LCOV - code coverage report
Current view: top level - source4/heimdal/lib/gssapi/krb5 - decapsulate.c (source / functions) Hit Total Coverage
Test: coverage report for abartlet/fix-coverage dd10fb34 Lines: 54 75 72.0 %
Date: 2021-09-23 10:06:22 Functions: 5 6 83.3 %

          Line data    Source code
       1             : /*
       2             :  * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
       3             :  * (Royal Institute of Technology, Stockholm, Sweden).
       4             :  * All rights reserved.
       5             :  *
       6             :  * Redistribution and use in source and binary forms, with or without
       7             :  * modification, are permitted provided that the following conditions
       8             :  * are met:
       9             :  *
      10             :  * 1. Redistributions of source code must retain the above copyright
      11             :  *    notice, this list of conditions and the following disclaimer.
      12             :  *
      13             :  * 2. Redistributions in binary form must reproduce the above copyright
      14             :  *    notice, this list of conditions and the following disclaimer in the
      15             :  *    documentation and/or other materials provided with the distribution.
      16             :  *
      17             :  * 3. Neither the name of the Institute nor the names of its contributors
      18             :  *    may be used to endorse or promote products derived from this software
      19             :  *    without specific prior written permission.
      20             :  *
      21             :  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
      22             :  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
      23             :  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
      24             :  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
      25             :  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
      26             :  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
      27             :  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
      28             :  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
      29             :  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
      30             :  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
      31             :  * SUCH DAMAGE.
      32             :  */
      33             : 
      34             : #include "gsskrb5_locl.h"
      35             : 
      36             : /*
      37             :  * return the length of the mechanism in token or -1
      38             :  * (which implies that the token was bad - GSS_S_DEFECTIVE_TOKEN
      39             :  */
      40             : 
      41             : ssize_t
      42      115442 : _gsskrb5_get_mech (const u_char *ptr,
      43             :                       size_t total_len,
      44             :                       const u_char **mech_ret)
      45             : {
      46             :     size_t len, len_len, mech_len, foo;
      47      115442 :     const u_char *p = ptr;
      48             :     int e;
      49             : 
      50      115442 :     if (total_len < 1)
      51           0 :         return -1;
      52      115442 :     if (*p++ != 0x60)
      53       28025 :         return -1;
      54       87321 :     e = der_get_length (p, total_len - 1, &len, &len_len);
      55       87321 :     if (e || 1 + len_len + len != total_len)
      56           0 :         return -1;
      57       87321 :     p += len_len;
      58       87321 :     if (*p++ != 0x06)
      59           0 :         return -1;
      60       87321 :     e = der_get_length (p, total_len - 1 - len_len - 1,
      61             :                         &mech_len, &foo);
      62       87321 :     if (e)
      63           0 :         return -1;
      64       87321 :     p += foo;
      65       87321 :     *mech_ret = p;
      66       87321 :     return mech_len;
      67             : }
      68             : 
      69             : OM_uint32
      70      115442 : _gssapi_verify_mech_header(u_char **str,
      71             :                            size_t total_len,
      72             :                            gss_OID mech)
      73             : {
      74             :     const u_char *p;
      75             :     ssize_t mech_len;
      76             : 
      77      115442 :     mech_len = _gsskrb5_get_mech (*str, total_len, &p);
      78      115442 :     if (mech_len < 0)
      79       28025 :         return GSS_S_DEFECTIVE_TOKEN;
      80             : 
      81       87321 :     if (mech_len != mech->length)
      82           0 :         return GSS_S_BAD_MECH;
      83      174642 :     if (ct_memcmp(p,
      84       87321 :                   mech->elements,
      85       86037 :                   mech->length) != 0)
      86           0 :         return GSS_S_BAD_MECH;
      87       87321 :     p += mech_len;
      88       87321 :     *str = rk_UNCONST(p);
      89       87321 :     return GSS_S_COMPLETE;
      90             : }
      91             : 
      92             : OM_uint32
      93       68772 : _gsskrb5_verify_header(u_char **str,
      94             :                           size_t total_len,
      95             :                           const void *type,
      96             :                           gss_OID oid)
      97             : {
      98             :     OM_uint32 ret;
      99             :     size_t len;
     100       68772 :     u_char *p = *str;
     101             : 
     102       68772 :     ret = _gssapi_verify_mech_header(str, total_len, oid);
     103       68772 :     if (ret)
     104       28025 :         return ret;
     105             : 
     106       40651 :     len = total_len - (*str - p);
     107             : 
     108       40651 :     if (len < 2)
     109           0 :         return GSS_S_DEFECTIVE_TOKEN;
     110             : 
     111       40651 :     if (ct_memcmp (*str, type, 2) != 0)
     112           0 :         return GSS_S_DEFECTIVE_TOKEN;
     113       40651 :     *str += 2;
     114             : 
     115       40651 :     return 0;
     116             : }
     117             : 
     118             : /*
     119             :  * Remove the GSS-API wrapping from `in_token' giving `out_data.
     120             :  * Does not copy data, so just free `in_token'.
     121             :  */
     122             : 
     123             : OM_uint32
     124           0 : _gssapi_decapsulate(
     125             :     OM_uint32 *minor_status,
     126             :     gss_buffer_t input_token_buffer,
     127             :     krb5_data *out_data,
     128             :     const gss_OID mech
     129             : )
     130             : {
     131             :     u_char *p;
     132             :     OM_uint32 ret;
     133             : 
     134           0 :     p = input_token_buffer->value;
     135           0 :     ret = _gssapi_verify_mech_header(&p,
     136             :                                     input_token_buffer->length,
     137             :                                     mech);
     138           0 :     if (ret) {
     139           0 :         *minor_status = 0;
     140           0 :         return ret;
     141             :     }
     142             : 
     143           0 :     out_data->length = input_token_buffer->length -
     144           0 :         (p - (u_char *)input_token_buffer->value);
     145           0 :     out_data->data   = p;
     146           0 :     return GSS_S_COMPLETE;
     147             : }
     148             : 
     149             : /*
     150             :  * Remove the GSS-API wrapping from `in_token' giving `out_data.
     151             :  * Does not copy data, so just free `in_token'.
     152             :  */
     153             : 
     154             : OM_uint32
     155       61628 : _gsskrb5_decapsulate(OM_uint32 *minor_status,
     156             :                         gss_buffer_t input_token_buffer,
     157             :                         krb5_data *out_data,
     158             :                         const void *type,
     159             :                         gss_OID oid)
     160             : {
     161             :     u_char *p;
     162             :     OM_uint32 ret;
     163             : 
     164       61628 :     p = input_token_buffer->value;
     165       61628 :     ret = _gsskrb5_verify_header(&p,
     166             :                                     input_token_buffer->length,
     167             :                                     type,
     168             :                                     oid);
     169       61628 :     if (ret) {
     170       28121 :         *minor_status = 0;
     171       28121 :         return ret;
     172             :     }
     173             : 
     174       67014 :     out_data->length = input_token_buffer->length -
     175       33507 :         (p - (u_char *)input_token_buffer->value);
     176       33507 :     out_data->data   = p;
     177       33507 :     return GSS_S_COMPLETE;
     178             : }
     179             : 
     180             : /*
     181             :  * Verify padding of a gss wrapped message and return its length.
     182             :  */
     183             : 
     184             : OM_uint32
     185       37715 : _gssapi_verify_pad(gss_buffer_t wrapped_token,
     186             :                    size_t datalen,
     187             :                    size_t *padlen)
     188             : {
     189             :     u_char *pad;
     190             :     size_t padlength;
     191             :     int i;
     192             : 
     193       37715 :     if (wrapped_token->length < 1)
     194           0 :         return GSS_S_BAD_MECH;
     195             : 
     196       37715 :     pad = (u_char *)wrapped_token->value + wrapped_token->length - 1;
     197       37715 :     padlength = *pad;
     198             : 
     199       37715 :     if (padlength > datalen)
     200           0 :         return GSS_S_BAD_MECH;
     201             : 
     202       37715 :     for (i = padlength; i > 0 && *pad == padlength; i--, pad--)
     203             :         ;
     204       37715 :     if (i != 0)
     205           0 :         return GSS_S_BAD_MIC;
     206             : 
     207       37715 :     *padlen = padlength;
     208             : 
     209       37715 :     return 0;
     210             : }

Generated by: LCOV version 1.13