diff --git a/lib/fko_decode.c b/lib/fko_decode.c index 5b3b7e73..6dfc14d6 100644 --- a/lib/fko_decode.c +++ b/lib/fko_decode.c @@ -44,8 +44,12 @@ fko_decode_spa_data(fko_ctx_t ctx) /* Check for required data. */ - if(ctx->encoded_msg == NULL - || strlen(ctx->encoded_msg) < MIN_SPA_ENCODED_MSG_SIZE) + if(ctx->encoded_msg == NULL || strnlen(ctx->encoded_msg, + MAX_SPA_ENCODED_MSG_SIZE) < MIN_SPA_ENCODED_MSG_SIZE) + return(FKO_ERROR_INVALID_DATA); + + if(strnlen(ctx->encoded_msg, + MAX_SPA_ENCODED_MSG_SIZE) == MAX_SPA_ENCODED_MSG_SIZE) return(FKO_ERROR_INVALID_DATA); /* Make sure there are enough fields in the SPA packet diff --git a/lib/fko_encode.c b/lib/fko_encode.c index a24c0918..b0f09d4b 100644 --- a/lib/fko_encode.c +++ b/lib/fko_encode.c @@ -80,16 +80,16 @@ fko_encode_spa_data(fko_ctx_t ctx) * (at leaset expand the error reporting for the missing * data). */ - if( ctx->username == NULL || strlen(ctx->username) == 0 - || ctx->version == NULL || strlen(ctx->version) == 0 - || ctx->message == NULL || strlen(ctx->message) == 0) + if( ctx->username == NULL || strnlen(ctx->username, MAX_SPA_USERNAME_SIZE) == 0 + || ctx->version == NULL || strnlen(ctx->version, MAX_SPA_VERSION_SIZE) == 0 + || ctx->message == NULL || strnlen(ctx->message, MAX_SPA_MESSAGE_SIZE) == 0) { return(FKO_ERROR_INCOMPLETE_SPA_DATA); } if(ctx->message_type == FKO_NAT_ACCESS_MSG) { - if(ctx->nat_access == NULL || strlen(ctx->nat_access) == 0) + if(ctx->nat_access == NULL || strnlen(ctx->nat_access, MAX_SPA_MESSAGE_SIZE) == 0) return(FKO_ERROR_INCOMPLETE_SPA_DATA); } diff --git a/lib/fko_funcs.c b/lib/fko_funcs.c index 5ea4f644..51f7e299 100644 --- a/lib/fko_funcs.c +++ b/lib/fko_funcs.c @@ -335,7 +335,8 @@ fko_get_spa_data(fko_ctx_t ctx, char **spa_data) /* We expect to have encrypted data to process. If not, we bail. */ - if(ctx->encrypted_msg == NULL || (strlen(ctx->encrypted_msg) < 1)) + if(ctx->encrypted_msg == NULL + || (strnlen(ctx->encrypted_msg, MAX_SPA_ENCRYPTED_SIZE) < 1)) return(FKO_ERROR_MISSING_ENCODED_DATA); *spa_data = ctx->encrypted_msg; diff --git a/lib/fko_limits.h b/lib/fko_limits.h index 1eeba5fb..7efba4b3 100644 --- a/lib/fko_limits.h +++ b/lib/fko_limits.h @@ -35,6 +35,8 @@ /* Define some limits (--DSS XXX: These sizes need to be reviewed) */ +#define MAX_SPA_ENCRYPTED_SIZE 1500 +#define MAX_SPA_CMD_LEN 1400 #define MAX_SPA_USERNAME_SIZE 64 #define MAX_SPA_MESSAGE_SIZE 256 #define MAX_SPA_NAT_ACCESS_SIZE 128 @@ -44,6 +46,7 @@ #define MAX_SPA_MESSAGE_TYPE_SIZE 2 #define MIN_SPA_ENCODED_MSG_SIZE 36 /* Somewhat arbitrary */ +#define MAX_SPA_ENCODED_MSG_SIZE MAX_SPA_ENCRYPTED_SIZE #define MIN_GNUPG_MSG_SIZE 400 #define MIN_SPA_FIELDS 6 #define MAX_SPA_FIELDS 10 diff --git a/lib/fko_message.c b/lib/fko_message.c index 1a9051ac..061bb738 100644 --- a/lib/fko_message.c +++ b/lib/fko_message.c @@ -152,8 +152,10 @@ validate_cmd_msg(const char *msg) { const char *ndx; int res = FKO_SUCCESS; - int startlen = strlen(msg); + int startlen = strnlen(msg, MAX_SPA_CMD_LEN); + if(startlen == MAX_SPA_CMD_LEN) + return(FKO_ERROR_INVALID_DATA); /* Should have a valid allow IP. */ @@ -176,7 +178,10 @@ validate_access_msg(const char *msg) { const char *ndx; int res = FKO_SUCCESS; - int startlen = strlen(msg); + int startlen = strnlen(msg, MAX_SPA_MESSAGE_SIZE); + + if(startlen == MAX_SPA_MESSAGE_SIZE) + return(FKO_ERROR_INVALID_DATA); /* Should have a valid allow IP. */ @@ -203,10 +208,12 @@ validate_access_msg(const char *msg) int validate_proto_port_spec(const char *msg) { - int startlen = strlen(msg); - + int startlen = strnlen(msg, MAX_SPA_MESSAGE_SIZE); const char *ndx = msg; + if(startlen == MAX_SPA_MESSAGE_SIZE) + return(FKO_ERROR_INVALID_DATA); + /* Now check for proto/port string. Currenly we only allow protos * 'tcp', 'udp', and 'icmp'. */ diff --git a/lib/fko_nat_access.c b/lib/fko_nat_access.c index 42959ef5..bea731a5 100644 --- a/lib/fko_nat_access.c +++ b/lib/fko_nat_access.c @@ -43,13 +43,13 @@ fko_set_spa_nat_access(fko_ctx_t ctx, const char *msg) /* Gotta have a valid string. */ - if(msg == NULL || strlen(msg) == 0) + if(msg == NULL || strnlen(msg, MAX_SPA_NAT_ACCESS_SIZE) == 0) return(FKO_ERROR_INVALID_DATA); /* --DSS XXX: Bail out for now. But consider just * truncating in the future... */ - if(strlen(msg) > MAX_SPA_NAT_ACCESS_SIZE) + if(strnlen(msg, MAX_SPA_NAT_ACCESS_SIZE) == MAX_SPA_NAT_ACCESS_SIZE) return(FKO_ERROR_DATA_TOO_LARGE); /* Just in case this is a subsquent call to this function. We diff --git a/lib/fko_rand_value.c b/lib/fko_rand_value.c index 25380a1e..78619137 100644 --- a/lib/fko_rand_value.c +++ b/lib/fko_rand_value.c @@ -69,7 +69,7 @@ fko_set_rand_value(fko_ctx_t ctx, const char *new_val) */ if(new_val != NULL) { - if(strlen(new_val) != FKO_RAND_VAL_SIZE) + if(strnlen(new_val, FKO_RAND_VAL_SIZE+1) != FKO_RAND_VAL_SIZE) return(FKO_ERROR_INVALID_DATA); ctx->rand_val = strdup(new_val); @@ -121,7 +121,7 @@ fko_set_rand_value(fko_ctx_t ctx, const char *new_val) sprintf(ctx->rand_val, "%u", rand()); - while(strlen(ctx->rand_val) < FKO_RAND_VAL_SIZE) + while(strnlen(ctx->rand_val, FKO_RAND_VAL_SIZE+1) < FKO_RAND_VAL_SIZE) { sprintf(tmp_buf, "%u", rand()); strlcat(ctx->rand_val, tmp_buf, FKO_RAND_VAL_SIZE+1); diff --git a/lib/fko_server_auth.c b/lib/fko_server_auth.c index 435c5b18..51c1c880 100644 --- a/lib/fko_server_auth.c +++ b/lib/fko_server_auth.c @@ -50,13 +50,13 @@ fko_set_spa_server_auth(fko_ctx_t ctx, const char *msg) /* Gotta have a valid string. */ - if(msg == NULL || strlen(msg) == 0) + if(msg == NULL || strnlen(msg, MAX_SPA_SERVER_AUTH_SIZE) == 0) return(FKO_ERROR_INVALID_DATA); /* --DSS XXX: Bail out for now. But consider just * truncating in the future... */ - if(strlen(msg) > MAX_SPA_SERVER_AUTH_SIZE) + if(strnlen(msg, MAX_SPA_SERVER_AUTH_SIZE) == MAX_SPA_SERVER_AUTH_SIZE) return(FKO_ERROR_DATA_TOO_LARGE); /* --DSS TODO: ???