Browse code

auth_diameter: avoid passing large structs as params and better error handling

Daniel-Constantin Mierla authored on 27/07/2017 07:11:17
Showing 6 changed files
... ...
@@ -261,7 +261,7 @@ int authorize(struct sip_msg* msg, pv_elem_t* realm, int hftype)
261 261
 	}
262 262
 	
263 263
 	if( diameter_authorize(cred?h:NULL, &msg->first_line.u.request.method,
264
-					puri, msg->parsed_uri, msg->id, rb) != 1)
264
+					&puri, &msg->parsed_uri, msg->id, rb) != 1)
265 265
 	{
266 266
 		send_resp(msg, 500, &dia_500_err, NULL, 0);
267 267
 		return AUTH_ERROR;
... ...
@@ -286,8 +286,8 @@ int authorize(struct sip_msg* msg, pv_elem_t* realm, int hftype)
286 286
  * 		-1 - error
287 287
  * 			
288 288
  */
289
-int diameter_authorize(struct hdr_field* hdr, str* p_method, struct sip_uri uri,
290
-						struct sip_uri ruri, unsigned int m_id, rd_buf_t* rb)
289
+int diameter_authorize(struct hdr_field* hdr, str* p_method, sip_uri_t *uri,
290
+						sip_uri_t *ruri, unsigned int m_id, rd_buf_t* rb)
291 291
 {
292 292
 	str user_name;
293 293
 	AAAMessage *req;
... ...
@@ -314,21 +314,21 @@ int diameter_authorize(struct hdr_field* hdr, str* p_method, struct sip_uri uri,
314 314
 	{
315 315
 		/* Username AVP */
316 316
 		user_name.s = 0;
317
-		user_name.len = uri.user.len + uri.host.len;
317
+		user_name.len = uri->user.len + uri->host.len;
318 318
 		if(user_name.len>0)
319 319
 		{
320 320
 			user_name.len += 2;
321 321
 			user_name.s = (char*)ad_malloc(user_name.len*sizeof(char));
322 322
 			memset(user_name.s, 0, user_name.len);
323 323
 
324
-			memcpy(user_name.s, uri.user.s, uri.user.len);
325
-			if(uri.user.len>0)
324
+			memcpy(user_name.s, uri->user.s, uri->user.len);
325
+			if(uri->user.len>0)
326 326
 			{
327
-				memcpy(user_name.s+uri.user.len, "@", 1);
328
-				memcpy(user_name.s+uri.user.len+1, uri.host.s, uri.host.len);
327
+				memcpy(user_name.s+uri->user.len, "@", 1);
328
+				memcpy(user_name.s+uri->user.len+1, uri->host.s, uri->host.len);
329 329
 			}
330 330
 			else
331
-				memcpy(user_name.s, uri.host.s, uri.host.len);
331
+				memcpy(user_name.s, uri->host.s, uri->host.len);
332 332
 		}
333 333
 
334 334
 		if( (avp=AAACreateAVP(AVP_User_Name, 0, 0, user_name.s, 
... ...
@@ -419,8 +419,6 @@ int diameter_authorize(struct hdr_field* hdr, str* p_method, struct sip_uri uri,
419 419
 		goto error1;
420 420
 	}
421 421
 
422
-	
423
-	
424 422
 	/* SIP Service AVP */
425 423
 	if( (avp=AAACreateAVP(AVP_Service_Type, 0, 0, SIP_AUTHENTICATION, 
426 424
 				SERVICE_LEN, AVP_DUPLICATE_DATA)) == 0)
... ...
@@ -435,15 +433,15 @@ int diameter_authorize(struct hdr_field* hdr, str* p_method, struct sip_uri uri,
435 433
 	}
436 434
 		
437 435
 	/* Destination-Realm AVP */
438
-	if( (avp=AAACreateAVP(AVP_Destination_Realm, 0, 0, uri.host.s,
439
-						uri.host.len, AVP_DUPLICATE_DATA)) == 0)
436
+	if( (avp=AAACreateAVP(AVP_Destination_Realm, 0, 0, uri->host.s,
437
+						uri->host.len, AVP_DUPLICATE_DATA)) == 0)
440 438
 	{
441 439
 		LM_ERR(" no more pkg memory left!\n");
442 440
 		goto error;
443 441
 	}
444 442
 
445 443
 #ifdef DEBUG	
446
-	LM_DBG("Destination Realm: %.*s\n", uri.host.len, uri.host.s);	
444
+	LM_DBG("Destination Realm: %.*s\n", uri->host.len, uri->host.s);	
447 445
 #endif
448 446
 
449 447
 	if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS)
... ...
@@ -453,27 +451,27 @@ int diameter_authorize(struct hdr_field* hdr, str* p_method, struct sip_uri uri,
453 451
 	}
454 452
 	
455 453
 	/* Resource AVP */
456
-	user_name.len = ruri.user.len + ruri.host.len + ruri.port.len + 2;
454
+	user_name.len = ruri->user.len + ruri->host.len + ruri->port.len + 2;
457 455
 	user_name.s = (char*)ad_malloc(user_name.len*sizeof(char));
458 456
 	memset(user_name.s, 0, user_name.len);
459
-	memcpy(user_name.s, ruri.user.s, ruri.user.len);
457
+	memcpy(user_name.s, ruri->user.s, ruri->user.len);
460 458
 
461 459
 	name_flag= 0;
462
-	if(ruri.user.s)
460
+	if(ruri->user.s)
463 461
 	{		
464 462
 		name_flag = 1;
465
-		memcpy(user_name.s+ruri.user.len, "@", 1);
463
+		memcpy(user_name.s+ruri->user.len, "@", 1);
466 464
 	}	
467 465
 
468
-	memcpy(user_name.s+ruri.user.len+name_flag, ruri.host.s, ruri.host.len);
466
+	memcpy(user_name.s+ruri->user.len+name_flag, ruri->host.s, ruri->host.len);
469 467
 
470 468
 	port_flag=0;
471
-	if(ruri.port.s)
469
+	if(ruri->port.s)
472 470
 	{
473 471
 		port_flag = 1;	
474
-		memcpy(user_name.s+ruri.user.len+ruri.host.len+1, ":", 1);
475
-		memcpy(user_name.s+ruri.user.len+ruri.host.len+name_flag+port_flag, 
476
-					ruri.port.s, ruri.port.len);
472
+		memcpy(user_name.s+ruri->user.len+ruri->host.len+1, ":", 1);
473
+		memcpy(user_name.s+ruri->user.len+ruri->host.len+name_flag+port_flag, 
474
+					ruri->port.s, ruri->port.len);
477 475
 	}
478 476
 #ifdef DEBUG
479 477
 	LM_DBG(": AVP_Resource=%.*s\n", user_name.len, user_name.s);
... ...
@@ -58,7 +58,7 @@ auth_diam_result_t diam_pre_auth(struct sip_msg* m, str* realm, int hftype,
58 58
 int authorize(struct sip_msg* msg, pv_elem_t* realm, int hftype);
59 59
 
60 60
 int diameter_authorize(struct hdr_field* cred, str* p_method, 
61
-					struct sip_uri uri,	struct sip_uri ruri,
61
+					sip_uri_t *uri,	sip_uri_t *ruri,
62 62
 					unsigned int m_id, rd_buf_t *response);
63 63
 
64 64
 int srv_response(struct sip_msg* msg, rd_buf_t* rb, int hftype);
... ...
@@ -102,7 +102,7 @@ AAA_AVP*  AAACreateAVP(
102 102
 	unsigned int length,
103 103
 	AVPDataStatus data_status)
104 104
 {
105
-	AAA_AVP *avp;
105
+	AAA_AVP *avp = NULL;
106 106
 
107 107
 	/* first check the params */
108 108
 	if( data==0 || length==0) {
... ...
@@ -142,6 +142,7 @@ AAA_AVP*  AAACreateAVP(
142 142
 	return avp;
143 143
 error:
144 144
 	LM_ERR("no more pkg memory left!\n");
145
+	if(avp) ad_free(avp);
145 146
 	return 0;
146 147
 }
147 148
 
... ...
@@ -293,7 +293,9 @@ AAAMessage* AAATranslateMessage( unsigned char* source, unsigned int sourceLen,
293 293
 			goto error;
294 294
 
295 295
 		/* link the avp into aaa message to the end */
296
-		AAAAddAVPToMessage( msg, avp, msg->avpList.tail);
296
+		if(AAAAddAVPToMessage(msg, avp, msg->avpList.tail)!=AAA_ERR_SUCCESS) {
297
+			LM_ERR("failed to add avp to message\n");
298
+		}
297 299
 
298 300
 		ptr += to_32x_len( avp_data_len );
299 301
 	}
... ...
@@ -64,6 +64,7 @@ int init_mytcp(char* host, int port)
64 64
     if (server == NULL) 
65 65
 	{
66 66
 		LM_ERR("error finding the host\n");
67
+		close(sockfd);
67 68
 		return -1;
68 69
     }
69 70
 
... ...
@@ -76,8 +77,8 @@ int init_mytcp(char* host, int port)
76 77
     if (connect(sockfd, (const struct sockaddr *)&serv_addr, 
77 78
 							sizeof(serv_addr)) < 0) 
78 79
 	{
79
-        LM_ERR("error connecting to the "
80
-						"DIAMETER client\n");
80
+        LM_ERR("error connecting to the DIAMETER client\n");
81
+		close(sockfd);
81 82
 		return -1;
82 83
 	}	
83 84
 
... ...
@@ -239,7 +239,6 @@ int diameter_is_user_in(struct sip_msg* _m, char* _hf, char* _group)
239 239
 		goto error1;
240 240
 	}
241 241
 
242
-	
243 242
 	/* ServiceType AVP */
244 243
 	if( (avp=AAACreateAVP(AVP_Service_Type, 0, 0, SIP_GROUP_CHECK, 
245 244
 				SERVICE_LEN, AVP_DUPLICATE_DATA)) == 0)
... ...
@@ -252,24 +251,26 @@ int diameter_is_user_in(struct sip_msg* _m, char* _hf, char* _group)
252 251
 		LM_ERR("avp not added \n");
253 252
 		goto error1;
254 253
 	}
255
-	
256 254
 
257 255
 	/* Destination-Realm AVP */
258 256
 	uri = *(GET_RURI(_m));
259
-	parse_uri(uri.s, uri.len, &puri);
257
+	if(parse_uri(uri.s, uri.len, &puri)<0) {
258
+		LM_ERR("failed to parse uri\n");
259
+		goto error;
260
+	}
260 261
 	if( (avp=AAACreateAVP(AVP_Destination_Realm, 0, 0, puri.host.s,
261 262
 						puri.host.len, AVP_DUPLICATE_DATA)) == 0)
262 263
 	{
263 264
 		LM_ERR("no more pkg memory!\n");
264 265
 		goto error;
265 266
 	}
266
-	
267
+
267 268
 	if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS)
268 269
 	{
269 270
 		LM_ERR("avp not added \n");
270 271
 		goto error1;
271 272
 	}
272
-	
273
+
273 274
 #ifdef DEBUG
274 275
 	AAAPrintMessage(req);
275 276
 #endif
... ...
@@ -317,5 +318,4 @@ error:
317 318
 	AAAFreeMessage(&req);
318 319
 	return -1;
319 320
 
320
-}
321
-
321
+}
322 322
\ No newline at end of file