64_decode (payload_b64, strlen (payload_b64), @@ -46,9 +89,7 @@ run (void *cls, GNUNET_STRINGS_base64_decode (header_b64, strlen (header_b64), &header); - if (NULL == token) - return; - + GNUNET_asprintf(&data, "%s,%s", @@ -60,14 +101,14 @@ run (void *cls, purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN); GNUNET_memcpy (&purpose[1], data, strlen(data)); GNUNET_free (data); - GNUNET_free (header_b64); - GNUNET_free (header_b64); + GNUNET_free (token); + token = NULL; if (print_token) printf ("Token:\nHeader:\t\t%s\nPayload:\t%s\n", header, payload); GNUNET_free (header); GNUNET_free (payload); - + payload_json = json_loads (payload, 0, &error); if ((NULL == payload_json) || !json_is_object (payload_json)) { @@ -92,10 +133,10 @@ run (void *cls, strlen (signature_b32), &sig, sizeof (struct GNUNET_CRYPTO_EcdsaSignature)); - - if (print_token) + + if (print_token) printf ("Signature:\t%s\n", keystring); - + if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN, purpose, &sig, @@ -106,6 +147,8 @@ run (void *cls, GNUNET_free (val); return; } + + int main(int argc, char *const argv[]) { @@ -123,5 +166,3 @@ main(int argc, char *const argv[]) "ct", options, &run, NULL); } - -