#include <string.h>
#include <dirent.h>
#include <errno.h>
+#include <limits.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <time.h>
expire_time = 0;
else
{
+ /* Check if value converted to seconds will not exceed the range of unsigned int */
time_t t = time(NULL );
unsigned int valid_days_max = (UINT_MAX - t) / 86400;
if (valid_days > valid_days_max)
if (valid_days == 0)
expire_time = 0;
else
- expire_time = time(NULL) + (valid_days * 86400);
+ {
+ /* Check if value converted to seconds will not exceed the range of unsigned int */
+ time_t t = time(NULL );
+ unsigned int valid_days_max = (UINT_MAX - t) / 86400;
+ if (valid_days > valid_days_max)
+ {
+ SECURE_SLOGE("%s",
+ "Server: Max password validity exceeded (%d>%d)", valid_days, valid_days_max);
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+ expire_time = t + (valid_days * 86400);
+ }
/* Hash requested password */
SHA256_Init(&context);
#include <client-common.h>
#include <protocols.h>
#include <smack-check.h>
+#include <signal.h>
#include <security-server.h>
#include <security-server-common.h>
if (1 != smack_check())
return SECURITY_SERVER_API_SUCCESS;
+ // Checking whether a process with pid exists
+ if ((pid < 0) || ((kill(pid, 0) == -1) && (errno == ESRCH))) {
+ LogDebug("pid is invalid, process: " << pid << " does not exist");
+ return SECURITY_SERVER_API_ERROR_INPUT_PARAM;
+ }
+
+ if (NULL == object || 0 == strlen(object)) {
+ LogDebug("object param is NULL or empty");
+ return SECURITY_SERVER_API_ERROR_INPUT_PARAM;
+ }
+
+ if (NULL == access_rights || 0 == strlen(access_rights)) {
+ LogDebug("access_right param is NULL or empty");
+ return SECURITY_SERVER_API_ERROR_INPUT_PARAM;
+ }
+
SocketBuffer send, recv;
Serialization::Serialize(send, pid);
Serialization::Serialize(send, std::string(object));