[GNUnet-SVN] r37790 - gnunet/src/identity-provider

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] r37790 - gnunet/src/identity-provider

From:	gnunet
Subject:	[GNUnet-SVN] r37790 - gnunet/src/identity-provider
Date:	Fri, 26 Aug 2016 13:55:54 +0200

Author: grothoff
Date: 2016-08-26 13:55:54 +0200 (Fri, 26 Aug 2016)
New Revision: 37790

Modified:
   gnunet/src/identity-provider/gnunet-identity-token.c
Log:
fix double free, bad use of strtok

Modified: gnunet/src/identity-provider/gnunet-identity-token.c
===================================================================
--- gnunet/src/identity-provider/gnunet-identity-token.c        2016-08-26 
11:38:34 UTC (rev 37789)
+++ gnunet/src/identity-provider/gnunet-identity-token.c        2016-08-26 
11:55:54 UTC (rev 37790)
@@ -1,3 +1,29 @@
+/*
+   This file is part of GNUnet.
+   Copyright (C) 2012-2015 GNUnet e.V.
+
+   GNUnet is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published
+   by the Free Software Foundation; either version 3, or (at your
+   option) any later version.
+
+   GNUnet is distributed in the hope that it will be useful, but
+   WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with GNUnet; see the file COPYING.  If not, write to the
+   Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+   Boston, MA 02110-1301, USA.
+   */
+/**
+ * @author Martin Schanzenbach
+ * @file src/identity-provider/gnunet-service-identity-provider.c
+ * @brief Identity Token Service
+ *
+ */
+
 #include "platform.h"
 #include "gnunet_util_lib.h"
 #include <jansson.h>
@@ -19,14 +45,14 @@
      const char *cfgfile,
      const struct GNUNET_CONFIGURATION_Handle *c)
 {
-  char* payload;
-  char* header;
+  char *payload;
+  char *header;
   //Get token parts
-  char* header_b64 = strtok (token, ".");
-  char* payload_b64 = strtok(NULL, ".");
-  char* signature_b32 = strtok(NULL, ".");
-  const char* keystring;
-  char* data;
+  const char *header_b64;
+  const char *payload_b64;
+  const char *signature_b32;
+  const char *keystring;
+  char *data;
   json_t *payload_json;
   json_t *keystring_json;
   json_error_t error;
@@ -33,11 +59,28 @@
   struct GNUNET_CRYPTO_EcdsaPublicKey key;
   struct GNUNET_CRYPTO_EccSignaturePurpose *purpose;
   struct GNUNET_CRYPTO_EcdsaSignature sig;
-  
-  GNUNET_assert (NULL != header_b64);
-  GNUNET_assert (NULL != payload_b64);
-  GNUNET_assert (NULL != signature_b32);
-  
+
+  if (NULL == token)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
+                _("Option `-t' is required\n"));
+    return;
+  }
+  header_b64 = strtok (token, ".");
+  payload_b64 = strtok (NULL, ".");
+  signature_b32 = strtok (NULL, ".");
+  if ( (NULL != header_b64) ||
+       (NULL != payload_b64) ||
+       (NULL != signature_b32) )
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
+                _("Token `%s' is malformed\n"),
+                token);
+    GNUNET_free (token);
+    token = NULL;
+    return;
+  }
+
   //Decode payload
   GNUNET_STRINGS_base64_decode (payload_b64,
                                 strlen (payload_b64),
@@ -46,10 +89,8 @@
   GNUNET_STRINGS_base64_decode (header_b64,
                                 strlen (header_b64),
                                 &header);
-  if (NULL == token)
-    return;
-  
 
+
   GNUNET_asprintf(&data,
                   "%s,%s",
                   header_b64,
@@ -60,14 +101,14 @@
   purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN);
   GNUNET_memcpy (&purpose[1], data, strlen(data));
   GNUNET_free (data);
-  GNUNET_free (header_b64);
-  GNUNET_free (header_b64);
+  GNUNET_free (token);
+  token = NULL;
 
   if (print_token)
     printf ("Token:\nHeader:\t\t%s\nPayload:\t%s\n", header, payload);
   GNUNET_free (header);
   GNUNET_free (payload);
-  
+
   payload_json = json_loads (payload, 0, &error);
   if ((NULL == payload_json) || !json_is_object (payload_json))
   {
@@ -92,10 +133,10 @@
                                 strlen (signature_b32),
                                 &sig,
                                 sizeof (struct GNUNET_CRYPTO_EcdsaSignature));
-  
-  if (print_token) 
+
+  if (print_token)
     printf ("Signature:\t%s\n", keystring);
-  
+
   if (GNUNET_OK != 
GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN,
                                               purpose,
                                               &sig,
@@ -106,6 +147,8 @@
   GNUNET_free (val);
   return;
 }
+
+
 int
 main(int argc, char *const argv[])
 {
@@ -123,5 +166,3 @@
                              "ct", options,
                              &run, NULL);
 }
-
-

[Prev in Thread]

Current Thread

[Next in Thread]

[GNUnet-SVN] r37790 - gnunet/src/identity-provider, gnunet <=

Prev by Date: [GNUnet-SVN] r37792 - in gnunet/src: cadet include
Next by Date: [GNUnet-SVN] r37788 - gnunet/src/set
Previous by thread: [GNUnet-SVN] r37792 - in gnunet/src: cadet include
Next by thread: [GNUnet-SVN] r37788 - gnunet/src/set
Index(es):
- Date
- Thread