From af9a90ce38fb8733c549d7e9942e308e3752f0fb Mon Sep 17 00:00:00 2001 From: jesperpedersen Date: Sat, 21 Sep 2024 07:09:12 -0400 Subject: [PATCH] [#469] Align base64 function signature --- src/admin.c | 9 +++-- src/include/utils.h | 5 +-- src/libpgagroal/configuration.c | 10 +++--- src/libpgagroal/security.c | 59 ++++++++++++++++++--------------- src/libpgagroal/utils.c | 11 ++++-- 5 files changed, 56 insertions(+), 38 deletions(-) diff --git a/src/admin.c b/src/admin.c index dc086111..00a905ea 100644 --- a/src/admin.c +++ b/src/admin.c @@ -323,6 +323,7 @@ master_key(char* password, bool generate_pwd, int pwd_length) FILE* file = NULL; char buf[MISC_LENGTH]; char* encoded = NULL; + size_t encoded_length; struct stat st = {0}; bool do_free = true; @@ -432,7 +433,7 @@ master_key(char* password, bool generate_pwd, int pwd_length) do_free = false; } - pgagroal_base64_encode(password, strlen(password), &encoded); + pgagroal_base64_encode(password, strlen(password), &encoded, &encoded_length); fputs(encoded, file); free(encoded); @@ -475,6 +476,7 @@ add_user(char* users_path, char* username, char* password, bool generate_pwd, in char* encrypted = NULL; int encrypted_length = 0; char* encoded = NULL; + size_t encoded_length; char un[MAX_USERNAME_LENGTH]; int number_of_users = 0; bool do_verify = true; @@ -596,7 +598,7 @@ add_user(char* users_path, char* username, char* password, bool generate_pwd, in } pgagroal_encrypt(password, master_key, &encrypted, &encrypted_length); - pgagroal_base64_encode(encrypted, encrypted_length, &encoded); + pgagroal_base64_encode(encrypted, encrypted_length, &encoded, &encoded_length); entry = pgagroal_append(entry, username); entry = pgagroal_append(entry, ":"); @@ -653,6 +655,7 @@ update_user(char* users_path, char* username, char* password, bool generate_pwd, char* encrypted = NULL; int encrypted_length = 0; char* encoded = NULL; + size_t encoded_length; char un[MAX_USERNAME_LENGTH]; bool found = false; bool do_verify = true; @@ -774,7 +777,7 @@ update_user(char* users_path, char* username, char* password, bool generate_pwd, } pgagroal_encrypt(password, master_key, &encrypted, &encrypted_length); - pgagroal_base64_encode(encrypted, encrypted_length, &encoded); + pgagroal_base64_encode(encrypted, encrypted_length, &encoded, &encoded_length); entry = NULL; entry = pgagroal_append(entry, username); diff --git a/src/include/utils.h b/src/include/utils.h index e0ba72b3..2af662f5 100644 --- a/src/include/utils.h +++ b/src/include/utils.h @@ -307,10 +307,11 @@ pgagroal_exists(char* f); * @param raw The string * @param raw_length The length of the raw string * @param encoded The encoded string + * @param encoded_length The length of the encoded string * @return 0 if success, otherwise 1 */ int -pgagroal_base64_encode(char* raw, int raw_length, char** encoded); +pgagroal_base64_encode(char* raw, size_t raw_length, char** encoded, size_t* encoded_length); /** * BASE64 decode a string @@ -321,7 +322,7 @@ pgagroal_base64_encode(char* raw, int raw_length, char** encoded); * @return 0 if success, otherwise 1 */ int -pgagroal_base64_decode(char* encoded, size_t encoded_length, char** raw, int* raw_length); +pgagroal_base64_decode(char* encoded, size_t encoded_length, char** raw, size_t* raw_length); /** * Set process title. diff --git a/src/libpgagroal/configuration.c b/src/libpgagroal/configuration.c index 2b592d17..f12c1629 100644 --- a/src/libpgagroal/configuration.c +++ b/src/libpgagroal/configuration.c @@ -1275,7 +1275,7 @@ pgagroal_read_users_configuration(void* shm, char* filename) char* username = NULL; char* password = NULL; char* decoded = NULL; - int decoded_length = 0; + size_t decoded_length = 0; char* ptr = NULL; struct main_configuration* config; int status; @@ -1397,7 +1397,7 @@ pgagroal_read_frontend_users_configuration(void* shm, char* filename) char* username = NULL; char* password = NULL; char* decoded = NULL; - int decoded_length = 0; + size_t decoded_length = 0; char* ptr = NULL; struct main_configuration* config; int status = PGAGROAL_CONFIGURATION_STATUS_OK; @@ -1544,7 +1544,7 @@ pgagroal_read_admins_configuration(void* shm, char* filename) char* username = NULL; char* password = NULL; char* decoded = NULL; - int decoded_length = 0; + size_t decoded_length = 0; char* ptr = NULL; struct main_configuration* config; int status = PGAGROAL_CONFIGURATION_STATUS_OK; @@ -1657,7 +1657,7 @@ pgagroal_vault_read_users_configuration(void* shm, char* filename) char* username = NULL; char* password = NULL; char* decoded = NULL; - int decoded_length = 0; + size_t decoded_length = 0; char* ptr = NULL; struct vault_configuration* config; int status = PGAGROAL_CONFIGURATION_STATUS_OK; @@ -1785,7 +1785,7 @@ pgagroal_read_superuser_configuration(void* shm, char* filename) char* username = NULL; char* password = NULL; char* decoded = NULL; - int decoded_length = 0; + size_t decoded_length = 0; char* ptr = NULL; struct main_configuration* config; int status = PGAGROAL_CONFIGURATION_STATUS_OK; diff --git a/src/libpgagroal/security.c b/src/libpgagroal/security.c index a7dad428..201b0790 100644 --- a/src/libpgagroal/security.c +++ b/src/libpgagroal/security.c @@ -118,7 +118,7 @@ static int server_signature(char* password, char* salt, int salt_length, int it char* client_first_message_bare, size_t client_first_message_bare_length, char* server_first_message, size_t server_first_message_length, char* client_final_message_wo_proof, size_t client_final_message_wo_proof_length, - unsigned char** result, int* result_length); + unsigned char** result, size_t* result_length); static bool is_tls_user(char* username, char* database); static int create_ssl_ctx(bool client, SSL_CTX** ctx); @@ -841,7 +841,7 @@ pgagroal_remote_management_scram_sha256(char* username, char* password, int serv char root_file[MISC_LENGTH]; struct stat st = {0}; char* salt = NULL; - int salt_length = 0; + size_t salt_length = 0; char* password_prep = NULL; char* client_nounce = NULL; char* combined_nounce = NULL; @@ -855,11 +855,12 @@ pgagroal_remote_management_scram_sha256(char* username, char* password, int serv unsigned char* proof = NULL; int proof_length; char* proof_base = NULL; + size_t proof_base_length; char* base64_server_signature = NULL; char* server_signature_received = NULL; - int server_signature_received_length; + size_t server_signature_received_length; unsigned char* server_signature_calc = NULL; - int server_signature_calc_length; + size_t server_signature_calc_length; struct message* sslrequest_msg = NULL; struct message* startup_msg = NULL; struct message* sasl_response = NULL; @@ -1063,7 +1064,7 @@ pgagroal_remote_management_scram_sha256(char* username, char* password, int serv goto error; } - pgagroal_base64_encode((char*)proof, proof_length, &proof_base); + pgagroal_base64_encode((char*)proof, proof_length, &proof_base, &proof_base_length); status = pgagroal_create_auth_scram256_continue_response(&wo_proof[0], (char*)proof_base, &sasl_continue_response); if (status != MESSAGE_STATUS_OK) @@ -1880,14 +1881,16 @@ client_scram256(SSL* c_ssl, int client_fd, char* username, char* password, int s char* salt = NULL; int salt_length = 0; char* base64_salt = NULL; + size_t base64_salt_length; char* base64_client_proof = NULL; char* client_proof_received = NULL; - int client_proof_received_length = 0; + size_t client_proof_received_length = 0; unsigned char* client_proof_calc = NULL; int client_proof_calc_length = 0; unsigned char* server_signature_calc = NULL; - int server_signature_calc_length = 0; + size_t server_signature_calc_length = 0; char* base64_server_signature_calc = NULL; + size_t base64_server_signature_calc_length; struct main_configuration* config; struct message* msg = NULL; struct message* sasl_continue = NULL; @@ -1941,7 +1944,7 @@ client_scram256(SSL* c_ssl, int client_fd, char* username, char* password, int s get_scram_attribute('r', (char*)msg->data + 26, msg->length - 26, &client_nounce); generate_nounce(&server_nounce); generate_salt(&salt, &salt_length); - pgagroal_base64_encode(salt, salt_length, &base64_salt); + pgagroal_base64_encode(salt, salt_length, &base64_salt, &base64_salt_length); server_first_message = calloc(1, 89); @@ -2004,7 +2007,7 @@ client_scram256(SSL* c_ssl, int client_fd, char* username, char* password, int s goto error; } - pgagroal_base64_encode((char*)server_signature_calc, server_signature_calc_length, &base64_server_signature_calc); + pgagroal_base64_encode((char*)server_signature_calc, server_signature_calc_length, &base64_server_signature_calc, &base64_server_signature_calc_length); status = pgagroal_create_auth_scram256_final(base64_server_signature_calc, &msg); if (status != MESSAGE_STATUS_OK) @@ -2688,7 +2691,7 @@ server_scram256(char* username, char* password, int slot, SSL* server_ssl) int auth_index = 1; int server_fd; char* salt = NULL; - int salt_length = 0; + size_t salt_length = 0; char* password_prep = NULL; char* client_nounce = NULL; char* combined_nounce = NULL; @@ -2702,11 +2705,12 @@ server_scram256(char* username, char* password, int slot, SSL* server_ssl) unsigned char* proof = NULL; int proof_length; char* proof_base = NULL; + size_t proof_base_length; char* base64_server_signature = NULL; char* server_signature_received = NULL; - int server_signature_received_length; + size_t server_signature_received_length; unsigned char* server_signature_calc = NULL; - int server_signature_calc_length; + size_t server_signature_calc_length; struct message* sasl_response = NULL; struct message* sasl_continue = NULL; struct message* sasl_continue_response = NULL; @@ -2790,7 +2794,7 @@ server_scram256(char* username, char* password, int slot, SSL* server_ssl) goto error; } - pgagroal_base64_encode((char*)proof, proof_length, &proof_base); + pgagroal_base64_encode((char*)proof, proof_length, &proof_base, &proof_base_length); status = pgagroal_create_auth_scram256_continue_response(&wo_proof[0], (char*)proof_base, &sasl_continue_response); if (status != MESSAGE_STATUS_OK) @@ -3226,7 +3230,7 @@ pgagroal_get_master_key(char** masterkey) char buf[MISC_LENGTH]; char line[MISC_LENGTH]; char* mk = NULL; - int mk_length = 0; + size_t mk_length = 0; struct stat st = {0}; if (pgagroal_get_home_directory() == NULL) @@ -3654,6 +3658,7 @@ generate_nounce(char** nounce) size_t s = 18; unsigned char r[s + 1]; char* base = NULL; + size_t base_length; int result; memset(&r[0], 0, sizeof(r)); @@ -3666,7 +3671,7 @@ generate_nounce(char** nounce) r[s] = '\0'; - pgagroal_base64_encode((char*)&r[0], s, &base); + pgagroal_base64_encode((char*)&r[0], s, &base, &base_length); *nounce = base; @@ -4276,7 +4281,7 @@ server_signature(char* password, char* salt, int salt_length, int iterations, char* client_first_message_bare, size_t client_first_message_bare_length, char* server_first_message, size_t server_first_message_length, char* client_final_message_wo_proof, size_t client_final_message_wo_proof_length, - unsigned char** result, int* result_length) + unsigned char** result, size_t* result_length) { size_t size = 32; unsigned char* r = NULL; @@ -5133,7 +5138,7 @@ auth_query_server_scram256(char* username, char* password, int socket, SSL* serv { int status = MESSAGE_STATUS_ERROR; char* salt = NULL; - int salt_length = 0; + size_t salt_length = 0; char* password_prep = NULL; char* client_nounce = NULL; char* combined_nounce = NULL; @@ -5147,11 +5152,12 @@ auth_query_server_scram256(char* username, char* password, int socket, SSL* serv unsigned char* proof = NULL; int proof_length; char* proof_base = NULL; + size_t proof_base_length; char* base64_server_signature = NULL; char* server_signature_received = NULL; - int server_signature_received_length; + size_t server_signature_received_length; unsigned char* server_signature_calc = NULL; - int server_signature_calc_length; + size_t server_signature_calc_length; char* error = NULL; struct message* sasl_response = NULL; struct message* sasl_continue = NULL; @@ -5222,7 +5228,7 @@ auth_query_server_scram256(char* username, char* password, int socket, SSL* serv goto error; } - pgagroal_base64_encode((char*)proof, proof_length, &proof_base); + pgagroal_base64_encode((char*)proof, proof_length, &proof_base, &proof_base_length); status = pgagroal_create_auth_scram256_continue_response(&wo_proof[0], (char*)proof_base, &sasl_continue_response); if (status != MESSAGE_STATUS_OK) @@ -5538,23 +5544,24 @@ auth_query_client_scram256(SSL* c_ssl, int client_fd, char* username, char* shad char* base64_server_key = NULL; int iterations = 4096; char* stored_key = NULL; - int stored_key_length = 0; + size_t stored_key_length = 0; char* server_key = NULL; - int server_key_length = 0; + size_t server_key_length = 0; char* client_first_message_bare = NULL; char* server_first_message = NULL; char* client_final_message_without_proof = NULL; char* client_nounce = NULL; char* server_nounce = NULL; char* salt = NULL; - int salt_length = 0; + size_t salt_length = 0; char* base64_salt = NULL; char* base64_client_proof = NULL; char* client_proof_received = NULL; - int client_proof_received_length = 0; + size_t client_proof_received_length = 0; unsigned char* server_signature_calc = NULL; - int server_signature_calc_length = 0; + size_t server_signature_calc_length = 0; char* base64_server_signature_calc = NULL; + size_t base64_server_signature_calc_length; struct main_configuration* config; struct message* msg = NULL; struct message* sasl_continue = NULL; @@ -5686,7 +5693,7 @@ auth_query_client_scram256(SSL* c_ssl, int client_fd, char* username, char* shad goto error; } - pgagroal_base64_encode((char*)server_signature_calc, server_signature_calc_length, &base64_server_signature_calc); + pgagroal_base64_encode((char*)server_signature_calc, server_signature_calc_length, &base64_server_signature_calc, &base64_server_signature_calc_length); status = pgagroal_create_auth_scram256_final(base64_server_signature_calc, &sasl_final); if (status != MESSAGE_STATUS_OK) diff --git a/src/libpgagroal/utils.c b/src/libpgagroal/utils.c index 67e53e87..f82e8e4f 100644 --- a/src/libpgagroal/utils.c +++ b/src/libpgagroal/utils.c @@ -633,13 +633,16 @@ pgagroal_exists(char* f) } int -pgagroal_base64_encode(char* raw, int raw_length, char** encoded) +pgagroal_base64_encode(char* raw, size_t raw_length, char** encoded, size_t* encoded_length) { BIO* b64_bio; BIO* mem_bio; BUF_MEM* mem_bio_mem_ptr; char* r = NULL; + *encoded = NULL; + *encoded_length = 0; + if (raw == NULL) { goto error; @@ -667,6 +670,7 @@ pgagroal_base64_encode(char* raw, int raw_length, char** encoded) BUF_MEM_free(mem_bio_mem_ptr); *encoded = r; + *encoded_length = strlen(r); return 0; @@ -678,7 +682,7 @@ pgagroal_base64_encode(char* raw, int raw_length, char** encoded) } int -pgagroal_base64_decode(char* encoded, size_t encoded_length, char** raw, int* raw_length) +pgagroal_base64_decode(char* encoded, size_t encoded_length, char** raw, size_t* raw_length) { BIO* b64_bio; BIO* mem_bio; @@ -686,6 +690,9 @@ pgagroal_base64_decode(char* encoded, size_t encoded_length, char** raw, int* ra char* decoded; int index; + *raw = NULL; + *raw_length = 0; + if (encoded == NULL) { goto error;