1 files changed, 67 insertions, 12 deletions

diff --git a/src/iperf_auth.c b/src/iperf_auth.c
index 9965e19..46211e0 100644
--- a/src/iperf_auth.c
+++ b/src/iperf_auth.c
@@ -1,5 +1,5 @@
 /*
- * iperf, Copyright (c) 2014-2018, The Regents of the University of
+ * iperf, Copyright (c) 2014-2020, The Regents of the University of
  * California, through Lawrence Berkeley National Laboratory (subject
  * to receipt of any required approvals from the U.S. Dept. of
  * Energy).  All rights reserved.
@@ -43,6 +43,9 @@
 #include <openssl/pem.h>
 #include <openssl/sha.h>
 #include <openssl/buffer.h>
+#include <openssl/err.h>
+
+const char *auth_text_format = "user: %s\npwd:  %s\nts:   %ld";
 
 void sha256(const char *string, char outputBuffer[65])
 {
@@ -151,7 +154,6 @@ int Base64Decode(const char* b64message, unsigned char** buffer, size_t* length)
     return (0); //success
 }
 
-
 EVP_PKEY *load_pubkey_from_file(const char *file) {
     BIO *key = NULL;
     EVP_PKEY *pkey = NULL;
@@ -159,7 +161,7 @@ EVP_PKEY *load_pubkey_from_file(const char *file) {
     if (file) {
       key = BIO_new_file(file, "r");
       pkey = PEM_read_bio_PUBKEY(key, NULL, NULL, NULL);
-
+ 
       BIO_free(key);
     }
     return (pkey);
@@ -173,6 +175,7 @@ EVP_PKEY *load_pubkey_from_base64(const char *buffer) {
     BIO* bio = BIO_new(BIO_s_mem());
     BIO_write(bio, key, key_len);
     EVP_PKEY *pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
+    BIO_free(bio);
     return (pkey);
 }
 
@@ -189,6 +192,17 @@ EVP_PKEY *load_privkey_from_file(const char *file) {
     return (pkey);
 }
 
+EVP_PKEY *load_privkey_from_base64(const char *buffer) {
+    unsigned char *key = NULL;
+    size_t key_len;
+    Base64Decode(buffer, &key, &key_len);
+
+    BIO* bio = BIO_new(BIO_s_mem());
+    BIO_write(bio, key, key_len);
+    EVP_PKEY *pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
+    BIO_free(bio);
+    return (pkey);
+}
 
 int test_load_pubkey_from_file(const char *file){
     EVP_PKEY *key = load_pubkey_from_file(file);
@@ -227,6 +241,11 @@ int encrypt_rsa_message(const char *plaintext, EVP_PKEY *public_key, unsigned ch
     OPENSSL_free(rsa_buffer);
     BIO_free(bioBuff);
 
+    if (encryptedtext_len < 0) {
+      /* We probably shoudln't be printing stuff like this */
+      fprintf(stderr, "%s\n", ERR_error_string(ERR_get_error(), NULL));
+    }
+
     return encryptedtext_len;  
 }
 
@@ -249,17 +268,36 @@ int decrypt_rsa_message(const unsigned char *encryptedtext, const int encryptedt
     OPENSSL_free(rsa_buffer);
     BIO_free(bioBuff);
 
+    if (plaintext_len < 0) {
+      /* We probably shoudln't be printing stuff like this */
+      fprintf(stderr, "%s\n", ERR_error_string(ERR_get_error(), NULL));
+    }
+
     return plaintext_len;
 }
 
 int encode_auth_setting(const char *username, const char *password, EVP_PKEY *public_key, char **authtoken){
     time_t t = time(NULL);
     time_t utc_seconds = mktime(localtime(&t));
-    char text[150];
-    sprintf (text, "user: %s\npwd:  %s\nts:   %ld", username, password, utc_seconds);
+
+    /*
+     * Compute a pessimistic/conservative estimate of storage required.
+     * It's OK to allocate too much storage but too little is bad.
+     */
+    const int text_len = strlen(auth_text_format) + strlen(username) + strlen(password) + 32;
+    char *text = (char *) calloc(text_len, sizeof(char));
+    if (text == NULL) {
+	return -1;
+    }
+    snprintf(text, text_len, auth_text_format, username, password, utc_seconds);
+
     unsigned char *encrypted = NULL;
     int encrypted_len;
     encrypted_len = encrypt_rsa_message(text, public_key, &encrypted);
+    free(text);
+    if (encrypted_len < 0) {
+      return -1;
+    }
     Base64Encode(encrypted, encrypted_len, authtoken);
     OPENSSL_free(encrypted);
 
@@ -274,19 +312,36 @@ int decode_auth_setting(int enable_debug, char *authtoken, EVP_PKEY *private_key
     unsigned char *plaintext = NULL;
     int plaintext_len;
     plaintext_len = decrypt_rsa_message(encrypted_b64, encrypted_len_b64, private_key, &plaintext);
-    plaintext[plaintext_len] = '\0';
     free(encrypted_b64);
+    if (plaintext_len < 0) {
+        return -1;
+    }
+    plaintext[plaintext_len] = '\0';
+
+    char *s_username, *s_password;
+    s_username = (char *) calloc(plaintext_len, sizeof(char));
+    if (s_username == NULL) {
+	return -1;
+    }
+    s_password = (char *) calloc(plaintext_len, sizeof(char));
+    if (s_password == NULL) {
+	free(s_username);
+	return -1;
+    }
+
+    int rc = sscanf((char *) plaintext, auth_text_format, s_username, s_password, ts);
+    if (rc != 3) {
+	free(s_password);
+	free(s_username);
+	return -1;
+    }
 
-    char s_username[20], s_password[20];
-    sscanf ((char *)plaintext,"user: %s\npwd:  %s\nts:   %ld", s_username, s_password, ts);
     if (enable_debug) {
         printf("Auth Token Content:\n%s\n", plaintext);
         printf("Auth Token Credentials:\n--> %s %s\n", s_username, s_password);
     }
-    *username = (char *) calloc(21, sizeof(char));
-    *password = (char *) calloc(21, sizeof(char));
-    strncpy(*username, s_username, 20);
-    strncpy(*password, s_password, 20);
+    *username = s_username;
+    *password = s_password;
     OPENSSL_free(plaintext);
     return (0);
 }