github
/
openvpn-gui
mirror of https://github.com/OpenVPN/openvpn-gui
1
0
Fork 0
Code Issues Releases Wiki Activity

Handle empty strings in Base64Encode 

- Encode empty string to empty string
- If Base64Encode returns null do not pass it to snprintf
- Use the actual length of encoded string

Signed-off-by: Selva Nair <selva.nair@gmail.com>
pull/33/head
Selva Nair 2016-04-03 15:00:16 -04:00
parent ef9a195406
commit 875d9f9457
1 changed files with 35 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
misc.c
View File

@ -33,27 +33,42 @@
#include "options.h"
#include "manage.h"
#include "misc.h"
#include "main.h"
/*
* Helper function to do base64 conversion through CryptoAPI
* Returns TRUE on success, FALSE on error. Caller must free *output.
*/
static void
static BOOL
Base64Encode(const char *input, int input_len, char **output)
{
DWORD output_len;
if (input_len == 0)
{
/* set output to empty string -- matches the behavior in openvpn */
*output = calloc (1, sizeof(char));
return TRUE;
}
if (!CryptBinaryToStringA((const BYTE *) input, (DWORD) input_len,
CRYPT_STRING_BASE64, NULL, &output_len) || output_len == 0)
{
#ifdef DEBUG
PrintDebug (L"Error in CryptBinaryToStringA: input = '%.*S'", input_len, input);
#endif
*output = NULL;
return;
return FALSE;
}
*output = (char *)malloc(output_len);
if (!CryptBinaryToStringA((const BYTE *) input, (DWORD) input_len,
CRYPT_STRING_BASE64, *output, &output_len))
{
#ifdef DEBUG
PrintDebug (L"Error in CryptBinaryToStringA: input = '%.*S'", input_len, input);
#endif
free(*output);
*output = NULL;
return;
return FALSE;
}
/* Trim trailing "\r\n" manually.
Actually they can be stripped by adding CRYPT_STRING_NOCRLF to dwFlags,
@ -61,6 +76,8 @@ Base64Encode(const char *input, int input_len, char **output)
if(output_len > 1 && (*output)[output_len - 1] == '\x0A'
&& (*output)[output_len - 2] == '\x0D')
(*output)[output_len - 2] = 0;
return TRUE;
}
/*
@ -166,6 +183,9 @@ ManagementCommandFromInputBase64(connection_t *c, LPCSTR fmt, HWND hDlg,int id,
LPSTR input, input2, input_b64, input2_b64, cmd;
int input_len, input2_len, cmd_len, pos;
input_b64 = NULL;
input2_b64 = NULL;
GetDlgItemTextUtf8(hDlg, id, &input, &input_len);
GetDlgItemTextUtf8(hDlg, id2, &input2, &input2_len);
@ -199,10 +219,12 @@ ManagementCommandFromInputBase64(connection_t *c, LPCSTR fmt, HWND hDlg,int id,
}
}
Base64Encode(input, input_len, &input_b64);
Base64Encode(input2, input2_len, &input2_b64);
if (!Base64Encode(input, input_len, &input_b64))
goto out;
if (!Base64Encode(input2, input2_len, &input2_b64))
goto out;
cmd_len = input_len * 2 + input2_len * 2 + strlen(fmt);
cmd_len = strlen(input_b64) + strlen(input2_b64) + strlen(fmt);
cmd = malloc(cmd_len);
if (cmd)
{
@ -210,11 +232,16 @@ ManagementCommandFromInputBase64(connection_t *c, LPCSTR fmt, HWND hDlg,int id,
retval = ManagementCommand(c, cmd, NULL, regular);
free(cmd);
}
free(input_b64);
free(input2_b64);
out:
/* Clear buffers with potentially secret content */
if (input_b64)
memset(input_b64, 0, strlen(input_b64));
if (input2_b64)
memset(input2_b64, 0, strlen(input2_b64));
free(input_b64);
free(input2_b64);
if (input_len)
{
memset(input, 'x', input_len);