Skip to content

Commit

Permalink
Merge pull request #40 from xmidt-org/major-refactor
Browse files Browse the repository at this point in the history 
A major refactor to eliminate strlen() usage and fix the defects found along the way.  The changes have been backported to the existing API to allow easier upgrade to get security fixes before we update to an improved API.
  • Loading branch information
@schmidtw
schmidtw authored May 21, 2021
2 parents 13d7892 + 4028a15 commit 661aab3
Show file tree
Hide file tree
Showing 47 changed files with 2,107 additions and 766 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/codeql-analysis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:
- name: Install packages
run: |
sudo apt update
sudo apt-get -y install valgrind libcunit1 libcunit1-doc libcunit1-dev gcovr
sudo apt-get -y install valgrind libcunit1 libcunit1-doc libcjson-dev libcurl4-openssl-dev libcunit1-dev gcovr
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/push.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ jobs:
- name: Install packages
run: |
sudo apt update
sudo apt-get -y install valgrind libcunit1 libcunit1-doc libcunit1-dev gcovr libcjson-dev
sudo apt-get -y install valgrind libcunit1 libcunit1-doc libcunit1-dev gcovr libcjson-dev libcurl4-openssl-dev
pip install codecov
- name: Make Build Directory
Expand Down
31 changes: 31 additions & 0 deletions .lgtm.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
# SPDX-FileCopyrightText: 2021 Comcast Cable Communications Management, LLC
# SPDX-License-Identifier: Apache-2.0
---
path_classifiers:
library:
test:
- tests
exclude:
- "**/_install/**"
- "**/_prefix/**"
- tests/input
- tests/new_input

extraction:
cpp:
prepare:
packages:
- cmake
- libcjson
- libtrower-base64
- libopenssl
configure:
command:
- mkdir build
- cd build
- cmake ..
index:
build_command:
- cd build
- make

4 changes: 4 additions & 0 deletions .reuse/dep5
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,3 +14,7 @@ License: Apache-2.0
Files: tests/inputs/*
Copyright: 2017-2021 Comcast Cable Communications Management, LLC
License: Apache-2.0

Files: tests/new_inputs/*
Copyright: 2021 Comcast Cable Communications Management, LLC
License: Apache-2.0
5 changes: 4 additions & 1 deletion CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,10 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).

## [Unreleased]

- Move to use internal base64 decoding with stricter processing rules
- Major refactor to use a specified length and not '\0' terminated strings.
- Due to some of the major changes, it's worth making a few other API impacting
changes and bumping to a 2.0.0 release.

## [v1.0.3]
- Move to use Github Actions for building
Expand Down
4 changes: 3 additions & 1 deletion CMakeLists.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ project(cjwt VERSION 1.0.3)
include(BitwiseVersion)
include(CTest)
include(FindcJSON)
include(FindTrowerBase64)
include(LicenseLinterTarget)
include(Coverage)

Expand All @@ -23,7 +24,8 @@ add_library(cjwt SHARED "")
# Find or acquire software dependencies
################################################################################

find_cjson(PATH ${CJSON_PATH} VERSION "1.0.0" GIT_TAG "")
find_cjson( PATH ${CJSON_PATH} VERSION "1.7.14" GIT_TAG "")
find_trower_base64(PATH ${TROWER_PATH} VERSION "1.2.0" GIT_TAG "")

find_package(OpenSSL REQUIRED)
include_directories(${OPENSSL_INCLUDE_DIRS})
Expand Down
4 changes: 3 additions & 1 deletion src/CMakeLists.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,10 @@

target_sources(cjwt
PRIVATE
adapter.c
cjwt.c
b64.c
jws_evp_openssl.c
utils.c
)

configure_file(cjwtver.h.in
Expand Down
174 changes: 174 additions & 0 deletions src/adapter.c
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,174 @@
/* SPDX-FileCopyrightText: 2021 Comcast Cable Communications Management, LLC */
/* SPDX-FileCopyrightText: 2021 Weston Schmidt */
/* SPDX-License-Identifier: Apache-2.0 */

#include <errno.h>
#include <stdlib.h>
#include <string.h>

#include "cjwt.h"
#include "internal.h"

/*----------------------------------------------------------------------------*/
/* Macros */
/*----------------------------------------------------------------------------*/
/* none */

/*----------------------------------------------------------------------------*/
/* Data Structures */
/*----------------------------------------------------------------------------*/
/* none */

/*----------------------------------------------------------------------------*/
/* File Scoped Variables */
/*----------------------------------------------------------------------------*/
/* none */

/*----------------------------------------------------------------------------*/
/* Function Prototypes */
/*----------------------------------------------------------------------------*/
extern int alg_to_enum( const char *alg_str, cjwt_alg_t *alg );

/*----------------------------------------------------------------------------*/
/* External Functions */
/*----------------------------------------------------------------------------*/
int cjwt_decode( const char *encoded, unsigned int options, cjwt_t **jwt_out,
const uint8_t *key, size_t key_len )
{
size_t enc_len;
__cjwt_t *obj = NULL;
cjwt_t *jwt = NULL;
cjwt_code_t rv;

if( !encoded || !jwt_out ) {
return EINVAL;
}

enc_len = strlen( encoded );
if( 0 == enc_len ) {
return EINVAL;
}

options |= OPT_ALLOW_ANY_TIME | OPT_ALLOW_ANY_TYP;

rv = __cjwt_decode( encoded, enc_len, options, key, key_len, 0, 0, &obj );
switch( rv ) {
case CJWTE_OK:
break;

case CJWTE_HEADER_UNSUPPORTED_ALG:
case CJWTE_SIGNATURE_UNSUPPORTED_ALG:
return ENOTSUP;
default:
return EINVAL;
}

jwt = calloc( 1, sizeof(cjwt_t) );
if( !jwt ) {
__cjwt_destroy( obj );
return ENOMEM;
}

jwt->header.alg = obj->header.alg;
jwt->header.key = (uint8_t*) key;
jwt->header.key_len = (int) key_len;
jwt->iss = obj->iss;
jwt->sub = obj->sub;
jwt->jti = obj->jti;

if( 0 < obj->aud.count ) {
jwt->aud = calloc( 1, sizeof(cjwt_aud_list_t) );
if( !jwt->aud ) {
free( jwt );
__cjwt_destroy( obj );
return ENOMEM;
}

jwt->aud->count = obj->aud.count;
jwt->aud->names = obj->aud.names;
}

if( obj->iat ) {
jwt->iat.tv_sec = (int) *obj->iat;
}
if( obj->nbf ) {
jwt->nbf.tv_sec = (int) *obj->nbf;
}
if( obj->exp ) {
jwt->exp.tv_sec = (int) *obj->exp;
}

jwt->private_claims = obj->private_claims;

/* Nothing can fail at this point, so transfer ownership by NULLing out
* the old references. */
obj->iss = NULL;
obj->sub = NULL;
obj->jti = NULL;
obj->private_claims = NULL;
obj->aud.names = NULL;
obj->aud.count = 0;

__cjwt_destroy( obj );

*jwt_out = jwt;

return 0;
}


int cjwt_destroy( cjwt_t **obj )
{
if( obj ) {
cjwt_t *jwt = *obj;

if( jwt ) {
if( jwt->iss ) {
free( jwt->iss );
}
if( jwt->sub ) {
free( jwt->sub );
}
if( jwt->jti ) {
free( jwt->jti );
}
if( jwt->aud ) {
if( jwt->aud->names ) {
for( int i = 0; i < jwt->aud->count; i++ ) {
if( jwt->aud->names[i] ) {
free( jwt->aud->names[i] );
}
}
free( jwt->aud->names );
}
free( jwt->aud );
}

if( jwt->private_claims ) {
cJSON_Delete( jwt->private_claims );
}

free( jwt );
}
}

return 0;
}


int cjwt_alg_str_to_enum( const char *alg_str )
{
cjwt_alg_t alg;

if( 0 == alg_to_enum(alg_str, &alg) ) {
return (int) alg;
}

return -1;
}

/*----------------------------------------------------------------------------*/
/* Internal functions */
/*----------------------------------------------------------------------------*/
/* none */

Loading

0 comments on commit 661aab3

Please sign in to comment.