Mercurial > hg > freeDiameter
changeset 577:9dae8bc2d04a
Fix user name verification in EAP-TLS plugin
author | Souheil Ben Ayed <souheil@tera.ics.keio.ac.jp> |
---|---|
date | Wed, 20 Oct 2010 15:37:49 +0900 |
parents | 294c568bec00 |
children | 7c9a00bfd115 |
files | extensions/app_diameap/diameap_mysql.c extensions/app_diameap/diameap_server.c extensions/app_diameap/plugins/eap_identity/eap_identity.c extensions/app_diameap/plugins/eap_tls/eap_tls.c |
diffstat | 4 files changed, 14 insertions(+), 14 deletions(-) [+] |
line wrap: on
line diff
--- a/extensions/app_diameap/diameap_mysql.c Fri Oct 08 16:03:31 2010 +0900 +++ b/extensions/app_diameap/diameap_mysql.c Wed Oct 20 15:37:49 2010 +0900 @@ -82,11 +82,11 @@ { user->id = atoi(row[0]); - CHECK_MALLOC(user->userid=malloc(strlen(row[1]))); - memcpy(user->userid,row[1],strlen(row[1])); + CHECK_MALLOC(user->userid=malloc(strlen(row[1])+1)); + memcpy(user->userid,row[1],strlen(row[1])+1); user->useridLength = strlen(row[1]); - CHECK_MALLOC(user->password=malloc(strlen(row[2]))); - memcpy(user->password, row[2],strlen(row[2])); + CHECK_MALLOC(user->password=malloc(strlen(row[2])+1)); + memcpy(user->password, row[2],strlen(row[2])+1); user->passwordLength = strlen(row[2]); user->proposed_eap_method = atoi(row[3]); user->proposed_eap_method_vendor = atoi(row[4]);
--- a/extensions/app_diameap/diameap_server.c Fri Oct 08 16:03:31 2010 +0900 +++ b/extensions/app_diameap/diameap_server.c Wed Oct 20 15:37:49 2010 +0900 @@ -160,8 +160,8 @@ { diameap_sm->eap_sm.user.useridLength = diameap_sess_data->user.useridLength; - CHECK_MALLOC(diameap_sm->eap_sm.user.userid= malloc(diameap_sm->eap_sm.user.useridLength)); - U8COPY(diameap_sm->eap_sm.user.userid,0,diameap_sm->eap_sm.user.useridLength,diameap_sess_data->user.userid); + CHECK_MALLOC(diameap_sm->eap_sm.user.userid= malloc(diameap_sm->eap_sm.user.useridLength+1)); + U8COPY(diameap_sm->eap_sm.user.userid,0,diameap_sm->eap_sm.user.useridLength+1,diameap_sess_data->user.userid); free(diameap_sess_data->user.userid); diameap_sess_data->user.userid = NULL; @@ -178,8 +178,8 @@ { diameap_sm->eap_sm.user.passwordLength = diameap_sess_data->user.passwordLength; - CHECK_MALLOC(diameap_sm->eap_sm.user.password = malloc(diameap_sm->eap_sm.user.passwordLength)); - U8COPY(diameap_sm->eap_sm.user.password,0,diameap_sm->eap_sm.user.passwordLength, diameap_sess_data->user.password); + CHECK_MALLOC(diameap_sm->eap_sm.user.password = malloc(diameap_sm->eap_sm.user.passwordLength+1)); + U8COPY(diameap_sm->eap_sm.user.password,0,diameap_sm->eap_sm.user.passwordLength+1, diameap_sess_data->user.password); free(diameap_sess_data->user.password); diameap_sess_data->user.password = NULL; } @@ -1032,8 +1032,8 @@ { diameap_sess_data->user.useridLength = diameap_sm->eap_sm.user.useridLength; - CHECK_MALLOC(diameap_sess_data->user.userid= malloc(diameap_sess_data->user.useridLength)); - U8COPY(diameap_sess_data->user.userid,0,diameap_sess_data->user.useridLength,diameap_sm->eap_sm.user.userid); + CHECK_MALLOC(diameap_sess_data->user.userid= malloc(diameap_sess_data->user.useridLength+1)); + U8COPY(diameap_sess_data->user.userid,0,diameap_sess_data->user.useridLength+1,diameap_sm->eap_sm.user.userid); free(diameap_sm->eap_sm.user.userid); diameap_sm->eap_sm.user.userid = NULL; @@ -1049,8 +1049,8 @@ { diameap_sess_data->user.passwordLength = diameap_sm->eap_sm.user.passwordLength; - CHECK_MALLOC(diameap_sess_data->user.password = malloc(diameap_sess_data->user.passwordLength)); - U8COPY(diameap_sess_data->user.password,0,diameap_sess_data->user.passwordLength,diameap_sm->eap_sm.user.password); + CHECK_MALLOC(diameap_sess_data->user.password = malloc(diameap_sess_data->user.passwordLength+1)); + U8COPY(diameap_sess_data->user.password,0,diameap_sess_data->user.passwordLength+1,diameap_sm->eap_sm.user.password); free(diameap_sm->eap_sm.user.password); diameap_sm->eap_sm.user.password = NULL; }
--- a/extensions/app_diameap/plugins/eap_identity/eap_identity.c Fri Oct 08 16:03:31 2010 +0900 +++ b/extensions/app_diameap/plugins/eap_identity/eap_identity.c Wed Oct 20 15:37:49 2010 +0900 @@ -140,7 +140,7 @@ if(check_user_identity == FALSE){ ret=diameap_get_eap_user(&(smd->user),"Default User"); CHECK_MALLOC_DO(smd->user.userid=realloc(smd->user.userid,strlen(user)+1),{ret = 1; goto next;}); - memcpy(smd->user.userid,user,strlen(user)); + memcpy(smd->user.userid,user,strlen(user)+1); smd->user.useridLength = strlen(user); } else { ret=diameap_get_eap_user(&(smd->user),user);
--- a/extensions/app_diameap/plugins/eap_tls/eap_tls.c Fri Oct 08 16:03:31 2010 +0900 +++ b/extensions/app_diameap/plugins/eap_tls/eap_tls.c Wed Oct 20 15:37:49 2010 +0900 @@ -219,7 +219,7 @@ TRACE_DEBUG(NONE,"%s[EAP TLS plugin] [GnuTLS] error get dn by oid",DIAMEAP_EXTENSION); goto failure;}); - if(strcmp((char *)smd->user.userid,buff)!=0){ + if(strncmp((char *)smd->user.userid,buff,smd->user.useridLength)!=0){ goto failure; }