[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CVS gsasl/lib/digest-md5
|
From: |
gsasl-commit |
|
Subject: |
CVS gsasl/lib/digest-md5 |
|
Date: |
Sun, 19 Dec 2004 06:36:42 +0100 |
Update of /home/cvs/gsasl/lib/digest-md5
In directory dopio:/tmp/cvs-serv32171
Modified Files:
printer.c
Log Message:
Validate input.
Fix printf call.
--- /home/cvs/gsasl/lib/digest-md5/printer.c 2004/12/19 04:32:08 1.1
+++ /home/cvs/gsasl/lib/digest-md5/printer.c 2004/12/19 05:36:42 1.2
@@ -33,6 +33,9 @@
/* Get asprintf. */
#include <vasprintf.h>
+/* Get token validator. */
+#include "validate.h"
+
/* FIXME: The challenge/response functions may print "empty" fields,
such as "foo=bar, , , bar=foo". It is valid, but look ugly. */
@@ -43,6 +46,11 @@
char *realm = NULL, *maxbuf = NULL;
size_t i;
+ /* Below we assume the mandatory fields are present, verify that
+ first to avoid crashes. */
+ if (digest_md5_validate_challenge (c) != 0)
+ return NULL;
+
for (i = 0; i < c->nrealms; i++)
{
char *tmp;
@@ -55,7 +63,7 @@
}
if (c->servermaxbuf)
- if (asprintf (&maxbuf, "maxbuf=\"%lud\"", c->servermaxbuf) < 0)
+ if (asprintf (&maxbuf, "maxbuf=\"%lu\"", c->servermaxbuf) < 0)
goto end;
if (asprintf (&out, "%s, nonce=\"%s\", %s%s%s%s%s, %s, "
@@ -98,6 +106,11 @@
const char *cipher = NULL;
char *maxbuf = NULL;
+ /* Below we assume the mandatory fields are present, verify that
+ first to avoid crashes. */
+ if (digest_md5_validate_response (r) != 0)
+ return NULL;
+
if (r->qop & DIGEST_MD5_QOP_AUTH_CONF)
qop = "qop=auth-conf";
else if (r->qop & DIGEST_MD5_QOP_AUTH_INT)
@@ -108,7 +121,7 @@
qop = "";
if (r->clientmaxbuf)
- if (asprintf (&maxbuf, "maxbuf=\"%lud\"", r->clientmaxbuf) < 0)
+ if (asprintf (&maxbuf, "maxbuf=\"%lu\"", r->clientmaxbuf) < 0)
goto end;
if (r->cipher & DIGEST_MD5_CIPHER_3DES)
@@ -161,6 +174,11 @@
{
char *out;
+ /* Below we assume the mandatory fields are present, verify that
+ first to avoid crashes. */
+ if (digest_md5_validate_finish (finish) != 0)
+ return NULL;
+
if (asprintf (&out, "rspauth=%s", finish->rspauth) < 0)
return NULL;
- CVS gsasl/lib/digest-md5, (continued)
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/18
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/18
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/18
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/18
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/18
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/18
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/19
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/19
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/19
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/19
- CVS gsasl/lib/digest-md5,
gsasl-commit <=
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/19
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/19
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/19
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/19
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/19
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/19
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/19
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/19
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/19
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/12/19