LupusNobilis/sogo
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Merge pull request #143 from Zentyal/jgarcia/crash-session

Browse source 
Safe decoding of secured value
This commit is contained in:
Enrique J. Hernández 2015-06-01 17:01:07 +02:00
parent afed233131 76f80c507c
commit cab5846e37
1 changed files with 21 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

41
SoObjects/SOGo/SOGoSession.m
View file

@ -157,7 +157,7 @@
// that much about this for now. // that much about this for now.
// //
+ (NSString *) securedValue: (NSString *) theValue + (NSString *) securedValue: (NSString *) theValue
usingKey: (NSString *) theKey usingKey: (NSString *) theKey
{ {
NSData *data; NSData *data;
NSString *s; NSString *s;
@ -171,13 +171,12 @@
klen = [data length]; klen = [data length];
// Get the key - padding it with 0 with key length // Get the key - padding it with 0 with key length
pass = (char *)malloc(klen); pass = (char *) calloc(klen, sizeof(char));
memset(pass, 0, klen);
[theValue getCString: pass maxLength: klen encoding: NSUTF8StringEncoding]; [theValue getCString: pass maxLength: klen encoding: NSUTF8StringEncoding];
// Target buffer // Target buffer
buf = (char *)malloc(klen); buf = (char *)malloc(klen);
for (i = 0; i < klen; i++) for (i = 0; i < klen; i++)
{ {
buf[i] = key[i] ^ pass[i]; buf[i] = key[i] ^ pass[i];
@ -186,36 +185,38 @@
free(pass); free(pass);
data = [NSData dataWithBytesNoCopy: buf length: klen freeWhenDone: YES]; data = [NSData dataWithBytesNoCopy: buf length: klen freeWhenDone: YES];
s = [[NSString alloc] initWithData: [data dataByEncodingBase64WithLineLength: 1024] s = [[NSString alloc] initWithData: [data dataByEncodingBase64WithLineLength: 1024]
encoding: NSASCIIStringEncoding]; encoding: NSASCIIStringEncoding];
return [s autorelease]; return [s autorelease];
} }
+ (NSString *) valueFromSecuredValue: (NSString *) theValue + (NSString *) valueFromSecuredValue: (NSString *) theValue
usingKey: (NSString *) theKey usingKey: (NSString *) theKey
{ {
NSData *data; NSData *dataKey, *dataValue;
NSString *s; NSString *s;
char *buf, *key, *pass; char *buf, *key, *value;
int i, klen; size_t i, klen, vlen;
// Get the key length and its bytes // Get the key length and its bytes
data = [theKey dataByDecodingBase64]; dataKey = [theKey dataByDecodingBase64];
key = (char *)[data bytes]; key = (char *)[dataKey bytes];
klen = [data length]; klen = [dataKey length];
// Get the secured value length and its bytes
dataValue = [theValue dataByDecodingBase64];
value = (char *)[dataValue bytes];
vlen = [dataValue length];
// Get the secured password
pass = (char *)[[theValue dataByDecodingBase64] bytes];
// Target buffer // Target buffer
buf = (char *)malloc(klen); buf = (char *) calloc(klen, sizeof(char));
for (i = 0; i < klen; i++) for (i = 0; i < klen && i < vlen; i++)
{ {
buf[i] = key[i] ^ pass[i]; buf[i] = key[i] ^ value[i];
} }
// buf is now our C string in UTF8 // buf is now our C string in UTF8