(!1901) os: auth: protect against duplicate auth keys

Protect the Add() proto funcs from adding duplicate auth keys. If adding a duplicate is attempted, the XID of the already existing one is returned instead. Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
2025-03-10 14:46:32 +01:00 · 2025-03-10 14:46:32 +01:00 · 3aee9faba7
parent a901def824
commit 3aee9faba7
2 changed files with 15 additions and 0 deletions
--- a/os/mitauth.c
+++ b/os/mitauth.c
@ -51,6 +51,13 @@ MitAddCookie(unsigned short data_length, const char *data)
 {
    struct auth *new;

+    // check for possible duplicate and return it instead
+    for (struct auth *walk=mit_auth; walk; walk=walk->next) {
+        if ((walk->len == data_length) &&
+            (memcmp(walk->data, data, data_length) == 0))
+            return walk->id;
+    }
+
    new = malloc(sizeof(struct auth));
    if (!new)
        return 0;
--- a/os/xdmauth.c
+++ b/os/xdmauth.c
@ -354,6 +354,14 @@ XdmAddCookie(unsigned short data_length, const char *data)
    /* the first octet of the key must be zero */
    if (key_bits[0] != '\0')
        return 0;
+
+    /* check for possible duplicate and return it */
+    for (XdmAuthorizationRec *walk = xdmAuth; walk; walk=walk->next) {
+        if ((memcmp(walk->key.data, key_bits, 8)==0) &&
+            (memcmp(walk->rho.data, rho_bits, 8)==0))
+            return walk->id;
+    }
+
    new = malloc(sizeof(XdmAuthorizationRec));
    if (!new)
        return 0;