From f4eb3d7acb02b95834482d7ef47de52bcf9e415e Mon Sep 17 00:00:00 2001 From: jkjo92 Date: Wed, 30 Nov 2016 17:44:46 +0900 Subject: [PATCH] fix memory leak issue TSAM-10555 & Policy handling changed to treat RA keyID correctly Change-Id: I003bf59eb9ef0c8c7be4638aa85c1d03fea770fa --- server/fido_asm_plugin_manager.c | 4 +- server/fido_server.c | 95 +++++++++++++++++++++++++++++++--------- server/fido_uaf_policy_checker.c | 62 +++++++++++++++++++++++++- 3 files changed, 138 insertions(+), 23 deletions(-) diff --git a/server/fido_asm_plugin_manager.c b/server/fido_asm_plugin_manager.c index 3f5e7f0..137ab82 100644 --- a/server/fido_asm_plugin_manager.c +++ b/server/fido_asm_plugin_manager.c @@ -292,8 +292,10 @@ _asm_plugin_mgr_discover_all(_asm_plugin_discover_response_cb cb, void *user_dat cb_data->user_data = user_data; - if (cb_data->asm_proxy_list_iter == NULL) + if (cb_data->asm_proxy_list_iter == NULL) { + free(cb_data); return FIDO_ERROR_NOT_SUPPORTED; + } _fido_asm_proxy_t *asm_proxy = (_fido_asm_proxy_t*)(cb_data->asm_proxy_list_iter->data); diff --git a/server/fido_server.c b/server/fido_server.c index b205944..09bafc1 100755 --- a/server/fido_server.c +++ b/server/fido_server.c @@ -765,39 +765,94 @@ __get_keyid_list_from_app_reg(GList *app_reg_list) } static GList * -__get_auth_list_with_keyids(GList *available_authenticators) +__get_auth_list_with_keyids(_policy_t *policy, GList *available_authenticators) { - _INFO("__get_auth_list_with_keyids"); + _INFO("keyID retrieval start"); GList *available_authenticators_full = NULL; GList *avl_auth_iter = g_list_first(available_authenticators); - while (avl_auth_iter != NULL) { + for (; avl_auth_iter != NULL; avl_auth_iter = avl_auth_iter->next) { fido_authenticator_s *asm_auth = (fido_authenticator_s*)(avl_auth_iter->data); if (asm_auth != NULL) { - char *get_reg_json = _uaf_composer_compose_get_registrations_request(asm_auth->auth_index); - char *get_reg_resp = _asm_ipc_send_sync(asm_auth->asm_id, get_reg_json); + if (asm_auth->is_roaming == true) { + /*For RA, keyID = keyHandle*/ + _INFO("For Roaming"); + GList *accepted_list = policy->accepted_list; + + if (accepted_list != NULL) + _INFO("accepted_list count = [%d]", g_list_length(accepted_list)); + + GList *accepted_list_iter = g_list_first(accepted_list); + for (; accepted_list_iter != NULL; accepted_list_iter = accepted_list_iter->next) { + + GList *accepted_list_internal = (GList *) accepted_list_iter->data; + GList *accepted_list_internal_iter = g_list_first(accepted_list_internal); + for (; accepted_list_internal_iter != NULL; + accepted_list_internal_iter = accepted_list_internal_iter->next) { + _match_criteria_t *match_info = (_match_criteria_t *) accepted_list_internal_iter->data; + + if (match_info->aaid_list != NULL) { + + GList *aaid_iter = g_list_first(match_info->aaid_list); + for (; aaid_iter != NULL; aaid_iter = aaid_iter->next) { + + char *aaid = (char*)aaid_iter->data; + if ((aaid != NULL) && (strcmp(aaid, asm_auth->aaid) == 0)) { + _INFO("Adding keyid as keyhandle"); + + if (match_info->key_id_list != NULL) { + GList *key_list_iter = g_list_first(match_info->key_id_list); + for (; key_list_iter != NULL; key_list_iter = key_list_iter->next) { + + char *key_id = (char*)key_list_iter->data; + if (key_id != NULL) { + asm_auth->key_ids = g_list_append(asm_auth->key_ids, _SAFE_DUP(key_id)); + _INFO("Added keyid as keyhandle"); + _INFO("%s", key_id); + } + } + } + } + } + } + } + } - if (get_reg_resp != NULL) - _INFO("_asm_ipc_send_sync = [%s]", get_reg_resp); + if (asm_auth->key_ids != NULL) { + asm_auth->key_ids = g_list_first(asm_auth->key_ids); + available_authenticators_full = g_list_append(available_authenticators_full, asm_auth); + _INFO("Added keyid as keyhandle [%p][%s][%d]", asm_auth, + asm_auth->aaid, g_list_length(asm_auth->key_ids)); + } - _asm_get_reg_out_t *get_reg_out = _uaf_parser_parser_asm_get_reg_response(get_reg_resp); - if (get_reg_out != NULL) { - asm_auth->key_ids = __get_keyid_list_from_app_reg(get_reg_out->app_reg_list); - asm_auth->key_ids = g_list_first(asm_auth->key_ids); - _INFO(" asm_auth->key_ids count = [%d]", g_list_length(asm_auth->key_ids)); - } - available_authenticators_full = g_list_append(available_authenticators_full, asm_auth); + } else { + + _INFO("For Bound"); + char *get_reg_json = _uaf_composer_compose_get_registrations_request(asm_auth->auth_index); + char *get_reg_resp = _asm_ipc_send_sync(asm_auth->asm_id, get_reg_json); - SAFE_DELETE(get_reg_json); - SAFE_DELETE(get_reg_resp); - _free_asm_get_reg_out(get_reg_out); + if (get_reg_resp != NULL) + _INFO("_asm_ipc_send_sync = [%s]", get_reg_resp); + _asm_get_reg_out_t *get_reg_out = _uaf_parser_parser_asm_get_reg_response(get_reg_resp); + if (get_reg_out != NULL) { + asm_auth->key_ids = __get_keyid_list_from_app_reg(get_reg_out->app_reg_list); + asm_auth->key_ids = g_list_first(asm_auth->key_ids); + _INFO(" asm_auth->key_ids count = [%d]", g_list_length(asm_auth->key_ids)); + } + available_authenticators_full = g_list_append(available_authenticators_full, asm_auth); + + SAFE_DELETE(get_reg_json); + SAFE_DELETE(get_reg_resp); + _free_asm_get_reg_out(get_reg_out); + + } } - avl_auth_iter = avl_auth_iter->next; } + _INFO("keyID retrieval end"); return available_authenticators_full; } @@ -862,7 +917,7 @@ _discover_response_cb_for_process(int tz_error_code, int error_code, GList *avai if (policy->is_keyid_present == true) { /*Available authenticators' keyIDs can be fetched via GetRegistrations ASM op*/ _INFO("Need to call GetRegistrations to match policy"); - GList *avl_auth_list_full_temp = __get_auth_list_with_keyids(available_authenticators); + GList *avl_auth_list_full_temp = __get_auth_list_with_keyids(policy, available_authenticators); if (avl_auth_list_full_temp != NULL) { g_list_free(available_authenticators_full); @@ -968,7 +1023,7 @@ _discover_response_cb_for_process(int tz_error_code, int error_code, GList *avai if (policy->is_keyid_present == true) { /*Available authenticators' keyIDs can be fetched via GetRegistrations ASM op*/ _INFO("Need to call GetRegistrations to match policy"); - GList *avl_auth_list_full_temp = __get_auth_list_with_keyids(available_authenticators); + GList *avl_auth_list_full_temp = __get_auth_list_with_keyids(policy, available_authenticators); if (avl_auth_list_full_temp != NULL) { g_list_free(available_authenticators_full); available_authenticators_full = g_list_first(avl_auth_list_full_temp); diff --git a/server/fido_uaf_policy_checker.c b/server/fido_uaf_policy_checker.c index dea204b..f055ac8 100644 --- a/server/fido_uaf_policy_checker.c +++ b/server/fido_uaf_policy_checker.c @@ -530,10 +530,68 @@ _policy_checker_get_matched_auth_list(_policy_t *policy, GList *auth_list) accepted_list_iter = accepted_list_iter->next; } - if (allowed_list != NULL) + if (allowed_list != NULL) { allowed_list = g_list_first(allowed_list); - return allowed_list; + /*List consolidation, based on asmid-authindex*/ + + GList *alist_cons = NULL; + + GList *allowed_list_iter = g_list_first(allowed_list); + for (; allowed_list_iter != NULL; allowed_list_iter = allowed_list_iter->next) { + + _matched_auth_data_t *matched_auth_data = (_matched_auth_data_t*)allowed_list_iter->data; + if (matched_auth_data->auth_index == NULL) + continue; + + _matched_auth_data_t *matched_auth_data_new = (_matched_auth_data_t*) calloc(1, sizeof(_matched_auth_data_t)); + + matched_auth_data_new->auth_index = _SAFE_DUP(matched_auth_data->auth_index); + matched_auth_data_new->att_type = matched_auth_data->att_type; + matched_auth_data_new->asm_id = _SAFE_DUP(matched_auth_data->asm_id); + matched_auth_data_new->key_ids = __copy_string_list(matched_auth_data->key_ids); + matched_auth_data_new->tc_display_png_characteristics = + __copy_png_list(matched_auth_data->tc_display_png_characteristics); + + _INFO("[%s][%s]", matched_auth_data_new->asm_id, matched_auth_data_new->auth_index); + /*Find duplicate, append keyids*/ + GList *allowed_list_iter_next = allowed_list_iter->next; + for (; allowed_list_iter_next != NULL; allowed_list_iter_next = allowed_list_iter_next->next) { + + _matched_auth_data_t *matched_auth_data_nxt = (_matched_auth_data_t*)allowed_list_iter_next->data; + + if (strcmp(matched_auth_data_nxt->asm_id, matched_auth_data->asm_id) == 0) { + if (strcmp(matched_auth_data_nxt->auth_index, matched_auth_data->auth_index) == 0) { + + _INFO("Appending keyIds"); + /*Append keyIds*/ + for (matched_auth_data_nxt->key_ids = g_list_first(matched_auth_data_nxt->key_ids); + matched_auth_data_nxt->key_ids != NULL; + matched_auth_data_nxt->key_ids = matched_auth_data_nxt->key_ids->next) { + + char *key_id = matched_auth_data_nxt->key_ids->data; + matched_auth_data_new->key_ids = g_list_append(matched_auth_data_new->key_ids, + _SAFE_DUP(key_id)); + _INFO("Appended keyIds, count=[%d]", g_list_length(matched_auth_data_new->key_ids)); + } + + /*Once matched and appended, it wont be considered next time*/ + matched_auth_data_nxt->auth_index = NULL; + } + } + + } + + _INFO("Total keyId count=[%d]", g_list_length(matched_auth_data_new->key_ids)); + alist_cons = g_list_append(alist_cons, matched_auth_data_new); + _INFO("Added to consolidated list"); + } + return alist_cons; + + } + + _ERR("No match"); + return NULL; } /* Returns _matched_auth_dereg_t list */ -- 2.7.4