void deInit_Managers(void) { SEC_FREE(getting_TrackInfo); SEC_FREE(notifying_TrackInfo); SEC_FREE(notified_TrackInfo); SEC_FREE(rejected_TrackInfo); SEC_FREE(exceptionURL); }
void free_tcp_TrackInfo(tcp_TrackInfo *node) { if (node != NULL) { SEC_FREE(node->host) SEC_FREE(node->referer); SEC_FREE(node->url); kfree(node); } }
// sec_filter driver write function ssize_t sec_url_filter_write( struct file *filp, const char *buf, size_t count, loff_t *f_pos) { int result = -EIO; if ((buf != NULL) && (count >4)) { short version = *(short *)buf; int cmd = *(int *)(buf+sizeof(short)); char *data = (char *)(buf+sizeof(short)+sizeof(int)); { if (version == 0) { switch(cmd) { case SET_FILTER_MODE: // Turn On and Off filtering. { filterMode = *(int *)data; result = count; if (filterMode == FILTER_MODE_OFF) { wake_up_interruptible(&user_noti_Q); clean_tcp_TrackInfos(getting_TrackInfo); clean_tcp_TrackInfos(rejected_TrackInfo); clean_tcp_TrackInfos(notifying_TrackInfo); clean_tcp_TrackInfos(notified_TrackInfo); SEC_FREE(exceptionURL); SEC_FREE(errorMsg); } printk(KERN_INFO "SEC URL Filter Mode : %d\n", filterMode); } break; case SET_USER_SELECT: //version 2, id 4, choice 2 { tcp_TrackInfo *selectInfo = NULL; int id = *((int *)(data)); int choice = *((int *)(data+sizeof(unsigned int))); unsigned int verdict = NF_DROP; struct nf_queue_entry *entry= NULL; selectInfo = find_tcp_TrackInfo_withID(notified_TrackInfo, id, 1); if (selectInfo != NULL) { result = count; entry = (struct nf_queue_entry *)selectInfo->q_entry; selectInfo->q_entry = NULL; selectInfo->status = choice; if (choice == ALLOW || ((filterMode == FILTER_MODE_ON_RESPONSE)||(filterMode == FILTER_MODE_ON_RESPONSE_REFER))) { verdict = NF_ACCEPT; //Response case should send packet } if (choice == BLOCK) { add_tcp_TrackInfo(rejected_TrackInfo, selectInfo); // Add this node to Rejected List. } else { free_tcp_TrackInfo(selectInfo); } nf_reinject(entry, verdict); // Reinject packet with the verdict } else { printk("SEC_FILTER_URL : NO SUCH ID\n"); } } break; case SET_EXCEPTION_URL: { int urlLen = *((int *)(data)); SEC_FREE(exceptionURL); exceptionURL = SEC_MALLOC(urlLen+1); if (exceptionURL != NULL) { memcpy(exceptionURL, (data+sizeof(int)), urlLen); result = count; } } break; case SET_ERROR_MSG: { int msgLen = *((int *)(data)); SEC_FREE(errorMsg); errMsgSize = 0; errorMsg = SEC_MALLOC(msgLen+1); if (errorMsg != NULL) { memcpy(errorMsg, (data+sizeof(int)), msgLen); errMsgSize = msgLen; result = count; } } break; } } } } return result; }
Sec_Result SecStore_RetrieveData(Sec_ProcessorHandle *proc, SEC_BOOL require_mac, void *user_header, SEC_SIZE user_header_len, void *data, SEC_SIZE data_len, void *store, SEC_SIZE storeLen) { Sec_Result res = SEC_RESULT_FAILURE; SEC_BYTE mac_key[32]; SEC_BYTE mac[32]; unsigned int mac_len; void *copy = NULL; SEC_BYTE pad[SEC_AES_BLOCK_SIZE]; if (store == NULL) { SEC_LOG_ERROR("Null store"); goto done; } if (storeLen < sizeof(SecStore_Header)) { SEC_LOG_ERROR("Invalid store length: %d", storeLen); goto done; } if (memcmp(SEC_STORE_MAGIC, SecStore_GetHeader(store)->store_magic, strlen(SEC_STORE_MAGIC)) != 0) { SEC_LOG_ERROR("Invalid store magic value"); goto done; } if (storeLen < SecStore_GetStoreLen(store)) { SEC_LOG_ERROR("Invalid store length: %d", storeLen); goto done; } /* create a copy of the store that will be decrypted */ copy = malloc(SecStore_GetStoreLen(store)); if (NULL == copy) { SEC_LOG_ERROR("malloc failed"); goto done; } memcpy(copy, store, SecStore_GetStoreLen(store)); /* decrypt container */ if (SecStore_GetHeader(copy)->flags & SEC_STORE_FLAG_IS_ENCRYPTED) { if (SEC_RESULT_SUCCESS != SecStore_Decrypt(proc, copy, SecStore_GetStoreLen(copy))) { SEC_LOG_ERROR("SecStore_Decrypt failed"); goto done; } } /* check padding */ memset(pad, SecStore_GetPaddedDataLen(copy) - SecStore_GetDataLen(copy), sizeof(pad)); if (Sec_Memcmp(pad, SecStore_GetData(copy) + SecStore_GetDataLen(copy), pad[0]) != 0) { SEC_LOG_ERROR( "Invalid pad value encountered"); /* SEC_PRINT("pad: "); Sec_PrintHex(SecStore_GetData(copy) + SecStore_GetDataLen(copy), pad[0]); SEC_PRINT("\n"); */ goto done; } /* mac value */ if (!(SecStore_GetHeader(copy)->flags & SEC_STORE_FLAG_IS_MACED)) { if (require_mac) { SEC_LOG_ERROR("Key container does not have a mac value"); goto done; } } else { if (SEC_RESULT_SUCCESS != SecStore_ComputeMacKey(proc, SEC_STORE_MAC_KEY_INPUT, mac_key, sizeof(mac_key))) { SEC_LOG_ERROR("SecStore_ComputeMacKey failed"); goto done; } if (NULL == HMAC(EVP_sha256(), mac_key, sizeof(mac_key), copy, SecStore_GetStoreLen(copy) - SEC_STORE_MAC_LEN - SEC_STORE_IV_LEN, mac, &mac_len)) { SEC_LOG_ERROR("HMAC failed"); goto done; } if (mac_len != SEC_STORE_MAC_LEN || Sec_Memcmp(mac, SecStore_GetMac(copy), SEC_STORE_MAC_LEN) != 0) { SEC_LOG_ERROR("Mac does not match"); goto done; } } /* get user_header */ if (user_header != NULL) { if (user_header_len < SecStore_GetUserHeaderLen(copy)) { SEC_LOG_ERROR("output buffer not large enough to hold user_header"); goto done; } memcpy(user_header, SecStore_GetUserHeader(copy), SecStore_GetUserHeaderLen(copy)); } /* get data */ if (data != NULL) { if (data_len < SecStore_GetDataLen(copy)) { SEC_LOG_ERROR("output buffer not large enough to hold data"); goto done; } memcpy(data, SecStore_GetData(copy), SecStore_GetDataLen(copy)); } res = SEC_RESULT_SUCCESS; done: Sec_Memset(mac_key, 0, sizeof(mac_key)); if (NULL != copy) { Sec_Memset(copy, 0, SecStore_GetStoreLen(store)); SEC_FREE(copy); } return res; }