security svace merge from tizen_3.0

Change-Id: Id8e2ffb114a3ca564ea09aae7661d8622aceea08
Signed-off-by: jkjo92 <jkjo92@samsung.com>

diff --git a/common/fido_json_handler.c b/common/fido_json_handler.c
old mode 100644 (file)
new mode 100755 (executable)
index f52e695..4dcb4f7
--- a/common/fido_json_handler.c
+++ b/common/fido_json_handler.c
@@ -3218,7 +3218,24 @@ _uaf_composer_compose_get_registrations_request(const char *auth_index)
        /*authenticatorIndex*/
        json_builder_set_member_name(builder, _JSON_KEY_AUTH_INDEX);
        int auth_index_int = -1;
-       sscanf(auth_index, "%d", &auth_index_int);
+       char *end;
+       long sl;
+
+       sl = strtol(auth_index, &end, 10);
+       if (end == auth_index) {
+               _ERR("Failed to compose get registration reqeust");
+       } else if ('\0' != *end) {
+               _ERR("Failed to compose get registration reqeust");
+       } else if ((LONG_MIN == sl || LONG_MAX == sl) && ERANGE == errno) {
+               _ERR("Failed to compose get registration reqeust");
+       } else if (sl > INT_MAX) {
+               _ERR("Failed to compose get registration reqeust");
+       } else if (sl < INT_MIN) {
+               _ERR("Failed to compose get registration reqeust");
+       } else {
+               auth_index_int = (int)sl;
+       }
+
        json_builder_add_int_value(builder, auth_index_int);
 
 

diff --git a/server/fido_server.c b/server/fido_server.c
index 89897a2..d6c6201 100755 (executable)
--- a/server/fido_server.c
+++ b/server/fido_server.c
@@ -452,7 +452,38 @@ __handle_reg(_process_cb_data_t *cb_data, _matched_auth_data_t *matched_auth)
        reg_in->final_challenge = fc_json;
 
        int auth_idx_int = -1;
-       sscanf(matched_auth->auth_index, "%d", &auth_idx_int);
+       char *end;
+       long sl;
+
+       sl = strtol(matched_auth->auth_index, &end, 10);
+       if (end == matched_auth->auth_index) {
+               _ERR("Failed to compose final challenge");
+               _send_process_response(cb_data, FIDO_ERROR_PROTOCOL_ERROR, NULL);
+               _free_fido_asm_reg_in(reg_in);
+               return;
+       } else if ('\0' != *end) {
+               _ERR("Failed to compose final challenge");
+               _send_process_response(cb_data, FIDO_ERROR_PROTOCOL_ERROR, NULL);
+               _free_fido_asm_reg_in(reg_in);
+               return;
+       } else if ((LONG_MIN == sl || LONG_MAX == sl) && ERANGE == errno) {
+               _ERR("Failed to compose final challenge");
+               _send_process_response(cb_data, FIDO_ERROR_PROTOCOL_ERROR, NULL);
+               _free_fido_asm_reg_in(reg_in);
+               return;
+       } else if (sl > INT_MAX) {
+               _ERR("Failed to compose final challenge");
+               _send_process_response(cb_data, FIDO_ERROR_PROTOCOL_ERROR, NULL);
+               _free_fido_asm_reg_in(reg_in);
+               return;
+       } else if (sl < INT_MIN) {
+               _ERR("Failed to compose final challenge");
+               _send_process_response(cb_data, FIDO_ERROR_PROTOCOL_ERROR, NULL);
+               _free_fido_asm_reg_in(reg_in);
+               return;
+       } else {
+               auth_idx_int = (int)sl;
+       }
 
        reg_in->attestation_type = matched_auth->att_type;
 
@@ -603,7 +634,39 @@ __handle_auth(_process_cb_data_t *cb_data, _matched_auth_data_t *matched_auth)
        version->minor = _VERSION_MINOR;
 
        int auth_idx_int = -1;
-       sscanf(matched_auth->auth_index, "%d", &auth_idx_int);
+       char *end;
+       long sl;
+
+       sl = strtol(matched_auth->auth_index, &end, 10);
+       if (end == matched_auth->auth_index) {
+               _ERR("Failed to compose final challenge");
+               _send_process_response(cb_data, FIDO_ERROR_PROTOCOL_ERROR, NULL);
+               SAFE_DELETE(version);
+               return;
+       } else if ('\0' != *end) {
+               _ERR("Failed to compose final challenge");
+               _send_process_response(cb_data, FIDO_ERROR_PROTOCOL_ERROR, NULL);
+               SAFE_DELETE(version);
+               return;
+       } else if ((LONG_MIN == sl || LONG_MAX == sl) && ERANGE == errno) {
+               _ERR("Failed to compose final challenge");
+               _send_process_response(cb_data, FIDO_ERROR_PROTOCOL_ERROR, NULL);
+               SAFE_DELETE(version);
+               return;
+       } else if (sl > INT_MAX) {
+               _ERR("Failed to compose final challenge");
+               _send_process_response(cb_data, FIDO_ERROR_PROTOCOL_ERROR, NULL);
+               SAFE_DELETE(version);
+               return;
+       } else if (sl < INT_MIN) {
+               _ERR("Failed to compose final challenge");
+               _send_process_response(cb_data, FIDO_ERROR_PROTOCOL_ERROR, NULL);
+               SAFE_DELETE(version);
+               return;
+       } else {
+               auth_idx_int = (int)sl;
+       }
+
        if (auth_idx_int == -1) {
                _ERR("ASM in data missing");
                _send_process_response(cb_data, FIDO_ERROR_NO_SUITABLE_AUTHENTICATOR, NULL);
@@ -707,7 +770,33 @@ __process_dereg_queue(_dereg_q_t *dereg_q)
        char *asm_req_json = NULL;
 
        int auth_index_int = _INVALID_INT;
-       sscanf(dereg_data->auth_index, "%d", &auth_index_int);
+       char *end;
+       long sl;
+
+       sl = strtol(dereg_data->auth_index, &end, 10);
+       if (end == dereg_data->auth_index) {
+               _ERR("Failed to compose final challenge");
+               _send_process_response(cb_data, FIDO_ERROR_PROTOCOL_ERROR, NULL);
+               return;
+       } else if ('\0' != *end) {
+               _ERR("Failed to compose final challenge");
+               _send_process_response(cb_data, FIDO_ERROR_PROTOCOL_ERROR, NULL);
+               return;
+       } else if ((LONG_MIN == sl || LONG_MAX == sl) && ERANGE == errno) {
+               _ERR("Failed to compose final challenge");
+               _send_process_response(cb_data, FIDO_ERROR_PROTOCOL_ERROR, NULL);
+               return;
+       } else if (sl > INT_MAX) {
+               _ERR("Failed to compose final challenge");
+               _send_process_response(cb_data, FIDO_ERROR_PROTOCOL_ERROR, NULL);
+               return;
+       } else if (sl < INT_MIN) {
+               _ERR("Failed to compose final challenge");
+               _send_process_response(cb_data, FIDO_ERROR_PROTOCOL_ERROR, NULL);
+               return;
+       } else {
+               auth_index_int = (int)sl;
+       }
 
        _INFO("Auth index for dereg req = [%d]", auth_index_int);