fix security svace issue

Change-Id: I67543998489a4406a110032b9d7dd6f5df34d0da
Signed-off-by: jkjo92 <jkjo92@samsung.com>

diff --git a/common/fido_json_handler.c b/common/fido_json_handler.c
old mode 100644 (file)
new mode 100755 (executable)
index bb2a680..1022dc8
--- a/common/fido_json_handler.c
+++ b/common/fido_json_handler.c
@@ -3217,7 +3217,24 @@ _uaf_composer_compose_get_registrations_request(const char *auth_index)
        /*authenticatorIndex*/
        json_builder_set_member_name(builder, _JSON_KEY_AUTH_INDEX);
        int auth_index_int = -1;
-       sscanf(auth_index, "%d", &auth_index_int);
+       char *end;
+       long sl;
+
+       sl = strtol(auth_index, &end, 10);
+       if (end == auth_index) {
+               _ERR("Failed to compose get registration reqeust");
+       } else if ('\0' != *end) {
+               _ERR("Failed to compose get registration reqeust");
+       } else if ((LONG_MIN == sl || LONG_MAX == sl) && ERANGE == errno) {
+               _ERR("Failed to compose get registration reqeust");
+       } else if (sl > INT_MAX) {
+               _ERR("Failed to compose get registration reqeust");
+       } else if (sl < INT_MIN) {
+               _ERR("Failed to compose get registration reqeust");
+       } else {
+               auth_index_int = (int)sl;
+       }
+
        json_builder_add_int_value(builder, auth_index_int);
 
 

diff --git a/server/fido_server.c b/server/fido_server.c
index 9cf0f6e..6644317 100755 (executable)
--- a/server/fido_server.c
+++ b/server/fido_server.c
@@ -455,7 +455,38 @@ __handle_reg(_process_cb_data_t *cb_data, _matched_auth_data_t *matched_auth)
        reg_in->final_challenge = fc_json;
 
        int auth_idx_int = -1;
-       sscanf(matched_auth->auth_index, "%d", &auth_idx_int);
+       char *end;
+       long sl;
+
+       sl = strtol(matched_auth->auth_index, &end, 10);
+       if (end == matched_auth->auth_index) {
+               _ERR("Failed to compose final challenge");
+               _send_process_response(cb_data, FIDO_ERROR_PROTOCOL_ERROR, NULL);
+               _free_fido_asm_reg_in(reg_in);
+               return;
+       } else if ('\0' != *end) {
+               _ERR("Failed to compose final challenge");
+               _send_process_response(cb_data, FIDO_ERROR_PROTOCOL_ERROR, NULL);
+               _free_fido_asm_reg_in(reg_in);
+               return;
+       } else if ((LONG_MIN == sl || LONG_MAX == sl) && ERANGE == errno) {
+               _ERR("Failed to compose final challenge");
+               _send_process_response(cb_data, FIDO_ERROR_PROTOCOL_ERROR, NULL);
+               _free_fido_asm_reg_in(reg_in);
+               return;
+       } else if (sl > INT_MAX) {
+               _ERR("Failed to compose final challenge");
+               _send_process_response(cb_data, FIDO_ERROR_PROTOCOL_ERROR, NULL);
+               _free_fido_asm_reg_in(reg_in);
+               return;
+       } else if (sl < INT_MIN) {
+               _ERR("Failed to compose final challenge");
+               _send_process_response(cb_data, FIDO_ERROR_PROTOCOL_ERROR, NULL);
+               _free_fido_asm_reg_in(reg_in);
+               return;
+       } else {
+               auth_idx_int = (int)sl;
+       }
 
        reg_in->attestation_type = matched_auth->att_type;
 
@@ -563,6 +594,8 @@ __handle_auth(_process_cb_data_t *cb_data, _matched_auth_data_t *matched_auth)
 
        _fido_asm_auth_in_t *auth_asm_in = (_fido_asm_auth_in_t*)calloc(1, sizeof(_fido_asm_auth_in_t));
 
+       _fido_asm_reg_in_t *reg_in = (_fido_asm_reg_in_t*) calloc(1, sizeof(_fido_asm_reg_in_t));
+
        if (cb_data->uaf_req->header->app_id == NULL) {
 
                if (cb_data->uaf_req->facet_id == NULL) {
@@ -606,7 +639,39 @@ __handle_auth(_process_cb_data_t *cb_data, _matched_auth_data_t *matched_auth)
        version->minor = _VERSION_MINOR;
 
        int auth_idx_int = -1;
-       sscanf(matched_auth->auth_index, "%d", &auth_idx_int);
+       char *end;
+       long sl;
+
+       sl = strtol(matched_auth->auth_index, &end, 10);
+       if (end == matched_auth->auth_index) {
+               _ERR("Failed to compose final challenge");
+               _send_process_response(cb_data, FIDO_ERROR_PROTOCOL_ERROR, NULL);
+               _free_fido_asm_reg_in(reg_in);
+               return;
+       } else if ('\0' != *end) {
+               _ERR("Failed to compose final challenge");
+               _send_process_response(cb_data, FIDO_ERROR_PROTOCOL_ERROR, NULL);
+               _free_fido_asm_reg_in(reg_in);
+               return;
+       } else if ((LONG_MIN == sl || LONG_MAX == sl) && ERANGE == errno) {
+               _ERR("Failed to compose final challenge");
+               _send_process_response(cb_data, FIDO_ERROR_PROTOCOL_ERROR, NULL);
+               _free_fido_asm_reg_in(reg_in);
+               return;
+       } else if (sl > INT_MAX) {
+               _ERR("Failed to compose final challenge");
+               _send_process_response(cb_data, FIDO_ERROR_PROTOCOL_ERROR, NULL);
+               _free_fido_asm_reg_in(reg_in);
+               return;
+       } else if (sl < INT_MIN) {
+               _ERR("Failed to compose final challenge");
+               _send_process_response(cb_data, FIDO_ERROR_PROTOCOL_ERROR, NULL);
+               _free_fido_asm_reg_in(reg_in);
+               return;
+       } else {
+               auth_idx_int = (int)sl;
+       }
+
        if (auth_idx_int == -1) {
                _ERR("ASM in data missing");
                _send_process_response(cb_data, FIDO_ERROR_NO_SUITABLE_AUTHENTICATOR, NULL);
@@ -714,10 +779,43 @@ __process_dereg_queue(_dereg_q_t *dereg_q)
 
        _matched_auth_dereg_t *dereg_data = (_matched_auth_dereg_t*)(g_queue_pop_head(q));
 
+       _fido_asm_reg_in_t *reg_in = (_fido_asm_reg_in_t*) calloc(1, sizeof(_fido_asm_reg_in_t));
+
        char *asm_req_json = NULL;
 
        int auth_index_int = _INVALID_INT;
-       sscanf(dereg_data->auth_index, "%d", &auth_index_int);
+       char *end;
+       long sl;
+
+       sl = strtol(dereg_data->auth_index, &end, 10);
+       if (end == dereg_data->auth_index) {
+               _ERR("Failed to compose final challenge");
+               _send_process_response(cb_data, FIDO_ERROR_PROTOCOL_ERROR, NULL);
+               _free_fido_asm_reg_in(reg_in);
+               return;
+       } else if ('\0' != *end) {
+               _ERR("Failed to compose final challenge");
+               _send_process_response(cb_data, FIDO_ERROR_PROTOCOL_ERROR, NULL);
+               _free_fido_asm_reg_in(reg_in);
+               return;
+       } else if ((LONG_MIN == sl || LONG_MAX == sl) && ERANGE == errno) {
+               _ERR("Failed to compose final challenge");
+               _send_process_response(cb_data, FIDO_ERROR_PROTOCOL_ERROR, NULL);
+               _free_fido_asm_reg_in(reg_in);
+               return;
+       } else if (sl > INT_MAX) {
+               _ERR("Failed to compose final challenge");
+               _send_process_response(cb_data, FIDO_ERROR_PROTOCOL_ERROR, NULL);
+               _free_fido_asm_reg_in(reg_in);
+               return;
+       } else if (sl < INT_MIN) {
+               _ERR("Failed to compose final challenge");
+               _send_process_response(cb_data, FIDO_ERROR_PROTOCOL_ERROR, NULL);
+               _free_fido_asm_reg_in(reg_in);
+               return;
+       } else {
+               auth_index_int = (int)sl;
+       }
 
        _INFO("Auth index for dereg req = [%d]", auth_index_int);