File gsoap-plugins-hardening.patch of Package gsoap.openSUSE_Backports_SLE-15-SP3
Origin: https://src.fedoraproject.org/rpms/gsoap/c/48ce27e1b81f592f1247b85139cd415ae76d389b?branch=rawhide
Rediffed for 2.8.102.
---
gsoap/plugin/httpda.c | 2 +-
gsoap/plugin/wsaapi.c | 2 +-
gsoap/plugin/wsseapi.c | 36 ++++++++++++++++++------------------
gsoap/plugin/wsseapi.cpp | 36 ++++++++++++++++++------------------
4 files changed, 38 insertions(+), 38 deletions(-)
Index: gsoap-2.8.102/gsoap/plugin/httpda.c
===================================================================
--- gsoap-2.8.102.orig/gsoap/plugin/httpda.c
+++ gsoap-2.8.102/gsoap/plugin/httpda.c
@@ -1460,7 +1460,7 @@ http_da_session_update(const char *realm
MUTEX_LOCK(http_da_session_lock);
for (session = http_da_session; session; session = session->next)
- if (!strcmp(session->realm, realm) && !strcmp(session->nonce, nonce) && !strcmp(session->opaque, opaque))
+ if (session->realm && session->nonce && session->opaque && !strcmp(session->realm, realm) && !strcmp(session->nonce, nonce) && !strcmp(session->opaque, opaque))
break;
if (session)
Index: gsoap-2.8.102/gsoap/plugin/wsaapi.c
===================================================================
--- gsoap-2.8.102.orig/gsoap/plugin/wsaapi.c
+++ gsoap-2.8.102/gsoap/plugin/wsaapi.c
@@ -1056,7 +1056,7 @@ soap_wsa_fault_subcode_action(struct soa
oldheader->SOAP_WSA(FaultTo)->Address = oldheader->SOAP_WSA(ReplyTo)->Address;
}
/* use FaultTo */
- if (oldheader && oldheader->SOAP_WSA(FaultTo) && !strcmp(oldheader->SOAP_WSA(FaultTo)->Address, soap_wsa_noneURI))
+ if (oldheader && oldheader->SOAP_WSA(FaultTo) && oldheader->SOAP_WSA(FaultTo)->Address && !strcmp(oldheader->SOAP_WSA(FaultTo)->Address, soap_wsa_noneURI))
return soap_send_empty_response(soap, SOAP_OK); /* HTTP ACCEPTED */
soap->header = NULL;
/* allocate a new header */
Index: gsoap-2.8.102/gsoap/plugin/wsseapi.c
===================================================================
--- gsoap-2.8.102.orig/gsoap/plugin/wsseapi.c
+++ gsoap-2.8.102/gsoap/plugin/wsseapi.c
@@ -2956,7 +2956,7 @@ soap_wsse_verify_Password(struct soap *s
else
{
/* check password text */
- if (!strcmp(token->Password->__item, password))
+ if (token->Password->__item && !strcmp(token->Password->__item, password))
return SOAP_OK;
}
}
@@ -3118,6 +3118,7 @@ soap_wsse_get_BinarySecurityToken(struct
{
_wsse__BinarySecurityToken *token = soap_wsse_BinarySecurityToken(soap, id);
DBGFUN1("soap_wsse_get_BinarySecurityToken", "id=%s", id?id:"");
+ *data = NULL;
if (token)
{
*valueType = token->ValueType;
@@ -3148,9 +3149,9 @@ soap_wsse_get_BinarySecurityTokenX509(st
X509 *cert = NULL;
char *valueType = NULL;
#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
- const unsigned char *data;
+ const unsigned char *data = NULL;
#else
- unsigned char *data;
+ unsigned char *data = NULL;
#endif
int size;
DBGFUN1("soap_wsse_get_BinarySecurityTokenX509", "id=%s", id?id:"");
@@ -3270,7 +3271,7 @@ int
SOAP_FMAC2
soap_wsse_add_SecurityContextToken(struct soap *soap, const char *id, const char *identifier)
{
- char *URI;
+ char *URI = NULL;
size_t l;
_wsse__Security *security = soap_wsse_add_Security(soap);
DBGFUN2("soap_wsse_add_SecurityContextToken", "id=%s", id, "identifier=%s", identifier?identifier:"");
@@ -3652,7 +3653,7 @@ soap_wsse_add_SignatureValue(struct soap
{
ds__SignatureType *signature = soap_wsse_add_Signature(soap);
const char *method = NULL;
- char *sig;
+ char *sig = NULL;
int siglen;
int err;
const char *c14ninclude = soap->c14ninclude;
@@ -3883,10 +3884,10 @@ soap_wsse_verify_SignatureValue(struct s
&& signature->SignedInfo
&& signature->SignatureValue)
{
- char *sig;
- const char *sigval;
+ char *sig = NULL;
+ const char *sigval = NULL;
int method, bits, siglen, sigvallen;
- struct soap_dom_element *elt;
+ struct soap_dom_element *elt = NULL;
/* check that we are using the intended signature algorithm */
if (soap_wsse_get_SignedInfo_SignatureMethod(soap, &method, &bits))
return soap->error;
@@ -3943,8 +3944,8 @@ soap_wsse_verify_SignatureValue(struct s
for (att = prt->atts; att; att = att->next)
{
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "DOM attribute = %s\n", att->name));
- if (!strncmp(att->name, "xmlns:", 6) && !soap_lookup_ns(soap, att->name + 6, strlen(att->name + 6)))
- soap_attribute(soap, att->name, att->text);
+ if (att->name && att->text && !strncmp(att->name, "xmlns:", 6) && !soap_lookup_ns(soap, att->name + 6, strlen(att->name + 6)))
+ (void)soap_attribute(soap, att->name, att->text);
}
}
/* push xmlns="..." */
@@ -3952,7 +3953,7 @@ soap_wsse_verify_SignatureValue(struct s
{
for (att = prt->atts; att; att = att->next)
{
- if (!strcmp(att->name, "xmlns"))
+ if (att->name && att->text && !strcmp(att->name, "xmlns"))
{
soap_attribute(soap, att->name, att->text);
break;
@@ -4243,7 +4244,7 @@ soap_wsse_verify_digest(struct soap *soa
{
for (att = prt->atts; att; att = att->next)
{
- if (!strcmp(att->name, "xmlns"))
+ if (att->name && att->text && !strcmp(att->name, "xmlns"))
{
soap_attribute(soap, att->name, att->text);
break;
@@ -5083,7 +5084,7 @@ soap_wsse_verify_EncryptedKey(struct soa
if (elt)
{
att = soap_att_get(elt, NULL, "EncodingType");
- if (att)
+ if (att && soap_att_get_text(att))
keybase = !strcmp(soap_att_get_text(att), wsse_Base64BinaryURI);
att = soap_att_get(elt, NULL, "ValueType");
keytype = soap_att_get_text(att);
@@ -5133,7 +5134,7 @@ soap_wsse_verify_EncryptedKey(struct soa
{
int keylen;
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "Verify EncryptedKey %s alg=%x\n", keyalgo, data->deco_alg));
- if (keydata)
+ if (keytype && keydata)
{
if (!strcmp(keytype, wsse_X509v3URI))
{
@@ -6102,9 +6103,8 @@ soap_psha256(struct soap *soap, const ch
*/
static int soap_p_hash(struct soap *soap, const char *hmac_key, size_t hmac_key_len, const char *secret, size_t secretlen, int alg, char HA[], size_t HA_len, char temp[], char *phash, size_t phashlen)
{
- char *buffer;
size_t i;
- buffer = (char*)SOAP_MALLOC(soap, HA_len + secretlen);
+ char *buffer = (char*)SOAP_MALLOC(soap, HA_len + secretlen);
if (!buffer)
return soap->error = SOAP_EOM;
i = 0;
@@ -7342,7 +7342,7 @@ soap_wsse_element_begin_out(struct soap
soap_strcpy(URI + 1, l + 1, Id);
}
#endif
- if (!strcmp(tag, "SOAP-ENV:Body"))
+ if (tag && !strcmp(tag, "SOAP-ENV:Body"))
{
if (soap_element(soap, tag, id, type)
|| soap_element_start_end_out(soap, NULL))
@@ -7392,7 +7392,7 @@ soap_wsse_element_end_out(struct soap *s
}
if (data && (!data->encid || soap_tagsearch(data->encid, tag)))
{
- if (!strcmp(tag, "SOAP-ENV:Body"))
+ if (tag && !strcmp(tag, "SOAP-ENV:Body"))
{
if (soap_wsse_encrypt_end(soap))
return soap->error;
Index: gsoap-2.8.102/gsoap/plugin/wsseapi.cpp
===================================================================
--- gsoap-2.8.102.orig/gsoap/plugin/wsseapi.cpp
+++ gsoap-2.8.102/gsoap/plugin/wsseapi.cpp
@@ -2956,7 +2956,7 @@ soap_wsse_verify_Password(struct soap *s
else
{
/* check password text */
- if (!strcmp(token->Password->__item, password))
+ if (token->Password->__item && !strcmp(token->Password->__item, password))
return SOAP_OK;
}
}
@@ -3118,6 +3118,7 @@ soap_wsse_get_BinarySecurityToken(struct
{
_wsse__BinarySecurityToken *token = soap_wsse_BinarySecurityToken(soap, id);
DBGFUN1("soap_wsse_get_BinarySecurityToken", "id=%s", id?id:"");
+ *data = NULL;
if (token)
{
*valueType = token->ValueType;
@@ -3148,9 +3149,9 @@ soap_wsse_get_BinarySecurityTokenX509(st
X509 *cert = NULL;
char *valueType = NULL;
#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
- const unsigned char *data;
+ const unsigned char *data = NULL;
#else
- unsigned char *data;
+ unsigned char *data = NULL;
#endif
int size;
DBGFUN1("soap_wsse_get_BinarySecurityTokenX509", "id=%s", id?id:"");
@@ -3270,7 +3271,7 @@ int
SOAP_FMAC2
soap_wsse_add_SecurityContextToken(struct soap *soap, const char *id, const char *identifier)
{
- char *URI;
+ char *URI = NULL;
size_t l;
_wsse__Security *security = soap_wsse_add_Security(soap);
DBGFUN2("soap_wsse_add_SecurityContextToken", "id=%s", id, "identifier=%s", identifier?identifier:"");
@@ -3652,7 +3653,7 @@ soap_wsse_add_SignatureValue(struct soap
{
ds__SignatureType *signature = soap_wsse_add_Signature(soap);
const char *method = NULL;
- char *sig;
+ char *sig = NULL;
int siglen;
int err;
const char *c14ninclude = soap->c14ninclude;
@@ -3883,10 +3884,10 @@ soap_wsse_verify_SignatureValue(struct s
&& signature->SignedInfo
&& signature->SignatureValue)
{
- char *sig;
- const char *sigval;
+ char *sig = NULL;
+ const char *sigval = NULL;
int method, bits, siglen, sigvallen;
- struct soap_dom_element *elt;
+ struct soap_dom_element *elt = NULL;
/* check that we are using the intended signature algorithm */
if (soap_wsse_get_SignedInfo_SignatureMethod(soap, &method, &bits))
return soap->error;
@@ -3943,8 +3944,8 @@ soap_wsse_verify_SignatureValue(struct s
for (att = prt->atts; att; att = att->next)
{
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "DOM attribute = %s\n", att->name));
- if (!strncmp(att->name, "xmlns:", 6) && !soap_lookup_ns(soap, att->name + 6, strlen(att->name + 6)))
- soap_attribute(soap, att->name, att->text);
+ if (att->name && att->text && !strncmp(att->name, "xmlns:", 6) && !soap_lookup_ns(soap, att->name + 6, strlen(att->name + 6)))
+ (void)soap_attribute(soap, att->name, att->text);
}
}
/* push xmlns="..." */
@@ -3952,7 +3953,7 @@ soap_wsse_verify_SignatureValue(struct s
{
for (att = prt->atts; att; att = att->next)
{
- if (!strcmp(att->name, "xmlns"))
+ if (att->name && att->text && !strcmp(att->name, "xmlns"))
{
soap_attribute(soap, att->name, att->text);
break;
@@ -4243,7 +4244,7 @@ soap_wsse_verify_digest(struct soap *soa
{
for (att = prt->atts; att; att = att->next)
{
- if (!strcmp(att->name, "xmlns"))
+ if (att->name && att->text && !strcmp(att->name, "xmlns"))
{
soap_attribute(soap, att->name, att->text);
break;
@@ -5083,7 +5084,7 @@ soap_wsse_verify_EncryptedKey(struct soa
if (elt)
{
att = soap_att_get(elt, NULL, "EncodingType");
- if (att)
+ if (att && soap_att_get_text(att))
keybase = !strcmp(soap_att_get_text(att), wsse_Base64BinaryURI);
att = soap_att_get(elt, NULL, "ValueType");
keytype = soap_att_get_text(att);
@@ -5133,7 +5134,7 @@ soap_wsse_verify_EncryptedKey(struct soa
{
int keylen;
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "Verify EncryptedKey %s alg=%x\n", keyalgo, data->deco_alg));
- if (keydata)
+ if (keytype && keydata)
{
if (!strcmp(keytype, wsse_X509v3URI))
{
@@ -6102,9 +6103,8 @@ soap_psha256(struct soap *soap, const ch
*/
static int soap_p_hash(struct soap *soap, const char *hmac_key, size_t hmac_key_len, const char *secret, size_t secretlen, int alg, char HA[], size_t HA_len, char temp[], char *phash, size_t phashlen)
{
- char *buffer;
size_t i;
- buffer = (char*)SOAP_MALLOC(soap, HA_len + secretlen);
+ char *buffer = (char*)SOAP_MALLOC(soap, HA_len + secretlen);
if (!buffer)
return soap->error = SOAP_EOM;
i = 0;
@@ -7342,7 +7342,7 @@ soap_wsse_element_begin_out(struct soap
soap_strcpy(URI + 1, l + 1, Id);
}
#endif
- if (!strcmp(tag, "SOAP-ENV:Body"))
+ if (tag && !strcmp(tag, "SOAP-ENV:Body"))
{
if (soap_element(soap, tag, id, type)
|| soap_element_start_end_out(soap, NULL))
@@ -7392,7 +7392,7 @@ soap_wsse_element_end_out(struct soap *s
}
if (data && (!data->encid || soap_tagsearch(data->encid, tag)))
{
- if (!strcmp(tag, "SOAP-ENV:Body"))
+ if (tag && !strcmp(tag, "SOAP-ENV:Body"))
{
if (soap_wsse_encrypt_end(soap))
return soap->error;
