static TEE_Result ree_fs_ta_read(struct user_ta_store_handle *h, void *data, size_t len) { struct ree_fs_ta_handle *handle = (struct ree_fs_ta_handle *)h; uint8_t *src = (uint8_t *)handle->nw_ta + handle->offs; uint8_t *dst = src; TEE_Result res; if (handle->offs + len > handle->nw_ta_size) return TEE_ERROR_BAD_PARAMETERS; if (data) { dst = data; /* Hash secure buffer (shm might be modified) */ memcpy(dst, src, len); } res = crypto_hash_update(handle->hash_ctx, handle->hash_algo, dst, len); if (res != TEE_SUCCESS) return TEE_ERROR_SECURITY; handle->offs += len; if (handle->offs == handle->nw_ta_size) { /* * Last read: time to check if our digest matches the expected * one (from the signed header) */ res = check_digest(handle); } return res; }
/** * perform SIP message sanity check * @param _msg - SIP message structure * @param msg_checks - bitmask of sanity tests to perform over message * @param uri_checks - bitmask of sanity tests to perform over uri * @return -1 on error, 0 on tests failure, 1 on success */ int sanity_check(struct sip_msg* _msg, int msg_checks, int uri_checks) { int ret; ret = SANITY_CHECK_PASSED; if (SANITY_RURI_SIP_VERSION & msg_checks && (ret = check_ruri_sip_version(_msg)) != SANITY_CHECK_PASSED) { goto done; } if (SANITY_RURI_SCHEME & msg_checks && (ret = check_ruri_scheme(_msg)) != SANITY_CHECK_PASSED) { goto done; } if (SANITY_REQUIRED_HEADERS & msg_checks && (ret = check_required_headers(_msg)) != SANITY_CHECK_PASSED) { goto done; } if (SANITY_VIA_SIP_VERSION & msg_checks && (ret = check_via_sip_version(_msg)) != SANITY_CHECK_PASSED) { goto done; } if (SANITY_VIA_PROTOCOL & msg_checks && (ret = check_via_protocol(_msg)) != SANITY_CHECK_PASSED) { goto done; } if (SANITY_CSEQ_METHOD & msg_checks && (ret = check_cseq_method(_msg)) != SANITY_CHECK_PASSED) { goto done; } if (SANITY_CSEQ_VALUE & msg_checks && (ret = check_cseq_value(_msg)) != SANITY_CHECK_PASSED) { goto done; } if (SANITY_CL & msg_checks && (ret = check_cl(_msg)) != SANITY_CHECK_PASSED) { goto done; } if (SANITY_EXPIRES_VALUE & msg_checks && (ret = check_expires_value(_msg)) != SANITY_CHECK_PASSED) { goto done; } if (SANITY_PROXY_REQUIRE & msg_checks && (ret = check_proxy_require(_msg)) != SANITY_CHECK_PASSED) { goto done; } if (SANITY_PARSE_URIS & msg_checks && (ret = check_parse_uris(_msg, uri_checks)) != SANITY_CHECK_PASSED) { goto done; } if (SANITY_CHECK_DIGEST & msg_checks && (ret = check_digest(_msg, uri_checks)) != SANITY_CHECK_PASSED) { goto done; } done: return ret; }
static int auth_check(struct connstruct *cn) { char line[MAXREQUESTLENGTH]; FILE *fp; char *cp; if ((fp = exist_check(cn, ".htpasswd")) == NULL) return 0; /* no .htpasswd file, so let though */ if (cn->authorization[0] == 0) goto error; /* cn->authorization is in form "username:password" */ if ((cp = strchr(cn->authorization, ':')) == NULL) goto error; else *cp++ = 0; /* cp becomes the password */ while (fgets(line, sizeof(line), fp) != NULL) { char *b64_file_passwd; int l = strlen(line); /* nuke newline */ if (line[l - 1] == '\n') line[l - 1] = 0; /* line is form "username:salt(b64)$password(b64)" */ if ((b64_file_passwd = strchr(line, ':')) == NULL) continue; *b64_file_passwd++ = 0; if (strcmp(line, cn->authorization)) /* our user? */ continue; if (check_digest(b64_file_passwd, cp) == 0) { fclose(fp); return 0; } } error: fclose(fp); send_authenticate(cn, cn->server_name); return -1; }
static int sanity_check(struct sip_msg* _msg, char* _number, char* _arg) { int ret, check, arg; if (_number == NULL) { check = default_checks; } else { check = (int)(long)_number; } if (_arg == NULL) { arg = uri_checks; } else { arg = (int)(long)_arg; } if (SANITY_RURI_SIP_VERSION & check && (ret = check_ruri_sip_version(_msg)) != SANITY_CHECK_PASSED) { return ret; } if (SANITY_RURI_SCHEME & check && (ret = check_ruri_scheme(_msg)) != SANITY_CHECK_PASSED) { return ret; } if (SANITY_REQUIRED_HEADERS & check && (ret = check_required_headers(_msg)) != SANITY_CHECK_PASSED) { return ret; } if (SANITY_VIA_SIP_VERSION & check && (ret = check_via_sip_version(_msg)) != SANITY_CHECK_PASSED) { return ret; } if (SANITY_VIA_PROTOCOL & check && (ret = check_via_protocol(_msg)) != SANITY_CHECK_PASSED) { return ret; } if (SANITY_CSEQ_METHOD & check && (ret = check_cseq_method(_msg)) != SANITY_CHECK_PASSED) { return ret; } if (SANITY_CSEQ_VALUE & check && (ret = check_cseq_value(_msg)) != SANITY_CHECK_PASSED) { return ret; } if (SANITY_CL & check && (ret = check_cl(_msg)) != SANITY_CHECK_PASSED) { return ret; } if (SANITY_EXPIRES_VALUE & check && (ret = check_expires_value(_msg)) != SANITY_CHECK_PASSED) { return ret; } if (SANITY_PROXY_REQUIRE & check && (ret = check_proxy_require(_msg)) != SANITY_CHECK_PASSED) { return ret; } if (SANITY_PARSE_URIS & check && (ret = check_parse_uris(_msg, arg)) != SANITY_CHECK_PASSED) { return ret; } if (SANITY_CHECK_DIGEST & check && (ret = check_digest(_msg, arg)) != SANITY_CHECK_PASSED) { return ret; } DBG("all sanity checks passed\n"); /* nobody complained so everything is fine */ return 1; }
/** * perform SIP message sanity check * @param _msg - SIP message structure * @param msg_checks - bitmask of sanity tests to perform over message * @param uri_checks - bitmask of sanity tests to perform over uri * @return -1 on error, 0 on tests failure, 1 on success */ int sanity_check(struct sip_msg* _msg, int msg_checks, int uri_checks) { int ret; if(ksr_sanity_noreply!=0) { ksr_sanity_info_init(); } ret = SANITY_CHECK_PASSED; if (SANITY_RURI_SIP_VERSION & msg_checks && (ret = check_ruri_sip_version(_msg)) != SANITY_CHECK_PASSED) { goto done; } if (SANITY_RURI_SCHEME & msg_checks && (ret = check_ruri_scheme(_msg)) != SANITY_CHECK_PASSED) { goto done; } if (SANITY_REQUIRED_HEADERS & msg_checks && (ret = check_required_headers(_msg)) != SANITY_CHECK_PASSED) { goto done; } if (SANITY_VIA1_HEADER & msg_checks && (ret = check_via1_header(_msg)) != SANITY_CHECK_PASSED) { goto done; } if (SANITY_VIA_SIP_VERSION & msg_checks && (ret = check_via_sip_version(_msg)) != SANITY_CHECK_PASSED) { goto done; } if (SANITY_VIA_PROTOCOL & msg_checks && (ret = check_via_protocol(_msg)) != SANITY_CHECK_PASSED) { goto done; } if (SANITY_CSEQ_METHOD & msg_checks && (ret = check_cseq_method(_msg)) != SANITY_CHECK_PASSED) { goto done; } if (SANITY_CSEQ_VALUE & msg_checks && (ret = check_cseq_value(_msg)) != SANITY_CHECK_PASSED) { goto done; } if (SANITY_CL & msg_checks && (ret = check_cl(_msg)) != SANITY_CHECK_PASSED) { goto done; } if (SANITY_EXPIRES_VALUE & msg_checks && (ret = check_expires_value(_msg)) != SANITY_CHECK_PASSED) { goto done; } if (SANITY_PROXY_REQUIRE & msg_checks && (ret = check_proxy_require(_msg)) != SANITY_CHECK_PASSED) { goto done; } if (SANITY_PARSE_URIS & msg_checks && (ret = check_parse_uris(_msg, uri_checks)) != SANITY_CHECK_PASSED) { goto done; } if (SANITY_CHECK_DIGEST & msg_checks && (ret = check_digest(_msg, uri_checks)) != SANITY_CHECK_PASSED) { goto done; } if (SANITY_CHECK_AUTHORIZATION & msg_checks && (ret = check_authorization(_msg, uri_checks)) != SANITY_CHECK_PASSED) { goto done; } if (SANITY_CHECK_DUPTAGS & msg_checks && (ret = check_duptags(_msg)) != SANITY_CHECK_PASSED) { goto done; } done: return ret; }