packages/gsoap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
gsoap/gsoap-plugins-hardening.patch
wu-leilei d994255ef5 package init
2021-09-10 18:07:52 +08:00

337 lines
13 KiB
Diff
Raw Blame History

diff -ur gsoap2-code-r191/gsoap/plugin/httpda.c gsoap2-code-r192/gsoap/plugin/httpda.c
--- gsoap2-code-r191/gsoap/plugin/httpda.c 2020-06-30 21:06:47.000000000 +0200
+++ gsoap2-code-r192/gsoap/plugin/httpda.c 2020-11-19 19:29:25.000000000 +0100
@@ -1460,7 +1460,7 @@
MUTEX_LOCK(http_da_session_lock);
for (session = http_da_session; session; session = session->next)
- if (!strcmp(session->realm, realm) && !strcmp(session->nonce, nonce) && !strcmp(session->opaque, opaque))
+ if (session->realm && session->nonce && session->opaque && !strcmp(session->realm, realm) && !strcmp(session->nonce, nonce) && !strcmp(session->opaque, opaque))
break;
if (session)
diff -ur gsoap2-code-r191/gsoap/plugin/wsaapi.c gsoap2-code-r192/gsoap/plugin/wsaapi.c
--- gsoap2-code-r191/gsoap/plugin/wsaapi.c 2020-06-30 21:06:47.000000000 +0200
+++ gsoap2-code-r192/gsoap/plugin/wsaapi.c 2020-11-19 19:29:25.000000000 +0100
@@ -1056,7 +1056,7 @@
oldheader->SOAP_WSA(FaultTo)->Address = oldheader->SOAP_WSA(ReplyTo)->Address;
}
/* use FaultTo */
- if (oldheader && oldheader->SOAP_WSA(FaultTo) && !strcmp(oldheader->SOAP_WSA(FaultTo)->Address, soap_wsa_noneURI))
+ if (oldheader && oldheader->SOAP_WSA(FaultTo) && oldheader->SOAP_WSA(FaultTo)->Address && !strcmp(oldheader->SOAP_WSA(FaultTo)->Address, soap_wsa_noneURI))
return soap_send_empty_response(soap, SOAP_OK); /* HTTP ACCEPTED */
soap->header = NULL;
/* allocate a new header */
diff -ur gsoap2-code-r191/gsoap/plugin/wsseapi.c gsoap2-code-r192/gsoap/plugin/wsseapi.c
--- gsoap2-code-r191/gsoap/plugin/wsseapi.c 2020-10-16 23:01:09.000000000 +0200
+++ gsoap2-code-r192/gsoap/plugin/wsseapi.c 2020-11-19 19:29:25.000000000 +0100
@@ -2957,7 +2957,7 @@
else
{
/* check password text */
- if (!strcmp(token->Password->__item, password))
+ if (token->Password->__item && !strcmp(token->Password->__item, password))
return SOAP_OK;
}
}
@@ -3119,6 +3119,7 @@
{
_wsse__BinarySecurityToken *token = soap_wsse_BinarySecurityToken(soap, id);
DBGFUN1("soap_wsse_get_BinarySecurityToken", "id=%s", id?id:"");
+ *data = NULL;
if (token)
{
*valueType = token->ValueType;
@@ -3149,9 +3150,9 @@
X509 *cert = NULL;
char *valueType = NULL;
#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
- const unsigned char *data;
+ const unsigned char *data = NULL;
#else
- unsigned char *data;
+ unsigned char *data = NULL;
#endif
int size;
DBGFUN1("soap_wsse_get_BinarySecurityTokenX509", "id=%s", id?id:"");
@@ -3271,7 +3272,7 @@
SOAP_FMAC2
soap_wsse_add_SecurityContextToken(struct soap *soap, const char *id, const char *identifier)
{
- char *URI;
+ char *URI = NULL;
size_t l;
_wsse__Security *security = soap_wsse_add_Security(soap);
DBGFUN2("soap_wsse_add_SecurityContextToken", "id=%s", id, "identifier=%s", identifier?identifier:"");
@@ -3653,7 +3654,7 @@
{
ds__SignatureType *signature = soap_wsse_add_Signature(soap);
const char *method = NULL;
- char *sig;
+ char *sig = NULL;
int siglen;
int err;
const char *c14ninclude = soap->c14ninclude;
@@ -3884,10 +3885,10 @@
&& signature->SignedInfo
&& signature->SignatureValue)
{
- char *sig;
- const char *sigval;
+ char *sig = NULL;
+ const char *sigval = NULL;
int method, bits, siglen, sigvallen;
- struct soap_dom_element *elt;
+ struct soap_dom_element *elt = NULL;
/* check that we are using the intended signature algorithm */
if (soap_wsse_get_SignedInfo_SignatureMethod(soap, &method, &bits))
return soap->error;
@@ -3944,8 +3945,8 @@
for (att = prt->atts; att; att = att->next)
{
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "DOM attribute = %s\n", att->name));
- if (!strncmp(att->name, "xmlns:", 6) && !soap_lookup_ns(soap, att->name + 6, strlen(att->name + 6)))
- soap_attribute(soap, att->name, att->text);
+ if (att->name && att->text && !strncmp(att->name, "xmlns:", 6) && !soap_lookup_ns(soap, att->name + 6, strlen(att->name + 6)))
+ (void)soap_attribute(soap, att->name, att->text);
}
}
/* push xmlns="..." */
@@ -3953,9 +3954,9 @@
{
for (att = prt->atts; att; att = att->next)
{
- if (!strcmp(att->name, "xmlns"))
+ if (att->name && att->text && !strcmp(att->name, "xmlns"))
{
- soap_attribute(soap, att->name, att->text);
+ (void)soap_attribute(soap, att->name, att->text);
prt = NULL;
break;
}
@@ -4239,17 +4240,17 @@
for (att = prt->atts; att; att = att->next)
{
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "DOM attribute = %s\n", att->name));
- if (!strncmp(att->name, "xmlns:", 6) && !soap_lookup_ns(soap, att->name + 6, strlen(att->name + 6)))
- soap_attribute(soap, att->name, att->text);
+ if (att->name && att->text && !strncmp(att->name, "xmlns:", 6) && !soap_lookup_ns(soap, att->name + 6, strlen(att->name + 6)))
+ (void)soap_attribute(soap, att->name, att->text);
}
}
for (prt = dom->prnt; prt; prt = prt->prnt)
{
for (att = prt->atts; att; att = att->next)
{
- if (!strcmp(att->name, "xmlns"))
+ if (att->name && att->text && !strcmp(att->name, "xmlns"))
{
- soap_attribute(soap, att->name, att->text);
+ (void)soap_attribute(soap, att->name, att->text);
prt = NULL;
break;
}
@@ -5090,7 +5091,7 @@
if (elt)
{
att = soap_att_get(elt, NULL, "EncodingType");
- if (att)
+ if (att && soap_att_get_text(att))
keybase = !strcmp(soap_att_get_text(att), wsse_Base64BinaryURI);
att = soap_att_get(elt, NULL, "ValueType");
keytype = soap_att_get_text(att);
@@ -5140,7 +5141,7 @@
{
int keylen;
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "Verify EncryptedKey %s alg=%x\n", keyalgo, data->deco_alg));
- if (keydata)
+ if (keytype && keydata)
{
if (!strcmp(keytype, wsse_X509v3URI))
{
@@ -6111,9 +6112,8 @@
*/
static int soap_p_hash(struct soap *soap, const char *hmac_key, size_t hmac_key_len, const char *secret, size_t secretlen, int alg, char HA[], size_t HA_len, char temp[], char *phash, size_t phashlen)
{
- char *buffer;
size_t i;
- buffer = (char*)SOAP_MALLOC(soap, HA_len + secretlen);
+ char *buffer = (char*)SOAP_MALLOC(soap, HA_len + secretlen);
if (!buffer)
return soap->error = SOAP_EOM;
i = 0;
@@ -7351,7 +7351,7 @@
soap_strcpy(URI + 1, l + 1, Id);
}
#endif
- if (!strcmp(tag, "SOAP-ENV:Body"))
+ if (tag && !strcmp(tag, "SOAP-ENV:Body"))
{
if (soap_element(soap, tag, id, type)
|| soap_element_start_end_out(soap, NULL))
@@ -7401,7 +7401,7 @@
}
if (data && (!data->encid || soap_tagsearch(data->encid, tag)))
{
- if (!strcmp(tag, "SOAP-ENV:Body"))
+ if (tag && !strcmp(tag, "SOAP-ENV:Body"))
{
if (soap_wsse_encrypt_end(soap))
return soap->error;
diff -ur gsoap2-code-r191/gsoap/plugin/wsseapi.cpp gsoap2-code-r192/gsoap/plugin/wsseapi.cpp
--- gsoap2-code-r191/gsoap/plugin/wsseapi.cpp 2020-10-16 23:01:09.000000000 +0200
+++ gsoap2-code-r192/gsoap/plugin/wsseapi.cpp 2020-11-19 19:29:25.000000000 +0100
@@ -2957,7 +2957,7 @@
else
{
/* check password text */
- if (!strcmp(token->Password->__item, password))
+ if (token->Password->__item && !strcmp(token->Password->__item, password))
return SOAP_OK;
}
}
@@ -3119,6 +3119,7 @@
{
_wsse__BinarySecurityToken *token = soap_wsse_BinarySecurityToken(soap, id);
DBGFUN1("soap_wsse_get_BinarySecurityToken", "id=%s", id?id:"");
+ *data = NULL;
if (token)
{
*valueType = token->ValueType;
@@ -3149,9 +3150,9 @@
X509 *cert = NULL;
char *valueType = NULL;
#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
- const unsigned char *data;
+ const unsigned char *data = NULL;
#else
- unsigned char *data;
+ unsigned char *data = NULL;
#endif
int size;
DBGFUN1("soap_wsse_get_BinarySecurityTokenX509", "id=%s", id?id:"");
@@ -3271,7 +3272,7 @@
SOAP_FMAC2
soap_wsse_add_SecurityContextToken(struct soap *soap, const char *id, const char *identifier)
{
- char *URI;
+ char *URI = NULL;
size_t l;
_wsse__Security *security = soap_wsse_add_Security(soap);
DBGFUN2("soap_wsse_add_SecurityContextToken", "id=%s", id, "identifier=%s", identifier?identifier:"");
@@ -3653,7 +3654,7 @@
{
ds__SignatureType *signature = soap_wsse_add_Signature(soap);
const char *method = NULL;
- char *sig;
+ char *sig = NULL;
int siglen;
int err;
const char *c14ninclude = soap->c14ninclude;
@@ -3884,10 +3885,10 @@
&& signature->SignedInfo
&& signature->SignatureValue)
{
- char *sig;
- const char *sigval;
+ char *sig = NULL;
+ const char *sigval = NULL;
int method, bits, siglen, sigvallen;
- struct soap_dom_element *elt;
+ struct soap_dom_element *elt = NULL;
/* check that we are using the intended signature algorithm */
if (soap_wsse_get_SignedInfo_SignatureMethod(soap, &method, &bits))
return soap->error;
@@ -3944,8 +3945,8 @@
for (att = prt->atts; att; att = att->next)
{
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "DOM attribute = %s\n", att->name));
- if (!strncmp(att->name, "xmlns:", 6) && !soap_lookup_ns(soap, att->name + 6, strlen(att->name + 6)))
- soap_attribute(soap, att->name, att->text);
+ if (att->name && att->text && !strncmp(att->name, "xmlns:", 6) && !soap_lookup_ns(soap, att->name + 6, strlen(att->name + 6)))
+ (void)soap_attribute(soap, att->name, att->text);
}
}
/* push xmlns="..." */
@@ -3953,9 +3954,9 @@
{
for (att = prt->atts; att; att = att->next)
{
- if (!strcmp(att->name, "xmlns"))
+ if (att->name && att->text && !strcmp(att->name, "xmlns"))
{
- soap_attribute(soap, att->name, att->text);
+ (void)soap_attribute(soap, att->name, att->text);
prt = NULL;
break;
}
@@ -4239,17 +4240,17 @@
for (att = prt->atts; att; att = att->next)
{
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "DOM attribute = %s\n", att->name));
- if (!strncmp(att->name, "xmlns:", 6) && !soap_lookup_ns(soap, att->name + 6, strlen(att->name + 6)))
- soap_attribute(soap, att->name, att->text);
+ if (att->name && att->text && !strncmp(att->name, "xmlns:", 6) && !soap_lookup_ns(soap, att->name + 6, strlen(att->name + 6)))
+ (void)soap_attribute(soap, att->name, att->text);
}
}
for (prt = dom->prnt; prt; prt = prt->prnt)
{
for (att = prt->atts; att; att = att->next)
{
- if (!strcmp(att->name, "xmlns"))
+ if (att->name && att->text && !strcmp(att->name, "xmlns"))
{
- soap_attribute(soap, att->name, att->text);
+ (void)soap_attribute(soap, att->name, att->text);
prt = NULL;
break;
}
@@ -5090,7 +5091,7 @@
if (elt)
{
att = soap_att_get(elt, NULL, "EncodingType");
- if (att)
+ if (att && soap_att_get_text(att))
keybase = !strcmp(soap_att_get_text(att), wsse_Base64BinaryURI);
att = soap_att_get(elt, NULL, "ValueType");
keytype = soap_att_get_text(att);
@@ -5140,7 +5141,7 @@
{
int keylen;
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "Verify EncryptedKey %s alg=%x\n", keyalgo, data->deco_alg));
- if (keydata)
+ if (keytype && keydata)
{
if (!strcmp(keytype, wsse_X509v3URI))
{
@@ -6111,9 +6112,8 @@
*/
static int soap_p_hash(struct soap *soap, const char *hmac_key, size_t hmac_key_len, const char *secret, size_t secretlen, int alg, char HA[], size_t HA_len, char temp[], char *phash, size_t phashlen)
{
- char *buffer;
size_t i;
- buffer = (char*)SOAP_MALLOC(soap, HA_len + secretlen);
+ char *buffer = (char*)SOAP_MALLOC(soap, HA_len + secretlen);
if (!buffer)
return soap->error = SOAP_EOM;
i = 0;
@@ -7351,7 +7351,7 @@
soap_strcpy(URI + 1, l + 1, Id);
}
#endif
- if (!strcmp(tag, "SOAP-ENV:Body"))
+ if (tag && !strcmp(tag, "SOAP-ENV:Body"))
{
if (soap_element(soap, tag, id, type)
|| soap_element_start_end_out(soap, NULL))
@@ -7401,7 +7401,7 @@
}
if (data && (!data->encid || soap_tagsearch(data->encid, tag)))
{
- if (!strcmp(tag, "SOAP-ENV:Body"))
+ if (tag && !strcmp(tag, "SOAP-ENV:Body"))
{
if (soap_wsse_encrypt_end(soap))
return soap->error;
Reference in New Issue View Git Blame Copy Permalink