summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJack Magne <jmagne@dhcp-32-224.sjc.redhat.com>2012-12-06 11:20:55 -0800
committerJack Magne <jmagne@dhcp-32-224.sjc.redhat.com>2012-12-06 11:33:39 -0800
commit6180bb1b8a450d0e69d10c5e9bd85996e2858599 (patch)
tree3f52cb9fd264b53684ac1bb949967eea09c0b1b7
parentcd279e34b5d92ff8fe53e79c974baf9972221748 (diff)
downloadpki-6180bb1b8a450d0e69d10c5e9bd85996e2858599.zip
pki-6180bb1b8a450d0e69d10c5e9bd85996e2858599.tar.gz
pki-6180bb1b8a450d0e69d10c5e9bd85996e2858599.tar.xz
Latest TPS memory related fixes.
-rw-r--r--base/tps/src/modules/tokendb/mod_tokendb.cpp685
-rw-r--r--base/tps/src/processor/RA_Processor.cpp5
-rw-r--r--base/tps/src/tus/tus_db.c2
3 files changed, 400 insertions, 292 deletions
diff --git a/base/tps/src/modules/tokendb/mod_tokendb.cpp b/base/tps/src/modules/tokendb/mod_tokendb.cpp
index 9454715..737df94 100644
--- a/base/tps/src/modules/tokendb/mod_tokendb.cpp
+++ b/base/tps/src/modules/tokendb/mod_tokendb.cpp
@@ -56,6 +56,7 @@ extern "C"
#include "cert.h"
#include "regex.h"
#include "nss3/base64.h"
+#include "prprf.h"
#include "httpd/httpd.h"
#include "httpd/http_config.h"
@@ -87,9 +88,10 @@ extern TOKENDB_PUBLIC char *nss_var_lookup( apr_pool_t *p, server_rec *s,
#define JS_STOP "//-->\n</SCRIPT>\n"
#define CMS_TEMPLATE_TAG "<CMS_TEMPLATE>"
-#define MAX_INJECTION_SIZE 5120
+#define MAX_INJECTION_SIZE 10240
+
#define MAX_OVERLOAD 20
-#define LOW_INJECTION_SIZE 2048
+#define LOW_INJECTION_SIZE 4096
#define SHORT_LEN 256
#define BASE64_HEADER "-----BEGIN CERTIFICATE-----\n"
@@ -528,14 +530,14 @@ bool transition_allowed(int oldState, int newState)
return RA::match_comma_list(search, transitionList);
}
-void add_allowed_token_transitions(int token_ui_state, char *injection)
+void add_allowed_token_transitions(int token_ui_state, char *injection, int injection_size)
{
bool first = true;
int i=1;
char state[128];
sprintf(state, "var allowed_transitions=\"");
- PL_strcat(injection, state);
+ PR_snprintf( injection, injection_size , "%s%s", injection, state );
for (i=1; i<=MAX_TOKEN_UI_STATE; i++) {
if (transition_allowed(token_ui_state, i)) {
if (first) {
@@ -544,10 +546,11 @@ void add_allowed_token_transitions(int token_ui_state, char *injection)
} else {
sprintf(state, ",%d", i);
}
- PL_strcat(injection, state);
+ PR_snprintf( injection, injection_size , "%s%s", injection, state );
}
}
- PL_strcat(injection, "\";\n");
+
+ PR_snprintf( injection, injection_size , "%s%s", injection, "\";\n" );
}
char *getTemplateFile( char *fileName, int *injectionTagOffset )
@@ -721,7 +724,7 @@ char *escapeSpecialChars(char* src)
return ret;
}
-void getCertificateFilter( char *filter, char *query )
+void getCertificateFilter( char *filter, int filterSize, char *query )
{
char *uid = NULL;
char *tid = NULL;
@@ -743,16 +746,16 @@ void getCertificateFilter( char *filter, char *query )
filter[0] = '\0';
if( tid == NULL && uid == NULL && cn == NULL ) {
- PL_strcat( filter, "(tokenID=*)" );
+ PR_snprintf( filter, filterSize, "%s%s", filter, "(tokenID=*)");
return;
}
if( tid != NULL && uid != NULL && view != NULL ) {
- PL_strcat( filter, "(&" );
+ PR_snprintf( filter, filterSize, "%s%s", filter, "(&");
}
if( tid != NULL ) {
- PL_strcat( filter, "(tokenID=" );
+ PR_snprintf( filter, filterSize, "%s%s", filter, "(tokenID=");
end = PL_strchr( tid, '&' );
len = PL_strlen( filter );
if( end != NULL ) {
@@ -763,17 +766,17 @@ void getCertificateFilter( char *filter, char *query )
}
filter[len+i] = '\0';
} else {
- PL_strcat( filter, tid+4 );
+ PR_snprintf( filter, filterSize, "%s%s", filter, tid+4);
}
if( view != NULL ) {
- PL_strcat( filter, "*)" );
+ PR_snprintf( filter, filterSize, "%s%s", filter, "*)");
} else {
- PL_strcat( filter, ")" );
+ PR_snprintf( filter, filterSize, "%s%s", filter, ")");
}
}
if( uid != NULL && view != NULL ) {
- PL_strcat( filter, "(tokenUserID=" );
+ PR_snprintf( filter, filterSize, "%s%s", filter, "(tokenUserID=");
end = PL_strchr( uid, '&' );
len = PL_strlen( filter );
if( end != NULL ) {
@@ -784,15 +787,14 @@ void getCertificateFilter( char *filter, char *query )
filter[len+i] = '\0';
} else {
- PL_strcat( filter, uid+4 );
+ PR_snprintf( filter, filterSize, "%s%s", filter, uid+4);
}
- PL_strcat( filter, "*)" );
- /* PL_strcat( filter, ")" ); */
+ PR_snprintf( filter, filterSize, "%s%s", filter, "*)");
}
if( cn != NULL ) {
- PL_strcat( filter, "(cn=" );
+ PR_snprintf( filter, filterSize, "%s%s", filter, "(cn=" );
end = PL_strchr( cn, '&' );
len = PL_strlen( filter );
if( end != NULL ) {
@@ -803,20 +805,19 @@ void getCertificateFilter( char *filter, char *query )
filter[len+i] = '\0';
} else {
- PL_strcat( filter, cn+3 );
+ PR_snprintf( filter, filterSize, "%s%s", filter, cn+3);
}
- PL_strcat( filter, "*)" );
- /* PL_strcat( filter, ")" ); */
+ PR_snprintf( filter, filterSize, "%s%s", filter, "*)");
}
if(tid != NULL && uid != NULL && view != NULL) {
- PL_strcat( filter, ")" );
+ PR_snprintf( filter, filterSize, "%s%s", filter, ")");
}
}
-void getActivityFilter( char *filter, char *query )
+void getActivityFilter( char *filter, int filterSize, char *query )
{
char *uid = NULL;
char *tid = NULL;
@@ -831,15 +832,15 @@ void getActivityFilter( char *filter, char *query )
filter[0] = '\0';
if( tid == NULL && uid == NULL ) {
- PL_strcat( filter, "(tokenID=*)" );
+ PR_snprintf( filter, filterSize, "%s%s", filter, "(tokenID=*)");
}
if( tid != NULL && uid != NULL && view != NULL ) {
- PL_strcat( filter, "(&" );
+ PR_snprintf( filter, filterSize, "%s%s", filter, "(&");
}
if( tid != NULL ) {
- PL_strcat( filter, "(tokenID=" );
+ PR_snprintf( filter, filterSize, "%s%s", filter, "(tokenID=");
end = PL_strchr( tid, '&' );
len = PL_strlen( filter );
@@ -850,18 +851,18 @@ void getActivityFilter( char *filter, char *query )
}
filter[len+i] = '\0';
} else {
- PL_strcat( filter, tid+4 );
+ PR_snprintf( filter, filterSize, "%s%s", filter, tid+4);
}
if( view != NULL ) {
- PL_strcat( filter, "*)" );
+ PR_snprintf( filter, filterSize, "%s%s", filter, "*)" );
} else {
- PL_strcat( filter, ")" );
+ PR_snprintf( filter, filterSize, "%s%s", filter, ")");
}
}
if( uid != NULL && view != NULL ) {
- PL_strcat( filter, "(tokenUserID=" );
+ PR_snprintf( filter, filterSize, "%s%s", filter, "(tokenUserID=" );
end = PL_strchr( uid, '&' );
len = PL_strlen( filter );
if( end != NULL ) {
@@ -872,15 +873,14 @@ void getActivityFilter( char *filter, char *query )
filter[len+i] = '\0';
} else {
- PL_strcat( filter, uid+4 );
+ PR_snprintf( filter, filterSize, "%s%s", filter, uid+4);
}
- PL_strcat( filter, "*)" );
- /* PL_strcat( filter, ")" ); */
+ PR_snprintf( filter, filterSize, "%s%s", filter, "*)");
}
if( tid != NULL && uid != NULL && view != NULL) {
- PL_strcat( filter, ")" );
+ PR_snprintf( filter, filterSize, "%s%s", filter, ")");
}
}
@@ -891,7 +891,7 @@ void getActivityFilter( char *filter, char *query )
* params: filter - ldap search filter. Resu;t returned here.
* query - query string passed in
*/
-void getUserFilter (char *filter, char *query) {
+void getUserFilter (char *filter, int filterSize, char *query) {
char *uid = NULL;
char *firstName = NULL;
char *lastName = NULL;
@@ -903,30 +903,38 @@ void getUserFilter (char *filter, char *query) {
filter[0] = '\0';
if ((uid == NULL) && (firstName == NULL) && (lastName ==NULL)) {
- PL_strcat(filter, "(objectClass=Person");
+ PR_snprintf( filter, filterSize, "%s%s", filter, "(objectClass=Person");
} else {
- PL_strcat(filter, "(&(objectClass=Person)");
+ PR_snprintf( filter, filterSize, "%s%s", filter, "(&(objectClass=Person)");
}
if (uid != NULL) {
- PL_strcat(filter, "(uid=");
- PL_strcat(filter, uid);
- PL_strcat(filter,")");
+ PR_snprintf( filter, filterSize, "%s%s", filter, "(uid=" );
+
+ PR_snprintf( filter, filterSize, "%s%s", filter,uid);
+
+ PR_snprintf( filter, filterSize, "%s%s", filter, ")" );
}
if (lastName != NULL) {
- PL_strcat(filter, "(sn=");
- PL_strcat(filter, lastName);
- PL_strcat(filter,")");
+
+ PR_snprintf( filter, filterSize, "%s%s", filter, "(sn=" );
+
+ PR_snprintf( filter, filterSize, "%s%s", filter, lastName);
+
+ PR_snprintf( filter, filterSize, "%s%s", filter, ")");
}
if (firstName != NULL) {
- PL_strcat(filter, "(givenName=");
- PL_strcat(filter, firstName);
- PL_strcat(filter,")");
+
+ PR_snprintf( filter, filterSize, "%s%s", filter, "(givenName=" );
+
+ PR_snprintf( filter, filterSize, "%s%s", filter, firstName);
+
+ PR_snprintf( filter, filterSize, "%s%s", filter, ")");
}
- PL_strcat(filter, ")");
+ PR_snprintf( filter, filterSize, "%s%s", filter, ")");
do_free(uid);
do_free(firstName);
@@ -964,7 +972,7 @@ char *add_profile_filter( char *filter, char *auth_filter)
}
-void getFilter( char *filter, char *query )
+void getFilter( char *filter, int filterSize, char *query )
{
char *uid = NULL;
char *tid = NULL;
@@ -979,15 +987,15 @@ void getFilter( char *filter, char *query )
filter[0] = '\0';
if( tid == NULL && uid == NULL ) {
- PL_strcat( filter, "(cn=*)" );
+ PR_snprintf( filter, filterSize, "%s%s", filter, "(cn=*)" );
}
if( tid != NULL && uid != NULL && view != NULL ) {
- PL_strcat( filter, "(&" );
+ PR_snprintf( filter, filterSize, "%s%s", filter, "(&" );
}
if( tid != NULL ) {
- PL_strcat( filter, "(cn=" );
+ PR_snprintf( filter, filterSize, "%s%s", filter, "(cn=" );
end = PL_strchr( tid, '&' );
len = PL_strlen( filter );
@@ -999,18 +1007,18 @@ void getFilter( char *filter, char *query )
filter[len+i] = '\0';
} else {
- PL_strcat( filter, tid+4 );
+ PR_snprintf( filter, filterSize, "%s%s", filter, tid+4);
}
if (view != NULL) {
- PL_strcat( filter, "*)" );
+ PR_snprintf( filter, filterSize, "%s%s", filter, "*)");
} else {
- PL_strcat( filter, ")" );
+ PR_snprintf( filter, filterSize, "%s%s", filter, ")" );
}
}
if( uid != NULL && view != NULL ) {
- PL_strcat( filter, "(tokenUserID=" );
+ PR_snprintf( filter, filterSize, "%s%s", filter, "(tokenUserID=" );
end = PL_strchr( uid, '&' );
len = PL_strlen( filter );
if( end != NULL ) {
@@ -1021,20 +1029,19 @@ void getFilter( char *filter, char *query )
filter[len+i] = '\0';
} else {
- PL_strcat( filter, uid+4 );
+ PR_snprintf( filter, filterSize, "%s%s", filter, uid+4);
}
- PL_strcat( filter, "*)" );
- /* PL_strcat( filter, ")" ); */
+ PR_snprintf( filter, filterSize, "%s%s", filter, "*)" );
}
if( tid != NULL && uid != NULL && view != NULL ) {
- PL_strcat( filter, ")" );
+ PR_snprintf( filter, filterSize, "%s%s", filter, ")" );
}
}
-void getCN( char *cn, char *query )
+void getCN( char *cn, int cnSize, char *query )
{
char *tid = NULL;
char *end = NULL;
@@ -1054,13 +1061,13 @@ void getCN( char *cn, char *query )
cn[i] = '\0';
} else {
- PL_strcat( cn, tid+4 );
+ PR_snprintf( cn, cnSize, "%s%s", cn, tid+4);
}
}
}
-void getTemplateName( char *cn, char *query )
+void getTemplateName( char *cn, int cnSize, char *query )
{
char *tid = NULL;
char *end = NULL;
@@ -1081,7 +1088,7 @@ void getTemplateName( char *cn, char *query )
cn[i] = '\0';
} else {
- PL_strcat( cn, tid+4 );
+ PR_snprintf( cn, cnSize, "%s%s", cn, tid+4);
}
}
}
@@ -2657,24 +2664,6 @@ static int read_post(request_rec *r, apr_table_t **tab)
return OK;
}
-/**
- * add_authorization_data
- * writes variable that describe whether the user is an admin, agent or operator to the
- * injection data. Used by templates to determine which tabs to display
- */
-void add_authorization_data(const char *userid, int is_admin, int is_operator, int is_agent, char *injection)
-{
- if (is_agent) {
- PL_strcat(injection, "var agentAuth = \"true\";\n");
- }
- if (is_operator) {
- PL_strcat(injection, "var operatorAuth = \"true\";\n");
- }
- if (is_admin) {
- PL_strcat(injection, "var adminAuth = \"true\";\n");
- }
-}
-
/**
* check_injection_size
* Used when the injection size can become large - as in the case where lists of tokens, certs or activities are being returned.
@@ -2685,6 +2674,8 @@ void add_authorization_data(const char *userid, int is_admin, int is_operator, i
*/
int check_injection_size(char **injection, int *psize, char *fixed_injection)
{
+
+ tokendbDebug("In check_injection_size");
char *new_ptr = NULL;
if (((*psize) - PL_strlen(*injection)) <= LOW_INJECTION_SIZE) {
if ((*psize) > MAX_OVERLOAD * MAX_INJECTION_SIZE) {
@@ -2702,6 +2693,7 @@ int check_injection_size(char **injection, int *psize, char *fixed_injection)
return 1;
}
} else {
+ tokendbDebug("check_injection_size about to realloc the injection buffer");
new_ptr = (char *) PR_Realloc(*injection, (*psize) + MAX_INJECTION_SIZE);
if (new_ptr != NULL) {
//allocation successful
@@ -2716,6 +2708,84 @@ int check_injection_size(char **injection, int *psize, char *fixed_injection)
return 0;
}
+/**
+ * safe_injection_strcat
+ * try not to over write our buffer any more
+ * this routine will try to detect if we are going over the limit
+ * if so, attempt to alter the buffer.
+*/
+int safe_injection_strcat(char ** injection, int *injection_size , char *catData, char * fixed_injection )
+{
+ int result = 0;
+
+ int current_len = strlen(*injection);
+ int cat_data_len = strlen(catData);
+
+ if ( cat_data_len == 0) {
+ return result;
+ }
+ int expected_len = current_len + cat_data_len;
+
+ if ( expected_len >= *injection_size ) {
+
+ RA::Debug( "safe_injection_strcat, about to truncate, resize injection buffer: ", "current len: %d expected_len %d data_len: %d cur_injection_size %d",current_len, expected_len, cat_data_len, *injection_size );
+
+ /* We are going to get truncated!
+ Let's try to update the size of the buffer.
+ */
+
+ /* This will always return a bigger buffer, because we are passing in the full
+ current size of the buffer, not the current length of the string in the buffer.
+ */
+
+ int check_res = check_injection_size(injection, injection_size, fixed_injection);
+
+ RA::Debug( "safe_injection_strcat, done resizing injection buffer: ", " new injection size: %d ",*injection_size );
+
+ if (check_res == 1) {
+ return result;
+ }
+ /* let's check it one more time for truncation*/
+
+ if ( expected_len >= *injection_size ) {
+ RA::Debug( "safe_injection_strcat, about to truncate, second attempt after first try. resize injection buffer: ", "current len: %d expected_len %d data_len: %d cur_injection_size %d",current_len, expected_len, cat_data_len, *injection_size );
+
+ check_res = check_injection_size(injection, injection_size, fixed_injection);
+ }
+
+ if ( check_res == 1 || (expected_len >= *injection_size)) {
+ return result;
+ }
+ }
+
+ PRUint32 sLen = PR_snprintf( *injection, *injection_size , "%s%s", *injection, catData );
+
+ if (sLen == expected_len)
+ result = 0;
+ else
+ result = 1;
+
+ return result;
+}
+
+/**
+ * add_authorization_data
+ * writes variable that describe whether the user is an admin, agent or operator to the
+ * injection data. Used by templates to determine which tabs to display
+ */
+void add_authorization_data(const char *userid, int is_admin, int is_operator, int is_agent, char **injection, int *injectionSize, char * fixed_injection)
+{
+ if (is_agent) {
+ safe_injection_strcat(injection, injectionSize ,"var agentAuth = \"true\";\n", fixed_injection );
+ }
+ if (is_operator) {
+ safe_injection_strcat(injection, injectionSize ,"var operatorAuth = \"true\";\n", fixed_injection );
+ }
+ if (is_admin) {
+ safe_injection_strcat(injection, injectionSize ,"var adminAuth = \"true\";\n", fixed_injection );
+ }
+}
+
/*
* We need to compare current values in the database entry e with new values.
* If they are different, then we need to provide the audit message
@@ -3385,11 +3455,12 @@ mod_tokendb_handler( request_rec *rq )
int status = LDAP_SUCCESS;
int size, tagOffset, statusNum;
char fixed_injection[MAX_INJECTION_SIZE];
+ int injection_size = MAX_INJECTION_SIZE;
char pString[512] = "";
char oString[512] = "";
char pLongString[4096] = "";
char configname[512] ="";
- char filter[512] = "";
+ char filter[2048] = "";
char msg[512] = "";
char question_no[100] ="";
char cuid[256] = "";
@@ -3451,7 +3522,7 @@ mod_tokendb_handler( request_rec *rq )
"var error = \"", error,
"\";\n", JS_STOP );
- buf = getData( errorTemplate, injection );
+ buf = getData( errorTemplate, injection);
( void ) ap_rwrite( ( const void * ) buf,
PL_strlen( buf ), rq );
@@ -3592,7 +3663,7 @@ mod_tokendb_handler( request_rec *rq )
RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "index", "Success", "Tokendb user authorization");
- PR_snprintf( injection, MAX_INJECTION_SIZE,
+ PR_snprintf( injection, injection_size,
"%s%s%s%s%s%s%s%s%s%s%s%s%s", JS_START,
"var uriBase = \"", uri, "\";\n",
"var userid = \"", userid, "\";\n",
@@ -3601,8 +3672,8 @@ mod_tokendb_handler( request_rec *rq )
"var target_list = \"",
RA::GetConfigStore()->GetConfigAsString("target.configure.list", ""), "\";\n" );
- add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
- PL_strcat(injection, JS_STOP);
+ add_authorization_data(userid, is_admin, is_operator, is_agent, &injection, &injection_size, fixed_injection);
+ safe_injection_strcat(&injection, &injection_size , JS_STOP, fixed_injection );
buf = getData( itemplate, injection );
itemplate = NULL;
@@ -3617,13 +3688,13 @@ mod_tokendb_handler( request_rec *rq )
return DONE;
}
RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "index_operator", "Success", "Tokendb user authorization");
- PR_snprintf( injection, MAX_INJECTION_SIZE,
+ PR_snprintf( injection, injection_size,
"%s%s%s%s%s%s%s", JS_START,
"var uriBase = \"", uri, "\";\n",
"var userid = \"", userid,
"\";\n" );
- add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
- PL_strcat(injection, JS_STOP);
+ add_authorization_data(userid, is_admin, is_operator, is_agent, &injection, &injection_size, fixed_injection);
+ safe_injection_strcat(&injection, &injection_size , JS_STOP, fixed_injection );
buf = getData( indexOperatorTemplate, injection );
} else if( ( PL_strstr( query, "op=index_admin" ) ) ) {
@@ -3638,14 +3709,15 @@ mod_tokendb_handler( request_rec *rq )
}
RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "index_admin", "Success", "Tokendb user authorization");
- PR_snprintf( injection, MAX_INJECTION_SIZE,
+ PR_snprintf( injection, injection_size,
"%s%s%s%s%s%s%s%s%s%s", JS_START,
"var uriBase = \"", uri, "\";\n",
"var userid = \"", userid, "\";\n",
"var target_list = \"", RA::GetConfigStore()->GetConfigAsString("target.configure.list", ""), "\";\n" );
- add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
- PL_strcat(injection, JS_STOP);
+ add_authorization_data(userid, is_admin, is_operator, is_agent, &injection, &injection_size, fixed_injection);
+
+ safe_injection_strcat(&injection, &injection_size , JS_STOP, fixed_injection );
buf = getData( indexAdminTemplate, injection );
} else if( ( PL_strstr( query, "op=do_token" ) ) ) {
@@ -4746,16 +4818,17 @@ mod_tokendb_handler( request_rec *rq )
tokendbDebug( "do_token: rc = 0\n" );
- PR_snprintf( injection, MAX_INJECTION_SIZE,
+ PR_snprintf( injection, injection_size,
"%s%s%d%s%s%s%s%s%s%s", JS_START,
"var rc = \"", rc, "\";\n",
"var uriBase = \"", uri, "\";\n",
"var userid = \"", userid,
"\";\n" );
- add_allowed_token_transitions(token_ui_state, injection);
- add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
- PL_strcat(injection, JS_STOP);
+ add_allowed_token_transitions(token_ui_state, injection, injection_size);
+ add_authorization_data(userid, is_admin, is_operator, is_agent, &injection, &injection_size, fixed_injection);
+
+ safe_injection_strcat(&injection, &injection_size , JS_STOP, fixed_injection );
buf = getData( doTokenTemplate, injection );
/* currently not used - alee
@@ -4773,13 +4846,13 @@ mod_tokendb_handler( request_rec *rq )
RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "revoke", "Success", "Tokendb user authorization");
- PR_snprintf( injection, MAX_INJECTION_SIZE,
+ PR_snprintf( injection, injection_size,
"%s%s%s%s%s%s%s", JS_START,
"var uriBase = \"", uri, "\";\n",
"var userid = \"", userid,
"\";\n" );
- add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
- PL_strcat(injection, JS_STOP);
+ add_authorization_data(userid, is_admin, is_operator, is_agent, &injection, &injection_size, fixed_injection);
+ safe_injection_strcat(&injection, &injection_size , JS_STOP, fixed_injection );
buf = getData( revokeTemplate, injection );
*/
@@ -4797,14 +4870,14 @@ mod_tokendb_handler( request_rec *rq )
RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "search_activity_admin", "Success", "Tokendb user authorization");
- PR_snprintf( injection, MAX_INJECTION_SIZE,
+ PR_snprintf( injection, injection_size,
"%s%s%s%s%s%s%s", JS_START,
"var uriBase = \"", uri, "\";\n",
"var userid = \"", userid,
"\";\n" );
- add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
- PL_strcat(injection, JS_STOP);
+ add_authorization_data(userid, is_admin, is_operator, is_agent, &injection, &injection_size, fixed_injection);
+ safe_injection_strcat(&injection, &injection_size , JS_STOP, fixed_injection );
buf = getData( searchActivityAdminTemplate, injection );
} else if( ( PL_strstr( query, "op=search_activity" ) ) ) {
@@ -4820,7 +4893,7 @@ mod_tokendb_handler( request_rec *rq )
}
RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "search_activity", "Success", "Tokendb user authorization");
- PR_snprintf( injection, MAX_INJECTION_SIZE,
+ PR_snprintf( injection, injection_size,
"%s%s%s%s%s%s%s", JS_START,
"var uriBase = \"", uri, "\";\n",
"var userid = \"", userid,
@@ -4828,11 +4901,11 @@ mod_tokendb_handler( request_rec *rq )
topLevel = get_field(query, "top=", SHORT_LEN);
if ((topLevel != NULL) && (PL_strstr(topLevel, "operator"))) {
- PL_strcat(injection, "var topLevel = \"operator\";\n");
+ safe_injection_strcat(&injection, &injection_size , "var topLevel = \"operator\";\n", fixed_injection );
}
do_free(topLevel);
- add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
- PL_strcat(injection, JS_STOP);
+ add_authorization_data(userid, is_admin, is_operator, is_agent, &injection, &injection_size, fixed_injection);
+ safe_injection_strcat(&injection, &injection_size , JS_STOP, fixed_injection );
buf = getData( searchActivityTemplate, injection );
} else if( ( PL_strstr( query, "op=search_admin" ) ) ||
@@ -4850,13 +4923,13 @@ mod_tokendb_handler( request_rec *rq )
}
RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "search_admin,search_users", "Success", "Tokendb user authorization");
- PR_snprintf( injection, MAX_INJECTION_SIZE,
+ PR_snprintf( injection, injection_size,
"%s%s%s%s%s%s%s", JS_START,
"var uriBase = \"", uri, "\";\n",
"var userid = \"", userid,
"\";\n" );
- add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
- PL_strcat(injection, JS_STOP);
+ add_authorization_data(userid, is_admin, is_operator, is_agent, &injection, &injection_size, fixed_injection);
+ safe_injection_strcat(&injection, &injection_size , JS_STOP, fixed_injection );
if ( PL_strstr( query, "op=search_admin" ) ) {
buf = getData( searchAdminTemplate, injection );
@@ -4875,7 +4948,7 @@ mod_tokendb_handler( request_rec *rq )
}
RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "search_certificate", "Success", "Tokendb user authorization");
- PR_snprintf( injection, MAX_INJECTION_SIZE,
+ PR_snprintf( injection, injection_size,
"%s%s%s%s%s%s%s", JS_START,
"var uriBase = \"", uri, "\";\n",
"var userid = \"", userid,
@@ -4883,11 +4956,11 @@ mod_tokendb_handler( request_rec *rq )
topLevel = get_field(query, "top=", SHORT_LEN);
if ((topLevel != NULL) && (PL_strstr(topLevel, "operator"))) {
- PL_strcat(injection, "var topLevel = \"operator\";\n");
+ safe_injection_strcat(&injection, &injection_size , "var topLevel = \"operator\";\n", fixed_injection );
}
do_free(topLevel);
- add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
- PL_strcat(injection, JS_STOP);
+ add_authorization_data(userid, is_admin, is_operator, is_agent, &injection, &injection_size, fixed_injection);
+ safe_injection_strcat(&injection, &injection_size , JS_STOP, fixed_injection );
buf = getData( searchCertificateTemplate, injection );
} else if( ( PL_strstr( query, "op=search" ) ) ) {
@@ -4902,7 +4975,7 @@ mod_tokendb_handler( request_rec *rq )
}
RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "search", "Success", "Tokendb user authorization");
- PR_snprintf( injection, MAX_INJECTION_SIZE,
+ PR_snprintf( injection, injection_size,
"%s%s%s%s%s%s%s", JS_START,
"var uriBase = \"", uri, "\";\n",
"var userid = \"", userid,
@@ -4910,11 +4983,11 @@ mod_tokendb_handler( request_rec *rq )
topLevel = get_field(query, "top=", SHORT_LEN);
if ((topLevel != NULL) && (PL_strstr(topLevel, "operator"))) {
- PL_strcat(injection, "var topLevel = \"operator\";\n");
+ safe_injection_strcat(&injection, &injection_size ,"var topLevel = \"operator\";\n" , fixed_injection );
}
do_free(topLevel);
- add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
- PL_strcat(injection, JS_STOP);
+ add_authorization_data(userid, is_admin, is_operator, is_agent, &injection, &injection_size, fixed_injection);
+ safe_injection_strcat(&injection, &injection_size ,JS_STOP, fixed_injection );
buf = getData( searchTemplate, injection );
} else if( ( PL_strstr( query, "op=new" ) ) ) {
@@ -4930,13 +5003,13 @@ mod_tokendb_handler( request_rec *rq )
}
RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "new", "Success", "Tokendb user authorization");
- PR_snprintf( injection, MAX_INJECTION_SIZE,
+ PR_snprintf( injection, injection_size,
"%s%s%s%s%s%s%s", JS_START,
"var uriBase = \"", uri, "\";\n",
"var userid = \"", userid,
"\";\n" );
- add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
- PL_strcat(injection, JS_STOP);
+ add_authorization_data(userid, is_admin, is_operator, is_agent, &injection,&injection_size, fixed_injection);
+ safe_injection_strcat(&injection, &injection_size ,JS_STOP , fixed_injection );
buf = getData( newTemplate,injection );
} else if ( ( PL_strstr( query, "op=add_user" ) ) ) {
@@ -4952,13 +5025,13 @@ mod_tokendb_handler( request_rec *rq )
}
RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "add_user", "Success", "Tokendb user authorization");
- PR_snprintf( injection, MAX_INJECTION_SIZE,
+ PR_snprintf( injection, injection_size,
"%s%s%s%s%s%s%s", JS_START,
"var uriBase = \"", uri, "\";\n",
"var userid = \"", userid,
"\";\n");
- add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
- PL_strcat(injection, JS_STOP);
+ add_authorization_data(userid, is_admin, is_operator, is_agent, &injection, &injection_size, fixed_injection);
+ safe_injection_strcat(&injection, &injection_size ,JS_STOP , fixed_injection );
buf = getData( newUserTemplate,injection );
@@ -4992,8 +5065,9 @@ mod_tokendb_handler( request_rec *rq )
PR_snprintf( ( char * ) configname, 256, "target.%s.displayname", ptype );
disp_conf_type = (char *) RA::GetConfigStore()->GetConfigAsString( configname );
- large_injection = (char *) PR_Malloc(PL_strlen(pvalues) + MAX_INJECTION_SIZE);
- PR_snprintf( large_injection, PL_strlen(pvalues) + MAX_INJECTION_SIZE,
+ int large_injection_size = PL_strlen(pvalues) + MAX_INJECTION_SIZE;
+ large_injection = (char *) PR_Malloc(large_injection_size);
+ PR_snprintf( large_injection, large_injection_size,
"%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", JS_START,
"var uriBase = \"", uri, "\";\n",
"var userid = \"", userid, "\";\n",
@@ -5005,8 +5079,9 @@ mod_tokendb_handler( request_rec *rq )
"var agent_must_approve = \"", agent_must_approve(ptype)? "true": "false", "\";\n",
"var conf_values= \"", pvalues, "\";\n");
- add_authorization_data(userid, is_admin, is_operator, is_agent, large_injection);
- PL_strcat(large_injection, JS_STOP);
+ add_authorization_data(userid, is_admin, is_operator, is_agent, &large_injection, &large_injection_size, NULL);
+
+ safe_injection_strcat(&large_injection, &large_injection_size ,JS_STOP , NULL);
buf = getData( confirmDeleteConfigTemplate, large_injection );
@@ -5087,7 +5162,7 @@ mod_tokendb_handler( request_rec *rq )
PR_snprintf(pLongString, 4096, "%s;;%s", configname, new_value);
RA::Audit(EV_CONFIG, AUDIT_MSG_CONFIG, userid, "Admin", "Success", oString, pLongString, "config item deleted");
- PR_snprintf( injection, MAX_INJECTION_SIZE,
+ PR_snprintf( injection, injection_size,
"%s%s%s%s%s%s%s%s%s%s%s%s%s%s", JS_START,
"var uriBase = \"", uri, "\";\n",
"var userid = \"", userid, "\";\n",
@@ -5096,8 +5171,8 @@ mod_tokendb_handler( request_rec *rq )
RA::GetConfigStore()->GetConfigAsString("target.agent_approve.list", ""), "\";\n",
"var target_list = \"", RA::GetConfigStore()->GetConfigAsString("target.configure.list", ""), "\";\n");
- add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
- PL_strcat(injection, JS_STOP);
+ add_authorization_data(userid, is_admin, is_operator, is_agent, &injection, &injection_size, fixed_injection);
+ safe_injection_strcat(&injection, &injection_size ,JS_STOP , fixed_injection );
buf = getData( indexTemplate, injection );
delete_config_parameter_cleanup:
@@ -5168,7 +5243,7 @@ mod_tokendb_handler( request_rec *rq )
PR_snprintf( ( char * ) configname, 256, "target.%s.displayname", ptype );
disp_conf_type = (char *) RA::GetConfigStore()->GetConfigAsString( configname );
- PR_snprintf( injection, MAX_INJECTION_SIZE,
+ PR_snprintf( injection, injection_size,
"%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", JS_START,
"var uriBase = \"", uri, "\";\n",
"var userid = \"", userid, "\";\n",
@@ -5177,8 +5252,8 @@ mod_tokendb_handler( request_rec *rq )
"var conf_name = \"", pname, "\";\n",
"var conf_pattern = \"", pattern, "\";\n");
- add_authorization_data(userid, is_admin, is_operator, is_agent, injection); //needed?
- PL_strcat(injection, JS_STOP);
+ add_authorization_data(userid, is_admin, is_operator, is_agent, &injection, &injection_size, fixed_injection); //needed?
+ safe_injection_strcat(&injection, &injection_size ,JS_STOP , fixed_injection );
buf = getData( addConfigTemplate, injection );
add_config_parameter_cleanup:
@@ -5256,7 +5331,7 @@ mod_tokendb_handler( request_rec *rq )
tokendbDebug(error_msg);
}
- PR_snprintf( injection, MAX_INJECTION_SIZE,
+ PR_snprintf( injection, injection_size,
"%s%s%s%s%s%s%s%s%s%s%s%s%s%s", JS_START,
"var uriBase = \"", uri, "\";\n",
"var userid = \"", userid, "\";\n",
@@ -5265,8 +5340,8 @@ mod_tokendb_handler( request_rec *rq )
RA::GetConfigStore()->GetConfigAsString("target.agent_approve.list", ""), "\";\n",
"var target_list = \"", RA::GetConfigStore()->GetConfigAsString("target.configure.list", ""), "\";\n");
- add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
- PL_strcat(injection, JS_STOP);
+ add_authorization_data(userid, is_admin, is_operator, is_agent, &injection, &injection_size, fixed_injection);
+ safe_injection_strcat(&injection, &injection_size ,JS_STOP , fixed_injection );
buf = getData( indexTemplate, injection );
agent_change_config_state_cleanup:
@@ -5303,6 +5378,7 @@ mod_tokendb_handler( request_rec *rq )
char *key_values = NULL;
char *large_injection = NULL;
+ int large_injection_size = 0;
char *escaped = NULL;
ConfigStore *store = NULL;
@@ -5340,8 +5416,9 @@ mod_tokendb_handler( request_rec *rq )
PR_snprintf( ( char * ) configname, 256, "target.%s.displayname", ptype );
disp_conf_type = (char *) RA::GetConfigStore()->GetConfigAsString( configname );
- large_injection = (char *) PR_Malloc(PL_strlen(key_values) + MAX_INJECTION_SIZE);
- PR_snprintf( large_injection, PL_strlen(key_values) + MAX_INJECTION_SIZE,
+ large_injection_size = PL_strlen(key_values) + MAX_INJECTION_SIZE;
+ large_injection = (char *) PR_Malloc(large_injection_size);
+ PR_snprintf( large_injection, large_injection_size,
"%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", JS_START,
"var uriBase = \"", uri, "\";\n",
"var userid = \"", userid, "\";\n",
@@ -5352,8 +5429,8 @@ mod_tokendb_handler( request_rec *rq )
"var conf_tstamp = \"", ptimestamp, "\";\n",
"var conf_values= \"", escaped, "\";\n");
- add_authorization_data(userid, is_admin, is_operator, is_agent, large_injection); //needed?
- PL_strcat(large_injection, JS_STOP);
+ add_authorization_data(userid, is_admin, is_operator, is_agent, &large_injection, &large_injection_size, NULL); //needed?
+ safe_injection_strcat(&large_injection, &large_injection_size ,JS_STOP , NULL );
buf = getData( agentViewConfigTemplate, large_injection );
agent_view_config_cleanup:
@@ -5397,6 +5474,7 @@ mod_tokendb_handler( request_rec *rq )
char *escaped = NULL;
ConfigStore *store = NULL;
char *large_injection = NULL;
+ int large_injection_size = 0;
char *pattern = NULL;
char *disp_conf_type = NULL;
int return_done = 0;
@@ -5432,9 +5510,10 @@ mod_tokendb_handler( request_rec *rq )
PR_snprintf( ( char * ) configname, 256, "target.%s.displayname", ptype );
disp_conf_type = (char *) RA::GetConfigStore()->GetConfigAsString( configname );
-
- large_injection = (char *) PR_Malloc(PL_strlen(key_values) + MAX_INJECTION_SIZE);
- PR_snprintf( large_injection, PL_strlen(key_values) + MAX_INJECTION_SIZE,
+
+ large_injection_size = PL_strlen(key_values) + MAX_INJECTION_SIZE;
+ large_injection = (char *) PR_Malloc(large_injection_size);
+ PR_snprintf( large_injection, large_injection_size,
"%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", JS_START,
"var uriBase = \"", uri, "\";\n",
"var userid = \"", userid, "\";\n",
@@ -5447,8 +5526,8 @@ mod_tokendb_handler( request_rec *rq )
"var conf_pattern = \"", pattern, "\";\n",
"var conf_values= \"", escaped, "\";\n");
- add_authorization_data(userid, is_admin, is_operator, is_agent, large_injection); //needed?
- PL_strcat(large_injection, JS_STOP);
+ add_authorization_data(userid, is_admin, is_operator, is_agent, &large_injection, &large_injection_size, NULL); //needed?
+ safe_injection_strcat(&large_injection, &large_injection_size ,JS_STOP , NULL );
buf = getData( editConfigTemplate, large_injection );
edit_config_parameter_cleanup:
@@ -5489,6 +5568,7 @@ mod_tokendb_handler( request_rec *rq )
char *pvalues = NULL;
char *large_injection = NULL;
+ int large_injection_size = 0;
char *pattern = NULL;
char *disp_conf_type = NULL;
int return_done = 0;
@@ -5511,9 +5591,9 @@ mod_tokendb_handler( request_rec *rq )
PR_snprintf( ( char * ) configname, 256, "target.%s.displayname", ptype );
disp_conf_type = (char *) RA::GetConfigStore()->GetConfigAsString( configname );
-
- large_injection = (char *) PR_Malloc(PL_strlen(pvalues) + MAX_INJECTION_SIZE);
- PR_snprintf( large_injection, PL_strlen(pvalues) + MAX_INJECTION_SIZE,
+ large_injection_size = PL_strlen(pvalues) + MAX_INJECTION_SIZE;
+ large_injection = (char *) PR_Malloc(large_injection_size);
+ PR_snprintf( large_injection, large_injection_size,
"%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", JS_START,
"var uriBase = \"", uri, "\";\n",
"var userid = \"", userid, "\";\n",
@@ -5526,8 +5606,8 @@ mod_tokendb_handler( request_rec *rq )
"var conf_pattern = \"", pattern, "\";\n",
"var conf_values= \"", pvalues, "\";\n");
- add_authorization_data(userid, is_admin, is_operator, is_agent, large_injection); //needed?
- PL_strcat(large_injection, JS_STOP);
+ add_authorization_data(userid, is_admin, is_operator, is_agent, &large_injection, &large_injection_size, NULL); //needed?
+ safe_injection_strcat(&large_injection, &large_injection_size ,JS_STOP , NULL );
buf = getData( editConfigTemplate, large_injection );
return_to_edit_config_parameter_cleanup:
@@ -5674,11 +5754,11 @@ mod_tokendb_handler( request_rec *rq )
disp_conf_type = (char *) RA::GetConfigStore()->GetConfigAsString( configname );
if ((PL_strlen(escaped_added_str) + PL_strlen(escaped_changed_str) + PL_strlen(escaped_deleted_str))!=0) {
- int injection_size = PL_strlen(escaped_deleted_str) + PL_strlen(escaped_pvalues) + PL_strlen(escaped_added_str) +
+ int large_injection_size = PL_strlen(escaped_deleted_str) + PL_strlen(escaped_pvalues) + PL_strlen(escaped_added_str) +
PL_strlen(escaped_changed_str) + MAX_INJECTION_SIZE;
- char * large_injection = (char *) PR_Malloc(injection_size);
+ char * large_injection = (char *) PR_Malloc(large_injection_size);
- PR_snprintf( large_injection, injection_size,
+ PR_snprintf( large_injection, large_injection_size,
"%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", JS_START,
"var uriBase = \"", uri, "\";\n",
"var userid = \"", userid, "\";\n",
@@ -5693,8 +5773,8 @@ mod_tokendb_handler( request_rec *rq )
"var conf_approval_requested = \"", (PL_strcmp(choice, "Save") == 0) ? "FALSE" : "TRUE", "\";\n",
"var deleted_str= \"", escaped_deleted_str, "\";\n");
- add_authorization_data(userid, is_admin, is_operator, is_agent, large_injection); //needed?
- PL_strcat(large_injection, JS_STOP);
+ add_authorization_data(userid, is_admin, is_operator, is_agent, &large_injection, &large_injection_size, NULL); //needed?
+ safe_injection_strcat(&large_injection, &large_injection_size ,JS_STOP , NULL );
buf = getData( confirmConfigChangesTemplate, large_injection );
@@ -5721,7 +5801,7 @@ mod_tokendb_handler( request_rec *rq )
PR_snprintf(flash, 512, "The data displayed is up-to-date. No changes need to be saved.");
}
- PR_snprintf( injection, MAX_INJECTION_SIZE,
+ PR_snprintf( injection, injection_size,
"%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", JS_START,
"var uriBase = \"", uri, "\";\n",
"var userid = \"", userid, "\";\n",
@@ -5730,8 +5810,8 @@ mod_tokendb_handler( request_rec *rq )
RA::GetConfigStore()->GetConfigAsString("target.agent_approve.list", ""), "\";\n",
"var target_list = \"", RA::GetConfigStore()->GetConfigAsString("target.configure.list", ""), "\";\n");
- add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
- PL_strcat(injection, JS_STOP);
+ add_authorization_data(userid, is_admin, is_operator, is_agent, &injection, &injection_size, fixed_injection);
+ safe_injection_strcat(&injection, &injection_size ,JS_STOP , fixed_injection );
buf = getData( indexTemplate, injection );
}
@@ -5881,7 +5961,7 @@ mod_tokendb_handler( request_rec *rq )
}
}
- PR_snprintf( injection, MAX_INJECTION_SIZE,
+ PR_snprintf( injection, injection_size,
"%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", JS_START,
"var uriBase = \"", uri, "\";\n",
"var userid = \"", userid, "\";\n",
@@ -5890,8 +5970,8 @@ mod_tokendb_handler( request_rec *rq )
RA::GetConfigStore()->GetConfigAsString("target.agent_approve.list", ""), "\";\n",
"var target_list = \"", RA::GetConfigStore()->GetConfigAsString("target.configure.list", ""), "\";\n");
- add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
- PL_strcat(injection, JS_STOP);
+ add_authorization_data(userid, is_admin, is_operator, is_agent, &injection, &injection_size, fixed_injection);
+ safe_injection_strcat(&injection, &injection_size ,JS_STOP , fixed_injection );
buf = getData( indexTemplate, injection );
save_config_changes_cleanup:
@@ -5993,17 +6073,17 @@ mod_tokendb_handler( request_rec *rq )
if ((PL_strstr( query, "op=view_activity_admin")) ||
(PL_strstr( query, "op=view_activity" ) )) {
- getActivityFilter( filter, query );
+ getActivityFilter( filter, 2048, query );
} else if( PL_strstr( query, "op=view_certificate" ) ) {
- getCertificateFilter( filter, query );
+ getCertificateFilter( filter, 2048, query );
} else if( PL_strstr( query, "op=show_certificate" ) ) {
- getCertificateFilter( filter, query );
+ getCertificateFilter( filter, 2048, query );
} else if ((PL_strstr( query, "op=view_users" ) ) ||
(PL_strstr( query, "op=user_delete_confirm")) ||
(PL_strstr( query, "op=edit_user" ) )) {
- getUserFilter( filter, query );
+ getUserFilter( filter, 2048, query );
} else {
- getFilter( filter, query );
+ getFilter( filter, 2048, query );
}
auth_filter = get_authorized_profiles(userid, is_admin);
@@ -6103,12 +6183,18 @@ mod_tokendb_handler( request_rec *rq )
size = 0;
PL_strcpy( injection, JS_START );
- PL_strcat( injection, "var userid = \"" );
- PL_strcat( injection, userid );
- PL_strcat( injection, "\";\n" );
- PL_strcat( injection, "var uriBase = \"" );
- PL_strcat( injection, uri );
- PL_strcat( injection, "\";\n" );
+
+ safe_injection_strcat(&injection, &injection_size ,"var userid = \"" , fixed_injection );
+
+ safe_injection_strcat(&injection, &injection_size , userid , fixed_injection );
+
+ safe_injection_strcat(&injection, &injection_size , "\";\n" , fixed_injection );
+
+ safe_injection_strcat(&injection, &injection_size , "var uriBase = \"" , fixed_injection );
+
+ safe_injection_strcat(&injection, &injection_size ,uri , fixed_injection );
+
+ safe_injection_strcat(&injection, &injection_size , "\";\n" , fixed_injection );
if( nEntries > 1 ) {
if( sendInPieces && PL_strstr( query, "op=view_activity_admin" ) ) {
@@ -6147,35 +6233,36 @@ mod_tokendb_handler( request_rec *rq )
}
}
- PL_strcat( injection, "var total = \"" );
+ safe_injection_strcat(&injection, &injection_size , "var total = \"" , fixed_injection );
len = PL_strlen( injection );
- PR_snprintf( &injection[len], ( MAX_INJECTION_SIZE-len ),
+ PR_snprintf( &injection[len], ( injection_size-len ),
"%d", nEntries );
- PL_strcat( injection, "\";\n" );
+ safe_injection_strcat(&injection, &injection_size , "\";\n" , fixed_injection );
} else {
if( ( vals = get_token_states() ) != NULL ) {
- PL_strcat( injection, "var tokenStates = \"" );
+ safe_injection_strcat(&injection, &injection_size , "var tokenStates = \"" , fixed_injection );
for( i = 0; vals[i] != NULL; i++ ) {
if( i > 0 ) {
- PL_strcat( injection, "," );
+ safe_injection_strcat(&injection, &injection_size , "," , fixed_injection );
}
- PL_strcat( injection, vals[i] );
+ safe_injection_strcat(&injection, &injection_size , vals[i] , fixed_injection );
}
if( i > 0 ) {
- PL_strcat( injection, "\";\n" );
+ safe_injection_strcat(&injection, &injection_size , "\";\n" , fixed_injection );
} else {
- PL_strcat( injection, "null;\n" );
+ safe_injection_strcat(&injection, &injection_size , "null;\n" , fixed_injection );
}
}
}
- PL_strcat( injection, "var results = new Array();\n" );
- PL_strcat( injection, "var item = 0;\n" );
+ safe_injection_strcat(&injection, &injection_size , "var results = new Array();\n" , fixed_injection );
+
+ safe_injection_strcat(&injection, &injection_size , "var item = 0;\n" , fixed_injection );
if( PL_strstr( query, "op=do_confirm_token" ) ) {
question = PL_strstr( query, "question=" );
@@ -6184,9 +6271,11 @@ mod_tokendb_handler( request_rec *rq )
PR_snprintf( question_no, 256, "%d", q );
- PL_strcat( injection, "var question = \"" );
- PL_strcat( injection, question_no );
- PL_strcat( injection, "\";\n" );
+ safe_injection_strcat(&injection, &injection_size , "\"" , fixed_injection );
+
+ safe_injection_strcat(&injection, &injection_size , "question_no" , fixed_injection );
+
+ safe_injection_strcat(&injection, &injection_size , "\";\n" , fixed_injection );
}
if (PL_strstr( query, "op=do_confirm_token" ) ||
@@ -6227,16 +6316,19 @@ mod_tokendb_handler( request_rec *rq )
if (PL_strstr(query, "op=edit_user") ) {
char *flash = get_field(query, "flash=", SHORT_LEN);
if (flash != NULL) {
- PL_strcat(injection, "var flash = \"");
- PL_strcat(injection, flash);
- PL_strcat(injection, "\";\n");
+
+ safe_injection_strcat(&injection, &injection_size , "\"" , fixed_injection );
+
+ safe_injection_strcat(&injection, &injection_size , flash , fixed_injection );
+
+ safe_injection_strcat(&injection, &injection_size , "\";\n" , fixed_injection );
do_free(flash);
}
PR_snprintf(msg, 256, "var num_profiles_to_display = %d ;\n", NUM_PROFILES_TO_DISPLAY);
- PL_strcat(injection, msg);
+ safe_injection_strcat(&injection, &injection_size , msg , fixed_injection );
}
- int injection_size = MAX_INJECTION_SIZE;
+ //int injection_size = MAX_INJECTION_SIZE;
/* start_entry_val is used for pagination of entries on all other pages */
int start_entry_val;
int end_entry_val;
@@ -6253,7 +6345,7 @@ mod_tokendb_handler( request_rec *rq )
if( (maxReturns > 0) && (maxReturns < nEntries)) {
PR_snprintf(msg, 256, "var limited = %d ;\n", maxReturns);
- PL_strcat( injection, msg);
+ safe_injection_strcat(&injection, &injection_size , msg , fixed_injection );
}
for( e = get_first_entry( result );
@@ -6264,29 +6356,35 @@ mod_tokendb_handler( request_rec *rq )
if ((entryNum < start_entry_val) || (entryNum >= end_entry_val)) {
if (one_time == 1) {
- PL_strcat(injection, "var my_query = \"");
- PL_strcat(injection, query);
- PL_strcat(injection, "\";\n");
+ safe_injection_strcat(&injection, &injection_size , "var my_query = \"" , fixed_injection );
+
+ safe_injection_strcat(&injection, &injection_size , query , fixed_injection );
+
+ safe_injection_strcat(&injection, &injection_size , "\";\n" , fixed_injection );
+
one_time =0;
}
// skip values not within the page range
if (entryNum == end_entry_val) {
- PL_strcat( injection, "var has_more_entries = 1;\n");
+ safe_injection_strcat(&injection, &injection_size , "var has_more_entries = 1;\n" , fixed_injection );
break;
}
continue;
}
- PL_strcat( injection, "var o = new Object();\n" );
+ safe_injection_strcat(&injection, &injection_size ,"var o = new Object();\n" , fixed_injection );
for( n = 0; attrs[n] != NULL; n++ ) {
/* Get the values of the attribute. */
if( ( bvals = get_attribute_values( e, attrs[n] ) ) != NULL ) {
int v_start =0;
int v_end = MAX_INJECTION_SIZE;
- PL_strcat( injection, "o." );
- PL_strcat( injection, attrs[n] );
- PL_strcat( injection, " = " );
+
+ safe_injection_strcat(&injection, &injection_size ,"o." , fixed_injection );
+
+ safe_injection_strcat(&injection, &injection_size , attrs[n] , fixed_injection );
+
+ safe_injection_strcat(&injection, &injection_size , " = " , fixed_injection );
if (PL_strstr(attrs[n], PROFILE_ID)) {
v_start = start_val;
@@ -6295,15 +6393,15 @@ mod_tokendb_handler( request_rec *rq )
for( i = v_start; (bvals[i] != NULL) && (i < v_end); i++ ) {
if( i > start_val ) {
- PL_strcat( injection, "#" );
+ safe_injection_strcat(&injection, &injection_size , "#" , fixed_injection );
} else {
- PL_strcat( injection, "\"" );
+ safe_injection_strcat(&injection, &injection_size ,"\"" , fixed_injection );
}
// make sure to escape any special characters
if (bvals[i]->bv_val != NULL) {
char *escaped = escapeSpecialChars(bvals[i]->bv_val);
- PL_strcat( injection, escaped );
+ safe_injection_strcat(&injection, &injection_size ,escaped , fixed_injection );
if (escaped != NULL) {
PL_strfree(escaped);
}
@@ -6311,9 +6409,9 @@ mod_tokendb_handler( request_rec *rq )
}
if( i > v_start ) {
- PL_strcat( injection, "\";\n" );
+ safe_injection_strcat(&injection, &injection_size ,"\";\n" , fixed_injection );
} else {
- PL_strcat( injection, "null;\n" );
+ safe_injection_strcat(&injection, &injection_size ,"null;\n" , fixed_injection );
}
if ((PL_strcmp(attrs[n], TOKEN_STATUS)==0) && show_token_ui_state && valid_berval(bvals)) {
@@ -6326,13 +6424,13 @@ mod_tokendb_handler( request_rec *rq )
if (PL_strstr(attrs[n], PROFILE_ID)) {
if (bvals[i] != NULL) {
- PL_strcat( injection, "var has_more_profile_vals = \"true\";\n");
+ safe_injection_strcat(&injection, &injection_size ,"var has_more_profile_vals = \"true\";\n" , fixed_injection );
} else {
- PL_strcat( injection, "var has_more_profile_vals = \"false\";\n");
+ safe_injection_strcat(&injection, &injection_size ,"var has_more_profile_vals = \"false\";\n" , fixed_injection );
}
PR_snprintf(msg, 256, "var start_val = %d ;\n var end_val = %d ;\n",
start_val, i);
- PL_strcat( injection, msg);
+ safe_injection_strcat(&injection, &injection_size ,msg , fixed_injection );
}
/* Free the attribute values from memory when done. */
@@ -6343,19 +6441,15 @@ mod_tokendb_handler( request_rec *rq )
}
}
- PL_strcat( injection, "results[item++] = o;\n" );
-
- if (check_injection_size(&injection, &injection_size, fixed_injection) != 0) {
- // failed to allocate more space to injection, truncating output
- break;
- }
+ safe_injection_strcat(&injection, &injection_size ,"results[item++] = o;\n" , fixed_injection );
if( first_pass == 1 && nEntries > 1 && sendPieces == 0 ) {
first_pass=0;
PR_snprintf(msg, 256, "var start_entry_val = %d ; \nvar num_entries_per_page= %d ; \n",
start_entry_val, NUM_ENTRIES_PER_PAGE);
- PL_strcat( injection, msg);
+
+ safe_injection_strcat(&injection, &injection_size ,msg , fixed_injection );
}
if( sendPieces ) {
@@ -6397,19 +6491,19 @@ mod_tokendb_handler( request_rec *rq )
}
}
if (officer) {
- PL_strcat( injection, "var operator = \"CHECKED\"\n");
+ safe_injection_strcat(&injection, &injection_size, "var operator = \"CHECKED\"\n" , fixed_injection );
} else {
- PL_strcat( injection, "var operator = \"\"\n");
+ safe_injection_strcat(&injection, &injection_size ,"var operator = \"\"\n" , fixed_injection );
}
if (agent) {
- PL_strcat( injection, "var agent = \"CHECKED\"\n");
+ safe_injection_strcat(&injection, &injection_size ,"var agent = \"CHECKED\"\n" , fixed_injection );
} else {
- PL_strcat( injection, "var agent = \"\"\n");
+ safe_injection_strcat(&injection, &injection_size ,"var agent = \"\"\n" , fixed_injection );
}
if (admin) {
- PL_strcat( injection, "var admin = \"CHECKED\"\n");
+ safe_injection_strcat(&injection, &injection_size ,"var admin = \"CHECKED\"\n" , fixed_injection );
} else {
- PL_strcat( injection, "var admin = \"\"\n");
+ safe_injection_strcat(&injection, &injection_size ,"var admin = \"\"\n" , fixed_injection );
}
if( result != NULL ) {
@@ -6429,47 +6523,49 @@ mod_tokendb_handler( request_rec *rq )
char *pList = PL_strdup(profileList);
char *sresult = NULL;
-
- PL_strcat( injection, "var profile_list = new Array(");
+ safe_injection_strcat(&injection, &injection_size ,"var profile_list = new Array(" , fixed_injection );
sresult = strtok(pList, ",");
n_profiles++;
while (sresult != NULL) {
n_profiles++;
l_profiles += PL_strlen(sresult);
if ((n_profiles > NUM_PROFILES_TO_DISPLAY) || (l_profiles > MAX_LEN_PROFILES_TO_DISPLAY)) {
- PL_strcat(injection, "\"Other Profiles\",");
+ safe_injection_strcat(&injection, &injection_size ,"\"Other Profiles\"," , fixed_injection );
more_profiles = true;
break;
}
- PL_strcat(injection, "\"");
- PL_strcat(injection, sresult);
- PL_strcat(injection, "\",");
+ safe_injection_strcat(&injection, &injection_size ,"\"" , fixed_injection );
+
+ safe_injection_strcat(&injection, &injection_size ,sresult , fixed_injection );
+
+ safe_injection_strcat(&injection, &injection_size ,"\"," , fixed_injection );
sresult = strtok(NULL, ",");
}
do_free(pList);
- PL_strcat(injection, "\"All Profiles\")\n");
+ safe_injection_strcat(&injection, &injection_size ,"\"All Profiles\")\n" , fixed_injection );
+
if (more_profiles) {
- PL_strcat(injection, "var more_profiles=\"true\";\n");
+ safe_injection_strcat(&injection, &injection_size ,"var more_profiles=\"true\";\n" , fixed_injection );
} else {
- PL_strcat(injection, "var more_profiles=\"false\";\n");
+ safe_injection_strcat(&injection, &injection_size ,"var more_profiles=\"false\";\n" , fixed_injection );
}
}
}
topLevel = get_field(query, "top=", SHORT_LEN);
if ((topLevel != NULL) && (PL_strstr(topLevel, "operator"))) {
- PL_strcat(injection, "var topLevel = \"operator\";\n");
+ safe_injection_strcat(&injection, &injection_size ,"var topLevel = \"operator\";\n", fixed_injection );
}
do_free(topLevel);
/* populate the authorized token transitions */
if (show_token_ui_state) {
token_ui_state = get_token_ui_state(tokenStatus, tokenReason);
- add_allowed_token_transitions(token_ui_state, injection);
+ add_allowed_token_transitions(token_ui_state, injection, injection_size);
}
- add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
- PL_strcat( injection, JS_STOP );
+ add_authorization_data(userid, is_admin, is_operator, is_agent, &injection, &injection_size, fixed_injection);
+ safe_injection_strcat(&injection, &injection_size ,JS_STOP, fixed_injection );
if( sendPieces ) {
( void ) ap_rwrite( ( const void * ) injection,
@@ -6640,7 +6736,7 @@ mod_tokendb_handler( request_rec *rq )
if ((test_user != NULL) && (strcmp(test_user, uid) == 0)) {
// cert did not change
} else {
- if (strlen(pLongString) > 0) PL_strcat(pLongString, "+");
+ if (strlen(pLongString) > 0) PL_strncat(pLongString, "+", 4096);
PR_snprintf(pLongString, 4096, "%suserCertificate;;%s", pLongString, userCert);
}
@@ -6805,7 +6901,7 @@ mod_tokendb_handler( request_rec *rq )
}
RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "save", "Success", "Tokendb user authorization");
- getCN( filter, query );
+ getCN( filter, 512, query );
mNum = parse_modification_number( query );
mods = getModifications( query );
@@ -6825,11 +6921,11 @@ mod_tokendb_handler( request_rec *rq )
PR_snprintf(pLongString, 4096, "");
int first_item = 1;
for (cc = 0; mods[cc] != NULL; cc++) {
- if (! first_item) PL_strcat(pLongString, "+");
+ if (! first_item) PL_strncat(pLongString, "+",4096);
if (mods[cc]->mod_type != NULL) {
- PL_strcat(pLongString, mods[cc]->mod_type);
- PL_strcat(pLongString, ";;");
- PL_strcat(pLongString, *mods[cc]->mod_values);
+ PL_strncat(pLongString, mods[cc]->mod_type, 4096);
+ PL_strncat(pLongString, ";;", 4096);
+ PL_strncat(pLongString, *mods[cc]->mod_values, 4096);
first_item =0;
}
}
@@ -6853,13 +6949,13 @@ mod_tokendb_handler( request_rec *rq )
RA::tdb_activity(rq->connection->client_ip, cuid, "save", "success",
msg, cuidUserId, tokenType);
- PR_snprintf( injection, MAX_INJECTION_SIZE,
+ PR_snprintf( injection, injection_size,
"%s%s%s%s%s%s%s%s%s%s", JS_START,
"var uriBase = \"", uri, "\";\n",
"var userid = \"", userid, "\";\n",
"var tid = \"", filter, "\";\n");
- add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
- PL_strcat(injection, JS_STOP);
+ add_authorization_data(userid, is_admin, is_operator, is_agent, &injection, &injection_size, fixed_injection);
+ safe_injection_strcat(&injection, &injection_size, JS_STOP, fixed_injection );
buf = getData( editResultTemplate, injection );
@@ -6961,14 +7057,14 @@ mod_tokendb_handler( request_rec *rq )
PR_snprintf(oString, 512, "uid;;%s", uid);
RA::Audit(EV_CONFIG_ROLE, AUDIT_MSG_CONFIG, userid, "Admin", "success", oString, "", "tokendb user deleted");
- PR_snprintf( injection, MAX_INJECTION_SIZE,
+ PR_snprintf( injection, injection_size,
"%s%s%s%s%s%s%s%s%s%s%s", JS_START,
"var uriBase = \"", uri, "\";\n",
"var userid = \"", userid, "\";\n",
"var tid = \"", uid, "\";\n",
"var deleteType = \"user\";\n");
- add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
- PL_strcat(injection, JS_STOP);
+ add_authorization_data(userid, is_admin, is_operator, is_agent, &injection, &injection_size, fixed_injection);
+ safe_injection_strcat(&injection, &injection_size ,JS_STOP, fixed_injection );
do_free(uid);
@@ -7118,14 +7214,14 @@ mod_tokendb_handler( request_rec *rq )
do_free(opAgent);
do_free(userCert);
- PR_snprintf( injection, MAX_INJECTION_SIZE,
+ PR_snprintf( injection, injection_size,
"%s%s%s%s%s%s%s%s%s%s%s", JS_START,
"var uriBase = \"", uri, "\";\n",
"var userid = \"", userid, "\";\n",
"var tid = \"", uid, "\";\n",
"var addType = \"user\";\n");
- add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
- PL_strcat(injection, JS_STOP);
+ add_authorization_data(userid, is_admin, is_operator, is_agent, &injection, &injection_size, fixed_injection);
+ safe_injection_strcat(&injection, &injection_size ,JS_STOP, fixed_injection );
do_free(uid);
@@ -7144,7 +7240,7 @@ mod_tokendb_handler( request_rec *rq )
}
RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "add", "Success", "Tokendb user authorization");
- getCN( filter, query );
+ getCN( filter, 512, query );
if (m_processor.GetTokenType(OP_PREFIX, 0, 0, filter, (const char*) NULL, (NameValueSet*) NULL,
token_type_status, tokentype)) {
@@ -7181,15 +7277,14 @@ mod_tokendb_handler( request_rec *rq )
"'%s' has created new token", userid);
RA::tdb_activity(rq->connection->client_ip, filter, "add", "token", msg, "success", tokenType);
- PR_snprintf( injection, MAX_INJECTION_SIZE,
+ PR_snprintf( injection,injection_size,
"%s%s%s%s%s%s%s%s%s%s%s", JS_START,
"var uriBase = \"", uri, "\";\n",
"var userid = \"", userid, "\";\n",
"var tid = \"", filter, "\";\n",
"var addType = \"token\";\n");
- add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
- PL_strcat(injection, JS_STOP);
-
+ add_authorization_data(userid, is_admin, is_operator, is_agent, &injection, &injection_size, fixed_injection);
+ safe_injection_strcat(&injection, &injection_size ,JS_STOP, fixed_injection );
buf = getData( addResultTemplate, injection );
} else if( PL_strstr( query, "op=delete" ) ) {
@@ -7207,7 +7302,7 @@ mod_tokendb_handler( request_rec *rq )
}
RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "delete", "Success", "Tokendb user authorization");
- getCN( filter, query );
+ getCN( filter, 512, query );
if (m_processor.GetTokenType(OP_PREFIX, 0, 0, filter, (const char*) NULL, (NameValueSet*) NULL,
token_type_status, tokentype)) {
@@ -7236,14 +7331,14 @@ mod_tokendb_handler( request_rec *rq )
RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Admin", "Success", oString, "", "token record deleted");
- PR_snprintf( injection, MAX_INJECTION_SIZE,
+ PR_snprintf( injection, injection_size,
"%s%s%s%s%s%s%s%s%s%s%s", JS_START,
"var uriBase = \"", uri, "\";\n",
"var userid = \"", userid, "\";\n",
"var tid = \"", filter, "\";\n",
"var deleteType = \"token\";\n");
- add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
- PL_strcat(injection, JS_STOP);
+ add_authorization_data(userid, is_admin, is_operator, is_agent, &injection, &injection_size, fixed_injection);
+ safe_injection_strcat(&injection, &injection_size ,JS_STOP, fixed_injection );
buf = getData( deleteResultTemplate, injection );
} else if ( PL_strstr( query, "op=audit_admin") ) {
@@ -7260,7 +7355,7 @@ mod_tokendb_handler( request_rec *rq )
}
RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "audit_admin", "Success", "Tokendb user authorization");
- PR_snprintf (injection, MAX_INJECTION_SIZE,
+ PR_snprintf (injection, injection_size,
"%s%s%s%s%s%s%s%s%s%s%s%s%s%s%d%s%s%d%s%s%s%s%s%s%s%s%s%s", JS_START,
"var uriBase = \"", uri, "\";\n",
"var userid = \"", userid, "\";\n",
@@ -7284,14 +7379,16 @@ mod_tokendb_handler( request_rec *rq )
char *flash = get_field(query, "flash=", SHORT_LEN);
if (flash != NULL) {
- PL_strcat(injection, "var flash = \"");
- PL_strcat(injection, flash);
- PL_strcat(injection, "\";\n");
+ safe_injection_strcat(&injection, &injection_size ,"var flash = \"", fixed_injection );
+
+ safe_injection_strcat(&injection, &injection_size ,flash, fixed_injection );
+
+ safe_injection_strcat(&injection, &injection_size ,"\";\n", fixed_injection );
do_free(flash);
}
- add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
- PL_strcat(injection, JS_STOP);
+ add_authorization_data(userid, is_admin, is_operator, is_agent, &injection, &injection_size,fixed_injection);
+ safe_injection_strcat(&injection, &injection_size ,JS_STOP, fixed_injection );
buf = getData(auditAdminTemplate, injection);
} else if (PL_strstr( query, "op=update_audit_admin") ) {
tokendbDebug( "authorization for op=audit_admin\n" );
@@ -7331,8 +7428,8 @@ mod_tokendb_handler( request_rec *rq )
if (o_signing != n_signing) {
PR_snprintf(pString, 512, "logging.audit.logSigning;;%s", (n_signing)? "true":"false");
if (o_enable != n_enable) {
- PL_strcat(pString, "+logging.audit.enable;;");
- PL_strcat(pString, (n_enable)? "true" : "false");
+ PL_strncat(pString, "+logging.audit.enable;;", 512);
+ PL_strncat(pString, (n_enable)? "true" : "false", 512);
}
} else {
PR_snprintf(pString, 512, "logging.audit.enable;;%s", (n_enable)? "true":"false");
@@ -7407,10 +7504,10 @@ mod_tokendb_handler( request_rec *rq )
char *event = get_post_field(post, e_name, SHORT_LEN);
if ((event != NULL) && RA::IsValidEvent(event)) {
if (first_match != 1) {
- PL_strcat(new_selected, ",");
+ PL_strncat(new_selected, ",", MAX_INJECTION_SIZE);
}
first_match = 0;
- PL_strcat(new_selected, event);
+ PL_strncat(new_selected, event, MAX_INJECTION_SIZE);
}
do_free(event);
}
@@ -7462,7 +7559,7 @@ mod_tokendb_handler( request_rec *rq )
}
RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "self_test", "Success", "Tokendb user authorization");
- PR_snprintf (injection, MAX_INJECTION_SIZE,
+ PR_snprintf (injection, injection_size,
"%s%s%s%s%s%s%s%s%d%s%s%d%s", JS_START,
"var uriBase = \"", uri, "\";\n",
"var userid = \"", userid, "\";\n",
@@ -7470,20 +7567,23 @@ mod_tokendb_handler( request_rec *rq )
"var critical = ", SelfTest::isOnDemandCritical(), ";\n");
if (SelfTest::nTests > 0)
- PL_strcat(injection, "var test_list = [");
+ safe_injection_strcat(&injection, &injection_size ,"var test_list = [", fixed_injection );
for (int i = 0; i < SelfTest::nTests; i++) {
RA::Debug( "mod_tokendb::mod_tokendb_handler", "test name: %s", SelfTest::TEST_NAMES[i]);
if (i > 0)
- PL_strcat(injection, ", ");
- PL_strcat(injection, "\"");
- PL_strcat(injection, SelfTest::TEST_NAMES[i]);
- PL_strcat(injection, "\"");
+ safe_injection_strcat(&injection, &injection_size ,", ", fixed_injection );
+
+ safe_injection_strcat(&injection, &injection_size ,"\"", fixed_injection );
+
+ safe_injection_strcat(&injection, &injection_size , (char *) SelfTest::TEST_NAMES[i], fixed_injection );
+
+ safe_injection_strcat(&injection, &injection_size ,"\"", fixed_injection );
}
if (SelfTest::nTests > 0)
- PL_strcat(injection, "];\n");
+ safe_injection_strcat(&injection, &injection_size ,"];\n", fixed_injection );
- add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
- PL_strcat(injection, JS_STOP);
+ add_authorization_data(userid, is_admin, is_operator, is_agent, &injection, &injection_size, fixed_injection);
+ safe_injection_strcat(&injection, &injection_size ,JS_STOP, fixed_injection );
buf = getData(selfTestTemplate, injection);
} else if ( PL_strstr( query, "op=run_self_test" ) ) {
tokendbDebug( "authorization for run_self_test\n" );
@@ -7501,7 +7601,7 @@ mod_tokendb_handler( request_rec *rq )
rc = SelfTest::runOnDemandSelfTests();
- PR_snprintf( injection, MAX_INJECTION_SIZE,
+ PR_snprintf( injection, injection_size,
"%s%s%s%s%s%s%s%s%d%s%s%d%s", JS_START,
"var uriBase = \"", uri, "\";\n",
"var userid = \"", userid, "\";\n",
@@ -7509,20 +7609,23 @@ mod_tokendb_handler( request_rec *rq )
"var result = \"", rc, "\";\n");
if (SelfTest::nTests > 0)
- PL_strcat(injection, "var test_list = [");
+ safe_injection_strcat(&injection, &injection_size , "var test_list = [", fixed_injection );
for (int i = 0; i < SelfTest::nTests; i++) {
RA::Debug( "mod_tokendb::mod_tokendb_handler", "test name: %s", SelfTest::TEST_NAMES[i]);
if (i > 0)
- PL_strcat(injection, ", ");
- PL_strcat(injection, "\"");
- PL_strcat(injection, SelfTest::TEST_NAMES[i]);
- PL_strcat(injection, "\"");
+ safe_injection_strcat(&injection, &injection_size ,", ", fixed_injection );
+
+ safe_injection_strcat(&injection, &injection_size ,"\"", fixed_injection );
+
+ safe_injection_strcat(&injection, &injection_size , (char *) SelfTest::TEST_NAMES[i], fixed_injection );
+
+ safe_injection_strcat(&injection, &injection_size ,"\"", fixed_injection );
}
if (SelfTest::nTests > 0)
- PL_strcat(injection, "];\n");
+ safe_injection_strcat(&injection, &injection_size , "];\n", fixed_injection );
- add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
- PL_strcat(injection, JS_STOP);
+ add_authorization_data(userid, is_admin, is_operator, is_agent, &injection, &injection_size, fixed_injection);
+ safe_injection_strcat(&injection, &injection_size ,JS_STOP, fixed_injection );
buf = getData( selfTestResultsTemplate, injection );
} else if( ( PL_strstr( query, "op=agent_select_config" ) ) ) {
@@ -7565,7 +7668,7 @@ mod_tokendb_handler( request_rec *rq )
PR_snprintf( ( char * ) configname, 256, "target.%s.displayname", conf_type );
disp_conf_type = (char *) RA::GetConfigStore()->GetConfigAsString( configname );
- PR_snprintf( injection, MAX_INJECTION_SIZE,
+ PR_snprintf( injection, injection_size,
"%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", JS_START,
"var uriBase = \"", uri, "\";\n",
"var userid = \"", userid, "\";\n",
@@ -7574,8 +7677,8 @@ mod_tokendb_handler( request_rec *rq )
"var conf_list = \"", (conf_list != NULL)? conf_list : "", "\";\n");
do_free(conf_type);
- add_authorization_data(userid, is_admin, is_operator, is_agent, injection); //needed?
- PL_strcat(injection, JS_STOP);
+ add_authorization_data(userid, is_admin, is_operator, is_agent, &injection, &injection_size, fixed_injection); //needed?
+ safe_injection_strcat(&injection, &injection_size ,JS_STOP, fixed_injection );
buf = getData( agentSelectConfigTemplate, injection );
} else if( ( PL_strstr( query, "op=select_config_parameter" ) ) ) {
@@ -7608,7 +7711,7 @@ mod_tokendb_handler( request_rec *rq )
PR_snprintf( ( char * ) configname, 256, "target.%s.displayname", conf_type );
const char *disp_conf_type = (char *) RA::GetConfigStore()->GetConfigAsString( configname );
- PR_snprintf( injection, MAX_INJECTION_SIZE,
+ PR_snprintf( injection, injection_size,
"%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", JS_START,
"var uriBase = \"", uri, "\";\n",
"var userid = \"", userid, "\";\n",
@@ -7618,8 +7721,8 @@ mod_tokendb_handler( request_rec *rq )
do_free(conf_type);
// do_free(conf_list);
- add_authorization_data(userid, is_admin, is_operator, is_agent, injection); //needed?
- PL_strcat(injection, JS_STOP);
+ add_authorization_data(userid, is_admin, is_operator, is_agent, &injection, &injection_size, fixed_injection); //needed?
+ safe_injection_strcat(&injection, &injection_size ,JS_STOP, fixed_injection );
buf = getData( selectConfigTemplate, injection );
}
diff --git a/base/tps/src/processor/RA_Processor.cpp b/base/tps/src/processor/RA_Processor.cpp
index 5395d82..435e628 100644
--- a/base/tps/src/processor/RA_Processor.cpp
+++ b/base/tps/src/processor/RA_Processor.cpp
@@ -3144,9 +3144,12 @@ locale),
int defKeyIndex = RA::GetConfigStore()->GetConfigAsInt(configname, 0x0);
channel = SetupSecureChannel(session, 0x00,
defKeyIndex /* default key index */, connid);
- rc = channel->ExternalAuthenticate();
+
if (channel != NULL) {
char issuer[224];
+
+ rc = channel->ExternalAuthenticate();
+
for (int i = 0; i < 224; i++) {
issuer[i] = 0;
}
diff --git a/base/tps/src/tus/tus_db.c b/base/tps/src/tus/tus_db.c
index 9ae4514..0fb9e36 100644
--- a/base/tps/src/tus/tus_db.c
+++ b/base/tps/src/tus/tus_db.c
@@ -3718,6 +3718,8 @@ struct berval **get_attribute_values(LDAPMessage *entry, const char *attribute)
c++;
}
ret = (struct berval **) malloc ((sizeof (struct berval *) * c) + 1);
+
+ ret = (struct berval **) calloc (sizeof (struct berval *), (c + 1));
for (i=0; i< c; i++) {
ret[i] = (struct berval *) malloc(sizeof(struct berval));
}