From 6450f69e34254e1a072404c9a328db2d85a51f22 Mon Sep 17 00:00:00 2001 From: remorse Date: Sat, 21 Oct 2023 23:44:08 -0400 Subject: [PATCH 1/5] Fixed null dereference on malloc() failure in arc_message() --- libopenarc/arc.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/libopenarc/arc.c b/libopenarc/arc.c index 41882697..fe406715 100644 --- a/libopenarc/arc.c +++ b/libopenarc/arc.c @@ -2211,21 +2211,21 @@ arc_message(ARC_LIB *lib, arc_canon_t canonhdr, arc_canon_t canonbody, return NULL; } - msg = (ARC_MESSAGE *) malloc(sizeof *msg); + msg = malloc(sizeof *msg); if (msg == NULL) { - *err = strerror(errno); + if (err != NULL) + *err = strerror(errno); + return NULL; } - else - { - memset(msg, '\0', sizeof *msg); - msg->arc_library = lib; - if (lib->arcl_fixedtime != 0) - msg->arc_timestamp = lib->arcl_fixedtime; - else - (void) time(&msg->arc_timestamp); - } + memset(msg, '\0', sizeof *msg); + + msg->arc_library = lib; + if (lib->arcl_fixedtime != 0) + msg->arc_timestamp = lib->arcl_fixedtime; + else + (void) time(&msg->arc_timestamp); msg->arc_canonhdr = canonhdr; msg->arc_canonbody = canonbody; From d1791c4e0fa08ff7cfa6f7bb4fd0d0d7ff2c99be Mon Sep 17 00:00:00 2001 From: remorse Date: Sat, 21 Oct 2023 23:49:12 -0400 Subject: [PATCH 2/5] Populate keytype and keybits for AMS header generation --- libopenarc/arc.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libopenarc/arc.c b/libopenarc/arc.c index fe406715..1e8e95cc 100644 --- a/libopenarc/arc.c +++ b/libopenarc/arc.c @@ -2011,6 +2011,7 @@ arc_validate_msg(ARC_MESSAGE *msg, u_int setnum) arc_error(msg, "EVP_PKEY_get1_RSA() failed"); return ARC_STAT_INTERNAL; } + msg->arc_keytype = ARC_KEYTYPE_RSA; keysize = RSA_size(rsa); if (keysize * 8 < msg->arc_library->arcl_minkeysize) @@ -2022,6 +2023,7 @@ arc_validate_msg(ARC_MESSAGE *msg, u_int setnum) BIO_free(keydata); return ARC_STAT_CANTVRFY; } + msg->arc_keybits = keysize * 8; alg = arc_param_get(kvset, "a"); nid = NID_sha1; @@ -3060,6 +3062,7 @@ arc_getseal(ARC_MESSAGE *msg, ARC_HDRFIELD **seal, char *authservid, BIO_free(keydata); return ARC_STAT_NORESOURCE; } + msg->arc_keytype = ARC_KEYTYPE_RSA; keysize = RSA_size(rsa); if (keysize * 8 < msg->arc_library->arcl_minkeysize) @@ -3071,6 +3074,7 @@ arc_getseal(ARC_MESSAGE *msg, ARC_HDRFIELD **seal, char *authservid, BIO_free(keydata); return ARC_STAT_CANTVRFY; } + msg->arc_keybits = keysize * 8; sigout = malloc(keysize); if (sigout == NULL) From 31bc5f296275199b661bcf32c860030d9dc8df9d Mon Sep 17 00:00:00 2001 From: remorse Date: Sun, 22 Oct 2023 00:05:55 -0400 Subject: [PATCH 3/5] Add signature margin wrapping for AMS and AS --- libopenarc/arc.c | 53 +++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 46 insertions(+), 7 deletions(-) diff --git a/libopenarc/arc.c b/libopenarc/arc.c index 1e8e95cc..5aa4317d 100644 --- a/libopenarc/arc.c +++ b/libopenarc/arc.c @@ -3011,6 +3011,9 @@ arc_getseal(ARC_MESSAGE *msg, ARC_HDRFIELD **seal, char *authservid, BIO *keydata; EVP_PKEY *pkey; RSA *rsa; + int n; + char *x; + char *y; assert(msg != NULL); assert(seal != NULL); @@ -3251,10 +3254,28 @@ arc_getseal(ARC_MESSAGE *msg, ARC_HDRFIELD **seal, char *authservid, return ARC_STAT_INTERNAL; } - /* append it to the stub */ - arc_dstring_cat(dstr, b64sig); + /* wrap and append it to the stub */ + + len = 10; // "\tb=" + + x = b64sig; + y = b64sig + b64siglen; - /* XXX -- wrapping needs to happen here */ + while (x < y) + { /* break at margins */ + if (msg->arc_margin - len == 0) + { + arc_dstring_catn(dstr, (u_char *) "\n\t ", 3); + len = 9; // "\t " + } + + n = MIN(msg->arc_margin - len, y - x); + + arc_dstring_catn(dstr, (u_char *) x, n); + + x += n; + len += n; + } /* add it to the seal */ h = malloc(sizeof hdr); @@ -3392,10 +3413,28 @@ arc_getseal(ARC_MESSAGE *msg, ARC_HDRFIELD **seal, char *authservid, return ARC_STAT_INTERNAL; } - /* append it to the stub */ - arc_dstring_cat(dstr, b64sig); + /* wrap and append it to the stub */ - /* XXX -- wrapping needs to happen here */ + len = 10; // "\tb=" + + x = b64sig; + y = b64sig + b64siglen; + + while (x < y) + { /* break at margins */ + if (msg->arc_margin - len == 0) + { + arc_dstring_catn(dstr, (u_char *) "\n\t ", 3); + len = 9; // "\t " + } + + n = MIN(msg->arc_margin - len, y - x); + + arc_dstring_catn(dstr, (u_char *) x, n); + + x += n; + len += n; + } /* add it to the seal */ h = malloc(sizeof hdr); @@ -3424,7 +3463,7 @@ arc_getseal(ARC_MESSAGE *msg, ARC_HDRFIELD **seal, char *authservid, } h->hdr_colon = h->hdr_text + ARC_SEAL_HDRNAMELEN; h->hdr_namelen = ARC_SEAL_HDRNAMELEN; - h->hdr_textlen = len; + h->hdr_textlen = arc_dstring_len(dstr); h->hdr_flags = 0; h->hdr_next = NULL; From 62e9cb35d65cd71d28df8188ebdbbac2843e0dea Mon Sep 17 00:00:00 2001 From: remorse Date: Sun, 22 Oct 2023 00:13:13 -0400 Subject: [PATCH 4/5] Strip leading whitespace when AR begins with whitespace in AAR generation --- libopenarc/arc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libopenarc/arc.c b/libopenarc/arc.c index 5aa4317d..ed33a54a 100644 --- a/libopenarc/arc.c +++ b/libopenarc/arc.c @@ -3118,9 +3118,10 @@ arc_getseal(ARC_MESSAGE *msg, ARC_HDRFIELD **seal, char *authservid, ** Part 1: Construct a new AAR */ - arc_dstring_printf(dstr, "ARC-Authentication-Results: i=%u; %s; %s", + arc_dstring_printf(dstr, "ARC-Authentication-Results: i=%u; %s;%s%s", msg->arc_nsets + 1, msg->arc_authservid, + ar != NULL && isspace(ar[0]) ? "" : " ", ar == NULL ? "none" : (char *) ar); status = arc_parse_header_field(msg, arc_dstring_get(dstr), arc_dstring_len(dstr), &h); From f6e81daefb8c83d19323bb7ac7145e488e056e84 Mon Sep 17 00:00:00 2001 From: remorse Date: Sun, 22 Oct 2023 00:26:39 -0400 Subject: [PATCH 5/5] Added arc_get_cv() --- libopenarc/arc.c | 18 ++++++++++++++++++ libopenarc/arc.h | 12 ++++++++++++ 2 files changed, 30 insertions(+) diff --git a/libopenarc/arc.c b/libopenarc/arc.c index ed33a54a..2cab5891 100644 --- a/libopenarc/arc.c +++ b/libopenarc/arc.c @@ -2970,6 +2970,24 @@ arc_set_cv(ARC_MESSAGE *msg, ARC_CHAIN cv) msg->arc_cstate = cv; } +/* +** ARC_GET_CV -- get the chain state +** +** Parameters: +** msg -- ARC_MESSAGE object +** +** Return value: +** An ARC_CHAIN_* constant. +*/ + +ARC_CHAIN +arc_get_cv(ARC_MESSAGE *msg) +{ + assert(msg != NULL); + + return msg->arc_cstate; +} + /* ** ARC_GETSEAL -- get the "seal" to apply to this message ** diff --git a/libopenarc/arc.h b/libopenarc/arc.h index 04d415f7..a823c8e1 100644 --- a/libopenarc/arc.h +++ b/libopenarc/arc.h @@ -467,6 +467,18 @@ extern ARC_STAT arc_eom __P((ARC_MESSAGE *)); extern void arc_set_cv(ARC_MESSAGE *, ARC_CHAIN); +/* +** ARC_GET_CV -- get the chain state +** +** Parameters: +** msg -- ARC_MESSAGE object +** +** Return value: +** An ARC_CHAIN_* constant. +*/ + +extern ARC_CHAIN arc_get_cv(ARC_MESSAGE *); + /* ** ARC_GETSEAL -- get the "seal" to apply to this message **