From c5b282e7a302dd2aef39abea8d0bc129d1941c03 Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Fri, 10 Nov 2017 13:53:17 +0100 Subject: [PATCH] Fix SVACE defects - Initialize required members in default Row ctor - Remove unused Row objects - Refactor string memcpy'ing so that SVACE stops complaining - Fix memory leak in DescriptorSet Change-Id: I8a22a3c5388b0c17b6f44ebaf89d32e9065526dd --- src/manager/client-async/descriptor-set.cpp | 3 +++ src/manager/service/ckm-logic.cpp | 20 +++++-------------- src/manager/service/db-row.h | 7 ++++++- src/manager/service/key-provider.cpp | 30 +++++++---------------------- 4 files changed, 21 insertions(+), 39 deletions(-) diff --git a/src/manager/client-async/descriptor-set.cpp b/src/manager/client-async/descriptor-set.cpp index 83442b2..fdee29d 100644 --- a/src/manager/client-async/descriptor-set.cpp +++ b/src/manager/client-async/descriptor-set.cpp @@ -34,6 +34,8 @@ DescriptorSet::DescriptorSet() : m_dirty(true), m_fds(NULL) DescriptorSet::~DescriptorSet() { purge(); + + delete[] m_fds; } void DescriptorSet::purge() @@ -42,6 +44,7 @@ void DescriptorSet::purge() close(it.first); m_descriptors.clear(); + m_dirty = true; } void DescriptorSet::add(int fd, short events, Callback &&callback) diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp index 36f2ea7..c1b02c2 100644 --- a/src/manager/service/ckm-logic.cpp +++ b/src/manager/service/ckm-logic.cpp @@ -487,8 +487,6 @@ int CKMLogic::getKeyForService( const Password &pass, Crypto::GObjShPtr &key) { - DB::Row row; - try { // Key is for internal service use. It won't be exported to the client Crypto::GObjUPtr obj; @@ -946,7 +944,7 @@ RawBuffer CKMLogic::getData( const Password &password) { int retCode = CKM_API_SUCCESS; - DB::Row row; + RawBuffer rowData; DataType objDataType; try { @@ -955,7 +953,7 @@ RawBuffer CKMLogic::getData( objDataType); if (retCode == CKM_API_SUCCESS) - row.data = std::move(obj->getBinary()); + rowData = obj->getBinary(); } catch (const Exc::Exception &e) { retCode = e.error(); } catch (const CKM::Exception &e) { @@ -963,16 +961,14 @@ RawBuffer CKMLogic::getData( retCode = CKM_API_ERROR_SERVER_ERROR; } - if (CKM_API_SUCCESS != retCode) { - row.data.clear(); - row.dataType = dataType; - } + if (CKM_API_SUCCESS != retCode) + rowData.clear(); auto response = MessageBuffer::Serialize(static_cast(LogicCommand::GET), commandId, retCode, static_cast(objDataType), - row.data); + rowData); return response.Pop(); } @@ -1470,8 +1466,6 @@ int CKMLogic::readCertificateHelper( const LabelNameVector &labelNameVector, CertificateImplVector &certVector) { - DB::Row row; - for (auto &i : labelNameVector) { // certificates can't be protected with custom user password Crypto::GObjUPtr obj; @@ -1569,7 +1563,6 @@ int CKMLogic::getCertificateChainHelper( CertificateImplVector untrustedCertVector; CertificateImplVector trustedCertVector; CertificateImplVector chainVector; - DB::Row row; if (cert.empty()) return CKM_API_ERROR_INPUT_PARAM; @@ -1681,7 +1674,6 @@ RawBuffer CKMLogic::createSignature( const RawBuffer &message, const CryptoAlgorithm &cryptoAlg) { - DB::Row row; RawBuffer signature; int retCode = CKM_API_SUCCESS; @@ -1724,8 +1716,6 @@ RawBuffer CKMLogic::verifySignature( int retCode = CKM_API_ERROR_VERIFICATION_FAILED; try { - DB::Row row; - // try certificate first - looking for a public key. // in case of PKCS, pub key from certificate will be found first // rather than private key from the same PKCS. diff --git a/src/manager/service/db-row.h b/src/manager/service/db-row.h index 97edfab..45e079a 100644 --- a/src/manager/service/db-row.h +++ b/src/manager/service/db-row.h @@ -30,7 +30,12 @@ namespace CKM { namespace DB { struct Row : public Token { - Row() = default; + Row() : + Token(), + exportable(0), + algorithmType(DBCMAlgType::NONE), + encryptionScheme(0), + dataSize(0) {} Row(Token token, const Name &pName, const Label &pLabel, int pExportable) : Token(std::move(token)), diff --git a/src/manager/service/key-provider.cpp b/src/manager/service/key-provider.cpp index 4ca4f03..60cce23 100644 --- a/src/manager/service/key-provider.cpp +++ b/src/manager/service/key-provider.cpp @@ -602,29 +602,13 @@ int KeyProvider::decryptAes256Gcm(const unsigned char *ciphertext, char *KeyProvider::concat_password_user(const char *user, const char *password) { - char *concat_user_pass = NULL; - char *resized_user = NULL; - int concat_user_pass_len = 0; - - if (strlen(user) > MAX_LABEL_SIZE - 1) { - resized_user = new char[MAX_LABEL_SIZE]; - memcpy(resized_user, user, MAX_LABEL_SIZE - 1); - resized_user[MAX_LABEL_SIZE - 1] = '\0'; - } else { - resized_user = new char[strlen(user) + 1]; - memcpy(resized_user, user, strlen(user)); - resized_user[strlen(user)] = '\0'; - } - - concat_user_pass_len = strlen(resized_user) + strlen(password) + 1; - concat_user_pass = new char[concat_user_pass_len]; + std::string result(password); + result += user; - memset(concat_user_pass, '\0', concat_user_pass_len); - memcpy(concat_user_pass, password, strlen(password)); - memcpy(&(concat_user_pass[strlen(password)]), resized_user, - strlen(resized_user)); - concat_user_pass[strlen(resized_user) + strlen(password)] = '\0'; + if (strlen(user) > MAX_LABEL_SIZE - 1) + result.resize(strlen(password) + MAX_LABEL_SIZE - 1); - delete[] resized_user; - return concat_user_pass; + char *ret = new char[result.size() + 1]; + memcpy(ret, result.c_str(), result.size() + 1); + return ret; } -- 2.7.4