The liboauth's discuss from x42

Can not compile in VS2013

In function oauth_body_hash_file, some variables have defined in middle, We must put them in the beginning. Please change it.

Possible Memory Leak

File: oauth_http.c
Memory allocation: line 512
Memory leak: line 520

char *oauth_exec_post (const char *u, const char *p) {
	char cmd[BUFSIZ];
	char *t1,*t2;
	char *cmdtpl = getenv(_OAUTH_ENV_HTTPCMD); **Memory allocation**
	if (!cmdtpl) cmdtpl = xstrdup (_OAUTH_DEF_HTTPCMD);
	else cmdtpl = xstrdup (cmdtpl); // clone getenv() string.

	// add URL and post param - error if no '%p' or '%u' present in definition
	t1=strstr(cmdtpl, "%p");
	t2=strstr(cmdtpl, "%u");
	if (!t1 || !t2) {
		fprintf(stderr, "\nliboauth: invalid HTTP command. set the '%s' environment variable.\n\n",_OAUTH_ENV_HTTPCMD);
		return(NULL); **Memory leak**
	}
	// TODO: check if there are exactly two '%' in cmdtpl
	*(++t1)= 's'; *(++t2)= 's';
	if (t1>t2) {
		t1=oauth_escape_shell(u);
		t2=oauth_escape_shell(p);
	} else {
		t1=oauth_escape_shell(p);
		t2=oauth_escape_shell(u);
	}
	snprintf(cmd, BUFSIZ, cmdtpl, t1, t2);
	xfree(cmdtpl);
	xfree(t1); xfree(t2);
	return oauth_exec_shell(cmd);
}

Missing configure file.

Can you add configure file in trunk code?

Support OpenSSL 1.1.0

In OpenSSL 1.1.0 EVP_MD_CTX is an opaque struct. This patch adds support for OpenSSL 1.1.0. It also compiles with 1.0.2.

diff --git a/src/hash.c b/src/hash.c
index b7c016b..b16b001 100644
--- a/src/hash.c
+++ b/src/hash.c
@@ -364,6 +364,11 @@ looser:
 #include "oauth.h" // base64 encode fn's.
 #include <openssl/hmac.h>
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000
+#define EVP_MD_CTX_new EVP_MD_CTX_create
+#define EVP_MD_CTX_free EVP_MD_CTX_destroy
+#endif
+
 char *oauth_sign_hmac_sha1 (const char *m, const char *k) {
 	return(oauth_sign_hmac_sha1_raw (m, strlen(m), k, strlen(k)));
 }
@@ -388,7 +393,7 @@ char *oauth_sign_rsa_sha1 (const char *m, const char *k) {
 	unsigned char *sig = NULL;
 	unsigned char *passphrase = NULL;
 	unsigned int len=0;
-	EVP_MD_CTX md_ctx;
+	EVP_MD_CTX *md_ctx;
 
 	EVP_PKEY *pkey;
 	BIO *in;
@@ -401,24 +406,31 @@ char *oauth_sign_rsa_sha1 (const char *m, const char *k) {
 		return xstrdup("liboauth/OpenSSL: can not read private key");
 	}
 
+	md_ctx = EVP_MD_CTX_new();
+	if (md_ctx == NULL) {
+		return xstrdup("liboauth/OpenSSL: failed to allocate EVP_MD_CTX");
+	}
+
 	len = EVP_PKEY_size(pkey);
 	sig = (unsigned char*)xmalloc((len+1)*sizeof(char));
 
-	EVP_SignInit(&md_ctx, EVP_sha1());
-	EVP_SignUpdate(&md_ctx, m, strlen(m));
-	if (EVP_SignFinal (&md_ctx, sig, &len, pkey)) {
+	EVP_SignInit(md_ctx, EVP_sha1());
+	EVP_SignUpdate(md_ctx, m, strlen(m));
+	if (EVP_SignFinal (md_ctx, sig, &len, pkey)) {
 		char *tmp;
 		sig[len] = '\0';
 		tmp = oauth_encode_base64(len,sig);
 		OPENSSL_free(sig);
 		EVP_PKEY_free(pkey);
+		EVP_MD_CTX_free(md_ctx);
 		return tmp;
 	}
+	EVP_MD_CTX_free(md_ctx);
 	return xstrdup("liboauth/OpenSSL: rsa-sha1 signing failed");
 }
 
 int oauth_verify_rsa_sha1 (const char *m, const char *c, const char *s) {
-	EVP_MD_CTX md_ctx;
+	EVP_MD_CTX *md_ctx;
 	EVP_PKEY *pkey;
 	BIO *in;
 	X509 *cert = NULL;
@@ -439,13 +451,18 @@ int oauth_verify_rsa_sha1 (const char *m, const char *c, const char *s) {
 		return -2;
 	}
 
+	md_ctx = EVP_MD_CTX_new();
+	if (md_ctx == NULL) {
+		return -2;
+	}
+
 	b64d= (unsigned char*) xmalloc(sizeof(char)*strlen(s));
 	slen = oauth_decode_base64(b64d, s);
 
-	EVP_VerifyInit(&md_ctx, EVP_sha1());
-	EVP_VerifyUpdate(&md_ctx, m, strlen(m));
-	err = EVP_VerifyFinal(&md_ctx, b64d, slen, pkey);
-	EVP_MD_CTX_cleanup(&md_ctx);
+	EVP_VerifyInit(md_ctx, EVP_sha1());
+	EVP_VerifyUpdate(md_ctx, m, strlen(m));
+	err = EVP_VerifyFinal(md_ctx, b64d, slen, pkey);
+	EVP_MD_CTX_free(md_ctx);
 	EVP_PKEY_free(pkey);
 	xfree(b64d);
 	return (err);
@@ -457,35 +474,41 @@ int oauth_verify_rsa_sha1 (const char *m, const char *c, const char *s) {
  */
 char *oauth_body_hash_file(char *filename) {
 	unsigned char fb[BUFSIZ];
-	EVP_MD_CTX ctx;
+	EVP_MD_CTX *ctx;
 	size_t len=0;
 	unsigned char *md;
 	FILE *F= fopen(filename, "r");
 	if (!F) return NULL;
 
-	EVP_MD_CTX_init(&ctx);
-	EVP_DigestInit(&ctx,EVP_sha1());
+	ctx = EVP_MD_CTX_new();
+	if (ctx == NULL) {
+		return xstrdup("liboauth/OpenSSL: failed to allocate EVP_MD_CTX");
+	}
+	EVP_DigestInit(ctx,EVP_sha1());
 	while (!feof(F) && (len=fread(fb,sizeof(char),BUFSIZ, F))>0) {
-		EVP_DigestUpdate(&ctx, fb, len);
+		EVP_DigestUpdate(ctx, fb, len);
 	}
 	fclose(F);
 	len=0;
 	md=(unsigned char*) xcalloc(EVP_MD_size(EVP_sha1()),sizeof(unsigned char));
-	EVP_DigestFinal(&ctx, md,(unsigned int*) &len);
-	EVP_MD_CTX_cleanup(&ctx);
+	EVP_DigestFinal(ctx, md,(unsigned int*) &len);
+	EVP_MD_CTX_free(ctx);
 	return oauth_body_hash_encode(len, md);
 }
 
 char *oauth_body_hash_data(size_t length, const char *data) {
-	EVP_MD_CTX ctx;
+	EVP_MD_CTX *ctx;
 	size_t len=0;
 	unsigned char *md;
 	md=(unsigned char*) xcalloc(EVP_MD_size(EVP_sha1()),sizeof(unsigned char));
-	EVP_MD_CTX_init(&ctx);
-	EVP_DigestInit(&ctx,EVP_sha1());
-	EVP_DigestUpdate(&ctx, data, length);
-	EVP_DigestFinal(&ctx, md,(unsigned int*) &len);
-	EVP_MD_CTX_cleanup(&ctx);
+	ctx = EVP_MD_CTX_new();
+	if (ctx == NULL) {
+		return xstrdup("liboauth/OpenSSL: failed to allocate EVP_MD_CTX");
+	}
+	EVP_DigestInit(ctx,EVP_sha1());
+	EVP_DigestUpdate(ctx, data, length);
+	EVP_DigestFinal(ctx, md,(unsigned int*) &len);
+	EVP_MD_CTX_free(ctx);
 	return oauth_body_hash_encode(len, md);
 }

x42 / liboauth Goto Github PK

liboauth's Issues

You Should Update the www.oauth.net page to point to this project

Can not compile in VS2013

Possible Memory Leak

Missing configure file.

Support OpenSSL 1.1.0

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent