[GNUnet-SVN] [gnunet] branch master updated: ensure ticket contains clie

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] [gnunet] branch master updated: ensure ticket contains clie

From:	gnunet
Subject:	[GNUnet-SVN] [gnunet] branch master updated: ensure ticket contains client id
Date:	Sun, 22 Jul 2018 18:01:52 +0200

This is an automated email from the git hooks/post-receive script.

martin-schanzenbach pushed a commit to branch master
in repository gnunet.

The following commit(s) were added to refs/heads/master by this push:
     new 8b67e9b5f ensure ticket contains client id
8b67e9b5f is described below

commit 8b67e9b5f905ff80ee73300bbb278c00e36b9bca
Author: Schanzenbach, Martin <address@hidden>
AuthorDate: Sun Jul 22 18:01:50 2018 +0200

    ensure ticket contains client id
---
 src/reclaim/plugin_rest_openid_connect.c | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/src/reclaim/plugin_rest_openid_connect.c 
b/src/reclaim/plugin_rest_openid_connect.c
index a2d32e126..876e221b5 100644
--- a/src/reclaim/plugin_rest_openid_connect.c
+++ b/src/reclaim/plugin_rest_openid_connect.c
@@ -795,7 +795,8 @@ oidc_iteration_error (void *cls)
 }
 
 static int
-parse_authz_code (const char* code,
+parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *audience,
+                  const char* code,
                   struct GNUNET_RECLAIM_Ticket **ticket,
                   char **nonce)
 {
@@ -868,6 +869,19 @@ parse_authz_code (const char* code,
   memcpy (*ticket,
           &purpose[1],
           sizeof (struct GNUNET_RECLAIM_Ticket));
+  if (0 != memcmp (audience,
+                   &(*ticket)->audience,
+                   sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)))
+  {
+    GNUNET_free (purpose);
+    GNUNET_free (*ticket);
+    json_decref (code_json);
+    *ticket = NULL;
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Audience in ticket does not match client!\n");
+    return GNUNET_SYSERR;
+
+  }
   if (NULL != nonce_str)
     memcpy (&purpose[1] + sizeof (struct GNUNET_RECLAIM_Ticket),
             nonce_str,
@@ -1669,8 +1683,14 @@ token_endpoint (struct GNUNET_REST_RequestHandle 
*con_handle,
   }
 
   //decode code
+  struct GNUNET_CRYPTO_EcdsaPublicKey cid;
+  GNUNET_STRINGS_string_to_data (client_id,
+                                 strlen(client_id),
+                                 &cid,
+                                 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
   struct GNUNET_RECLAIM_Ticket *ticket;
-  if(GNUNET_OK != parse_authz_code (code,
+  if(GNUNET_OK != parse_authz_code (&cid,
+                                    code,
                                     &ticket,
                                     &nonce))
   {

-- 
To stop receiving notification emails like this one, please contact
address@hidden

[Prev in Thread]

Current Thread

[Next in Thread]

[GNUnet-SVN] [gnunet] branch master updated: ensure ticket contains client id, gnunet <=

Prev by Date: [GNUnet-SVN] [gnunet] branch master updated: add signature check to token endpoint
Next by Date: [GNUnet-SVN] [gnunet] branch master updated: cleanup
Previous by thread: [GNUnet-SVN] [gnunet] branch master updated: add signature check to token endpoint
Next by thread: [GNUnet-SVN] [gnunet] branch master updated: cleanup
Index(es):
- Date
- Thread