[GNUnet-SVN] [gnunet] branch master updated: fixes

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] [gnunet] branch master updated: fixes

From:	gnunet
Subject:	[GNUnet-SVN] [gnunet] branch master updated: fixes
Date:	Sat, 27 Apr 2019 08:37:50 +0200

This is an automated email from the git hooks/post-receive script.

martin-schanzenbach pushed a commit to branch master
in repository gnunet.

The following commit(s) were added to refs/heads/master by this push:
     new 9f4ff53b1 fixes
9f4ff53b1 is described below

commit 9f4ff53b108ebb7048414d6b5ab966db4b772a09
Author: Schanzenbach, Martin <address@hidden>
AuthorDate: Sat Apr 27 08:37:36 2019 +0200

    fixes
---
 src/reclaim/oidc_helper.c | 70 ++++++++++++++++++++++++++++-------------------
 1 file changed, 42 insertions(+), 28 deletions(-)

diff --git a/src/reclaim/oidc_helper.c b/src/reclaim/oidc_helper.c
index 82f01b755..11641e166 100644
--- a/src/reclaim/oidc_helper.c
+++ b/src/reclaim/oidc_helper.c
@@ -111,12 +111,14 @@ OIDC_id_token_new (const struct 
GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
   // auth_time only if max_age
   // nonce only if nonce
   // OPTIONAL acr,amr,azp
-  subject = GNUNET_STRINGS_data_to_string_alloc (
-    sub_key,
-    sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
-  audience = GNUNET_STRINGS_data_to_string_alloc (
-    aud_key,
-    sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
+  subject =
+    GNUNET_STRINGS_data_to_string_alloc (sub_key,
+                                         sizeof (struct
+                                                 
GNUNET_CRYPTO_EcdsaPublicKey));
+  audience =
+    GNUNET_STRINGS_data_to_string_alloc (aud_key,
+                                         sizeof (struct
+                                                 
GNUNET_CRYPTO_EcdsaPublicKey));
   header = create_jwt_header ();
   body = json_object ();
 
@@ -315,7 +317,6 @@ OIDC_build_authz_code (const struct 
GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
   size_t code_payload_len;
   unsigned int nonce;
   unsigned int nonce_tmp;
-  struct GNUNET_CRYPTO_EcdsaSignature signature;
   struct GNUNET_CRYPTO_EccSignaturePurpose *purpose;
 
   attrs_ser = NULL;
@@ -329,7 +330,8 @@ OIDC_build_authz_code (const struct 
GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
     GNUNET_RECLAIM_ATTRIBUTE_list_serialize (attrs, attrs_ser);
   }
   code_payload_len = sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
-                     signature_payload_len + sizeof (signature);
+                     signature_payload_len +
+                     sizeof (struct GNUNET_CRYPTO_EcdsaSignature);
   code_payload = GNUNET_malloc (code_payload_len);
   purpose = (struct GNUNET_CRYPTO_EccSignaturePurpose *) code_payload;
   purpose->size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
@@ -346,8 +348,7 @@ OIDC_build_authz_code (const struct 
GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
     if ((1 != SSCANF (nonce_str, "%u", &nonce)) || (nonce > UINT32_MAX))
     {
       GNUNET_break (0);
-      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-                  "Invalid nonce %s\n", nonce_str);
+      GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Invalid nonce %s\n", nonce_str);
       GNUNET_free (code_payload);
       GNUNET_free_non_null (attrs_ser);
       return NULL;
@@ -362,16 +363,18 @@ OIDC_build_authz_code (const struct 
GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
     memcpy (buf_ptr, attrs_ser, attr_list_len);
     buf_ptr += attr_list_len;
   }
-  if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_sign (issuer, purpose, &signature))
+  if (GNUNET_SYSERR ==
+      GNUNET_CRYPTO_ecdsa_sign (issuer,
+                                purpose,
+                                (struct GNUNET_CRYPTO_EcdsaSignature *)
+                                  buf_ptr))
   {
     GNUNET_break (0);
-    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-                "Unable to sign code\n");
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Unable to sign code\n");
     GNUNET_free (code_payload);
     GNUNET_free_non_null (attrs_ser);
     return NULL;
   }
-  memcpy (buf_ptr, &signature, sizeof (signature));
   code_str = base64_encode ((const char *) &code_payload, code_payload_len);
   GNUNET_free (code_payload);
   GNUNET_free_non_null (attrs_ser);
@@ -399,7 +402,6 @@ OIDC_parse_authz_code (const struct 
GNUNET_CRYPTO_EcdsaPublicKey *audience,
                        char **nonce_str)
 {
   char *code_payload;
-  char *attrs_ser;
   char *ptr;
   struct GNUNET_CRYPTO_EccSignaturePurpose *purpose;
   struct GNUNET_CRYPTO_EcdsaSignature *signature;
@@ -408,25 +410,37 @@ OIDC_parse_authz_code (const struct 
GNUNET_CRYPTO_EcdsaPublicKey *audience,
   size_t signature_offset;
   unsigned int nonce;
 
-  GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-              "Trying to decode `%s'", code);
+  GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Trying to decode `%s'", code);
   code_payload = NULL;
   code_payload_len =
     GNUNET_STRINGS_base64_decode (code, strlen (code), (void **) 
&code_payload);
+
+  if (code_payload_len < sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
+                           sizeof (struct GNUNET_RECLAIM_Ticket) +
+                           sizeof (unsigned int) +
+                           sizeof (struct GNUNET_CRYPTO_EcdsaSignature))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Authorization code malformed\n");
+    GNUNET_free_non_null (code_payload);
+    return GNUNET_SYSERR;
+  }
+
   purpose = (struct GNUNET_CRYPTO_EccSignaturePurpose *) code_payload;
   attrs_ser_len = code_payload_len;
   attrs_ser_len -= sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose);
-  *ticket = *((struct GNUNET_RECLAIM_Ticket *) &purpose[1]);
+  ptr = (char *) &purpose[1];
+  *ticket = *((struct GNUNET_RECLAIM_Ticket *) ptr);
   attrs_ser_len -= sizeof (struct GNUNET_RECLAIM_Ticket);
-  nonce = ntohs (*((unsigned int *) &ticket[1]));
+  ptr += sizeof (struct GNUNET_RECLAIM_Ticket);
+  nonce = ntohs (*((unsigned int *) ptr));
   attrs_ser_len -= sizeof (unsigned int);
-  ptr = code_payload;
+  ptr += sizeof (unsigned int);
+  attrs_ser_len -= sizeof (struct GNUNET_CRYPTO_EcdsaSignature);
+  *attrs = GNUNET_RECLAIM_ATTRIBUTE_list_deserialize (ptr, attrs_ser_len);
   signature_offset =
     code_payload_len - sizeof (struct GNUNET_CRYPTO_EcdsaSignature);
-  signature = (struct GNUNET_CRYPTO_EcdsaSignature *) &ptr[signature_offset];
-  attrs_ser_len -= sizeof (struct GNUNET_CRYPTO_EcdsaSignature);
-  attrs_ser = ((char *) &ticket[1]) + sizeof (unsigned int);
-  *attrs = GNUNET_RECLAIM_ATTRIBUTE_list_deserialize (attrs_ser, 
attrs_ser_len);
+  signature =
+    (struct GNUNET_CRYPTO_EcdsaSignature *) &code_payload[signature_offset];
   if (0 != GNUNET_memcmp (audience, &ticket->audience))
   {
     GNUNET_RECLAIM_ATTRIBUTE_list_destroy (*attrs);
@@ -477,10 +491,10 @@ OIDC_build_token_response (const char *access_token,
   GNUNET_assert (NULL != expiration_time);
   json_object_set_new (root_json, "access_token", json_string (access_token));
   json_object_set_new (root_json, "token_type", json_string ("Bearer"));
-  json_object_set_new (
-    root_json,
-    "expires_in",
-    json_integer (expiration_time->rel_value_us / (1000 * 1000)));
+  json_object_set_new (root_json,
+                       "expires_in",
+                       json_integer (expiration_time->rel_value_us /
+                                     (1000 * 1000)));
   json_object_set_new (root_json, "id_token", json_string (id_token));
   *token_response = json_dumps (root_json, JSON_INDENT (0) | JSON_COMPACT);
   json_decref (root_json);

-- 
To stop receiving notification emails like this one, please contact
address@hidden

[Prev in Thread]

Current Thread

[Next in Thread]

[GNUnet-SVN] [gnunet] branch master updated: fixes, gnunet <=

Prev by Date: [GNUnet-SVN] [gnunet] branch master updated: bump version requirement for MHD to 0.9.63
Next by Date: [GNUnet-SVN] [gnunet] branch master updated: fix corruption
Previous by thread: [GNUnet-SVN] [gnunet] branch master updated: bump version requirement for MHD to 0.9.63
Next by thread: [GNUnet-SVN] [gnunet] branch master updated: fix corruption
Index(es):
- Date
- Thread