From 6f675e4d01becbf1346fe992872c3e8d899aac8e Mon Sep 17 00:00:00 2001 From: "Enrico Weigelt, metux IT consult" Date: Mon, 10 Mar 2025 14:46:32 +0100 Subject: [PATCH] os: auth: protect against duplicate auth keys Protect the Add() proto funcs from adding duplicate auth keys. If adding a duplicate is attempted, the XID of the already existing one is returned instead. Signed-off-by: Enrico Weigelt, metux IT consult --- os/mitauth.c | 11 ++++++++++- os/xdmauth.c | 8 ++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/os/mitauth.c b/os/mitauth.c index 867e0cb02..ac519b807 100644 --- a/os/mitauth.c +++ b/os/mitauth.c @@ -49,7 +49,16 @@ static struct auth { XID MitAddCookie(unsigned short data_length, const char *data) { - struct auth *new = calloc(1, sizeof(struct auth)); + struct auth *new; + + // check for possible duplicate and return it instead + for (struct auth *walk=mit_auth; walk; walk=walk->next) { + if ((walk->len == data_length) && + (memcmp(walk->data, data, data_length) == 0)) + return walk->id; + } + + new = calloc(1, sizeof(struct auth)); if (!new) return 0; new->data = calloc(1, (unsigned) data_length); diff --git a/os/xdmauth.c b/os/xdmauth.c index f96740673..2047b7173 100644 --- a/os/xdmauth.c +++ b/os/xdmauth.c @@ -353,6 +353,14 @@ XdmAddCookie(unsigned short data_length, const char *data) /* the first octet of the key must be zero */ if (key_bits[0] != '\0') return 0; + + /* check for possible duplicate and return it */ + for (XdmAuthorizationRec *walk = xdmAuth; walk; walk=walk->next) { + if ((memcmp(walk->key.data, key_bits, 8)==0) && + (memcmp(walk->rho.data, rho_bits, 8)==0)) + return walk->id; + } + XdmAuthorizationPtr new = calloc(1, sizeof(XdmAuthorizationRec)); if (!new) return 0;