Amebis/GEANTLink
Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

ID 3. C style pointer casting from security audit fixed

Browse Source
This commit is contained in:
Simon Rozman 2016-10-03 11:40:30 +02:00
parent 28408fcea7
commit 559ffc5ead
20 changed files with 178 additions and 178 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
EventMonitor/ETWLog.cpp
View File

@ -77,7 +77,7 @@ wxEventTraceProcessorThread::wxEventTraceProcessorThread(wxEvtHandler *parent, c
for (size_t i = 0, i_end = sessions.GetCount(); i < i_end; i++) {
// Open trace.
tlf.LoggerName = (LPTSTR)(LPCTSTR)(sessions[i]);
tlf.LoggerName = const_cast<LPTSTR>((LPCTSTR)(sessions[i]));
event_trace trace;
if (!trace.create(&tlf)) {
wxLogError(_("Error opening event trace (error %u)."), GetLastError());
@ -207,7 +207,7 @@ wxETWListCtrl::wxETWListCtrl(wxWindow *parent, wxWindowID id, const wxPoint& pos
ulSizeName = (ULONG)((name .length() + 1)*sizeof(TCHAR)),
//ulSizeLogFile = (ULONG)((log_file.length() + 1)*sizeof(TCHAR)),
ulSize = sizeof(EVENT_TRACE_PROPERTIES) + ulSizeName /*+ ulSizeLogFile*/;
unique_ptr<EVENT_TRACE_PROPERTIES> properties((EVENT_TRACE_PROPERTIES*)new char[ulSize]);
unique_ptr<EVENT_TRACE_PROPERTIES> properties(reinterpret_cast<EVENT_TRACE_PROPERTIES*>(new char[ulSize]));
wxASSERT_MSG(properties, wxT("error allocating session properties memory"));
// Initialize properties.
@ -220,7 +220,7 @@ wxETWListCtrl::wxETWListCtrl(wxWindow *parent, wxWindowID id, const wxPoint& pos
properties->MaximumFileSize = 1; // 1 MB
properties->LoggerNameOffset = sizeof(EVENT_TRACE_PROPERTIES);
//properties->LogFileNameOffset = sizeof(EVENT_TRACE_PROPERTIES) + ulSizeName;
//memcpy((LPTSTR)((char*)properties.get() + properties->LogFileNameOffset), log_file.c_str(), ulSizeLogFile);
//memcpy(reinterpret_cast<char*>(properties.get()) + properties->LogFileNameOffset, log_file.c_str(), ulSizeLogFile);
if ((ulResult = m_session.create(name.c_str(), properties.get())) == ERROR_SUCCESS) {
break;
@ -605,7 +605,7 @@ wxString wxETWListCtrl::OnGetItemText(const event_rec &rec, long column) const
if (info->DecodingSource != DecodingSourceWPP) {
if (rec.EventHeader.Flags & EVENT_HEADER_FLAG_STRING_ONLY) {
// This is a string-only event. Print it.
return (LPCWSTR)rec.UserData;
return reinterpret_cast<LPCWSTR>(rec.UserData);
} else {
// This is not a string-only event. Prepare parameters.
@ -621,12 +621,12 @@ wxString wxETWListCtrl::OnGetItemText(const event_rec &rec, long column) const
if (info->EventMessageOffset) {
// Format the message.
return wstring_msg(0, (LPCTSTR)((LPCBYTE)info.get() + info->EventMessageOffset), props_msg.data()).c_str();
return wstring_msg(0, reinterpret_cast<LPCTSTR>(reinterpret_cast<LPCBYTE>(info.get()) + info->EventMessageOffset), props_msg.data()).c_str();
}
}
} else if (info->EventMessageOffset) {
// This is a WPP event.
return (LPCWSTR)((LPCBYTE)info.get() + info->EventMessageOffset);
return reinterpret_cast<LPCWSTR>(reinterpret_cast<LPCBYTE>(info.get()) + info->EventMessageOffset);
}
}
}
@ -816,21 +816,21 @@ static tstring DataToString(_In_ USHORT InType, _In_ USHORT OutType, _In_count_(
case TDH_INTYPE_ANSICHAR: {
// Convert strings from ANSI code page, all others (JSON, XML etc.) from UTF-8
wstring str;
MultiByteToWideChar(OutType == TDH_OUTTYPE_STRING ? CP_ACP : CP_UTF8, 0, (LPCSTR)pData, (int)nDataSize, str);
MultiByteToWideChar(OutType == TDH_OUTTYPE_STRING ? CP_ACP : CP_UTF8, 0, reinterpret_cast<LPCSTR>(pData), (int)nDataSize, str);
return tstring_printf(_T("%ls"), str.c_str());
}
case TDH_INTYPE_COUNTEDSTRING:
return DataToString(TDH_INTYPE_NONNULLTERMINATEDSTRING, OutType, (LPCBYTE)((PUSHORT)pData + 1), *(PUSHORT)pData, pMapInfo, nPtrSize);
return DataToString(TDH_INTYPE_NONNULLTERMINATEDSTRING, OutType, reinterpret_cast<LPCBYTE>((PUSHORT)pData + 1), *(PUSHORT)pData, pMapInfo, nPtrSize);
case TDH_INTYPE_COUNTEDANSISTRING:
return DataToString(TDH_INTYPE_NONNULLTERMINATEDANSISTRING, OutType, (LPCBYTE)((PUSHORT)pData + 1), *(PUSHORT)pData, pMapInfo, nPtrSize);
return DataToString(TDH_INTYPE_NONNULLTERMINATEDANSISTRING, OutType, reinterpret_cast<LPCBYTE>((PUSHORT)pData + 1), *(PUSHORT)pData, pMapInfo, nPtrSize);
case TDH_INTYPE_REVERSEDCOUNTEDSTRING:
return DataToString(TDH_INTYPE_NONNULLTERMINATEDSTRING, OutType, (LPCBYTE)((PUSHORT)pData + 1), MAKEWORD(HIBYTE(*(PUSHORT)pData), LOBYTE(*(PUSHORT)pData)), pMapInfo, nPtrSize);
return DataToString(TDH_INTYPE_NONNULLTERMINATEDSTRING, OutType, reinterpret_cast<LPCBYTE>((PUSHORT)pData + 1), MAKEWORD(HIBYTE(*(PUSHORT)pData), LOBYTE(*(PUSHORT)pData)), pMapInfo, nPtrSize);
case TDH_INTYPE_REVERSEDCOUNTEDANSISTRING:
return DataToString(TDH_INTYPE_NONNULLTERMINATEDANSISTRING, OutType, (LPCBYTE)((PUSHORT)pData + 1), MAKEWORD(HIBYTE(*(PUSHORT)pData), LOBYTE(*(PUSHORT)pData)), pMapInfo, nPtrSize);
return DataToString(TDH_INTYPE_NONNULLTERMINATEDANSISTRING, OutType, reinterpret_cast<LPCBYTE>((PUSHORT)pData + 1), MAKEWORD(HIBYTE(*(PUSHORT)pData), LOBYTE(*(PUSHORT)pData)), pMapInfo, nPtrSize);
case TDH_INTYPE_INT8:
assert(nDataSize >= sizeof(CHAR));
@ -966,7 +966,7 @@ static tstring DataToString(_In_ USHORT InType, _In_ USHORT OutType, _In_count_(
SYSTEMTIME st, st_local;
FileTimeToSystemTime((PFILETIME)pData, &st);
SystemTimeToTzSpecificLocalTime(NULL, &st, &st_local);
return DataToString(TDH_INTYPE_SYSTEMTIME, OutType, (LPCBYTE)&st_local, sizeof(st_local), pMapInfo, nPtrSize);
return DataToString(TDH_INTYPE_SYSTEMTIME, OutType, reinterpret_cast<LPCBYTE>(&st_local), sizeof(st_local), pMapInfo, nPtrSize);
}
case TDH_INTYPE_SYSTEMTIME:
@ -1019,7 +1019,7 @@ static ULONG GetArraySize(PEVENT_RECORD pEvent, PTRACE_EVENT_INFO pInfo, ULONG i
ULONG ulResult;
// Get array count property.
PROPERTY_DATA_DESCRIPTOR data_desc = { (ULONGLONG)((LPBYTE)pInfo + pInfo->EventPropertyInfoArray[pInfo->EventPropertyInfoArray[i].countPropertyIndex].NameOffset), ULONG_MAX };
PROPERTY_DATA_DESCRIPTOR data_desc = { (ULONGLONG)(reinterpret_cast<LPBYTE>(pInfo) + pInfo->EventPropertyInfoArray[pInfo->EventPropertyInfoArray[i].countPropertyIndex].NameOffset), ULONG_MAX };
vector<unsigned char> count;
if ((ulResult = TdhGetProperty(pEvent, 0, NULL, 1, &data_desc, count)) != ERROR_SUCCESS)
return ulResult;
@ -1059,8 +1059,8 @@ static tstring PropertyToString(PEVENT_RECORD pEvent, PTRACE_EVENT_INFO pInfo, U
if (out_nonfirst) out += _T(", "); else out_nonfirst = true;
out += _T('(');
for (USHORT j = pInfo->EventPropertyInfoArray[ulPropIndex].structType.StructStartIndex, usLastMember = pInfo->EventPropertyInfoArray[ulPropIndex].structType.StructStartIndex + pInfo->EventPropertyInfoArray[ulPropIndex].structType.NumOfStructMembers; j < usLastMember; j++) {
out += tstring_printf(_T("%ls: "), (LPBYTE)pInfo + pInfo->EventPropertyInfoArray[j].NameOffset);
out += PropertyToString(pEvent, pInfo, j, (LPWSTR)((LPBYTE)(pInfo) + pInfo->EventPropertyInfoArray[ulPropIndex].NameOffset), k, nPtrSize);
out += tstring_printf(_T("%ls: "), reinterpret_cast<LPBYTE>(pInfo) + pInfo->EventPropertyInfoArray[j].NameOffset);
out += PropertyToString(pEvent, pInfo, j, reinterpret_cast<LPWSTR>(reinterpret_cast<LPBYTE>(pInfo) + pInfo->EventPropertyInfoArray[ulPropIndex].NameOffset), k, nPtrSize);
}
out += _T(')');
} else {
@ -1078,12 +1078,12 @@ static tstring PropertyToString(PEVENT_RECORD pEvent, PTRACE_EVENT_INFO pInfo, U
// The first descriptor in the array identifies the name of the structure and the second
// descriptor defines the member of the structure whose data you want to retrieve.
PROPERTY_DATA_DESCRIPTOR data_desc[2] = {
{ (ULONGLONG)pStructureName , ulStructIndex },
{ (ULONGLONG)((LPBYTE)pInfo + pInfo->EventPropertyInfoArray[ulPropIndex].NameOffset), k }
{ (ULONGLONG)pStructureName , ulStructIndex },
{ (ULONGLONG)(reinterpret_cast<LPBYTE>(pInfo) + pInfo->EventPropertyInfoArray[ulPropIndex].NameOffset), k }
};
ulResult = TdhGetProperty(pEvent, 0, NULL, _countof(data_desc), data_desc, data);
} else {
PROPERTY_DATA_DESCRIPTOR data_desc = { (ULONGLONG)((LPBYTE)pInfo + pInfo->EventPropertyInfoArray[ulPropIndex].NameOffset), k };
PROPERTY_DATA_DESCRIPTOR data_desc = { (ULONGLONG)(reinterpret_cast<LPBYTE>(pInfo) + pInfo->EventPropertyInfoArray[ulPropIndex].NameOffset), k };
ulResult = TdhGetProperty(pEvent, 0, NULL, 1, &data_desc, data);
}
if (ulResult == ERROR_EVT_INVALID_EVENT_DATA) {
@ -1094,7 +1094,7 @@ static tstring PropertyToString(PEVENT_RECORD pEvent, PTRACE_EVENT_INFO pInfo, U
// Get the name/value mapping if the property specifies a value map.
unique_ptr<EVENT_MAP_INFO> map_info;
ulResult = TdhGetEventMapInformation(pEvent, (LPWSTR)((LPBYTE)pInfo + pInfo->EventPropertyInfoArray[ulPropIndex].nonStructType.MapNameOffset), map_info);
ulResult = TdhGetEventMapInformation(pEvent, reinterpret_cast<LPWSTR>(reinterpret_cast<LPBYTE>(pInfo) + pInfo->EventPropertyInfoArray[ulPropIndex].nonStructType.MapNameOffset), map_info);
if (ulResult == ERROR_NOT_FOUND) {
// name/value mapping not found. Not an error actually.
assert(!map_info);
@ -1105,7 +1105,7 @@ static tstring PropertyToString(PEVENT_RECORD pEvent, PTRACE_EVENT_INFO pInfo, U
// in the EVENT_MAP_ENTRY structure. Replace the trailing space with a null-
// terminating character, so that the bit mapped strings are correctly formatted.
for (ULONG i = 0; i < map_info->EntryCount; i++) {
LPWSTR str = (LPWSTR)((PBYTE)map_info.get() + map_info->MapEntryArray[i].OutputOffset);
LPWSTR str = reinterpret_cast<LPWSTR>((PBYTE)map_info.get() + map_info->MapEntryArray[i].OutputOffset);
SIZE_T len = wcslen(str);
if (len) str[len - 1] = 0;
}

4
lib/EAPBase/include/EAP.h
View File

@ -772,7 +772,7 @@ inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const unsigned int
{
eap::cursor_out::ptr_type ptr_end = cursor.ptr + sizeof(unsigned int);
assert(ptr_end <= cursor.ptr_end);
*(unsigned int*)cursor.ptr = val;
*reinterpret_cast<unsigned int*>(cursor.ptr) = val;
cursor.ptr = ptr_end;
}
@ -788,7 +788,7 @@ inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ unsigned int &val)
{
eap::cursor_in::ptr_type ptr_end = cursor.ptr + sizeof(unsigned int);
assert(ptr_end <= cursor.ptr_end);
val = *(unsigned int*)cursor.ptr;
val = *reinterpret_cast<const unsigned int*>(cursor.ptr);
cursor.ptr = ptr_end;
}

6
lib/EAPBase/include/Module.h
View File

@ -330,12 +330,12 @@ namespace eap
// Import the 256-bit AES session key.
winstd::crypt_key key_aes;
if (!CryptImportKey(hProv, (LPCBYTE)data, 268, key_rsa, 0, &key_aes))
if (!CryptImportKey(hProv, reinterpret_cast<LPCBYTE>(data), 268, key_rsa, 0, &key_aes))
throw win_runtime_error(__FUNCTION__ " CryptImportKey failed.");
// Decrypt the data using AES session key.
std::vector<unsigned char, winstd::sanitizing_allocator<unsigned char> > buf;
buf.assign((const unsigned char*)data + 268, (const unsigned char*)data + size);
buf.assign(reinterpret_cast<const unsigned char*>(data) + 268, reinterpret_cast<const unsigned char*>(data) + size);
if (!CryptDecrypt(key_aes, hHash, TRUE, 0, buf))
throw win_runtime_error(__FUNCTION__ " CryptDecrypt failed.");
@ -412,7 +412,7 @@ namespace eap
std::vector<unsigned char> hash_bin;
if (!CryptGetHashParam(hash, HP_HASHVAL, hash_bin, 0))
throw win_runtime_error(__FUNCTION__ " Calculating MD5 hash failed.");
if (memcmp((unsigned char*)data + enc_size, hash_bin.data(), dwHashSize) != 0)
if (memcmp(reinterpret_cast<const unsigned char*>(data) + enc_size, hash_bin.data(), dwHashSize) != 0)
throw invalid_argument(__FUNCTION__ " Invalid encrypted data.");
return dec;

12
lib/EAPBase/src/Config.cpp
View File

@ -242,9 +242,9 @@ eap::config_method_with_cred::config_method_with_cred(_In_ module &mod, _In_ uns
eap::config_method_with_cred::config_method_with_cred(_In_ const config_method_with_cred &other) :
m_use_cred (other.m_use_cred ),
m_cred (other.m_cred ? (credentials*)other.m_cred->clone() : nullptr),
config_method(other )
m_use_cred (other.m_use_cred ),
m_cred (other.m_cred ? dynamic_cast<credentials*>(other.m_cred->clone()) : nullptr),
config_method(other )
{
}
@ -262,7 +262,7 @@ eap::config_method_with_cred& eap::config_method_with_cred::operator=(_In_ const
if (this != &other) {
(config_method&)*this = other;
m_use_cred = other.m_use_cred;
m_cred.reset(other.m_cred ? (credentials*)other.m_cred->clone() : nullptr);
m_cred.reset(other.m_cred ? dynamic_cast<credentials*>(other.m_cred->clone()) : nullptr);
}
return *this;
@ -376,7 +376,7 @@ eap::config_provider::config_provider(_In_ const config_provider &other) :
{
m_methods.reserve(other.m_methods.size());
for (vector<unique_ptr<config_method> >::const_iterator method = other.m_methods.cbegin(), method_end = other.m_methods.cend(); method != method_end; ++method)
m_methods.push_back(std::move(unique_ptr<config_method>(*method ? (config_method*)method->get()->clone() : nullptr)));
m_methods.push_back(std::move(unique_ptr<config_method>(*method ? dynamic_cast<config_method*>(method->get()->clone()) : nullptr)));
}
@ -415,7 +415,7 @@ eap::config_provider& eap::config_provider::operator=(_In_ const config_provider
m_methods.clear();
m_methods.reserve(other.m_methods.size());
for (vector<unique_ptr<config_method> >::const_iterator method = other.m_methods.cbegin(), method_end = other.m_methods.cend(); method != method_end; ++method)
m_methods.push_back(std::move(unique_ptr<config_method>(*method ? (config_method*)method->get()->clone() : nullptr)));
m_methods.push_back(std::move(unique_ptr<config_method>(*method ? dynamic_cast<config_method*>(method->get()->clone()) : nullptr)));
}
return *this;

50
lib/EAPBase/src/Credentials.cpp
View File

@ -363,8 +363,8 @@ void eap::credentials_pass::store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned in
WideCharToMultiByte(CP_UTF8, 0, m_password.c_str(), (int)m_password.length(), cred_utf8, NULL, NULL);
// Encrypt the password using user's key.
DATA_BLOB cred_blob = { (DWORD)cred_utf8.size() , (LPBYTE)cred_utf8.data() };
DATA_BLOB entropy_blob = { sizeof(s_entropy), (LPBYTE)s_entropy };
DATA_BLOB cred_blob = { (DWORD)cred_utf8.size() , const_cast<LPBYTE>(reinterpret_cast<LPCBYTE>(cred_utf8.data())) };
DATA_BLOB entropy_blob = { sizeof(s_entropy), const_cast<LPBYTE>( s_entropy ) };
data_blob cred_enc;
if (!CryptProtectData(&cred_blob, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN, &cred_enc))
throw win_runtime_error(__FUNCTION__ " CryptProtectData failed.");
@ -375,18 +375,18 @@ void eap::credentials_pass::store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned in
assert(cred_enc.cbData < CRED_MAX_CREDENTIAL_BLOB_SIZE);
assert(m_identity.length() < CRED_MAX_USERNAME_LENGTH );
CREDENTIAL cred = {
0, // Flags
CRED_TYPE_GENERIC, // Type
(LPTSTR)target.c_str(), // TargetName
_T(""), // Comment
{ 0, 0 }, // LastWritten
cred_enc.cbData, // CredentialBlobSize
cred_enc.pbData, // CredentialBlob
CRED_PERSIST_ENTERPRISE, // Persist
0, // AttributeCount
NULL, // Attributes
NULL, // TargetAlias
(LPTSTR)m_identity.c_str() // UserName
0, // Flags
CRED_TYPE_GENERIC, // Type
const_cast<LPTSTR>(target.c_str()), // TargetName
_T(""), // Comment
{ 0, 0 }, // LastWritten
cred_enc.cbData, // CredentialBlobSize
cred_enc.pbData, // CredentialBlob
CRED_PERSIST_ENTERPRISE, // Persist
0, // AttributeCount
NULL, // Attributes
NULL, // TargetAlias
const_cast<LPTSTR>(m_identity.c_str()) // UserName
};
if (!CredWrite(&cred, 0))
throw win_runtime_error(__FUNCTION__ " CredWrite failed.");
@ -403,14 +403,14 @@ void eap::credentials_pass::retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned
throw win_runtime_error(__FUNCTION__ " CredRead failed.");
// Decrypt the password using user's key.
DATA_BLOB cred_enc = { cred->CredentialBlobSize, cred->CredentialBlob };
DATA_BLOB entropy_blob = { sizeof(s_entropy) , (LPBYTE)s_entropy };
DATA_BLOB cred_enc = { cred->CredentialBlobSize, cred->CredentialBlob };
DATA_BLOB entropy_blob = { sizeof(s_entropy) , const_cast<LPBYTE>(s_entropy) };
data_blob cred_int;
if (!CryptUnprotectData(&cred_enc, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN | CRYPTPROTECT_VERIFY_PROTECTION, &cred_int))
throw win_runtime_error(__FUNCTION__ " CryptUnprotectData failed.");
// Convert password from UTF-8.
MultiByteToWideChar(CP_UTF8, 0, (LPCSTR)cred_int.pbData, (int)cred_int.cbData, m_password);
MultiByteToWideChar(CP_UTF8, 0, reinterpret_cast<LPCSTR>(cred_int.pbData), (int)cred_int.cbData, m_password);
SecureZeroMemory(cred_int.pbData, cred_int.cbData);
if (cred->UserName)
@ -443,14 +443,14 @@ eap::credentials::source_t eap::credentials_pass::combine(
{
if (cred_cached) {
// Using EAP service cached credentials.
*this = *(credentials_pass*)cred_cached;
*this = *dynamic_cast<const credentials_pass*>(cred_cached);
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED1, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_pass::get_name()), event_data::blank);
return source_cache;
}
if (cfg.m_use_cred) {
// Using configured credentials.
*this = *(credentials_pass*)cfg.m_cred.get();
*this = *dynamic_cast<const credentials_pass*>(cfg.m_cred.get());
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CONFIG1, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_pass::get_name()), event_data::blank);
return source_config;
}
@ -553,11 +553,11 @@ eap::credentials_connection::credentials_connection(_In_ module &mod, _In_ const
eap::credentials_connection::credentials_connection(_In_ const credentials_connection &other) :
m_cfg (other.m_cfg ),
m_namespace(other.m_namespace),
m_id (other.m_id ),
m_cred (other.m_cred ? (credentials*)other.m_cred->clone() : nullptr),
config (other )
m_cfg (other.m_cfg ),
m_namespace(other.m_namespace ),
m_id (other.m_id ),
m_cred (other.m_cred ? dynamic_cast<credentials*>(other.m_cred->clone()) : nullptr),
config (other )
{
}
@ -578,7 +578,7 @@ eap::credentials_connection& eap::credentials_connection::operator=(_In_ const c
(config&)*this = other;
m_namespace = other.m_namespace;
m_id = other.m_id;
m_cred.reset(other.m_cred ? (credentials*)other.m_cred->clone() : nullptr);
m_cred.reset(other.m_cred ? dynamic_cast<credentials*>(other.m_cred->clone()) : nullptr);
}
return *this;

14
lib/EAPBase/src/Method.cpp
View File

@ -169,13 +169,13 @@ void eap::method_noneap::append_avp(_In_ unsigned int code, _In_ unsigned char f
// Diameter AVP header
diameter_avp_header hdr;
*(unsigned int*)hdr.code = htonl(code);
*reinterpret_cast<unsigned int*>(hdr.code) = htonl(code);
hdr.flags = flags;
hton24(size_outer, hdr.length);
m_packet_res.insert(m_packet_res.end(), (unsigned char*)&hdr, (unsigned char*)(&hdr + 1));
m_packet_res.insert(m_packet_res.end(), reinterpret_cast<const unsigned char*>(&hdr), reinterpret_cast<const unsigned char*>(&hdr + 1));
// Data
m_packet_res.insert(m_packet_res.end(), (unsigned char*)data, (unsigned char*)data + size);
m_packet_res.insert(m_packet_res.end(), reinterpret_cast<const unsigned char*>(data), reinterpret_cast<const unsigned char*>(data) + size);
m_packet_res.insert(m_packet_res.end(), padding, 0);
}
@ -195,13 +195,13 @@ void eap::method_noneap::append_avp(_In_ unsigned int code, _In_ unsigned int ve
// Diameter AVP header
diameter_avp_header_ven hdr;
*(unsigned int*)hdr.code = htonl(code);
*reinterpret_cast<unsigned int*>(hdr.code) = htonl(code);
hdr.flags = flags | diameter_avp_flag_vendor;
hton24(size_outer, hdr.length);
*(unsigned int*)hdr.vendor = htonl(vendor_id);
m_packet_res.insert(m_packet_res.end(), (unsigned char*)&hdr, (unsigned char*)(&hdr + 1));
*reinterpret_cast<unsigned int*>(hdr.vendor) = htonl(vendor_id);
m_packet_res.insert(m_packet_res.end(), reinterpret_cast<const unsigned char*>(&hdr), reinterpret_cast<const unsigned char*>(&hdr + 1));
// Data
m_packet_res.insert(m_packet_res.end(), (unsigned char*)data, (unsigned char*)data + size);
m_packet_res.insert(m_packet_res.end(), reinterpret_cast<const unsigned char*>(data), reinterpret_cast<const unsigned char*>(data) + size);
m_packet_res.insert(m_packet_res.end(), padding, 0);
}

6
lib/EAPBase/src/Module.cpp
View File

@ -69,13 +69,13 @@ EAP_ERROR* eap::module::make_error(_In_ DWORD dwErrorCode, _In_opt_z_ LPCWSTR ps
pError->repairGuid = pRepairGuid != NULL ? *pRepairGuid : GUID_NULL;
pError->helpLinkGuid = pHelpLinkGuid != NULL ? *pHelpLinkGuid : GUID_NULL;
if (nRootCauseSize) {
pError->pRootCauseString = (LPWSTR)p;
pError->pRootCauseString = const_cast<LPWSTR>(reinterpret_cast<LPCWSTR>(p));
memcpy(pError->pRootCauseString, pszRootCauseString, nRootCauseSize);
p += nRootCauseSize;
} else
pError->pRootCauseString = NULL;
if (nRepairStringSize) {
pError->pRepairString = (LPWSTR)p;
pError->pRepairString = const_cast<LPWSTR>(reinterpret_cast<LPCWSTR>(p));
memcpy(pError->pRepairString, pszRepairString, nRepairStringSize);
p += nRepairStringSize;
} else
@ -201,7 +201,7 @@ std::vector<unsigned char> eap::module::encrypt(_In_ HCRYPTPROV hProv, _In_bytec
std::vector<unsigned char> enc(buf.begin(), buf.end());
// Pre-allocate memory to allow space, as encryption will grow the data.
buf.assign((const unsigned char*)data, (const unsigned char*)data + size);
buf.assign(reinterpret_cast<const unsigned char*>(data), reinterpret_cast<const unsigned char*>(data) + size);
DWORD dwBlockLen;
if (!CryptGetKeyParam(key_aes, KP_BLOCKLEN, dwBlockLen, 0)) dwBlockLen = 0;
buf.reserve((size + dwBlockLen) / dwBlockLen * dwBlockLen);

6
lib/EAPBase_UI/include/EAP_UI.h
View File

@ -248,7 +248,7 @@ protected:
int idx = m_providers->GetSelection();
if (idx != wxNOT_FOUND) {
eap::config_provider &cfg_provider = ((_wxT*)m_providers->GetPage(idx))->GetProvider();
eap::config_provider &cfg_provider = dynamic_cast<_wxT*>(m_providers->GetPage(idx))->GetProvider();
m_prov_remove->Enable(true);
m_prov_advanced->Enable(!cfg_provider.m_read_only);
} else {
@ -295,7 +295,7 @@ protected:
wxEAPConfigDialogBase::OnProvRemove(event);
int idx = m_providers->GetSelection();
eap::config_provider &cfg_provider = ((_wxT*)m_providers->GetPage(idx))->GetProvider();
eap::config_provider &cfg_provider = dynamic_cast<_wxT*>(m_providers->GetPage(idx))->GetProvider();
if (wxMessageBox(tstring_printf(_("Are you sure you want to permanently remove %ls provider from configuration?"), wxEAPGetProviderName(cfg_provider.m_name).c_str()), _("Warning"), wxYES_NO, this) == wxYES) {
// Delete provider.
@ -317,7 +317,7 @@ protected:
wxEAPConfigDialogBase::OnProvAdvanced(event);
int idx = m_providers->GetSelection();
eap::config_provider &cfg_provider = ((_wxT*)m_providers->GetPage(idx))->GetProvider();
eap::config_provider &cfg_provider = dynamic_cast<_wxT*>(m_providers->GetPage(idx))->GetProvider();
wxEAPConfigProvider dlg(cfg_provider, this);
if (dlg.ShowModal() == wxID_OK)

28
lib/EAPBase_UI/src/EAP_UI.cpp
View File

@ -455,7 +455,7 @@ eap::monitor_ui::monitor_ui(_In_ HINSTANCE module, _In_ const GUID &guid) :
if (!wnd_class)
throw win_runtime_error(__FUNCTION__ " Error registering master monitor window class.");
tstring_guid guid_str(guid);
HWND hwnd_master = FindWindowEx(HWND_MESSAGE, NULL, (LPCTSTR)wnd_class, guid_str.c_str());
HWND hwnd_master = FindWindowEx(HWND_MESSAGE, NULL, reinterpret_cast<LPCTSTR>(wnd_class), guid_str.c_str());
if (hwnd_master) {
// Another monitor is already running.
m_is_master = false;
@ -484,18 +484,18 @@ eap::monitor_ui::monitor_ui(_In_ HINSTANCE module, _In_ const GUID &guid) :
}
m_hwnd = CreateWindowEx(
0, // dwExStyle
(LPCTSTR)wnd_class, // lpClassName
guid_str.c_str(), // lpWindowName
0, // dwStyle
0, // x
0, // y
0, // nWidth
0, // nHeight
HWND_MESSAGE, // hWndParent
NULL, // hMenu
module, // hInstance
this); // lpParam
0, // dwExStyle
reinterpret_cast<LPCTSTR>(wnd_class), // lpClassName
guid_str.c_str(), // lpWindowName
0, // dwStyle
0, // x
0, // y
0, // nWidth
0, // nHeight
HWND_MESSAGE, // hWndParent
NULL, // hMenu
module, // hInstance
this); // lpParam
if (!m_is_master) {
// Notify master we are waiting him.
@ -575,7 +575,7 @@ LRESULT eap::monitor_ui::winproc(
} else if (msg == s_msg_finish) {
// Master finished.
assert(!m_is_master);
m_data.assign((const unsigned char*)lparam, (const unsigned char*)lparam + wparam);
m_data.assign(reinterpret_cast<const unsigned char*>(lparam), reinterpret_cast<const unsigned char*>(lparam) + wparam);
// Finish slave too.
DestroyWindow(m_hwnd);

8
lib/MSCHAPv2/src/MSCHAPv2.cpp
View File

@ -45,7 +45,7 @@ crypt_key eap::create_des_key(_In_ HCRYPTPROV cp, _In_count_(size) const unsigne
};
sanitizing_blob key_blob;
key_blob.reserve(sizeof(key_blob_prefix) + 8);
key_blob.assign((const unsigned char*)&s_prefix, (const unsigned char*)(&s_prefix + 1));
key_blob.assign(reinterpret_cast<const unsigned char*>(&s_prefix), reinterpret_cast<const unsigned char*>(&s_prefix + 1));
// Inject parity bits.
unsigned char out = 0, parity = 1;
@ -215,7 +215,7 @@ eap::nt_response::nt_response(
static const DWORD mode_ecb = CRYPT_MODE_ECB;
// DesEncrypt(Challenge, 1st 7-octets of ZPasswordHash, giving 1st 8-octets of Response)
key = create_des_key(cp, (const unsigned char*)&hash_pwd, 7);
key = create_des_key(cp, reinterpret_cast<const unsigned char*>(&hash_pwd), 7);
if (!CryptSetKeyParam(key, KP_MODE, (const BYTE*)&mode_ecb, 0))
throw win_runtime_error(__FUNCTION__ " Error setting ECB mode.");
memcpy(data, &challenge, 8);
@ -224,7 +224,7 @@ eap::nt_response::nt_response(
throw win_runtime_error(__FUNCTION__ " Error encrypting message 1/3.");
// DesEncrypt(Challenge, 2nd 7-octets of ZPasswordHash, giving 2nd 8-octets of Response)
key = create_des_key(cp, (const unsigned char*)&hash_pwd + 7, 7);
key = create_des_key(cp, reinterpret_cast<const unsigned char*>(&hash_pwd) + 7, 7);
if (!CryptSetKeyParam(key, KP_MODE, (const BYTE*)&mode_ecb, 0))
throw win_runtime_error(__FUNCTION__ " Error setting ECB mode.");
memcpy(data + 8, &challenge, 8);
@ -233,7 +233,7 @@ eap::nt_response::nt_response(
throw win_runtime_error(__FUNCTION__ " Error encrypting message 2/3.");
// DesEncrypt(Challenge, 2nd 7-octets of ZPasswordHash, giving 2nd 8-octets of Response)
key = create_des_key(cp, (const unsigned char*)&hash_pwd + 14, 2);
key = create_des_key(cp, reinterpret_cast<const unsigned char*>(&hash_pwd) + 14, 2);
if (!CryptSetKeyParam(key, KP_MODE, (const BYTE*)&mode_ecb, 0))
throw win_runtime_error(__FUNCTION__ " Error setting ECB mode.");
memcpy(data + 16, &challenge, 8);

32
lib/MSCHAPv2/src/Method.cpp
View File

@ -119,14 +119,14 @@ void eap::method_mschapv2::process_request_packet(
sizeof(nt_response)); // Response
response.push_back(m_ident);
response.push_back(0); // Flags
response.insert(response.end(), (unsigned char*)&m_challenge_client, (unsigned char*)(&m_challenge_client + 1)); // Peer-Challenge
response.insert(response.end(), reinterpret_cast<const unsigned char*>(&m_challenge_client), reinterpret_cast<const unsigned char*>(&m_challenge_client + 1)); // Peer-Challenge
response.insert(response.end(), 8, 0); // Reserved
response.insert(response.end(), (unsigned char*)&m_nt_resp, (unsigned char*)(&m_nt_resp + 1)); // NT-Response
response.insert(response.end(), reinterpret_cast<const unsigned char*>(&m_nt_resp), reinterpret_cast<const unsigned char*>(&m_nt_resp + 1)); // NT-Response
// Diameter AVP (User-Name=1, MS-CHAP-Challenge=11/311, MS-CHAP2-Response=25/311)
append_avp( 1, diameter_avp_flag_mandatory, identity_utf8.data(), (unsigned int)identity_utf8.size() );
append_avp(11, 311, diameter_avp_flag_mandatory, (unsigned char*)&m_challenge_server , (unsigned int)sizeof(m_challenge_server));
append_avp(25, 311, diameter_avp_flag_mandatory, response.data() , (unsigned int)response.size() );
append_avp( 1, diameter_avp_flag_mandatory, identity_utf8.data(), (unsigned int)identity_utf8.size() );
append_avp(11, 311, diameter_avp_flag_mandatory, reinterpret_cast<const unsigned char*>(&m_challenge_server) , (unsigned int)sizeof(m_challenge_server));
append_avp(25, 311, diameter_avp_flag_mandatory, response.data() , (unsigned int)response.size() );
m_phase = phase_challenge_server;
m_cfg.m_last_status = config_method::status_cred_invalid; // Blame credentials if we fail beyond this point.
@ -154,22 +154,22 @@ void eap::method_mschapv2::process_packet(_In_bytecount_(size_pck) const void *_
sanitizing_blob data;
wstring msg_w;
for (const unsigned char *pck = (const unsigned char*)_pck, *pck_end = pck + size_pck; pck < pck_end; ) {
for (const unsigned char *pck = reinterpret_cast<const unsigned char*>(_pck), *pck_end = pck + size_pck; pck < pck_end; ) {
if (pck + sizeof(diameter_avp_header) > pck_end)
throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete message header.");
const diameter_avp_header *hdr = (const diameter_avp_header*)pck;
unsigned int code = ntohl(*(unsigned int*)hdr->code);
const diameter_avp_header *hdr = reinterpret_cast<const diameter_avp_header*>(pck);
unsigned int code = ntohl(*reinterpret_cast<const unsigned int*>(hdr->code));
unsigned int vendor;
const unsigned char *msg;
if (hdr->flags & diameter_avp_flag_vendor) {
if (pck + sizeof(diameter_avp_header_ven) > pck_end)
throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete message header.");
const diameter_avp_header_ven *hdr_ven = (const diameter_avp_header_ven*)pck;
vendor = ntohl(*(unsigned int*)hdr_ven->vendor);
msg = (const unsigned char*)(hdr_ven + 1);
const diameter_avp_header_ven *hdr_ven = reinterpret_cast<const diameter_avp_header_ven*>(pck);
vendor = ntohl(*reinterpret_cast<const unsigned int*>(hdr_ven->vendor));
msg = reinterpret_cast<const unsigned char*>(hdr_ven + 1);
} else {
vendor = 0;
msg = (const unsigned char*)(hdr + 1);
msg = reinterpret_cast<const unsigned char*>(hdr + 1);
}
unsigned int length = ntoh24(hdr->length);
const unsigned char
@ -182,13 +182,13 @@ void eap::method_mschapv2::process_packet(_In_bytecount_(size_pck) const void *_
// MS-CHAP2-Success
if (msg[0] != m_ident)
throw invalid_argument(string_printf(__FUNCTION__ " Wrong MSCHAPv2 ident (expected: %u, received: %u).", m_ident, msg[0]).c_str());
const char *str = (const char*)(msg + 1);
process_success(parse_response(str, ((const char*)msg_end - str)));
const char *str = reinterpret_cast<const char*>(msg + 1);
process_success(parse_response(str, (reinterpret_cast<const char*>(msg_end) - str)));
} else if (code == 2 && vendor == 311) {
// MS-CHAP2-Error
m_ident = msg[0];
const char *str = (const char*)(msg + 1);
process_error(parse_response(str, ((const char*)msg_end - str)));
const char *str = reinterpret_cast<const char*>(msg + 1);
process_error(parse_response(str, (reinterpret_cast<const char*>(msg_end) - str)));
} else if (hdr->flags & diameter_avp_flag_mandatory)
throw win_runtime_error(ERROR_NOT_SUPPORTED, string_printf(__FUNCTION__ " Server sent mandatory Diameter AVP we do not support (code: %u, vendor: %u).", code, vendor).c_str());

36
lib/TLS/src/Credentials.cpp
View File

@ -173,8 +173,8 @@ void eap::credentials_tls::store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int
data_blob cred_enc;
if (m_cert) {
// Encrypt the certificate using user's key.
DATA_BLOB cred_blob = { m_cert->cbCertEncoded, m_cert->pbCertEncoded };
DATA_BLOB entropy_blob = { sizeof(s_entropy) , (LPBYTE)s_entropy };
DATA_BLOB cred_blob = { m_cert->cbCertEncoded, m_cert->pbCertEncoded };
DATA_BLOB entropy_blob = { sizeof(s_entropy) , const_cast<LPBYTE>(s_entropy) };
if (!CryptProtectData(&cred_blob, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN, &cred_enc))
throw win_runtime_error(__FUNCTION__ " CryptProtectData failed.");
}
@ -185,18 +185,18 @@ void eap::credentials_tls::store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int
assert(cred_enc.cbData < CRED_MAX_CREDENTIAL_BLOB_SIZE);
assert(m_identity.length() < CRED_MAX_USERNAME_LENGTH );
CREDENTIAL cred = {
0, // Flags
CRED_TYPE_GENERIC, // Type
(LPTSTR)target.c_str(), // TargetName
_T(""), // Comment
{ 0, 0 }, // LastWritten
cred_enc.cbData, // CredentialBlobSize
cred_enc.pbData, // CredentialBlob
CRED_PERSIST_ENTERPRISE, // Persist
0, // AttributeCount
NULL, // Attributes
NULL, // TargetAlias
(LPTSTR)m_identity.c_str() // UserName
0, // Flags
CRED_TYPE_GENERIC, // Type
const_cast<LPTSTR>(target.c_str()), // TargetName
_T(""), // Comment
{ 0, 0 }, // LastWritten
cred_enc.cbData, // CredentialBlobSize
cred_enc.pbData, // CredentialBlob
CRED_PERSIST_ENTERPRISE, // Persist
0, // AttributeCount
NULL, // Attributes
NULL, // TargetAlias
const_cast<LPTSTR>(m_identity.c_str()) // UserName
};
if (!CredWrite(&cred, 0))
throw win_runtime_error(__FUNCTION__ " CredWrite failed.");
@ -214,8 +214,8 @@ void eap::credentials_tls::retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned
if (cred->CredentialBlobSize) {
// Decrypt the certificate using user's key.
DATA_BLOB cred_enc = { cred->CredentialBlobSize, cred->CredentialBlob };
DATA_BLOB entropy_blob = { sizeof(s_entropy) , (LPBYTE)s_entropy };
DATA_BLOB cred_enc = { cred->CredentialBlobSize, cred->CredentialBlob };
DATA_BLOB entropy_blob = { sizeof(s_entropy) , const_cast<LPBYTE>(s_entropy) };
data_blob cred_int;
if (!CryptUnprotectData(&cred_enc, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN | CRYPTPROTECT_VERIFY_PROTECTION, &cred_int))
throw win_runtime_error(__FUNCTION__ " CryptUnprotectData failed.");
@ -298,14 +298,14 @@ eap::credentials::source_t eap::credentials_tls::combine(
{
if (cred_cached) {
// Using EAP service cached credentials.
*this = *(credentials_tls*)cred_cached;
*this = *dynamic_cast<const credentials_tls*>(cred_cached);
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED2, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data(pszTargetName), event_data::blank);
return source_cache;
}
if (cfg.m_use_cred) {
// Using configured credentials.
*this = *(credentials_tls*)cfg.m_cred.get();
*this = *dynamic_cast<const credentials_tls*>(cfg.m_cred.get());
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CONFIG2, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data(pszTargetName), event_data::blank);
return source_config;
}

80
lib/TLS/src/Method.cpp
View File

@ -376,8 +376,8 @@ void eap::method_tls::process_request_packet(
// Derive master secret.
static const unsigned char s_label[] = "master secret";
sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1);
seed.insert(seed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1));
seed.insert(seed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1));
seed.insert(seed.end(), reinterpret_cast<const unsigned char*>(&m_random_client), reinterpret_cast<const unsigned char*>(&m_random_client + 1));
seed.insert(seed.end(), reinterpret_cast<const unsigned char*>(&m_random_server), reinterpret_cast<const unsigned char*>(&m_random_server + 1));
memcpy(&m_master_secret, prf(m_cp, m_alg_prf, pms, seed, sizeof(tls_master_secret)).data(), sizeof(tls_master_secret));
// Create client key exchange message, and append to packet.
@ -396,8 +396,8 @@ void eap::method_tls::process_request_packet(
// Derive client side keys.
static const unsigned char s_label[] = "key expansion";
sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1);
seed.insert(seed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1));
seed.insert(seed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1));
seed.insert(seed.end(), reinterpret_cast<const unsigned char*>(&m_random_server), reinterpret_cast<const unsigned char*>(&m_random_server + 1));
seed.insert(seed.end(), reinterpret_cast<const unsigned char*>(&m_random_client), reinterpret_cast<const unsigned char*>(&m_random_client + 1));
sanitizing_blob key_block(prf(m_cp, m_alg_prf, m_master_secret, seed,
2*m_state_client_pending.m_size_mac_key + // client_write_MAC_secret & server_write_MAC_secret (SHA1)
2*m_state_client_pending.m_size_enc_key + // client_write_key & server_write_key
@ -518,9 +518,9 @@ void eap::method_tls::get_result(
// Fill array with RADIUS attributes.
eap_attr a;
m_eap_attr.reserve(m_eap_attr.size() + 3);
a.create_ms_mppe_key(16, (LPCBYTE)&m_key_mppe_client, sizeof(tls_random));
a.create_ms_mppe_key(16, reinterpret_cast<LPCBYTE>(&m_key_mppe_client), sizeof(tls_random));
m_eap_attr.push_back(std::move(a));
a.create_ms_mppe_key(17, (LPCBYTE)&m_key_mppe_server, sizeof(tls_random));
a.create_ms_mppe_key(17, reinterpret_cast<LPCBYTE>(&m_key_mppe_server), sizeof(tls_random));
m_eap_attr.push_back(std::move(a));
m_eap_attr.push_back(eap_attr::blank);
@ -552,7 +552,7 @@ void eap::method_tls::get_result(
NULL,
&buf_out_desc);
if (SUCCEEDED(status))
m_packet_res.m_data.insert(m_packet_res.m_data.end(), (const unsigned char*)buf_out[0].pvBuffer, (const unsigned char*)buf_out[0].pvBuffer + buf_out[0].cbBuffer);
m_packet_res.m_data.insert(m_packet_res.m_data.end(), reinterpret_cast<const unsigned char*>(buf_out[0].pvBuffer), reinterpret_cast<const unsigned char*>(buf_out[0].pvBuffer) + buf_out[0].cbBuffer);
}
#endif
@ -594,14 +594,14 @@ eap::sanitizing_blob eap::method_tls::make_client_hello()
// SSL header
assert(size_data <= 0xffffff);
unsigned int ssl_header = htonl((tls_handshake_type_client_hello << 24) | (unsigned int)size_data);
msg.insert(msg.end(), (unsigned char*)&ssl_header, (unsigned char*)(&ssl_header + 1));
msg.insert(msg.end(), reinterpret_cast<const unsigned char*>(&ssl_header), reinterpret_cast<const unsigned char*>(&ssl_header + 1));
// SSL version
msg.insert(msg.end(), (unsigned char*)&m_tls_version, (unsigned char*)(&m_tls_version + 1));
msg.insert(msg.end(), reinterpret_cast<const unsigned char*>(&m_tls_version), reinterpret_cast<const unsigned char*>(&m_tls_version + 1));
// Generate client random and add it to the message
m_random_client.randomize(m_cp);
msg.insert(msg.end(), (unsigned char*)&m_random_client, (unsigned char*)(&m_random_client + 1));
msg.insert(msg.end(), reinterpret_cast<const unsigned char*>(&m_random_client), reinterpret_cast<const unsigned char*>(&m_random_client + 1));
// Session ID
assert(m_session_id.size() <= 32);
@ -610,7 +610,7 @@ eap::sanitizing_blob eap::method_tls::make_client_hello()
// Cypher suite list
unsigned short size_cipher_suite2 = htons((unsigned short)sizeof(s_cipher_suite));
msg.insert(msg.end(), (unsigned char*)&size_cipher_suite2, (unsigned char*)(&size_cipher_suite2 + 1));
msg.insert(msg.end(), reinterpret_cast<const unsigned char*>(&size_cipher_suite2), reinterpret_cast<const unsigned char*>(&size_cipher_suite2 + 1));
msg.insert(msg.end(), s_cipher_suite, s_cipher_suite + _countof(s_cipher_suite));
// Compression
@ -638,7 +638,7 @@ eap::sanitizing_blob eap::method_tls::make_client_cert() const
// SSL header
assert(size_data <= 0xffffff);
unsigned int ssl_header = htonl((tls_handshake_type_certificate << 24) | (unsigned int)size_data);
msg.insert(msg.end(), (unsigned char*)&ssl_header, (unsigned char*)(&ssl_header + 1));
msg.insert(msg.end(), reinterpret_cast<const unsigned char*>(&ssl_header), reinterpret_cast<const unsigned char*>(&ssl_header + 1));
// List size
assert(size_list <= 0xffffff);
@ -663,7 +663,7 @@ eap::sanitizing_blob eap::method_tls::make_client_cert() const
eap::sanitizing_blob eap::method_tls::make_client_key_exchange(_In_ const tls_master_secret &pms) const
{
// Encrypt pre-master key with server public key first.
sanitizing_blob pms_enc((const unsigned char*)&pms, (const unsigned char*)(&pms + 1));
sanitizing_blob pms_enc(reinterpret_cast<const unsigned char*>(&pms), reinterpret_cast<const unsigned char*>(&pms + 1));
crypt_key key;
if (!key.import_public(m_cp_enc_client, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, &(m_server_cert_chain.front()->pCertInfo->SubjectPublicKeyInfo)))
throw win_runtime_error(__FUNCTION__ " Error importing server's public key.");
@ -681,7 +681,7 @@ eap::sanitizing_blob eap::method_tls::make_client_key_exchange(_In_ const tls_ma
// SSL header
assert(size_data <= 0xffffff);
unsigned int ssl_header = htonl((tls_handshake_type_client_key_exchange << 24) | (unsigned int)size_data);
msg.insert(msg.end(), (unsigned char*)&ssl_header, (unsigned char*)(&ssl_header + 1));
msg.insert(msg.end(), reinterpret_cast<const unsigned char*>(&ssl_header), reinterpret_cast<const unsigned char*>(&ssl_header + 1));
// Encrypted pre master secret size
assert(size_pms_enc <= 0xffff);
@ -707,7 +707,7 @@ eap::sanitizing_blob eap::method_tls::make_finished() const
// SSL header
unsigned int ssl_header = htonl((unsigned int)(tls_handshake_type_finished << 24) | 12);
msg.insert(msg.end(), (unsigned char*)&ssl_header, (unsigned char*)(&ssl_header + 1));
msg.insert(msg.end(), reinterpret_cast<const unsigned char*>(&ssl_header), reinterpret_cast<const unsigned char*>(&ssl_header + 1));
// Create label + hash MD5 + hash SHA-1 seed.
crypt_hash hash;
@ -760,7 +760,7 @@ eap::sanitizing_blob eap::method_tls::make_message(_In_ tls_message_type_t type,
sanitizing_blob msg;
msg.reserve(sizeof(message_header) + size_data);
msg.assign((const unsigned char*)&hdr, (const unsigned char*)(&hdr + 1));
msg.assign(reinterpret_cast<const unsigned char*>(&hdr), reinterpret_cast<const unsigned char*>(&hdr + 1));
msg.insert(msg.end(), data.begin(), data.end());
return msg;
}
@ -774,8 +774,8 @@ void eap::method_tls::derive_msk()
#if EAP_TLS < EAP_TLS_SCHANNEL
static const unsigned char s_label[] = "client EAP encryption";
sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1);
seed.insert(seed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1));
seed.insert(seed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1));
seed.insert(seed.end(), reinterpret_cast<const unsigned char*>(&m_random_client), reinterpret_cast<const unsigned char*>(&m_random_client + 1));
seed.insert(seed.end(), reinterpret_cast<const unsigned char*>(&m_random_server), reinterpret_cast<const unsigned char*>(&m_random_server + 1));
sanitizing_blob key_block(prf(m_cp, m_alg_prf, m_master_secret, seed, 2*sizeof(tls_random)));
_key_block = key_block.data();
#else
@ -808,13 +808,13 @@ void eap::method_tls::process_packet(_In_bytecount_(size_pck) const void *_pck,
{
sanitizing_blob data;
for (const unsigned char *pck = (const unsigned char*)_pck, *pck_end = pck + size_pck; pck < pck_end; ) {
for (const unsigned char *pck = reinterpret_cast<const unsigned char*>(_pck), *pck_end = pck + size_pck; pck < pck_end; ) {
if (pck + 5 > pck_end)
throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete message header.");
const message_header *hdr = (const message_header*)pck;
const unsigned char
*msg = (const unsigned char*)(hdr + 1),
*msg_end = msg + ntohs(*(unsigned short*)hdr->length);
*msg = reinterpret_cast<const unsigned char*>(hdr + 1),
*msg_end = msg + ntohs(*reinterpret_cast<const unsigned short*>(hdr->length));
if (msg_end > pck_end)
throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete message data.");
@ -870,7 +870,7 @@ void eap::method_tls::process_change_cipher_spec(_In_bytecount_(size_msg) const
if (size_msg < 1)
throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete change cipher spec.");
const unsigned char *msg = (const unsigned char*)_msg;
const unsigned char *msg = reinterpret_cast<const unsigned char*>(_msg);
if (msg[0] != 1)
throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, string_printf(__FUNCTION__ " Invalid change cipher spec message (expected 1, received %u).", msg[0]));
@ -885,8 +885,8 @@ void eap::method_tls::process_change_cipher_spec(_In_bytecount_(size_msg) const
static const unsigned char s_label[] = "key expansion";
sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1);
seed.insert(seed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1));
seed.insert(seed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1));
seed.insert(seed.end(), reinterpret_cast<const unsigned char*>(&m_random_server), reinterpret_cast<const unsigned char*>(&m_random_server + 1));
seed.insert(seed.end(), reinterpret_cast<const unsigned char*>(&m_random_client), reinterpret_cast<const unsigned char*>(&m_random_client + 1));
sanitizing_blob key_block(prf(m_cp, m_alg_prf, m_master_secret, seed,
2*m_state_server_pending.m_size_mac_key + // client_write_MAC_secret & server_write_MAC_secret (SHA1)
2*m_state_server_pending.m_size_enc_key + // client_write_key & server_write_key
@ -928,7 +928,7 @@ void eap::method_tls::process_alert(_In_bytecount_(size_msg) const void *_msg, _
if (size_msg < 2)
throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete alert.");
const unsigned char *msg = (const unsigned char*)_msg;
const unsigned char *msg = reinterpret_cast<const unsigned char*>(_msg);
m_module.log_event(&EAPMETHOD_TLS_ALERT, event_data((unsigned int)eap_type_tls), event_data((unsigned char)msg[0]), event_data((unsigned char)msg[1]), event_data::blank);
@ -941,11 +941,11 @@ void eap::method_tls::process_alert(_In_bytecount_(size_msg) const void *_msg, _
void eap::method_tls::process_handshake(_In_bytecount_(size_msg) const void *_msg, _In_ size_t size_msg)
{
for (const unsigned char *msg = (const unsigned char*)_msg, *msg_end = msg + size_msg; msg < msg_end; ) {
for (const unsigned char *msg = reinterpret_cast<const unsigned char*>(_msg), *msg_end = msg + size_msg; msg < msg_end; ) {
// Parse record header.
if (msg + sizeof(unsigned int) > msg_end)
throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete record header.");
unsigned int hdr = ntohl(*(unsigned int*)msg);
unsigned int hdr = ntohl(*reinterpret_cast<const unsigned int*>(msg));
const unsigned char
*rec = msg + sizeof(unsigned int),
*rec_end = rec + (hdr & 0xffffff);
@ -959,9 +959,9 @@ void eap::method_tls::process_handshake(_In_bytecount_(size_msg) const void *_ms
// TLS version
if (rec + 2 > rec_end)
throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Server SSL/TLS version missing or incomplete.");
else if (*(tls_version*)rec < tls_version_1_0 || m_tls_version < *(tls_version*)rec)
else if (*reinterpret_cast<const tls_version*>(rec) < tls_version_1_0 || m_tls_version < *reinterpret_cast<const tls_version*>(rec))
throw win_runtime_error(ERROR_NOT_SUPPORTED, __FUNCTION__ " Unsupported SSL/TLS version.");
m_tls_version = *(tls_version*)rec;
m_tls_version = *reinterpret_cast<const tls_version*>(rec);
m_alg_prf = m_tls_version < tls_version_1_2 ? CALG_TLS1PRF : CALG_SHA_256;
rec += 2;
@ -1171,7 +1171,7 @@ void eap::method_tls::process_handshake()
// Send Schannel's token via EAP.
assert(buf_out[0].BufferType == SECBUFFER_TOKEN);
assert(m_sc_ctx.m_attrib & ISC_RET_ALLOCATED_MEMORY);
m_packet_res.m_data.assign((const unsigned char*)buf_out[0].pvBuffer, (const unsigned char*)buf_out[0].pvBuffer + buf_out[0].cbBuffer);
m_packet_res.m_data.assign(reinterpret_cast<const unsigned char*>(buf_out[0].pvBuffer), reinterpret_cast<const unsigned char*>(buf_out[0].pvBuffer) + buf_out[0].cbBuffer);
if (buf_in[1].BufferType == SECBUFFER_EXTRA) {
// Server appended extra data.
m_sc_queue.erase(m_sc_queue.begin(), m_sc_queue.end() - buf_in[1].cbBuffer);
@ -1217,7 +1217,7 @@ void eap::method_tls::process_handshake()
// Send alert via EAP. Not that EAP will transmit it once we throw this is an error...
assert(buf_out[1].BufferType == SECBUFFER_ALERT);
assert(m_sc_ctx.m_attrib & ISC_RET_ALLOCATED_MEMORY);
m_packet_res.m_data.assign((const unsigned char*)buf_out[1].pvBuffer, (const unsigned char*)buf_out[1].pvBuffer + buf_out[1].cbBuffer);
m_packet_res.m_data.assign(reinterpret_cast<const unsigned char*>(buf_out[1].pvBuffer), reinterpret_cast<const unsigned char*>(buf_out[1].pvBuffer) + buf_out[1].cbBuffer);
}
throw sec_runtime_error(status, __FUNCTION__ " Schannel error.");
@ -1265,7 +1265,7 @@ void eap::method_tls::process_application_data()
std::vector<unsigned char> extra;
for (size_t i = 0; i < _countof(buf); i++)
if (buf[i].BufferType == SECBUFFER_EXTRA)
extra.insert(extra.end(), (unsigned char*)buf[i].pvBuffer, (unsigned char*)buf[i].pvBuffer + buf[i].cbBuffer);
extra.insert(extra.end(), reinterpret_cast<const unsigned char*>(buf[i].pvBuffer), reinterpret_cast<const unsigned char*>(buf[i].pvBuffer) + buf[i].cbBuffer);
m_sc_queue = std::move(extra);
} else if (status == SEC_E_INCOMPLETE_MESSAGE) {
// Schannel neeeds more data. Send ACK packet to server to send more.
@ -1647,7 +1647,7 @@ eap::sanitizing_blob eap::method_tls::prf(
size_S2 = size_S1;
const void
*S1 = &secret,
*S2 = (const unsigned char*)&secret + (sizeof(tls_master_secret) - size_S2);
*S2 = reinterpret_cast<const unsigned char*>(&secret) + (sizeof(tls_master_secret) - size_S2);
// Precalculate HMAC padding for speed.
hmac_padding
@ -1656,8 +1656,8 @@ eap::sanitizing_blob eap::method_tls::prf(
// Prepare A for p_hash.
sanitizing_blob
A1((unsigned char*)seed, (unsigned char*)seed + size_seed),
A2((unsigned char*)seed, (unsigned char*)seed + size_seed);
A1(reinterpret_cast<const unsigned char*>(seed), reinterpret_cast<const unsigned char*>(seed) + size_seed),
A2(reinterpret_cast<const unsigned char*>(seed), reinterpret_cast<const unsigned char*>(seed) + size_seed);
sanitizing_blob
hmac1,
@ -1706,7 +1706,7 @@ eap::sanitizing_blob eap::method_tls::prf(
hmac_padding padding(cp, alg, &secret, sizeof(tls_master_secret));
// Prepare A for p_hash.
sanitizing_blob A((unsigned char*)seed, (unsigned char*)seed + size_seed);
sanitizing_blob A(reinterpret_cast<const unsigned char*>(seed), reinterpret_cast<const unsigned char*>(seed) + size_seed);
sanitizing_blob hmac;
for (size_t i = 0; i < size; ) {
@ -1759,8 +1759,8 @@ HCRYPTKEY eap::method_tls::create_key(
};
sanitizing_blob key_blob;
key_blob.reserve(sizeof(key_blob_prefix) + size_secret);
key_blob.assign((const unsigned char*)&prefix, (const unsigned char*)(&prefix + 1));
key_blob.insert(key_blob.end(), (const unsigned char*)secret, (const unsigned char*)secret + size_secret);
key_blob.assign( reinterpret_cast<const unsigned char*>(&prefix), reinterpret_cast<const unsigned char*>(&prefix + 1));
key_blob.insert(key_blob.end(), reinterpret_cast<const unsigned char*>( secret), reinterpret_cast<const unsigned char*>(secret) + size_secret);
// Import the key.
winstd::crypt_key key_out;
@ -1795,7 +1795,7 @@ HCRYPTKEY eap::method_tls::create_key(
#pragma pack(pop)
sanitizing_blob key_blob;
key_blob.reserve(sizeof(key_blob_prefix) + size_key);
key_blob.assign((const unsigned char*)&prefix, (const unsigned char*)(&prefix + 1));
key_blob.assign(reinterpret_cast<const unsigned char*>(&prefix), reinterpret_cast<const unsigned char*>(&prefix + 1));
// Key in EME-PKCS1-v1_5 (RFC 3447).
key_blob.push_back(0); // Initial zero
@ -1818,7 +1818,7 @@ HCRYPTKEY eap::method_tls::create_key(
key_blob.push_back(0); // PS and M zero delimiter
// M
key_blob.insert(key_blob.end(), (const unsigned char*)secret, (const unsigned char*)secret + size_secret);
key_blob.insert(key_blob.end(), reinterpret_cast<const unsigned char*>(secret), reinterpret_cast<const unsigned char*>(secret) + size_secret);
#ifdef _HOST_LOW_ENDIAN
std::reverse(key_blob.end() - size_key, key_blob.end());

10
lib/TLS/src/TLS.cpp
View File

@ -496,11 +496,11 @@ bool eap::packet_tls::append_frag(_In_ const EapPacket *pck)
if (pck->Data[1] & flags_req_length_incl) {
// Length field is included.
packet_data_ptr = pck->Data + 6;
size_packet_data = ntohs(*(unsigned short*)pck->Length) - 10;
size_packet_data = ntohs(*reinterpret_cast<const unsigned short*>(pck->Length)) - 10;
} else {
// Length field not included.
packet_data_ptr = pck->Data + 2;
size_packet_data = ntohs(*(unsigned short*)pck->Length) - 6;
size_packet_data = ntohs(*reinterpret_cast<const unsigned short*>(pck->Length)) - 6;
}
// Do the EAP-TLS defragmentation.
@ -509,7 +509,7 @@ bool eap::packet_tls::append_frag(_In_ const EapPacket *pck)
// Start a new packet.
if (pck->Data[1] & flags_req_length_incl) {
// Preallocate data according to the Length field.
size_t size_tot = ntohl(*(unsigned int*)(pck->Data + 2));
size_t size_tot = ntohl(*reinterpret_cast<const unsigned int*>(pck->Data + 2));
m_data.reserve(size_tot);
//m_module.log_event(&EAPMETHOD_PACKET_RECV_FRAG_FIRST, event_data((unsigned int)eap_type_tls), event_data((unsigned int)size_packet_data), event_data((unsigned int)size_tot), event_data::blank);
} else {
@ -561,7 +561,7 @@ unsigned short eap::packet_tls::get_frag(_Out_bytecap_(size_pck) EapPacket *pck,
} else {
// But it should be fragmented.
m_flags |= flags_res_length_incl | flags_res_more_frag;
*(unsigned int*)(pck->Data + 2) = htonl(size_packet);
*reinterpret_cast<unsigned int*>(pck->Data + 2) = htonl(size_packet);
data_dst = pck->Data + 6;
size_data = size_packet_limit - 10;
size_packet = size_packet_limit;
@ -585,7 +585,7 @@ unsigned short eap::packet_tls::get_frag(_Out_bytecap_(size_pck) EapPacket *pck,
pck->Code = (BYTE)m_code;
pck->Id = m_id;
*(unsigned short*)pck->Length = htons((unsigned short)size_packet);
*reinterpret_cast<unsigned short*>(pck->Length) = htons((unsigned short)size_packet);
pck->Data[0] = (BYTE)eap_type_tls;
pck->Data[1] = m_flags;
memcpy(data_dst, m_data.data(), size_data);

2
lib/TLS_UI/src/TLS_UI.cpp
View File

@ -521,7 +521,7 @@ void wxTLSServerTrustPanel::OnRootCAAddFile(wxCommandEvent& event)
for (size_t i = 0, i_end = paths.GetCount(); i < i_end; i++) {
// Load certificate(s) from file.
winstd::cert_store cs;
if (cs.create(CERT_STORE_PROV_FILENAME, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, NULL, CERT_STORE_OPEN_EXISTING_FLAG | CERT_STORE_READONLY_FLAG, (LPCTSTR)(paths[i]))) {
if (cs.create(CERT_STORE_PROV_FILENAME, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, NULL, CERT_STORE_OPEN_EXISTING_FLAG | CERT_STORE_READONLY_FLAG, paths[i])) {
for (PCCERT_CONTEXT cert = NULL; (cert = CertEnumCertificatesInStore(cs, cert)) != NULL;)
AddRootCA(cert);
} else

4
lib/TTLS/src/Config.cpp
View File

@ -38,7 +38,7 @@ eap::config_method_ttls::config_method_ttls(_In_ module &mod, _In_ unsigned int
eap::config_method_ttls::config_method_ttls(const _In_ config_method_ttls &other) :
m_inner(other.m_inner ? (config_method_with_cred*)other.m_inner->clone() : nullptr),
m_inner(other.m_inner ? dynamic_cast<config_method_with_cred*>(other.m_inner->clone()) : nullptr),
m_anonymous_identity(other.m_anonymous_identity),
config_method_tls(other)
{
@ -57,7 +57,7 @@ eap::config_method_ttls& eap::config_method_ttls::operator=(const _In_ config_me
{
if (this != &other) {
(config_method_tls&)*this = other;
m_inner.reset(other.m_inner ? (config_method_with_cred*)other.m_inner->clone() : nullptr);
m_inner.reset(other.m_inner ? dynamic_cast<config_method_with_cred*>(other.m_inner->clone()) : nullptr);
m_anonymous_identity = other.m_anonymous_identity;
}

4
lib/TTLS/src/Credentials.cpp
View File

@ -35,7 +35,7 @@ eap::credentials_ttls::credentials_ttls(_In_ module &mod) :
eap::credentials_ttls::credentials_ttls(_In_ const credentials_ttls &other) :
m_inner(other.m_inner ? (credentials*)other.m_inner->clone() : nullptr),
m_inner(other.m_inner ? dynamic_cast<credentials*>(other.m_inner->clone()) : nullptr),
credentials_tls(other)
{
}
@ -52,7 +52,7 @@ eap::credentials_ttls& eap::credentials_ttls::operator=(_In_ const credentials_t
{
if (this != &other) {
(credentials_tls&)*this = other;
m_inner.reset(other.m_inner ? (credentials*)other.m_inner->clone() : nullptr);
m_inner.reset(other.m_inner ? dynamic_cast<credentials*>(other.m_inner->clone()) : nullptr);
}
return *this;

10
lib/TTLS/src/Method.cpp
View File

@ -157,8 +157,8 @@ void eap::method_ttls::derive_msk()
//
static const unsigned char s_label[] = "ttls keying material";
sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1);
seed.insert(seed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1));
seed.insert(seed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1));
seed.insert(seed.end(), reinterpret_cast<const unsigned char*>(&m_random_client), reinterpret_cast<const unsigned char*>(&m_random_client + 1));
seed.insert(seed.end(), reinterpret_cast<const unsigned char*>(&m_random_server), reinterpret_cast<const unsigned char*>(&m_random_server + 1));
sanitizing_blob key_block(prf(m_cp, CALG_TLS1PRF, m_master_secret, seed, 2*sizeof(tls_random)));
_key_block = key_block.data();
#else
@ -197,8 +197,8 @@ void eap::method_ttls::derive_challenge()
#if EAP_TLS < EAP_TLS_SCHANNEL
static const unsigned char s_label[] = "ttls challenge";
sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1);
seed.insert(seed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1));
seed.insert(seed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1));
seed.insert(seed.end(), reinterpret_cast<const unsigned char*>(&m_random_client), reinterpret_cast<const unsigned char*>(&m_random_client + 1));
seed.insert(seed.end(), reinterpret_cast<const unsigned char*>(&m_random_server), reinterpret_cast<const unsigned char*>(&m_random_server + 1));
sanitizing_blob keying(prf(m_cp, CALG_TLS1PRF, m_master_secret, seed, sizeof(challenge_mschapv2) + 1));
memcpy(&inner_mschapv2->m_challenge_server, keying.data(), sizeof(challenge_mschapv2));
inner_mschapv2->m_ident = keying[sizeof(challenge_mschapv2) + 0];
@ -294,7 +294,7 @@ void eap::method_ttls::process_application_data(_In_bytecount_(size_msg) const v
status = EncryptMessage(m_sc_ctx, 0, &buf_desc, 0);
if (FAILED(status))
throw sec_runtime_error(status, __FUNCTION__ " Error encrypting message.");
m_packet_res.m_data.insert(m_packet_res.m_data.end(), (const unsigned char*)buf[0].pvBuffer, (const unsigned char*)buf[0].pvBuffer + buf[0].cbBuffer + buf[1].cbBuffer + buf[2].cbBuffer);
m_packet_res.m_data.insert(m_packet_res.m_data.end(), reinterpret_cast<const unsigned char*>(buf[0].pvBuffer), reinterpret_cast<const unsigned char*>(buf[0].pvBuffer) + buf[0].cbBuffer + buf[1].cbBuffer + buf[2].cbBuffer);
#endif
} else {
// Empty packets represent ACK message, and are not encrypted.

2
lib/WinStd

@ -1 +1 @@
Subproject commit 129b9c9a10c2145235e8f447706875dcafa4a4a3
Subproject commit 3b4448dcf4f2cfd54dc40be1ef262835ac532550

2
lib/wxExtend

@ -1 +1 @@
Subproject commit e9dd2b7ae5faae80f2a5c785b6def4ad6f3aba21
Subproject commit 2e3e188026b7e6845e9e2b5552faf7589d25cbfc