Re: [MeeGo-dev] [PATCH 1/1] Fixes: Bug 204950 - Account::verify and Account::verifyWithTokens() returns TRUE all the time irrespective of whether Account::Account::verify and Account::verifyWithTokens() returns TRUE all the time irrespective of whether Account::sign() called or not. Modifications according to review. More modifications according to review.

Alberto Mardegan Fri, 01 Apr 2011 00:40:17 -0700

On 04/01/2011 10:20 AM, Lucian Horga wrote:

+    aegis_crypto_signature_to_string (&signature,
+                                      aegis_as_base64,
+                                      token,
+&signature_string);
+    aegis_crypto_finish ();


      sgn = g_slice_new (AgSignature);
-    sgn->signature = data; //signed_data;
+    sgn->signature = g_strdup (signature_string);
+    g_free (signature_string);

signature_string has been allocated by aegis_crypto, so to free it you shouldn'tuse g_free, but some other function provided by that library.

@@ -2219,12 +2247,19 @@ ag_account_sign (AgAccount *account, const gchar *key, 
const gchar *token)
  gboolean
  ag_account_verify (AgAccount *account, const gchar *key, const gchar **token)
  {
+#ifdef HAVE_AEGISCRYPTO
      AgAccountPrivate *priv;
      AgServiceSettings *ss;
      guint service_id;
      gchar *data;
      gchar *sql;
      AgSignature sgn;
+    GString *sql_str;
+    aegis_system_mode_t made_in_mode;
+    aegis_crypto_result result_verify;
+    aegis_crypto_result result_convert;
+    struct aegis_signature_t signature;
+    char *token_name;

      g_return_val_if_fail (AG_IS_ACCOUNT (account), FALSE);

@@ -2235,7 +2270,7 @@ ag_account_verify (AgAccount *account, const gchar *key, 
const gchar **token)

      service_id = (priv->service != NULL) ? priv->service->id : 0;

-    GString *sql_str;
+
      sql_str = g_string_sized_new (512);
      _ag_string_append_printf (sql_str,
                                "SELECT signature, token FROM Signatures "
@@ -2246,16 +2281,48 @@ ag_account_verify (AgAccount *account, const gchar 
*key, const gchar **token)

[...]

+    result_convert =  aegis_crypto_string_to_signature (sgn.signature,
+&signature,
+&token_name);
+
+    if (result_convert != aegis_crypto_ok) {
+        *token = NULL;
+        aegis_crypto_finish();
+        g_free (data);
+        return FALSE;
+    }
+
+    result_verify = aegis_crypto_verify (&signature,
+                                         token_name,
+                                         data,
+                                         strlen (data),
+&made_in_mode);
+
+    if (result_verify != aegis_crypto_ok) {
+        *token = NULL;
+        aegis_crypto_finish ();
+        g_free (data);
+        return FALSE;


I just noticed now, that also here you need to free the token_name.

+    }
+
+    *token = g_strdup (token_name);
+    if (token_name)
+       free(token_name);


Again, use a function from aegis_crypto.

Ciao,
  Alberto

--
http://blog.mardy.it <-- geek in un lingua international!
_______________________________________________
MeeGo-dev mailing list
[email protected]
http://lists.meego.com/listinfo/meego-dev
http://wiki.meego.com/Mailing_list_guidelines

Reply via email to