/* Check for required data.
*/
- if(ctx->encoded_msg == NULL
- || strlen(ctx->encoded_msg) < MIN_SPA_ENCODED_MSG_SIZE)
+ if(ctx->encoded_msg == NULL || strnlen(ctx->encoded_msg,
+ MAX_SPA_ENCODED_MSG_SIZE) < MIN_SPA_ENCODED_MSG_SIZE)
+ return(FKO_ERROR_INVALID_DATA);
+
+ if(strnlen(ctx->encoded_msg,
+ MAX_SPA_ENCODED_MSG_SIZE) == MAX_SPA_ENCODED_MSG_SIZE)
return(FKO_ERROR_INVALID_DATA);
/* Make sure there are enough fields in the SPA packet
* (at leaset expand the error reporting for the missing
* data).
*/
- if( ctx->username == NULL || strlen(ctx->username) == 0
- || ctx->version == NULL || strlen(ctx->version) == 0
- || ctx->message == NULL || strlen(ctx->message) == 0)
+ if( ctx->username == NULL || strnlen(ctx->username, MAX_SPA_USERNAME_SIZE) == 0
+ || ctx->version == NULL || strnlen(ctx->version, MAX_SPA_VERSION_SIZE) == 0
+ || ctx->message == NULL || strnlen(ctx->message, MAX_SPA_MESSAGE_SIZE) == 0)
{
return(FKO_ERROR_INCOMPLETE_SPA_DATA);
}
if(ctx->message_type == FKO_NAT_ACCESS_MSG)
{
- if(ctx->nat_access == NULL || strlen(ctx->nat_access) == 0)
+ if(ctx->nat_access == NULL || strnlen(ctx->nat_access, MAX_SPA_MESSAGE_SIZE) == 0)
return(FKO_ERROR_INCOMPLETE_SPA_DATA);
}
/* We expect to have encrypted data to process. If not, we bail.
*/
- if(ctx->encrypted_msg == NULL || (strlen(ctx->encrypted_msg) < 1))
+ if(ctx->encrypted_msg == NULL
+ || (strnlen(ctx->encrypted_msg, MAX_SPA_ENCRYPTED_SIZE) < 1))
return(FKO_ERROR_MISSING_ENCODED_DATA);
*spa_data = ctx->encrypted_msg;
/* Define some limits (--DSS XXX: These sizes need to be reviewed)
*/
+#define MAX_SPA_ENCRYPTED_SIZE 1500
+#define MAX_SPA_CMD_LEN 1400
#define MAX_SPA_USERNAME_SIZE 64
#define MAX_SPA_MESSAGE_SIZE 256
#define MAX_SPA_NAT_ACCESS_SIZE 128
#define MAX_SPA_MESSAGE_TYPE_SIZE 2
#define MIN_SPA_ENCODED_MSG_SIZE 36 /* Somewhat arbitrary */
+#define MAX_SPA_ENCODED_MSG_SIZE MAX_SPA_ENCRYPTED_SIZE
#define MIN_GNUPG_MSG_SIZE 400
#define MIN_SPA_FIELDS 6
#define MAX_SPA_FIELDS 10
{
const char *ndx;
int res = FKO_SUCCESS;
- int startlen = strlen(msg);
+ int startlen = strnlen(msg, MAX_SPA_CMD_LEN);
+ if(startlen == MAX_SPA_CMD_LEN)
+ return(FKO_ERROR_INVALID_DATA);
/* Should have a valid allow IP.
*/
{
const char *ndx;
int res = FKO_SUCCESS;
- int startlen = strlen(msg);
+ int startlen = strnlen(msg, MAX_SPA_MESSAGE_SIZE);
+
+ if(startlen == MAX_SPA_MESSAGE_SIZE)
+ return(FKO_ERROR_INVALID_DATA);
/* Should have a valid allow IP.
*/
int
validate_proto_port_spec(const char *msg)
{
- int startlen = strlen(msg);
-
+ int startlen = strnlen(msg, MAX_SPA_MESSAGE_SIZE);
const char *ndx = msg;
+ if(startlen == MAX_SPA_MESSAGE_SIZE)
+ return(FKO_ERROR_INVALID_DATA);
+
/* Now check for proto/port string. Currenly we only allow protos
* 'tcp', 'udp', and 'icmp'.
*/
/* Gotta have a valid string.
*/
- if(msg == NULL || strlen(msg) == 0)
+ if(msg == NULL || strnlen(msg, MAX_SPA_NAT_ACCESS_SIZE) == 0)
return(FKO_ERROR_INVALID_DATA);
/* --DSS XXX: Bail out for now. But consider just
* truncating in the future...
*/
- if(strlen(msg) > MAX_SPA_NAT_ACCESS_SIZE)
+ if(strnlen(msg, MAX_SPA_NAT_ACCESS_SIZE) == MAX_SPA_NAT_ACCESS_SIZE)
return(FKO_ERROR_DATA_TOO_LARGE);
/* Just in case this is a subsquent call to this function. We
*/
if(new_val != NULL)
{
- if(strlen(new_val) != FKO_RAND_VAL_SIZE)
+ if(strnlen(new_val, FKO_RAND_VAL_SIZE+1) != FKO_RAND_VAL_SIZE)
return(FKO_ERROR_INVALID_DATA);
ctx->rand_val = strdup(new_val);
sprintf(ctx->rand_val, "%u", rand());
- while(strlen(ctx->rand_val) < FKO_RAND_VAL_SIZE)
+ while(strnlen(ctx->rand_val, FKO_RAND_VAL_SIZE+1) < FKO_RAND_VAL_SIZE)
{
sprintf(tmp_buf, "%u", rand());
strlcat(ctx->rand_val, tmp_buf, FKO_RAND_VAL_SIZE+1);
/* Gotta have a valid string.
*/
- if(msg == NULL || strlen(msg) == 0)
+ if(msg == NULL || strnlen(msg, MAX_SPA_SERVER_AUTH_SIZE) == 0)
return(FKO_ERROR_INVALID_DATA);
/* --DSS XXX: Bail out for now. But consider just
* truncating in the future...
*/
- if(strlen(msg) > MAX_SPA_SERVER_AUTH_SIZE)
+ if(strnlen(msg, MAX_SPA_SERVER_AUTH_SIZE) == MAX_SPA_SERVER_AUTH_SIZE)
return(FKO_ERROR_DATA_TOO_LARGE);
/* --DSS TODO: ???
projects / fwknop.git / commitdiff