replace strlen() calls with strnlen() and appropriate maximums

lib/fko_decode.c

@@ -44,8 +44,12 @@ fko_decode_spa_data(fko_ctx_t ctx)
 
     /* Check for required data.
     */
-    if(ctx->encoded_msg == NULL
-      || strlen(ctx->encoded_msg) < MIN_SPA_ENCODED_MSG_SIZE)
+    if(ctx->encoded_msg == NULL || strnlen(ctx->encoded_msg,
+            MAX_SPA_ENCODED_MSG_SIZE) < MIN_SPA_ENCODED_MSG_SIZE)
+        return(FKO_ERROR_INVALID_DATA);
+
+    if(strnlen(ctx->encoded_msg,
+            MAX_SPA_ENCODED_MSG_SIZE) == MAX_SPA_ENCODED_MSG_SIZE)
         return(FKO_ERROR_INVALID_DATA);
 
     /* Make sure there are enough fields in the SPA packet

lib/fko_encode.c

@@ -80,16 +80,16 @@ fko_encode_spa_data(fko_ctx_t ctx)
      *             (at leaset expand the error reporting for the missing
      *             data).
     */
-    if(  ctx->username == NULL || strlen(ctx->username) == 0
-      || ctx->version  == NULL || strlen(ctx->version)  == 0
-      || ctx->message  == NULL || strlen(ctx->message)  == 0)
+    if(  ctx->username == NULL || strnlen(ctx->username, MAX_SPA_USERNAME_SIZE) == 0
+      || ctx->version  == NULL || strnlen(ctx->version, MAX_SPA_VERSION_SIZE)  == 0
+      || ctx->message  == NULL || strnlen(ctx->message, MAX_SPA_MESSAGE_SIZE)  == 0)
     {
         return(FKO_ERROR_INCOMPLETE_SPA_DATA);
     }
 
     if(ctx->message_type == FKO_NAT_ACCESS_MSG)
     {
-        if(ctx->nat_access == NULL || strlen(ctx->nat_access) == 0)
+        if(ctx->nat_access == NULL || strnlen(ctx->nat_access, MAX_SPA_MESSAGE_SIZE) == 0)
             return(FKO_ERROR_INCOMPLETE_SPA_DATA);
     }
 

lib/fko_funcs.c

@@ -335,7 +335,8 @@ fko_get_spa_data(fko_ctx_t ctx, char **spa_data)
 
     /* We expect to have encrypted data to process.  If not, we bail.
     */
-    if(ctx->encrypted_msg == NULL || (strlen(ctx->encrypted_msg) < 1))
+    if(ctx->encrypted_msg == NULL
+            || (strnlen(ctx->encrypted_msg, MAX_SPA_ENCRYPTED_SIZE) < 1))
         return(FKO_ERROR_MISSING_ENCODED_DATA);
 
     *spa_data = ctx->encrypted_msg;

lib/fko_limits.h

@@ -35,6 +35,8 @@
 
 /* Define some limits (--DSS XXX: These sizes need to be reviewed)
 */
+#define MAX_SPA_ENCRYPTED_SIZE     1500
+#define MAX_SPA_CMD_LEN            1400
 #define MAX_SPA_USERNAME_SIZE        64
 #define MAX_SPA_MESSAGE_SIZE        256
 #define MAX_SPA_NAT_ACCESS_SIZE     128
@@ -44,6 +46,7 @@
 #define MAX_SPA_MESSAGE_TYPE_SIZE     2
 
 #define MIN_SPA_ENCODED_MSG_SIZE     36 /* Somewhat arbitrary */
+#define MAX_SPA_ENCODED_MSG_SIZE       MAX_SPA_ENCRYPTED_SIZE
 #define MIN_GNUPG_MSG_SIZE          400
 #define MIN_SPA_FIELDS                6
 #define MAX_SPA_FIELDS               10

lib/fko_message.c

@@ -152,8 +152,10 @@ validate_cmd_msg(const char *msg)
 {
     const char   *ndx;
     int     res         = FKO_SUCCESS;
-    int     startlen    = strlen(msg);
+    int     startlen    = strnlen(msg, MAX_SPA_CMD_LEN);
 
+    if(startlen == MAX_SPA_CMD_LEN)
+        return(FKO_ERROR_INVALID_DATA);
 
     /* Should have a valid allow IP.
     */
@@ -176,7 +178,10 @@ validate_access_msg(const char *msg)
 {
     const char   *ndx;
     int     res         = FKO_SUCCESS;
-    int     startlen    = strlen(msg);
+    int     startlen    = strnlen(msg, MAX_SPA_MESSAGE_SIZE);
+
+    if(startlen == MAX_SPA_MESSAGE_SIZE)
+        return(FKO_ERROR_INVALID_DATA);
 
     /* Should have a valid allow IP.
     */
@@ -203,10 +208,12 @@ validate_access_msg(const char *msg)
 int
 validate_proto_port_spec(const char *msg)
 {
-    int     startlen    = strlen(msg);
-
+    int     startlen    = strnlen(msg, MAX_SPA_MESSAGE_SIZE);
     const char   *ndx   = msg;
 
+    if(startlen == MAX_SPA_MESSAGE_SIZE)
+        return(FKO_ERROR_INVALID_DATA);
+
     /* Now check for proto/port string.  Currenly we only allow protos
      * 'tcp', 'udp', and 'icmp'.
     */

lib/fko_nat_access.c

@@ -43,13 +43,13 @@ fko_set_spa_nat_access(fko_ctx_t ctx, const char *msg)
 
     /* Gotta have a valid string.
     */
-    if(msg == NULL || strlen(msg) == 0)
+    if(msg == NULL || strnlen(msg, MAX_SPA_NAT_ACCESS_SIZE) == 0)
         return(FKO_ERROR_INVALID_DATA);
 
     /* --DSS XXX: Bail out for now.  But consider just
      *            truncating in the future...
     */
-    if(strlen(msg) > MAX_SPA_NAT_ACCESS_SIZE)
+    if(strnlen(msg, MAX_SPA_NAT_ACCESS_SIZE) == MAX_SPA_NAT_ACCESS_SIZE)
         return(FKO_ERROR_DATA_TOO_LARGE);
 
     /* Just in case this is a subsquent call to this function.  We

lib/fko_rand_value.c

@@ -69,7 +69,7 @@ fko_set_rand_value(fko_ctx_t ctx, const char *new_val)
     */
     if(new_val != NULL)
     {
-        if(strlen(new_val) != FKO_RAND_VAL_SIZE)
+        if(strnlen(new_val, FKO_RAND_VAL_SIZE+1) != FKO_RAND_VAL_SIZE)
             return(FKO_ERROR_INVALID_DATA);
 
         ctx->rand_val = strdup(new_val);
@@ -121,7 +121,7 @@ fko_set_rand_value(fko_ctx_t ctx, const char *new_val)
 
     sprintf(ctx->rand_val, "%u", rand());
 
-    while(strlen(ctx->rand_val) < FKO_RAND_VAL_SIZE)
+    while(strnlen(ctx->rand_val, FKO_RAND_VAL_SIZE+1) < FKO_RAND_VAL_SIZE)
     {
         sprintf(tmp_buf, "%u", rand());
         strlcat(ctx->rand_val, tmp_buf, FKO_RAND_VAL_SIZE+1);

lib/fko_server_auth.c

@@ -50,13 +50,13 @@ fko_set_spa_server_auth(fko_ctx_t ctx, const char *msg)
 
     /* Gotta have a valid string.
     */
-    if(msg == NULL || strlen(msg) == 0)
+    if(msg == NULL || strnlen(msg, MAX_SPA_SERVER_AUTH_SIZE) == 0)
         return(FKO_ERROR_INVALID_DATA);
 
     /* --DSS XXX: Bail out for now.  But consider just
      *            truncating in the future...
     */
-    if(strlen(msg) > MAX_SPA_SERVER_AUTH_SIZE)
+    if(strnlen(msg, MAX_SPA_SERVER_AUTH_SIZE) == MAX_SPA_SERVER_AUTH_SIZE)
         return(FKO_ERROR_DATA_TOO_LARGE);
 
     /* --DSS TODO: ???