From 7ad94d1427d304483e9bf1cf1d12065f8e41d712 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Mon, 8 Jan 2018 07:58:33 +0100 Subject: [PATCH] bugfixes --- src/credential/credential_misc.c | 1 + src/credential/credential_serialization.c | 1 - src/credential/gnunet-credential.c | 7 ++ src/credential/gnunet-service-credential.c | 14 ++-- src/credential/plugin_gnsrecord_credential.c | 10 +++ src/credential/plugin_rest_credential.c | 16 +++-- src/identity-provider/gnunet-idp.c | 5 +- .../gnunet-service-identity-provider.c | 65 +++++++++++++------ src/identity-provider/identity_provider_api.c | 21 +++--- 9 files changed, 98 insertions(+), 42 deletions(-) diff --git a/src/credential/credential_misc.c b/src/credential/credential_misc.c index c94c33919..2575f1de8 100644 --- a/src/credential/credential_misc.c +++ b/src/credential/credential_misc.c @@ -149,6 +149,7 @@ GNUNET_CREDENTIAL_credential_issue (const struct GNUNET_CRYPTO_EcdsaPrivateKey * { GNUNET_break (0); GNUNET_free (crd); + GNUNET_free (cred); return NULL; } cred->signature = crd->signature; diff --git a/src/credential/credential_serialization.c b/src/credential/credential_serialization.c index 1d23bb08c..2bbf3bfb8 100644 --- a/src/credential/credential_serialization.c +++ b/src/credential/credential_serialization.c @@ -279,7 +279,6 @@ GNUNET_CREDENTIAL_delegation_chain_get_size (unsigned int d_count, ret += dd[i].issuer_attribute_len + dd[i].subject_attribute_len; } return ret+GNUNET_CREDENTIAL_credentials_get_size(c_count, cd); - return ret; } /** diff --git a/src/credential/gnunet-credential.c b/src/credential/gnunet-credential.c index 03f959b95..b5bcc4d43 100644 --- a/src/credential/gnunet-credential.c +++ b/src/credential/gnunet-credential.c @@ -371,12 +371,14 @@ run (void *cls, fprintf (stderr, _("Failed to connect to CREDENTIAL\n")); GNUNET_SCHEDULER_shutdown (); + return; } if (NULL == issuer_attr) { fprintf (stderr, _("You must provide issuer the attribute\n")); GNUNET_SCHEDULER_shutdown (); + return; } if (NULL == ego_name) @@ -432,6 +434,7 @@ run (void *cls, _("Issuer public key `%s' is not well-formed\n"), issuer_key); GNUNET_SCHEDULER_shutdown (); + return; } credential = GNUNET_CREDENTIAL_connect (cfg); @@ -440,12 +443,14 @@ run (void *cls, fprintf (stderr, _("Failed to connect to CREDENTIAL\n")); GNUNET_SCHEDULER_shutdown (); + return; } if (NULL == issuer_attr || NULL == subject_credential) { fprintf (stderr, _("You must provide issuer and subject attributes\n")); GNUNET_SCHEDULER_shutdown (); + return; } //Subject credentials are comma separated @@ -457,6 +462,7 @@ run (void *cls, "Invalid subject credentials\n"); GNUNET_free (tmp); GNUNET_SCHEDULER_shutdown (); + return; } int count = 1; int i; @@ -490,6 +496,7 @@ run (void *cls, { GNUNET_free ((char*)credentials[i].issuer_attribute); } + GNUNET_free (tmp); } else if (GNUNET_YES == create_cred) { if (NULL == ego_name) { diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index be88839e9..a2c339363 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c @@ -722,6 +722,12 @@ backward_resolution (void* cls, strcpy (issuer_attribute_name, ds_entry->unresolved_attribute_delegation); char *next_attr = strtok (issuer_attribute_name, "."); + if (NULL == next_attr) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to parse next attribute\n"); + continue; + } GNUNET_asprintf (&lookup_attribute, "%s.gnu", next_attr); @@ -806,7 +812,7 @@ delegation_chain_resolution_start (void* cls) * Check for attributes from the issuer and follow the chain * till you get the required subject's attributes */ - char issuer_attribute_name[strlen (vrh->issuer_attribute)]; + char issuer_attribute_name[strlen (vrh->issuer_attribute) + strlen (".gnu") + 1]; strcpy (issuer_attribute_name, vrh->issuer_attribute); strcpy (issuer_attribute_name + strlen (vrh->issuer_attribute), @@ -889,7 +895,7 @@ handle_verify (void *cls, vrh->issuer_key = v_msg->issuer_key; vrh->subject_key = v_msg->subject_key; vrh->issuer_attribute = GNUNET_strdup (issuer_attribute); - if (NULL == issuer_attribute) + if (0 == strlen (issuer_attribute)) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No issuer attribute provided!\n"); @@ -1033,7 +1039,7 @@ handle_collect (void *cls, &vrh->subject_key); vrh->issuer_attribute = GNUNET_strdup (issuer_attribute); - if (NULL == issuer_attribute) + if (0 == strlen (issuer_attribute)) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No issuer attribute provided!\n"); @@ -1076,7 +1082,7 @@ check_collect (void *cls, } attr = (const char *) &c_msg[1]; - if ( ('\0' != attr[ntohs(c_msg->header.size) - sizeof (struct CollectMessage) - 1]) || + if ( ('\0' != attr[msg_size - sizeof (struct CollectMessage) - 1]) || (strlen (attr) > GNUNET_CREDENTIAL_MAX_LENGTH) ) { GNUNET_break (0); diff --git a/src/credential/plugin_gnsrecord_credential.c b/src/credential/plugin_gnsrecord_credential.c index 342790b7a..ffb2857dc 100644 --- a/src/credential/plugin_gnsrecord_credential.c +++ b/src/credential/plugin_gnsrecord_credential.c @@ -199,6 +199,13 @@ credential_string_to_value (void *cls, GNUNET_free (tmp_str); tmp_str = GNUNET_strdup (s); token = strtok (tmp_str, ","); + if (NULL == token) + { + GNUNET_free (tmp_str); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Malformed string %s\n", s); + return GNUNET_SYSERR; + } struct GNUNET_CREDENTIAL_DelegationSet set[entries]; for (i=0;isubject_key)) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Malformed subject key\n"); - GNUNET_free (entity_attr); GNUNET_SCHEDULER_add_now (&do_error, handle); return; } @@ -858,6 +853,7 @@ send_cred_response (struct RequestHandle *handle, { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Subject malformed\n"); + GNUNET_free (issuer); return; } GNUNET_asprintf (&id, @@ -869,6 +865,8 @@ send_cred_response (struct RequestHandle *handle, { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Subject malformed\n"); + GNUNET_free (id); + GNUNET_free (issuer); return; } GNUNET_STRINGS_base64_encode ((char*)&cred->signature, @@ -953,6 +951,14 @@ get_cred_issuer_cb (void *cls, } expiration_str = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, &key); + if ( NULL == expiration_str ) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Expiration malformed\n"); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + if (GNUNET_OK == GNUNET_STRINGS_fancy_time_to_relative (expiration_str, &etime_rel)) { diff --git a/src/identity-provider/gnunet-idp.c b/src/identity-provider/gnunet-idp.c index 62f07842b..995dd5775 100644 --- a/src/identity-provider/gnunet-idp.c +++ b/src/identity-provider/gnunet-idp.c @@ -432,8 +432,7 @@ main(int argc, char *const argv[]) &type_str), GNUNET_GETOPT_OPTION_END }; - GNUNET_PROGRAM_run (argc, argv, "ct", + return (GNUNET_OK == GNUNET_PROGRAM_run (argc, argv, "ct", "ct", options, - &run, NULL); - return ret; + &run, NULL)); } diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 711ae76ce..265719d58 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -704,7 +704,6 @@ static void bootstrap_abe_error (void *cls) { struct AbeBootstrapHandle *abh = cls; - GNUNET_free (abh); abh->proc (abh->proc_cls, NULL); GNUNET_free (abh); } @@ -1348,7 +1347,18 @@ reenc_next_attribute (struct TicketRevocationHandle *rh) rh->abe_key, (void**)&enc_buf); GNUNET_free (buf); + if (GNUNET_SYSERR == enc_size) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unable to re-encrypt with policy %s\n", + policy); + GNUNET_free (policy); + send_revocation_finished (rh, GNUNET_SYSERR); + cleanup_revoke_ticket_handle (rh); + return; + } GNUNET_free (policy); + rd[0].data_size = enc_size + sizeof (uint32_t); rd_buf = GNUNET_malloc (rd[0].data_size); attr_ver = htonl (rh->attrs->list_head->claim->version); @@ -1501,7 +1511,7 @@ cleanup_consume_ticket_handle (struct ConsumeTicketHandle *handle) { if (NULL != handle->key) GNUNET_ABE_cpabe_delete_key (handle->key, - GNUNET_YES); + GNUNET_YES); if (NULL != handle->attrs) GNUNET_IDENTITY_ATTRIBUTE_list_destroy (handle->attrs); GNUNET_free (handle); @@ -1563,9 +1573,9 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count, { decrypt_duration = GNUNET_TIME_absolute_get (); attr_len = GNUNET_ABE_cpabe_decrypt (rd->data + sizeof (uint32_t), - rd->data_size - sizeof (uint32_t), - handle->key, - (void**)&data); + rd->data_size - sizeof (uint32_t), + handle->key, + (void**)&data); if (GNUNET_SYSERR != attr_len) { GNUNET_STATISTICS_update (stats, @@ -1579,7 +1589,7 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count, attr_le = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry); attr_le->claim = GNUNET_IDENTITY_ATTRIBUTE_deserialize (data, - attr_len); + attr_len); attr_le->claim->version = ntohl(*(uint32_t*)rd->data); GNUNET_CONTAINER_DLL_insert (handle->attrs->list_head, handle->attrs->list_tail, @@ -1611,7 +1621,7 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count, crm->identity = handle->ticket.identity; data_tmp = (char *) &crm[1]; GNUNET_IDENTITY_ATTRIBUTE_list_serialize (handle->attrs, - data_tmp); + data_tmp); GNUNET_MQ_send (handle->client->mq, env); cleanup_consume_ticket_handle (handle); } @@ -1705,8 +1715,8 @@ process_consume_abe_key (void *cls, uint32_t rd_count, GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Scopes %s\n", scopes); handle->key = GNUNET_ABE_cpabe_deserialize_key ((void*)(buf + strlen (scopes) + 1), - rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) - - strlen (scopes) - 1); + rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) + - strlen (scopes) - 1); for (scope = strtok (scopes, ","); NULL != scope; scope = strtok (NULL, ",")) { @@ -1837,7 +1847,7 @@ attr_store_task (void *cls) buf = GNUNET_malloc (buf_size); GNUNET_IDENTITY_ATTRIBUTE_serialize (as_handle->claim, - buf); + buf); GNUNET_asprintf (&policy, "%s_%lu", @@ -1849,10 +1859,21 @@ attr_store_task (void *cls) * Encrypt the attribute value and store in namestore */ enc_size = GNUNET_ABE_cpabe_encrypt (buf, - buf_size, - policy, //Policy - as_handle->abe_key, - (void**)&enc_buf); + buf_size, + policy, //Policy + as_handle->abe_key, + (void**)&enc_buf); + if (GNUNET_SYSERR == enc_size) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to encrypt with policy %s\n", + policy); + cleanup_as_handle (as_handle); + GNUNET_free (buf); + GNUNET_free (policy); + GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); + return; + } GNUNET_free (buf); GNUNET_free (policy); rd[0].data_size = enc_size + sizeof (uint32_t); @@ -1921,7 +1942,7 @@ handle_attribute_store_message (void *cls, as_handle = GNUNET_new (struct AttributeStoreHandle); as_handle->claim = GNUNET_IDENTITY_ATTRIBUTE_deserialize ((char*)&sam[1], - data_len); + data_len); as_handle->r_id = ntohl (sam->id); as_handle->identity = sam->identity; @@ -2004,14 +2025,18 @@ attr_iter_cb (void *cls, attrs[0] = policy; attrs[1] = 0; key = GNUNET_ABE_cpabe_create_key (ai->abe_key, - attrs); + attrs); msg_extra_len = GNUNET_ABE_cpabe_decrypt (rd->data+sizeof (uint32_t), - rd->data_size-sizeof (uint32_t), - key, - (void**)&attr_ser); + rd->data_size-sizeof (uint32_t), + key, + (void**)&attr_ser); + if (GNUNET_SYSERR == msg_extra_len) { + GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it); + return; + } GNUNET_ABE_cpabe_delete_key (key, - GNUNET_YES); + GNUNET_YES); //GNUNET_free (policy); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Found attribute: %s\n", label); diff --git a/src/identity-provider/identity_provider_api.c b/src/identity-provider/identity_provider_api.c index d0ece80fe..38c11841c 100644 --- a/src/identity-provider/identity_provider_api.c +++ b/src/identity-provider/identity_provider_api.c @@ -514,13 +514,16 @@ handle_consume_ticket_result (void *cls, GNUNET_IDENTITY_ATTRIBUTE_list_destroy (attrs); } } - op->ar_cb (op->cls, - NULL, - NULL); - GNUNET_CONTAINER_DLL_remove (h->op_head, - h->op_tail, - op); - GNUNET_free (op); + if (NULL != op) + { + op->ar_cb (op->cls, + NULL, + NULL); + GNUNET_CONTAINER_DLL_remove (h->op_head, + h->op_tail, + op); + GNUNET_free (op); + } return; } GNUNET_assert (0); @@ -926,7 +929,7 @@ GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle sam->id = htonl (op->r_id); GNUNET_IDENTITY_ATTRIBUTE_serialize (attr, - (char*)&sam[1]); + (char*)&sam[1]); sam->attr_len = htons (attr_len); if (NULL != h->mq) @@ -1093,7 +1096,7 @@ GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *h tim->id = htonl (op->r_id); GNUNET_IDENTITY_ATTRIBUTE_list_serialize (attrs, - (char*)&tim[1]); + (char*)&tim[1]); tim->attr_len = htons (attr_len); if (NULL != h->mq) -- 2.25.1