mirror of
https://github.com/SoftEtherVPN/SoftEtherVPN.git
synced 2025-07-07 00:04:57 +03:00
Refactor Base64 functions, encode/decode using OpenSSL's EVP interface
Our own implementation works fine, however we should use OpenSSL's one since we already link to the library. Base64Decode() and Base64Encode() return the required buffer size when "dst" is NULL. This allows to efficiently allocate a buffer, without wasting memory or risking an overflow. Base64FromBin() and Base64ToBin() perform all steps, returning a heap-allocated buffer with the data in it.
This commit is contained in:
Davide Beatrici
@ -939,30 +939,26 @@ bool HttpParseBasicAuthHeader(HTTP_HEADER *h, char *username, UINT username_size
|
||||
{
|
||||
if (StrCmpi(key, "Basic") == 0 && IsEmptyStr(value) == false)
|
||||
{
|
||||
UINT b64_dest_size = StrSize(value) * 2 + 256;
|
||||
char *b64_dest = ZeroMalloc(b64_dest_size);
|
||||
|
||||
Decode64(b64_dest, value);
|
||||
|
||||
if (IsEmptyStr(b64_dest) == false)
|
||||
char *str = Base64ToBin(NULL, value, StrLen(value));
|
||||
if (str != NULL)
|
||||
{
|
||||
if (b64_dest[0] == ':')
|
||||
if (str[0] == ':')
|
||||
{
|
||||
// Empty username
|
||||
StrCpy(username, username_size, "");
|
||||
StrCpy(password, password_size, b64_dest + 1);
|
||||
StrCpy(password, password_size, str + 1);
|
||||
ret = true;
|
||||
}
|
||||
else
|
||||
{
|
||||
if (GetKeyAndValue(b64_dest, username, username_size, password, password_size, ":"))
|
||||
if (GetKeyAndValue(str, username, username_size, password, password_size, ":"))
|
||||
{
|
||||
ret = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Free(b64_dest);
|
||||
Free(str);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -806,9 +806,6 @@ static UINT SmDdnsGetKey(char *key, SM_DDNS *d){
|
||||
|
||||
void SmDDnsDlgInit(HWND hWnd, SM_DDNS *d)
|
||||
{
|
||||
char key[20];
|
||||
char encodedkey[20 * 4 + 32];
|
||||
|
||||
// Validate arguments
|
||||
if (hWnd == NULL || d == NULL)
|
||||
{
|
||||
@ -845,10 +842,15 @@ void SmDDnsDlgInit(HWND hWnd, SM_DDNS *d)
|
||||
|
||||
Hide(hWnd, B_PROXY);
|
||||
|
||||
if(SmDdnsGetKey(key, d) == ERR_NO_ERROR){
|
||||
encodedkey[ B64_Encode(encodedkey, key, 20) ] = 0;
|
||||
SetTextA(hWnd, E_KEY, encodedkey);
|
||||
}else{
|
||||
char key[20];
|
||||
if (SmDdnsGetKey(key, d) == ERR_NO_ERROR)
|
||||
{
|
||||
char *encoded_key = Base64FromBin(NULL, key, sizeof(key));
|
||||
SetTextA(hWnd, E_KEY, encoded_key);
|
||||
Free(encoded_key);
|
||||
}
|
||||
else
|
||||
{
|
||||
SetText(hWnd, E_KEY, _UU("SM_DDNS_KEY_ERR"));
|
||||
}
|
||||
|
||||
|
||||
@ -15,6 +15,7 @@
|
||||
#include "Radius.h"
|
||||
#include "Server.h"
|
||||
|
||||
#include "Mayaqua/Encoding.h"
|
||||
#include "Mayaqua/Internat.h"
|
||||
#include "Mayaqua/Memory.h"
|
||||
#include "Mayaqua/Microsoft.h"
|
||||
@ -31,11 +32,6 @@
|
||||
#include <unistd.h>
|
||||
#endif
|
||||
|
||||
int base64_enc_len(unsigned int plainLen) {
|
||||
unsigned int n = plainLen;
|
||||
return (n + 2 - ((n + 2) % 3)) / 3 * 4;
|
||||
}
|
||||
|
||||
PID OpenChildProcess(const char* path, char* const parameter[], int fd[] )
|
||||
{
|
||||
#ifdef OS_WIN32
|
||||
@ -134,7 +130,6 @@ bool SmbAuthenticate(char* name, char* password, char* domainname, char* groupna
|
||||
int fds[2];
|
||||
FILE* out, *in;
|
||||
PID pid;
|
||||
char buffer[255];
|
||||
char ntlm_timeout[32];
|
||||
char* proc_parameter[6];
|
||||
|
||||
@ -153,8 +148,6 @@ bool SmbAuthenticate(char* name, char* password, char* domainname, char* groupna
|
||||
return false;
|
||||
}
|
||||
|
||||
Zero(buffer, sizeof(buffer));
|
||||
|
||||
// Truncate string if unsafe char
|
||||
EnSafeStr(domainname, '\0');
|
||||
|
||||
@ -218,64 +211,48 @@ bool SmbAuthenticate(char* name, char* password, char* domainname, char* groupna
|
||||
return false;
|
||||
}
|
||||
|
||||
if (base64_enc_len((unsigned int)strlen(name)) < sizeof(buffer)-1 &&
|
||||
base64_enc_len((unsigned int)strlen(password)) < sizeof(buffer)-1 &&
|
||||
base64_enc_len((unsigned int)strlen(domainname)) < sizeof(buffer)-1)
|
||||
{
|
||||
char answer[300];
|
||||
|
||||
unsigned int end = B64_Encode(buffer, name, (int)strlen(name));
|
||||
buffer[end] = '\0';
|
||||
char *base64 = Base64FromBin(NULL, name, StrLen(name));
|
||||
fputs("Username:: ", out);
|
||||
fputs(buffer, out);
|
||||
fputs(base64, out);
|
||||
fputs("\n", out);
|
||||
Debug("Username: %s\n", buffer);
|
||||
buffer[0] = 0;
|
||||
Free(base64);
|
||||
|
||||
end = B64_Encode(buffer, domainname, (int)strlen(domainname));
|
||||
buffer[end] = '\0';
|
||||
base64 = Base64FromBin(NULL, domainname, StrLen(domainname));
|
||||
fputs("NT-Domain:: ", out);
|
||||
fputs(buffer, out);
|
||||
fputs(base64, out);
|
||||
fputs("\n", out);
|
||||
Debug("NT-Domain: %s\n", buffer);
|
||||
buffer[0] = 0;
|
||||
Free(base64);
|
||||
|
||||
if (password[0] != '\0')
|
||||
if (IsEmptyStr(password) == false)
|
||||
{
|
||||
Debug("Password authentication\n");
|
||||
end = B64_Encode(buffer, password, (int)strlen(password));
|
||||
buffer[end] = '\0';
|
||||
Debug("SmbAuthenticate(): Using password authentication...\n");
|
||||
|
||||
base64 = Base64FromBin(NULL, password, StrLen(password));
|
||||
fputs("Password:: ", out);
|
||||
fputs(buffer, out);
|
||||
fputs(base64, out);
|
||||
fputs("\n", out);
|
||||
Debug("Password: %s\n", buffer);
|
||||
buffer[0] = 0;
|
||||
Free(base64);
|
||||
}
|
||||
else
|
||||
{
|
||||
char* mschapv2_client_response;
|
||||
char* base64_challenge8;
|
||||
Debug("SmbAuthenticate(): Using MsChapV2 authentication...\n");
|
||||
|
||||
Debug("MsChapV2 authentication\n");
|
||||
mschapv2_client_response = CopyBinToStr(MsChapV2_ClientResponse, 24);
|
||||
end = B64_Encode(buffer, mschapv2_client_response, 48);
|
||||
buffer[end] = '\0';
|
||||
fputs("NT-Response:: ", out);
|
||||
fputs(buffer, out);
|
||||
fputs("\n", out);
|
||||
Debug("NT-Response:: %s\n", buffer);
|
||||
buffer[0] = 0;
|
||||
char *mschapv2_client_response = CopyBinToStr(MsChapV2_ClientResponse, 24);
|
||||
base64 = Base64FromBin(NULL, mschapv2_client_response, 48);
|
||||
Free(mschapv2_client_response);
|
||||
|
||||
base64_challenge8 = CopyBinToStr(challenge8, 8);
|
||||
end = B64_Encode(buffer, base64_challenge8 , 16);
|
||||
buffer[end] = '\0';
|
||||
fputs("LANMAN-Challenge:: ", out);
|
||||
fputs(buffer, out);
|
||||
fputs("NT-Response:: ", out);
|
||||
fputs(base64, out);
|
||||
fputs("\n", out);
|
||||
Debug("LANMAN-Challenge:: %s\n", buffer);
|
||||
buffer[0] = 0;
|
||||
Free(base64);
|
||||
|
||||
char *base64_challenge8 = CopyBinToStr(challenge8, 8);
|
||||
base64 = Base64FromBin(NULL, base64_challenge8, 16);
|
||||
Free(base64_challenge8);
|
||||
fputs("LANMAN-Challenge:: ", out);
|
||||
fputs(base64, out);
|
||||
fputs("\n", out);
|
||||
Free(base64);
|
||||
|
||||
fputs("Request-User-Session-Key: Yes\n", out);
|
||||
}
|
||||
@ -285,6 +262,7 @@ bool SmbAuthenticate(char* name, char* password, char* domainname, char* groupna
|
||||
fflush (out);
|
||||
// Request send!
|
||||
|
||||
char answer[300];
|
||||
Zero(answer, sizeof(answer));
|
||||
|
||||
while (fgets(answer, sizeof(answer)-1, in))
|
||||
@ -323,7 +301,7 @@ bool SmbAuthenticate(char* name, char* password, char* domainname, char* groupna
|
||||
response_parameter[0] ='\0';
|
||||
response_parameter++;
|
||||
|
||||
end = Decode64(response_parameter, response_parameter);
|
||||
const UINT end = Base64Decode(response_parameter, response_parameter, StrLen(response_parameter));
|
||||
response_parameter[end] = '\0';
|
||||
}
|
||||
|
||||
|
||||
@ -11,6 +11,7 @@
|
||||
#include "Protocol.h"
|
||||
|
||||
#include "Mayaqua/DNS.h"
|
||||
#include "Mayaqua/Encoding.h"
|
||||
#include "Mayaqua/Memory.h"
|
||||
#include "Mayaqua/Microsoft.h"
|
||||
#include "Mayaqua/Pack.h"
|
||||
@ -807,19 +808,14 @@ BUF *HttpRequestEx3(URL_DATA *data, INTERNET_SETTING *setting,
|
||||
|
||||
if (IsEmptyStr(setting->ProxyUsername) == false || IsEmptyStr(setting->ProxyPassword) == false)
|
||||
{
|
||||
char auth_tmp_str[MAX_SIZE], auth_b64_str[MAX_SIZE * 2];
|
||||
char basic_str[MAX_SIZE * 2];
|
||||
char auth_str[MAX_SIZE * 2];
|
||||
Format(auth_str, sizeof(auth_str), "%s:%s", setting->ProxyUsername, setting->ProxyPassword);
|
||||
|
||||
// Generate the authentication string
|
||||
Format(auth_tmp_str, sizeof(auth_tmp_str), "%s:%s",
|
||||
setting->ProxyUsername, setting->ProxyPassword);
|
||||
char *base64 = Base64FromBin(NULL, auth_str, StrLen(auth_str));
|
||||
Format(auth_str, sizeof(auth_str), "Basic %s", base64);
|
||||
Free(base64);
|
||||
|
||||
// Base64 encode
|
||||
Zero(auth_b64_str, sizeof(auth_b64_str));
|
||||
Encode64(auth_b64_str, auth_tmp_str);
|
||||
Format(basic_str, sizeof(basic_str), "Basic %s", auth_b64_str);
|
||||
|
||||
AddHttpValue(h, NewHttpValue("Proxy-Authorization", basic_str));
|
||||
AddHttpValue(h, NewHttpValue("Proxy-Authorization", auth_str));
|
||||
}
|
||||
}
|
||||
|
||||
@ -1229,18 +1225,14 @@ bool ParseUrl(URL_DATA *data, char *str, bool is_post, char *referrer)
|
||||
}
|
||||
|
||||
// String replacement
|
||||
void Base64ToSafe64(char *str)
|
||||
void Base64ToSafe64(char *str, const UINT size)
|
||||
{
|
||||
UINT i, len;
|
||||
// Validate arguments
|
||||
if (str == NULL)
|
||||
if (str == NULL || size == 0)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
len = StrLen(str);
|
||||
|
||||
for (i = 0;i < len;i++)
|
||||
for (UINT i = 0; i < size; ++i)
|
||||
{
|
||||
switch (str[i])
|
||||
{
|
||||
@ -1258,18 +1250,14 @@ void Base64ToSafe64(char *str)
|
||||
}
|
||||
}
|
||||
}
|
||||
void Safe64ToBase64(char *str)
|
||||
void Safe64ToBase64(char *str, const UINT size)
|
||||
{
|
||||
UINT i, len;
|
||||
// Validate arguments
|
||||
if (str == NULL)
|
||||
if (str == NULL || size == 0)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
len = StrLen(str);
|
||||
|
||||
for (i = 0;i < len;i++)
|
||||
for (UINT i = 0; i < size; ++i)
|
||||
{
|
||||
switch (str[i])
|
||||
{
|
||||
@ -1288,44 +1276,39 @@ void Safe64ToBase64(char *str)
|
||||
}
|
||||
}
|
||||
|
||||
// Decode from Safe64
|
||||
UINT DecodeSafe64(void *dst, char *src, UINT src_strlen)
|
||||
// Decode from escaped Base64
|
||||
UINT DecodeSafe64(void *dst, const char *src, UINT size)
|
||||
{
|
||||
char *tmp;
|
||||
UINT ret;
|
||||
if (dst == NULL || src == NULL)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (src_strlen == 0)
|
||||
if (size == 0)
|
||||
{
|
||||
src_strlen = StrLen(src);
|
||||
size = StrLen(src);
|
||||
}
|
||||
|
||||
tmp = Malloc(src_strlen + 1);
|
||||
Copy(tmp, src, src_strlen);
|
||||
tmp[src_strlen] = 0;
|
||||
Safe64ToBase64(tmp);
|
||||
char *tmp = Malloc(size + 1);
|
||||
Copy(tmp, src, size);
|
||||
tmp[size] = '\0';
|
||||
|
||||
ret = B64_Decode(dst, tmp, src_strlen);
|
||||
Safe64ToBase64(tmp, size);
|
||||
const UINT ret = Base64Decode(dst, tmp, size);
|
||||
Free(tmp);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
// Encode to Safe64
|
||||
void EncodeSafe64(char *dst, void *src, UINT src_size)
|
||||
// Encode to escaped Base64
|
||||
void EncodeSafe64(char *dst, const void *src, const UINT size)
|
||||
{
|
||||
UINT size;
|
||||
if (dst == NULL || src == NULL)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
size = B64_Encode(dst, src, src_size);
|
||||
dst[size] = 0;
|
||||
const UINT ret = Base64Encode(dst, src, size);
|
||||
|
||||
Base64ToSafe64(dst);
|
||||
Base64ToSafe64(dst, ret);
|
||||
}
|
||||
|
||||
|
||||
@ -84,10 +84,10 @@ struct WPC_PACKET
|
||||
typedef bool (WPC_RECV_CALLBACK)(void *param, UINT total_size, UINT current_size, BUF *recv_buf);
|
||||
|
||||
// Function prototype
|
||||
void EncodeSafe64(char *dst, void *src, UINT src_size);
|
||||
UINT DecodeSafe64(void *dst, char *src, UINT src_strlen);
|
||||
void Base64ToSafe64(char *str);
|
||||
void Safe64ToBase64(char *str);
|
||||
void Base64ToSafe64(char *str, const UINT size);
|
||||
void Safe64ToBase64(char *str, const UINT size);
|
||||
UINT DecodeSafe64(void *dst, const char *src, UINT size);
|
||||
void EncodeSafe64(char *dst, const void *src, const UINT size);
|
||||
bool ParseUrl(URL_DATA *data, char *str, bool is_post, char *referrer);
|
||||
void CreateUrl(char *url, UINT url_size, URL_DATA *data);
|
||||
void GetSystemInternetSetting(INTERNET_SETTING *setting);
|
||||
|
||||
Reference in New Issue
Block a user