x42 / liboauth Goto Github PK
View Code? Open in Web Editor NEWPOSIX-C functions implementing the OAuth Core RFC 5849 standard
License: Other
POSIX-C functions implementing the OAuth Core RFC 5849 standard
License: Other
They take pull requests (or so they say).
In function oauth_body_hash_file, some variables have defined in middle, We must put them in the beginning. Please change it.
File: oauth_http.c
Memory allocation: line 512
Memory leak: line 520
char *oauth_exec_post (const char *u, const char *p) {
char cmd[BUFSIZ];
char *t1,*t2;
char *cmdtpl = getenv(_OAUTH_ENV_HTTPCMD); **Memory allocation**
if (!cmdtpl) cmdtpl = xstrdup (_OAUTH_DEF_HTTPCMD);
else cmdtpl = xstrdup (cmdtpl); // clone getenv() string.
// add URL and post param - error if no '%p' or '%u' present in definition
t1=strstr(cmdtpl, "%p");
t2=strstr(cmdtpl, "%u");
if (!t1 || !t2) {
fprintf(stderr, "\nliboauth: invalid HTTP command. set the '%s' environment variable.\n\n",_OAUTH_ENV_HTTPCMD);
return(NULL); **Memory leak**
}
// TODO: check if there are exactly two '%' in cmdtpl
*(++t1)= 's'; *(++t2)= 's';
if (t1>t2) {
t1=oauth_escape_shell(u);
t2=oauth_escape_shell(p);
} else {
t1=oauth_escape_shell(p);
t2=oauth_escape_shell(u);
}
snprintf(cmd, BUFSIZ, cmdtpl, t1, t2);
xfree(cmdtpl);
xfree(t1); xfree(t2);
return oauth_exec_shell(cmd);
}
Can you add configure file in trunk code?
In OpenSSL 1.1.0 EVP_MD_CTX
is an opaque struct. This patch adds support for OpenSSL 1.1.0. It also compiles with 1.0.2.
diff --git a/src/hash.c b/src/hash.c
index b7c016b..b16b001 100644
--- a/src/hash.c
+++ b/src/hash.c
@@ -364,6 +364,11 @@ looser:
#include "oauth.h" // base64 encode fn's.
#include <openssl/hmac.h>
+#if OPENSSL_VERSION_NUMBER < 0x10100000
+#define EVP_MD_CTX_new EVP_MD_CTX_create
+#define EVP_MD_CTX_free EVP_MD_CTX_destroy
+#endif
+
char *oauth_sign_hmac_sha1 (const char *m, const char *k) {
return(oauth_sign_hmac_sha1_raw (m, strlen(m), k, strlen(k)));
}
@@ -388,7 +393,7 @@ char *oauth_sign_rsa_sha1 (const char *m, const char *k) {
unsigned char *sig = NULL;
unsigned char *passphrase = NULL;
unsigned int len=0;
- EVP_MD_CTX md_ctx;
+ EVP_MD_CTX *md_ctx;
EVP_PKEY *pkey;
BIO *in;
@@ -401,24 +406,31 @@ char *oauth_sign_rsa_sha1 (const char *m, const char *k) {
return xstrdup("liboauth/OpenSSL: can not read private key");
}
+ md_ctx = EVP_MD_CTX_new();
+ if (md_ctx == NULL) {
+ return xstrdup("liboauth/OpenSSL: failed to allocate EVP_MD_CTX");
+ }
+
len = EVP_PKEY_size(pkey);
sig = (unsigned char*)xmalloc((len+1)*sizeof(char));
- EVP_SignInit(&md_ctx, EVP_sha1());
- EVP_SignUpdate(&md_ctx, m, strlen(m));
- if (EVP_SignFinal (&md_ctx, sig, &len, pkey)) {
+ EVP_SignInit(md_ctx, EVP_sha1());
+ EVP_SignUpdate(md_ctx, m, strlen(m));
+ if (EVP_SignFinal (md_ctx, sig, &len, pkey)) {
char *tmp;
sig[len] = '\0';
tmp = oauth_encode_base64(len,sig);
OPENSSL_free(sig);
EVP_PKEY_free(pkey);
+ EVP_MD_CTX_free(md_ctx);
return tmp;
}
+ EVP_MD_CTX_free(md_ctx);
return xstrdup("liboauth/OpenSSL: rsa-sha1 signing failed");
}
int oauth_verify_rsa_sha1 (const char *m, const char *c, const char *s) {
- EVP_MD_CTX md_ctx;
+ EVP_MD_CTX *md_ctx;
EVP_PKEY *pkey;
BIO *in;
X509 *cert = NULL;
@@ -439,13 +451,18 @@ int oauth_verify_rsa_sha1 (const char *m, const char *c, const char *s) {
return -2;
}
+ md_ctx = EVP_MD_CTX_new();
+ if (md_ctx == NULL) {
+ return -2;
+ }
+
b64d= (unsigned char*) xmalloc(sizeof(char)*strlen(s));
slen = oauth_decode_base64(b64d, s);
- EVP_VerifyInit(&md_ctx, EVP_sha1());
- EVP_VerifyUpdate(&md_ctx, m, strlen(m));
- err = EVP_VerifyFinal(&md_ctx, b64d, slen, pkey);
- EVP_MD_CTX_cleanup(&md_ctx);
+ EVP_VerifyInit(md_ctx, EVP_sha1());
+ EVP_VerifyUpdate(md_ctx, m, strlen(m));
+ err = EVP_VerifyFinal(md_ctx, b64d, slen, pkey);
+ EVP_MD_CTX_free(md_ctx);
EVP_PKEY_free(pkey);
xfree(b64d);
return (err);
@@ -457,35 +474,41 @@ int oauth_verify_rsa_sha1 (const char *m, const char *c, const char *s) {
*/
char *oauth_body_hash_file(char *filename) {
unsigned char fb[BUFSIZ];
- EVP_MD_CTX ctx;
+ EVP_MD_CTX *ctx;
size_t len=0;
unsigned char *md;
FILE *F= fopen(filename, "r");
if (!F) return NULL;
- EVP_MD_CTX_init(&ctx);
- EVP_DigestInit(&ctx,EVP_sha1());
+ ctx = EVP_MD_CTX_new();
+ if (ctx == NULL) {
+ return xstrdup("liboauth/OpenSSL: failed to allocate EVP_MD_CTX");
+ }
+ EVP_DigestInit(ctx,EVP_sha1());
while (!feof(F) && (len=fread(fb,sizeof(char),BUFSIZ, F))>0) {
- EVP_DigestUpdate(&ctx, fb, len);
+ EVP_DigestUpdate(ctx, fb, len);
}
fclose(F);
len=0;
md=(unsigned char*) xcalloc(EVP_MD_size(EVP_sha1()),sizeof(unsigned char));
- EVP_DigestFinal(&ctx, md,(unsigned int*) &len);
- EVP_MD_CTX_cleanup(&ctx);
+ EVP_DigestFinal(ctx, md,(unsigned int*) &len);
+ EVP_MD_CTX_free(ctx);
return oauth_body_hash_encode(len, md);
}
char *oauth_body_hash_data(size_t length, const char *data) {
- EVP_MD_CTX ctx;
+ EVP_MD_CTX *ctx;
size_t len=0;
unsigned char *md;
md=(unsigned char*) xcalloc(EVP_MD_size(EVP_sha1()),sizeof(unsigned char));
- EVP_MD_CTX_init(&ctx);
- EVP_DigestInit(&ctx,EVP_sha1());
- EVP_DigestUpdate(&ctx, data, length);
- EVP_DigestFinal(&ctx, md,(unsigned int*) &len);
- EVP_MD_CTX_cleanup(&ctx);
+ ctx = EVP_MD_CTX_new();
+ if (ctx == NULL) {
+ return xstrdup("liboauth/OpenSSL: failed to allocate EVP_MD_CTX");
+ }
+ EVP_DigestInit(ctx,EVP_sha1());
+ EVP_DigestUpdate(ctx, data, length);
+ EVP_DigestFinal(ctx, md,(unsigned int*) &len);
+ EVP_MD_CTX_free(ctx);
return oauth_body_hash_encode(len, md);
}
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.