From e226e43c2385fe90b3f751623f03add8b19d344a Mon Sep 17 00:00:00 2001 From: Kyungwook Tak Date: Wed, 7 Sep 2016 14:17:35 +0900 Subject: [PATCH] Fix SVACE defects: unsafe functions and dead code Change-Id: I1f670628bc6636e89ca9a7d9eae72922f062fd22 Signed-off-by: Kyungwook Tak --- src/manager/client-capi/ckmc-type.cpp | 6 +++--- src/manager/service/access-control.cpp | 12 +++++------- src/pam_plugin/pam-key-manager-plugin.cpp | 30 ++++++++++++++++++++++-------- 3 files changed, 30 insertions(+), 18 deletions(-) diff --git a/src/manager/client-capi/ckmc-type.cpp b/src/manager/client-capi/ckmc-type.cpp index a80b8b2..8ac6a2b 100644 --- a/src/manager/client-capi/ckmc-type.cpp +++ b/src/manager/client-capi/ckmc-type.cpp @@ -83,9 +83,9 @@ int ckmc_alias_new(const char *owner_id, const char *alias, char **full_alias) if (_full_alias == NULL) return CKMC_ERROR_OUT_OF_MEMORY; - strcpy(_full_alias, owner_id); - strcat(_full_alias, ckmc_owner_id_separator); - strcat(_full_alias, alias); + strncpy(_full_alias, owner_id, len + 1); + strncat(_full_alias, ckmc_owner_id_separator, len - strlen(_full_alias) + 1); + strncat(_full_alias, alias, len - strlen(_full_alias) + 1); *full_alias = _full_alias; diff --git a/src/manager/service/access-control.cpp b/src/manager/service/access-control.cpp index 8faf36d..95cd3a3 100644 --- a/src/manager/service/access-control.cpp +++ b/src/manager/service/access-control.cpp @@ -34,19 +34,17 @@ namespace CKM { void AccessControl::updateCCMode() { /* newMode should be extracted from global property like buxton in product */ - bool newMode = false; + int newMode = 0; - if (newMode == m_ccMode) + if ((newMode == 1) == m_ccMode) return; - int iNewMode = newMode ? 1 : 0; - - if (FIPS_mode_set(iNewMode) == 0) { - LogError("Error to FIPS_mode_set with param " << iNewMode); + if (FIPS_mode_set(newMode) == 0) { + LogError("Error to FIPS_mode_set with param " << newMode); return; } - m_ccMode = newMode; + m_ccMode = (newMode == 1); } bool AccessControl::isCCMode() const diff --git a/src/pam_plugin/pam-key-manager-plugin.cpp b/src/pam_plugin/pam-key-manager-plugin.cpp index 74a1d25..8b401b2 100644 --- a/src/pam_plugin/pam-key-manager-plugin.cpp +++ b/src/pam_plugin/pam-key-manager-plugin.cpp @@ -48,23 +48,37 @@ bool identify_user_pwd(pam_handle_t *pamh, uid_t &uid, std::string &passwd) if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) return true; - struct passwd *pwd; + struct passwd pwd; + struct passwd *result = nullptr; + int bufsize = sysconf(_SC_GETPW_R_SIZE_MAX); - if ((pwd = getpwnam(user)) == NULL) + if (bufsize <= 0) + bufsize = 16384; /* should be more than enough */ + + memset(&pwd, 0x00, sizeof(pwd)); + std::vector buf(bufsize, 0); + + int ret = getpwnam_r(user, &pwd, buf.data(), bufsize, &result); + if (ret != 0 || result == nullptr) return true; - if (strcmp(pwd->pw_passwd, PASSWORD_SHADOWED) == 0) { - struct spwd *pwd_sh; + if (strcmp(pwd.pw_passwd, PASSWORD_SHADOWED) == 0) { + struct spwd pwd_sh; + struct spwd *result_sh = nullptr; + + memset(&pwd_sh, 0x00, sizeof(pwd_sh)); + std::vector buf_sh(bufsize, 0); - if ((pwd_sh = getspnam(user)) == NULL) + ret = getspnam_r(user, &pwd_sh, buf_sh.data(), bufsize, &result_sh); + if (ret != 0 || result_sh == nullptr) return true; - passwd = std::string(pwd_sh->sp_pwdp); + passwd = std::string(pwd_sh.sp_pwdp); } else { - passwd = std::string(pwd->pw_passwd); + passwd = std::string(pwd.pw_passwd); } - uid = pwd->pw_uid; + uid = pwd.pw_uid; return false; } } -- 2.7.4