From 559ffc5ead99b6848386588319bf49005da9b5d4 Mon Sep 17 00:00:00 2001 From: Simon Rozman Date: Mon, 3 Oct 2016 11:40:30 +0200 Subject: [PATCH] ID 3. C style pointer casting from security audit fixed --- EventMonitor/ETWLog.cpp | 40 ++++++++--------- lib/EAPBase/include/EAP.h | 4 +- lib/EAPBase/include/Module.h | 6 +-- lib/EAPBase/src/Config.cpp | 12 ++--- lib/EAPBase/src/Credentials.cpp | 50 ++++++++++----------- lib/EAPBase/src/Method.cpp | 14 +++--- lib/EAPBase/src/Module.cpp | 6 +-- lib/EAPBase_UI/include/EAP_UI.h | 6 +-- lib/EAPBase_UI/src/EAP_UI.cpp | 28 ++++++------ lib/MSCHAPv2/src/MSCHAPv2.cpp | 8 ++-- lib/MSCHAPv2/src/Method.cpp | 32 ++++++------- lib/TLS/src/Credentials.cpp | 36 +++++++-------- lib/TLS/src/Method.cpp | 80 ++++++++++++++++----------------- lib/TLS/src/TLS.cpp | 10 ++--- lib/TLS_UI/src/TLS_UI.cpp | 2 +- lib/TTLS/src/Config.cpp | 4 +- lib/TTLS/src/Credentials.cpp | 4 +- lib/TTLS/src/Method.cpp | 10 ++--- lib/WinStd | 2 +- lib/wxExtend | 2 +- 20 files changed, 178 insertions(+), 178 deletions(-) diff --git a/EventMonitor/ETWLog.cpp b/EventMonitor/ETWLog.cpp index 5415b6e..230dc26 100644 --- a/EventMonitor/ETWLog.cpp +++ b/EventMonitor/ETWLog.cpp @@ -77,7 +77,7 @@ wxEventTraceProcessorThread::wxEventTraceProcessorThread(wxEvtHandler *parent, c for (size_t i = 0, i_end = sessions.GetCount(); i < i_end; i++) { // Open trace. - tlf.LoggerName = (LPTSTR)(LPCTSTR)(sessions[i]); + tlf.LoggerName = const_cast((LPCTSTR)(sessions[i])); event_trace trace; if (!trace.create(&tlf)) { wxLogError(_("Error opening event trace (error %u)."), GetLastError()); @@ -207,7 +207,7 @@ wxETWListCtrl::wxETWListCtrl(wxWindow *parent, wxWindowID id, const wxPoint& pos ulSizeName = (ULONG)((name .length() + 1)*sizeof(TCHAR)), //ulSizeLogFile = (ULONG)((log_file.length() + 1)*sizeof(TCHAR)), ulSize = sizeof(EVENT_TRACE_PROPERTIES) + ulSizeName /*+ ulSizeLogFile*/; - unique_ptr properties((EVENT_TRACE_PROPERTIES*)new char[ulSize]); + unique_ptr properties(reinterpret_cast(new char[ulSize])); wxASSERT_MSG(properties, wxT("error allocating session properties memory")); // Initialize properties. @@ -220,7 +220,7 @@ wxETWListCtrl::wxETWListCtrl(wxWindow *parent, wxWindowID id, const wxPoint& pos properties->MaximumFileSize = 1; // 1 MB properties->LoggerNameOffset = sizeof(EVENT_TRACE_PROPERTIES); //properties->LogFileNameOffset = sizeof(EVENT_TRACE_PROPERTIES) + ulSizeName; - //memcpy((LPTSTR)((char*)properties.get() + properties->LogFileNameOffset), log_file.c_str(), ulSizeLogFile); + //memcpy(reinterpret_cast(properties.get()) + properties->LogFileNameOffset, log_file.c_str(), ulSizeLogFile); if ((ulResult = m_session.create(name.c_str(), properties.get())) == ERROR_SUCCESS) { break; @@ -605,7 +605,7 @@ wxString wxETWListCtrl::OnGetItemText(const event_rec &rec, long column) const if (info->DecodingSource != DecodingSourceWPP) { if (rec.EventHeader.Flags & EVENT_HEADER_FLAG_STRING_ONLY) { // This is a string-only event. Print it. - return (LPCWSTR)rec.UserData; + return reinterpret_cast(rec.UserData); } else { // This is not a string-only event. Prepare parameters. @@ -621,12 +621,12 @@ wxString wxETWListCtrl::OnGetItemText(const event_rec &rec, long column) const if (info->EventMessageOffset) { // Format the message. - return wstring_msg(0, (LPCTSTR)((LPCBYTE)info.get() + info->EventMessageOffset), props_msg.data()).c_str(); + return wstring_msg(0, reinterpret_cast(reinterpret_cast(info.get()) + info->EventMessageOffset), props_msg.data()).c_str(); } } } else if (info->EventMessageOffset) { // This is a WPP event. - return (LPCWSTR)((LPCBYTE)info.get() + info->EventMessageOffset); + return reinterpret_cast(reinterpret_cast(info.get()) + info->EventMessageOffset); } } } @@ -816,21 +816,21 @@ static tstring DataToString(_In_ USHORT InType, _In_ USHORT OutType, _In_count_( case TDH_INTYPE_ANSICHAR: { // Convert strings from ANSI code page, all others (JSON, XML etc.) from UTF-8 wstring str; - MultiByteToWideChar(OutType == TDH_OUTTYPE_STRING ? CP_ACP : CP_UTF8, 0, (LPCSTR)pData, (int)nDataSize, str); + MultiByteToWideChar(OutType == TDH_OUTTYPE_STRING ? CP_ACP : CP_UTF8, 0, reinterpret_cast(pData), (int)nDataSize, str); return tstring_printf(_T("%ls"), str.c_str()); } case TDH_INTYPE_COUNTEDSTRING: - return DataToString(TDH_INTYPE_NONNULLTERMINATEDSTRING, OutType, (LPCBYTE)((PUSHORT)pData + 1), *(PUSHORT)pData, pMapInfo, nPtrSize); + return DataToString(TDH_INTYPE_NONNULLTERMINATEDSTRING, OutType, reinterpret_cast((PUSHORT)pData + 1), *(PUSHORT)pData, pMapInfo, nPtrSize); case TDH_INTYPE_COUNTEDANSISTRING: - return DataToString(TDH_INTYPE_NONNULLTERMINATEDANSISTRING, OutType, (LPCBYTE)((PUSHORT)pData + 1), *(PUSHORT)pData, pMapInfo, nPtrSize); + return DataToString(TDH_INTYPE_NONNULLTERMINATEDANSISTRING, OutType, reinterpret_cast((PUSHORT)pData + 1), *(PUSHORT)pData, pMapInfo, nPtrSize); case TDH_INTYPE_REVERSEDCOUNTEDSTRING: - return DataToString(TDH_INTYPE_NONNULLTERMINATEDSTRING, OutType, (LPCBYTE)((PUSHORT)pData + 1), MAKEWORD(HIBYTE(*(PUSHORT)pData), LOBYTE(*(PUSHORT)pData)), pMapInfo, nPtrSize); + return DataToString(TDH_INTYPE_NONNULLTERMINATEDSTRING, OutType, reinterpret_cast((PUSHORT)pData + 1), MAKEWORD(HIBYTE(*(PUSHORT)pData), LOBYTE(*(PUSHORT)pData)), pMapInfo, nPtrSize); case TDH_INTYPE_REVERSEDCOUNTEDANSISTRING: - return DataToString(TDH_INTYPE_NONNULLTERMINATEDANSISTRING, OutType, (LPCBYTE)((PUSHORT)pData + 1), MAKEWORD(HIBYTE(*(PUSHORT)pData), LOBYTE(*(PUSHORT)pData)), pMapInfo, nPtrSize); + return DataToString(TDH_INTYPE_NONNULLTERMINATEDANSISTRING, OutType, reinterpret_cast((PUSHORT)pData + 1), MAKEWORD(HIBYTE(*(PUSHORT)pData), LOBYTE(*(PUSHORT)pData)), pMapInfo, nPtrSize); case TDH_INTYPE_INT8: assert(nDataSize >= sizeof(CHAR)); @@ -966,7 +966,7 @@ static tstring DataToString(_In_ USHORT InType, _In_ USHORT OutType, _In_count_( SYSTEMTIME st, st_local; FileTimeToSystemTime((PFILETIME)pData, &st); SystemTimeToTzSpecificLocalTime(NULL, &st, &st_local); - return DataToString(TDH_INTYPE_SYSTEMTIME, OutType, (LPCBYTE)&st_local, sizeof(st_local), pMapInfo, nPtrSize); + return DataToString(TDH_INTYPE_SYSTEMTIME, OutType, reinterpret_cast(&st_local), sizeof(st_local), pMapInfo, nPtrSize); } case TDH_INTYPE_SYSTEMTIME: @@ -1019,7 +1019,7 @@ static ULONG GetArraySize(PEVENT_RECORD pEvent, PTRACE_EVENT_INFO pInfo, ULONG i ULONG ulResult; // Get array count property. - PROPERTY_DATA_DESCRIPTOR data_desc = { (ULONGLONG)((LPBYTE)pInfo + pInfo->EventPropertyInfoArray[pInfo->EventPropertyInfoArray[i].countPropertyIndex].NameOffset), ULONG_MAX }; + PROPERTY_DATA_DESCRIPTOR data_desc = { (ULONGLONG)(reinterpret_cast(pInfo) + pInfo->EventPropertyInfoArray[pInfo->EventPropertyInfoArray[i].countPropertyIndex].NameOffset), ULONG_MAX }; vector count; if ((ulResult = TdhGetProperty(pEvent, 0, NULL, 1, &data_desc, count)) != ERROR_SUCCESS) return ulResult; @@ -1059,8 +1059,8 @@ static tstring PropertyToString(PEVENT_RECORD pEvent, PTRACE_EVENT_INFO pInfo, U if (out_nonfirst) out += _T(", "); else out_nonfirst = true; out += _T('('); for (USHORT j = pInfo->EventPropertyInfoArray[ulPropIndex].structType.StructStartIndex, usLastMember = pInfo->EventPropertyInfoArray[ulPropIndex].structType.StructStartIndex + pInfo->EventPropertyInfoArray[ulPropIndex].structType.NumOfStructMembers; j < usLastMember; j++) { - out += tstring_printf(_T("%ls: "), (LPBYTE)pInfo + pInfo->EventPropertyInfoArray[j].NameOffset); - out += PropertyToString(pEvent, pInfo, j, (LPWSTR)((LPBYTE)(pInfo) + pInfo->EventPropertyInfoArray[ulPropIndex].NameOffset), k, nPtrSize); + out += tstring_printf(_T("%ls: "), reinterpret_cast(pInfo) + pInfo->EventPropertyInfoArray[j].NameOffset); + out += PropertyToString(pEvent, pInfo, j, reinterpret_cast(reinterpret_cast(pInfo) + pInfo->EventPropertyInfoArray[ulPropIndex].NameOffset), k, nPtrSize); } out += _T(')'); } else { @@ -1078,12 +1078,12 @@ static tstring PropertyToString(PEVENT_RECORD pEvent, PTRACE_EVENT_INFO pInfo, U // The first descriptor in the array identifies the name of the structure and the second // descriptor defines the member of the structure whose data you want to retrieve. PROPERTY_DATA_DESCRIPTOR data_desc[2] = { - { (ULONGLONG)pStructureName , ulStructIndex }, - { (ULONGLONG)((LPBYTE)pInfo + pInfo->EventPropertyInfoArray[ulPropIndex].NameOffset), k } + { (ULONGLONG)pStructureName , ulStructIndex }, + { (ULONGLONG)(reinterpret_cast(pInfo) + pInfo->EventPropertyInfoArray[ulPropIndex].NameOffset), k } }; ulResult = TdhGetProperty(pEvent, 0, NULL, _countof(data_desc), data_desc, data); } else { - PROPERTY_DATA_DESCRIPTOR data_desc = { (ULONGLONG)((LPBYTE)pInfo + pInfo->EventPropertyInfoArray[ulPropIndex].NameOffset), k }; + PROPERTY_DATA_DESCRIPTOR data_desc = { (ULONGLONG)(reinterpret_cast(pInfo) + pInfo->EventPropertyInfoArray[ulPropIndex].NameOffset), k }; ulResult = TdhGetProperty(pEvent, 0, NULL, 1, &data_desc, data); } if (ulResult == ERROR_EVT_INVALID_EVENT_DATA) { @@ -1094,7 +1094,7 @@ static tstring PropertyToString(PEVENT_RECORD pEvent, PTRACE_EVENT_INFO pInfo, U // Get the name/value mapping if the property specifies a value map. unique_ptr map_info; - ulResult = TdhGetEventMapInformation(pEvent, (LPWSTR)((LPBYTE)pInfo + pInfo->EventPropertyInfoArray[ulPropIndex].nonStructType.MapNameOffset), map_info); + ulResult = TdhGetEventMapInformation(pEvent, reinterpret_cast(reinterpret_cast(pInfo) + pInfo->EventPropertyInfoArray[ulPropIndex].nonStructType.MapNameOffset), map_info); if (ulResult == ERROR_NOT_FOUND) { // name/value mapping not found. Not an error actually. assert(!map_info); @@ -1105,7 +1105,7 @@ static tstring PropertyToString(PEVENT_RECORD pEvent, PTRACE_EVENT_INFO pInfo, U // in the EVENT_MAP_ENTRY structure. Replace the trailing space with a null- // terminating character, so that the bit mapped strings are correctly formatted. for (ULONG i = 0; i < map_info->EntryCount; i++) { - LPWSTR str = (LPWSTR)((PBYTE)map_info.get() + map_info->MapEntryArray[i].OutputOffset); + LPWSTR str = reinterpret_cast((PBYTE)map_info.get() + map_info->MapEntryArray[i].OutputOffset); SIZE_T len = wcslen(str); if (len) str[len - 1] = 0; } diff --git a/lib/EAPBase/include/EAP.h b/lib/EAPBase/include/EAP.h index a732da8..23dd1a5 100644 --- a/lib/EAPBase/include/EAP.h +++ b/lib/EAPBase/include/EAP.h @@ -772,7 +772,7 @@ inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const unsigned int { eap::cursor_out::ptr_type ptr_end = cursor.ptr + sizeof(unsigned int); assert(ptr_end <= cursor.ptr_end); - *(unsigned int*)cursor.ptr = val; + *reinterpret_cast(cursor.ptr) = val; cursor.ptr = ptr_end; } @@ -788,7 +788,7 @@ inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ unsigned int &val) { eap::cursor_in::ptr_type ptr_end = cursor.ptr + sizeof(unsigned int); assert(ptr_end <= cursor.ptr_end); - val = *(unsigned int*)cursor.ptr; + val = *reinterpret_cast(cursor.ptr); cursor.ptr = ptr_end; } diff --git a/lib/EAPBase/include/Module.h b/lib/EAPBase/include/Module.h index d7d6c51..28ca9b4 100644 --- a/lib/EAPBase/include/Module.h +++ b/lib/EAPBase/include/Module.h @@ -330,12 +330,12 @@ namespace eap // Import the 256-bit AES session key. winstd::crypt_key key_aes; - if (!CryptImportKey(hProv, (LPCBYTE)data, 268, key_rsa, 0, &key_aes)) + if (!CryptImportKey(hProv, reinterpret_cast(data), 268, key_rsa, 0, &key_aes)) throw win_runtime_error(__FUNCTION__ " CryptImportKey failed."); // Decrypt the data using AES session key. std::vector > buf; - buf.assign((const unsigned char*)data + 268, (const unsigned char*)data + size); + buf.assign(reinterpret_cast(data) + 268, reinterpret_cast(data) + size); if (!CryptDecrypt(key_aes, hHash, TRUE, 0, buf)) throw win_runtime_error(__FUNCTION__ " CryptDecrypt failed."); @@ -412,7 +412,7 @@ namespace eap std::vector hash_bin; if (!CryptGetHashParam(hash, HP_HASHVAL, hash_bin, 0)) throw win_runtime_error(__FUNCTION__ " Calculating MD5 hash failed."); - if (memcmp((unsigned char*)data + enc_size, hash_bin.data(), dwHashSize) != 0) + if (memcmp(reinterpret_cast(data) + enc_size, hash_bin.data(), dwHashSize) != 0) throw invalid_argument(__FUNCTION__ " Invalid encrypted data."); return dec; diff --git a/lib/EAPBase/src/Config.cpp b/lib/EAPBase/src/Config.cpp index 017156c..f2e2928 100644 --- a/lib/EAPBase/src/Config.cpp +++ b/lib/EAPBase/src/Config.cpp @@ -242,9 +242,9 @@ eap::config_method_with_cred::config_method_with_cred(_In_ module &mod, _In_ uns eap::config_method_with_cred::config_method_with_cred(_In_ const config_method_with_cred &other) : - m_use_cred (other.m_use_cred ), - m_cred (other.m_cred ? (credentials*)other.m_cred->clone() : nullptr), - config_method(other ) + m_use_cred (other.m_use_cred ), + m_cred (other.m_cred ? dynamic_cast(other.m_cred->clone()) : nullptr), + config_method(other ) { } @@ -262,7 +262,7 @@ eap::config_method_with_cred& eap::config_method_with_cred::operator=(_In_ const if (this != &other) { (config_method&)*this = other; m_use_cred = other.m_use_cred; - m_cred.reset(other.m_cred ? (credentials*)other.m_cred->clone() : nullptr); + m_cred.reset(other.m_cred ? dynamic_cast(other.m_cred->clone()) : nullptr); } return *this; @@ -376,7 +376,7 @@ eap::config_provider::config_provider(_In_ const config_provider &other) : { m_methods.reserve(other.m_methods.size()); for (vector >::const_iterator method = other.m_methods.cbegin(), method_end = other.m_methods.cend(); method != method_end; ++method) - m_methods.push_back(std::move(unique_ptr(*method ? (config_method*)method->get()->clone() : nullptr))); + m_methods.push_back(std::move(unique_ptr(*method ? dynamic_cast(method->get()->clone()) : nullptr))); } @@ -415,7 +415,7 @@ eap::config_provider& eap::config_provider::operator=(_In_ const config_provider m_methods.clear(); m_methods.reserve(other.m_methods.size()); for (vector >::const_iterator method = other.m_methods.cbegin(), method_end = other.m_methods.cend(); method != method_end; ++method) - m_methods.push_back(std::move(unique_ptr(*method ? (config_method*)method->get()->clone() : nullptr))); + m_methods.push_back(std::move(unique_ptr(*method ? dynamic_cast(method->get()->clone()) : nullptr))); } return *this; diff --git a/lib/EAPBase/src/Credentials.cpp b/lib/EAPBase/src/Credentials.cpp index 3c02e29..7195ff4 100644 --- a/lib/EAPBase/src/Credentials.cpp +++ b/lib/EAPBase/src/Credentials.cpp @@ -363,8 +363,8 @@ void eap::credentials_pass::store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned in WideCharToMultiByte(CP_UTF8, 0, m_password.c_str(), (int)m_password.length(), cred_utf8, NULL, NULL); // Encrypt the password using user's key. - DATA_BLOB cred_blob = { (DWORD)cred_utf8.size() , (LPBYTE)cred_utf8.data() }; - DATA_BLOB entropy_blob = { sizeof(s_entropy), (LPBYTE)s_entropy }; + DATA_BLOB cred_blob = { (DWORD)cred_utf8.size() , const_cast(reinterpret_cast(cred_utf8.data())) }; + DATA_BLOB entropy_blob = { sizeof(s_entropy), const_cast( s_entropy ) }; data_blob cred_enc; if (!CryptProtectData(&cred_blob, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN, &cred_enc)) throw win_runtime_error(__FUNCTION__ " CryptProtectData failed."); @@ -375,18 +375,18 @@ void eap::credentials_pass::store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned in assert(cred_enc.cbData < CRED_MAX_CREDENTIAL_BLOB_SIZE); assert(m_identity.length() < CRED_MAX_USERNAME_LENGTH ); CREDENTIAL cred = { - 0, // Flags - CRED_TYPE_GENERIC, // Type - (LPTSTR)target.c_str(), // TargetName - _T(""), // Comment - { 0, 0 }, // LastWritten - cred_enc.cbData, // CredentialBlobSize - cred_enc.pbData, // CredentialBlob - CRED_PERSIST_ENTERPRISE, // Persist - 0, // AttributeCount - NULL, // Attributes - NULL, // TargetAlias - (LPTSTR)m_identity.c_str() // UserName + 0, // Flags + CRED_TYPE_GENERIC, // Type + const_cast(target.c_str()), // TargetName + _T(""), // Comment + { 0, 0 }, // LastWritten + cred_enc.cbData, // CredentialBlobSize + cred_enc.pbData, // CredentialBlob + CRED_PERSIST_ENTERPRISE, // Persist + 0, // AttributeCount + NULL, // Attributes + NULL, // TargetAlias + const_cast(m_identity.c_str()) // UserName }; if (!CredWrite(&cred, 0)) throw win_runtime_error(__FUNCTION__ " CredWrite failed."); @@ -403,14 +403,14 @@ void eap::credentials_pass::retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned throw win_runtime_error(__FUNCTION__ " CredRead failed."); // Decrypt the password using user's key. - DATA_BLOB cred_enc = { cred->CredentialBlobSize, cred->CredentialBlob }; - DATA_BLOB entropy_blob = { sizeof(s_entropy) , (LPBYTE)s_entropy }; + DATA_BLOB cred_enc = { cred->CredentialBlobSize, cred->CredentialBlob }; + DATA_BLOB entropy_blob = { sizeof(s_entropy) , const_cast(s_entropy) }; data_blob cred_int; if (!CryptUnprotectData(&cred_enc, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN | CRYPTPROTECT_VERIFY_PROTECTION, &cred_int)) throw win_runtime_error(__FUNCTION__ " CryptUnprotectData failed."); // Convert password from UTF-8. - MultiByteToWideChar(CP_UTF8, 0, (LPCSTR)cred_int.pbData, (int)cred_int.cbData, m_password); + MultiByteToWideChar(CP_UTF8, 0, reinterpret_cast(cred_int.pbData), (int)cred_int.cbData, m_password); SecureZeroMemory(cred_int.pbData, cred_int.cbData); if (cred->UserName) @@ -443,14 +443,14 @@ eap::credentials::source_t eap::credentials_pass::combine( { if (cred_cached) { // Using EAP service cached credentials. - *this = *(credentials_pass*)cred_cached; + *this = *dynamic_cast(cred_cached); m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED1, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_pass::get_name()), event_data::blank); return source_cache; } if (cfg.m_use_cred) { // Using configured credentials. - *this = *(credentials_pass*)cfg.m_cred.get(); + *this = *dynamic_cast(cfg.m_cred.get()); m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CONFIG1, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_pass::get_name()), event_data::blank); return source_config; } @@ -553,11 +553,11 @@ eap::credentials_connection::credentials_connection(_In_ module &mod, _In_ const eap::credentials_connection::credentials_connection(_In_ const credentials_connection &other) : - m_cfg (other.m_cfg ), - m_namespace(other.m_namespace), - m_id (other.m_id ), - m_cred (other.m_cred ? (credentials*)other.m_cred->clone() : nullptr), - config (other ) + m_cfg (other.m_cfg ), + m_namespace(other.m_namespace ), + m_id (other.m_id ), + m_cred (other.m_cred ? dynamic_cast(other.m_cred->clone()) : nullptr), + config (other ) { } @@ -578,7 +578,7 @@ eap::credentials_connection& eap::credentials_connection::operator=(_In_ const c (config&)*this = other; m_namespace = other.m_namespace; m_id = other.m_id; - m_cred.reset(other.m_cred ? (credentials*)other.m_cred->clone() : nullptr); + m_cred.reset(other.m_cred ? dynamic_cast(other.m_cred->clone()) : nullptr); } return *this; diff --git a/lib/EAPBase/src/Method.cpp b/lib/EAPBase/src/Method.cpp index c963bac..dec8775 100644 --- a/lib/EAPBase/src/Method.cpp +++ b/lib/EAPBase/src/Method.cpp @@ -169,13 +169,13 @@ void eap::method_noneap::append_avp(_In_ unsigned int code, _In_ unsigned char f // Diameter AVP header diameter_avp_header hdr; - *(unsigned int*)hdr.code = htonl(code); + *reinterpret_cast(hdr.code) = htonl(code); hdr.flags = flags; hton24(size_outer, hdr.length); - m_packet_res.insert(m_packet_res.end(), (unsigned char*)&hdr, (unsigned char*)(&hdr + 1)); + m_packet_res.insert(m_packet_res.end(), reinterpret_cast(&hdr), reinterpret_cast(&hdr + 1)); // Data - m_packet_res.insert(m_packet_res.end(), (unsigned char*)data, (unsigned char*)data + size); + m_packet_res.insert(m_packet_res.end(), reinterpret_cast(data), reinterpret_cast(data) + size); m_packet_res.insert(m_packet_res.end(), padding, 0); } @@ -195,13 +195,13 @@ void eap::method_noneap::append_avp(_In_ unsigned int code, _In_ unsigned int ve // Diameter AVP header diameter_avp_header_ven hdr; - *(unsigned int*)hdr.code = htonl(code); + *reinterpret_cast(hdr.code) = htonl(code); hdr.flags = flags | diameter_avp_flag_vendor; hton24(size_outer, hdr.length); - *(unsigned int*)hdr.vendor = htonl(vendor_id); - m_packet_res.insert(m_packet_res.end(), (unsigned char*)&hdr, (unsigned char*)(&hdr + 1)); + *reinterpret_cast(hdr.vendor) = htonl(vendor_id); + m_packet_res.insert(m_packet_res.end(), reinterpret_cast(&hdr), reinterpret_cast(&hdr + 1)); // Data - m_packet_res.insert(m_packet_res.end(), (unsigned char*)data, (unsigned char*)data + size); + m_packet_res.insert(m_packet_res.end(), reinterpret_cast(data), reinterpret_cast(data) + size); m_packet_res.insert(m_packet_res.end(), padding, 0); } diff --git a/lib/EAPBase/src/Module.cpp b/lib/EAPBase/src/Module.cpp index f6ab578..d5ffa63 100644 --- a/lib/EAPBase/src/Module.cpp +++ b/lib/EAPBase/src/Module.cpp @@ -69,13 +69,13 @@ EAP_ERROR* eap::module::make_error(_In_ DWORD dwErrorCode, _In_opt_z_ LPCWSTR ps pError->repairGuid = pRepairGuid != NULL ? *pRepairGuid : GUID_NULL; pError->helpLinkGuid = pHelpLinkGuid != NULL ? *pHelpLinkGuid : GUID_NULL; if (nRootCauseSize) { - pError->pRootCauseString = (LPWSTR)p; + pError->pRootCauseString = const_cast(reinterpret_cast(p)); memcpy(pError->pRootCauseString, pszRootCauseString, nRootCauseSize); p += nRootCauseSize; } else pError->pRootCauseString = NULL; if (nRepairStringSize) { - pError->pRepairString = (LPWSTR)p; + pError->pRepairString = const_cast(reinterpret_cast(p)); memcpy(pError->pRepairString, pszRepairString, nRepairStringSize); p += nRepairStringSize; } else @@ -201,7 +201,7 @@ std::vector eap::module::encrypt(_In_ HCRYPTPROV hProv, _In_bytec std::vector enc(buf.begin(), buf.end()); // Pre-allocate memory to allow space, as encryption will grow the data. - buf.assign((const unsigned char*)data, (const unsigned char*)data + size); + buf.assign(reinterpret_cast(data), reinterpret_cast(data) + size); DWORD dwBlockLen; if (!CryptGetKeyParam(key_aes, KP_BLOCKLEN, dwBlockLen, 0)) dwBlockLen = 0; buf.reserve((size + dwBlockLen) / dwBlockLen * dwBlockLen); diff --git a/lib/EAPBase_UI/include/EAP_UI.h b/lib/EAPBase_UI/include/EAP_UI.h index 006f538..8f424ae 100644 --- a/lib/EAPBase_UI/include/EAP_UI.h +++ b/lib/EAPBase_UI/include/EAP_UI.h @@ -248,7 +248,7 @@ protected: int idx = m_providers->GetSelection(); if (idx != wxNOT_FOUND) { - eap::config_provider &cfg_provider = ((_wxT*)m_providers->GetPage(idx))->GetProvider(); + eap::config_provider &cfg_provider = dynamic_cast<_wxT*>(m_providers->GetPage(idx))->GetProvider(); m_prov_remove->Enable(true); m_prov_advanced->Enable(!cfg_provider.m_read_only); } else { @@ -295,7 +295,7 @@ protected: wxEAPConfigDialogBase::OnProvRemove(event); int idx = m_providers->GetSelection(); - eap::config_provider &cfg_provider = ((_wxT*)m_providers->GetPage(idx))->GetProvider(); + eap::config_provider &cfg_provider = dynamic_cast<_wxT*>(m_providers->GetPage(idx))->GetProvider(); if (wxMessageBox(tstring_printf(_("Are you sure you want to permanently remove %ls provider from configuration?"), wxEAPGetProviderName(cfg_provider.m_name).c_str()), _("Warning"), wxYES_NO, this) == wxYES) { // Delete provider. @@ -317,7 +317,7 @@ protected: wxEAPConfigDialogBase::OnProvAdvanced(event); int idx = m_providers->GetSelection(); - eap::config_provider &cfg_provider = ((_wxT*)m_providers->GetPage(idx))->GetProvider(); + eap::config_provider &cfg_provider = dynamic_cast<_wxT*>(m_providers->GetPage(idx))->GetProvider(); wxEAPConfigProvider dlg(cfg_provider, this); if (dlg.ShowModal() == wxID_OK) diff --git a/lib/EAPBase_UI/src/EAP_UI.cpp b/lib/EAPBase_UI/src/EAP_UI.cpp index 04c6c5f..c88a458 100644 --- a/lib/EAPBase_UI/src/EAP_UI.cpp +++ b/lib/EAPBase_UI/src/EAP_UI.cpp @@ -455,7 +455,7 @@ eap::monitor_ui::monitor_ui(_In_ HINSTANCE module, _In_ const GUID &guid) : if (!wnd_class) throw win_runtime_error(__FUNCTION__ " Error registering master monitor window class."); tstring_guid guid_str(guid); - HWND hwnd_master = FindWindowEx(HWND_MESSAGE, NULL, (LPCTSTR)wnd_class, guid_str.c_str()); + HWND hwnd_master = FindWindowEx(HWND_MESSAGE, NULL, reinterpret_cast(wnd_class), guid_str.c_str()); if (hwnd_master) { // Another monitor is already running. m_is_master = false; @@ -484,18 +484,18 @@ eap::monitor_ui::monitor_ui(_In_ HINSTANCE module, _In_ const GUID &guid) : } m_hwnd = CreateWindowEx( - 0, // dwExStyle - (LPCTSTR)wnd_class, // lpClassName - guid_str.c_str(), // lpWindowName - 0, // dwStyle - 0, // x - 0, // y - 0, // nWidth - 0, // nHeight - HWND_MESSAGE, // hWndParent - NULL, // hMenu - module, // hInstance - this); // lpParam + 0, // dwExStyle + reinterpret_cast(wnd_class), // lpClassName + guid_str.c_str(), // lpWindowName + 0, // dwStyle + 0, // x + 0, // y + 0, // nWidth + 0, // nHeight + HWND_MESSAGE, // hWndParent + NULL, // hMenu + module, // hInstance + this); // lpParam if (!m_is_master) { // Notify master we are waiting him. @@ -575,7 +575,7 @@ LRESULT eap::monitor_ui::winproc( } else if (msg == s_msg_finish) { // Master finished. assert(!m_is_master); - m_data.assign((const unsigned char*)lparam, (const unsigned char*)lparam + wparam); + m_data.assign(reinterpret_cast(lparam), reinterpret_cast(lparam) + wparam); // Finish slave too. DestroyWindow(m_hwnd); diff --git a/lib/MSCHAPv2/src/MSCHAPv2.cpp b/lib/MSCHAPv2/src/MSCHAPv2.cpp index be11a7f..619ba31 100644 --- a/lib/MSCHAPv2/src/MSCHAPv2.cpp +++ b/lib/MSCHAPv2/src/MSCHAPv2.cpp @@ -45,7 +45,7 @@ crypt_key eap::create_des_key(_In_ HCRYPTPROV cp, _In_count_(size) const unsigne }; sanitizing_blob key_blob; key_blob.reserve(sizeof(key_blob_prefix) + 8); - key_blob.assign((const unsigned char*)&s_prefix, (const unsigned char*)(&s_prefix + 1)); + key_blob.assign(reinterpret_cast(&s_prefix), reinterpret_cast(&s_prefix + 1)); // Inject parity bits. unsigned char out = 0, parity = 1; @@ -215,7 +215,7 @@ eap::nt_response::nt_response( static const DWORD mode_ecb = CRYPT_MODE_ECB; // DesEncrypt(Challenge, 1st 7-octets of ZPasswordHash, giving 1st 8-octets of Response) - key = create_des_key(cp, (const unsigned char*)&hash_pwd, 7); + key = create_des_key(cp, reinterpret_cast(&hash_pwd), 7); if (!CryptSetKeyParam(key, KP_MODE, (const BYTE*)&mode_ecb, 0)) throw win_runtime_error(__FUNCTION__ " Error setting ECB mode."); memcpy(data, &challenge, 8); @@ -224,7 +224,7 @@ eap::nt_response::nt_response( throw win_runtime_error(__FUNCTION__ " Error encrypting message 1/3."); // DesEncrypt(Challenge, 2nd 7-octets of ZPasswordHash, giving 2nd 8-octets of Response) - key = create_des_key(cp, (const unsigned char*)&hash_pwd + 7, 7); + key = create_des_key(cp, reinterpret_cast(&hash_pwd) + 7, 7); if (!CryptSetKeyParam(key, KP_MODE, (const BYTE*)&mode_ecb, 0)) throw win_runtime_error(__FUNCTION__ " Error setting ECB mode."); memcpy(data + 8, &challenge, 8); @@ -233,7 +233,7 @@ eap::nt_response::nt_response( throw win_runtime_error(__FUNCTION__ " Error encrypting message 2/3."); // DesEncrypt(Challenge, 2nd 7-octets of ZPasswordHash, giving 2nd 8-octets of Response) - key = create_des_key(cp, (const unsigned char*)&hash_pwd + 14, 2); + key = create_des_key(cp, reinterpret_cast(&hash_pwd) + 14, 2); if (!CryptSetKeyParam(key, KP_MODE, (const BYTE*)&mode_ecb, 0)) throw win_runtime_error(__FUNCTION__ " Error setting ECB mode."); memcpy(data + 16, &challenge, 8); diff --git a/lib/MSCHAPv2/src/Method.cpp b/lib/MSCHAPv2/src/Method.cpp index d3794b8..646545c 100644 --- a/lib/MSCHAPv2/src/Method.cpp +++ b/lib/MSCHAPv2/src/Method.cpp @@ -119,14 +119,14 @@ void eap::method_mschapv2::process_request_packet( sizeof(nt_response)); // Response response.push_back(m_ident); response.push_back(0); // Flags - response.insert(response.end(), (unsigned char*)&m_challenge_client, (unsigned char*)(&m_challenge_client + 1)); // Peer-Challenge + response.insert(response.end(), reinterpret_cast(&m_challenge_client), reinterpret_cast(&m_challenge_client + 1)); // Peer-Challenge response.insert(response.end(), 8, 0); // Reserved - response.insert(response.end(), (unsigned char*)&m_nt_resp, (unsigned char*)(&m_nt_resp + 1)); // NT-Response + response.insert(response.end(), reinterpret_cast(&m_nt_resp), reinterpret_cast(&m_nt_resp + 1)); // NT-Response // Diameter AVP (User-Name=1, MS-CHAP-Challenge=11/311, MS-CHAP2-Response=25/311) - append_avp( 1, diameter_avp_flag_mandatory, identity_utf8.data(), (unsigned int)identity_utf8.size() ); - append_avp(11, 311, diameter_avp_flag_mandatory, (unsigned char*)&m_challenge_server , (unsigned int)sizeof(m_challenge_server)); - append_avp(25, 311, diameter_avp_flag_mandatory, response.data() , (unsigned int)response.size() ); + append_avp( 1, diameter_avp_flag_mandatory, identity_utf8.data(), (unsigned int)identity_utf8.size() ); + append_avp(11, 311, diameter_avp_flag_mandatory, reinterpret_cast(&m_challenge_server) , (unsigned int)sizeof(m_challenge_server)); + append_avp(25, 311, diameter_avp_flag_mandatory, response.data() , (unsigned int)response.size() ); m_phase = phase_challenge_server; m_cfg.m_last_status = config_method::status_cred_invalid; // Blame credentials if we fail beyond this point. @@ -154,22 +154,22 @@ void eap::method_mschapv2::process_packet(_In_bytecount_(size_pck) const void *_ sanitizing_blob data; wstring msg_w; - for (const unsigned char *pck = (const unsigned char*)_pck, *pck_end = pck + size_pck; pck < pck_end; ) { + for (const unsigned char *pck = reinterpret_cast(_pck), *pck_end = pck + size_pck; pck < pck_end; ) { if (pck + sizeof(diameter_avp_header) > pck_end) throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete message header."); - const diameter_avp_header *hdr = (const diameter_avp_header*)pck; - unsigned int code = ntohl(*(unsigned int*)hdr->code); + const diameter_avp_header *hdr = reinterpret_cast(pck); + unsigned int code = ntohl(*reinterpret_cast(hdr->code)); unsigned int vendor; const unsigned char *msg; if (hdr->flags & diameter_avp_flag_vendor) { if (pck + sizeof(diameter_avp_header_ven) > pck_end) throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete message header."); - const diameter_avp_header_ven *hdr_ven = (const diameter_avp_header_ven*)pck; - vendor = ntohl(*(unsigned int*)hdr_ven->vendor); - msg = (const unsigned char*)(hdr_ven + 1); + const diameter_avp_header_ven *hdr_ven = reinterpret_cast(pck); + vendor = ntohl(*reinterpret_cast(hdr_ven->vendor)); + msg = reinterpret_cast(hdr_ven + 1); } else { vendor = 0; - msg = (const unsigned char*)(hdr + 1); + msg = reinterpret_cast(hdr + 1); } unsigned int length = ntoh24(hdr->length); const unsigned char @@ -182,13 +182,13 @@ void eap::method_mschapv2::process_packet(_In_bytecount_(size_pck) const void *_ // MS-CHAP2-Success if (msg[0] != m_ident) throw invalid_argument(string_printf(__FUNCTION__ " Wrong MSCHAPv2 ident (expected: %u, received: %u).", m_ident, msg[0]).c_str()); - const char *str = (const char*)(msg + 1); - process_success(parse_response(str, ((const char*)msg_end - str))); + const char *str = reinterpret_cast(msg + 1); + process_success(parse_response(str, (reinterpret_cast(msg_end) - str))); } else if (code == 2 && vendor == 311) { // MS-CHAP2-Error m_ident = msg[0]; - const char *str = (const char*)(msg + 1); - process_error(parse_response(str, ((const char*)msg_end - str))); + const char *str = reinterpret_cast(msg + 1); + process_error(parse_response(str, (reinterpret_cast(msg_end) - str))); } else if (hdr->flags & diameter_avp_flag_mandatory) throw win_runtime_error(ERROR_NOT_SUPPORTED, string_printf(__FUNCTION__ " Server sent mandatory Diameter AVP we do not support (code: %u, vendor: %u).", code, vendor).c_str()); diff --git a/lib/TLS/src/Credentials.cpp b/lib/TLS/src/Credentials.cpp index c323ab7..7b76cb8 100644 --- a/lib/TLS/src/Credentials.cpp +++ b/lib/TLS/src/Credentials.cpp @@ -173,8 +173,8 @@ void eap::credentials_tls::store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int data_blob cred_enc; if (m_cert) { // Encrypt the certificate using user's key. - DATA_BLOB cred_blob = { m_cert->cbCertEncoded, m_cert->pbCertEncoded }; - DATA_BLOB entropy_blob = { sizeof(s_entropy) , (LPBYTE)s_entropy }; + DATA_BLOB cred_blob = { m_cert->cbCertEncoded, m_cert->pbCertEncoded }; + DATA_BLOB entropy_blob = { sizeof(s_entropy) , const_cast(s_entropy) }; if (!CryptProtectData(&cred_blob, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN, &cred_enc)) throw win_runtime_error(__FUNCTION__ " CryptProtectData failed."); } @@ -185,18 +185,18 @@ void eap::credentials_tls::store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int assert(cred_enc.cbData < CRED_MAX_CREDENTIAL_BLOB_SIZE); assert(m_identity.length() < CRED_MAX_USERNAME_LENGTH ); CREDENTIAL cred = { - 0, // Flags - CRED_TYPE_GENERIC, // Type - (LPTSTR)target.c_str(), // TargetName - _T(""), // Comment - { 0, 0 }, // LastWritten - cred_enc.cbData, // CredentialBlobSize - cred_enc.pbData, // CredentialBlob - CRED_PERSIST_ENTERPRISE, // Persist - 0, // AttributeCount - NULL, // Attributes - NULL, // TargetAlias - (LPTSTR)m_identity.c_str() // UserName + 0, // Flags + CRED_TYPE_GENERIC, // Type + const_cast(target.c_str()), // TargetName + _T(""), // Comment + { 0, 0 }, // LastWritten + cred_enc.cbData, // CredentialBlobSize + cred_enc.pbData, // CredentialBlob + CRED_PERSIST_ENTERPRISE, // Persist + 0, // AttributeCount + NULL, // Attributes + NULL, // TargetAlias + const_cast(m_identity.c_str()) // UserName }; if (!CredWrite(&cred, 0)) throw win_runtime_error(__FUNCTION__ " CredWrite failed."); @@ -214,8 +214,8 @@ void eap::credentials_tls::retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned if (cred->CredentialBlobSize) { // Decrypt the certificate using user's key. - DATA_BLOB cred_enc = { cred->CredentialBlobSize, cred->CredentialBlob }; - DATA_BLOB entropy_blob = { sizeof(s_entropy) , (LPBYTE)s_entropy }; + DATA_BLOB cred_enc = { cred->CredentialBlobSize, cred->CredentialBlob }; + DATA_BLOB entropy_blob = { sizeof(s_entropy) , const_cast(s_entropy) }; data_blob cred_int; if (!CryptUnprotectData(&cred_enc, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN | CRYPTPROTECT_VERIFY_PROTECTION, &cred_int)) throw win_runtime_error(__FUNCTION__ " CryptUnprotectData failed."); @@ -298,14 +298,14 @@ eap::credentials::source_t eap::credentials_tls::combine( { if (cred_cached) { // Using EAP service cached credentials. - *this = *(credentials_tls*)cred_cached; + *this = *dynamic_cast(cred_cached); m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED2, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data(pszTargetName), event_data::blank); return source_cache; } if (cfg.m_use_cred) { // Using configured credentials. - *this = *(credentials_tls*)cfg.m_cred.get(); + *this = *dynamic_cast(cfg.m_cred.get()); m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CONFIG2, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data(pszTargetName), event_data::blank); return source_config; } diff --git a/lib/TLS/src/Method.cpp b/lib/TLS/src/Method.cpp index b617c1a..f2397d8 100644 --- a/lib/TLS/src/Method.cpp +++ b/lib/TLS/src/Method.cpp @@ -376,8 +376,8 @@ void eap::method_tls::process_request_packet( // Derive master secret. static const unsigned char s_label[] = "master secret"; sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1); - seed.insert(seed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1)); - seed.insert(seed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1)); + seed.insert(seed.end(), reinterpret_cast(&m_random_client), reinterpret_cast(&m_random_client + 1)); + seed.insert(seed.end(), reinterpret_cast(&m_random_server), reinterpret_cast(&m_random_server + 1)); memcpy(&m_master_secret, prf(m_cp, m_alg_prf, pms, seed, sizeof(tls_master_secret)).data(), sizeof(tls_master_secret)); // Create client key exchange message, and append to packet. @@ -396,8 +396,8 @@ void eap::method_tls::process_request_packet( // Derive client side keys. static const unsigned char s_label[] = "key expansion"; sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1); - seed.insert(seed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1)); - seed.insert(seed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1)); + seed.insert(seed.end(), reinterpret_cast(&m_random_server), reinterpret_cast(&m_random_server + 1)); + seed.insert(seed.end(), reinterpret_cast(&m_random_client), reinterpret_cast(&m_random_client + 1)); sanitizing_blob key_block(prf(m_cp, m_alg_prf, m_master_secret, seed, 2*m_state_client_pending.m_size_mac_key + // client_write_MAC_secret & server_write_MAC_secret (SHA1) 2*m_state_client_pending.m_size_enc_key + // client_write_key & server_write_key @@ -518,9 +518,9 @@ void eap::method_tls::get_result( // Fill array with RADIUS attributes. eap_attr a; m_eap_attr.reserve(m_eap_attr.size() + 3); - a.create_ms_mppe_key(16, (LPCBYTE)&m_key_mppe_client, sizeof(tls_random)); + a.create_ms_mppe_key(16, reinterpret_cast(&m_key_mppe_client), sizeof(tls_random)); m_eap_attr.push_back(std::move(a)); - a.create_ms_mppe_key(17, (LPCBYTE)&m_key_mppe_server, sizeof(tls_random)); + a.create_ms_mppe_key(17, reinterpret_cast(&m_key_mppe_server), sizeof(tls_random)); m_eap_attr.push_back(std::move(a)); m_eap_attr.push_back(eap_attr::blank); @@ -552,7 +552,7 @@ void eap::method_tls::get_result( NULL, &buf_out_desc); if (SUCCEEDED(status)) - m_packet_res.m_data.insert(m_packet_res.m_data.end(), (const unsigned char*)buf_out[0].pvBuffer, (const unsigned char*)buf_out[0].pvBuffer + buf_out[0].cbBuffer); + m_packet_res.m_data.insert(m_packet_res.m_data.end(), reinterpret_cast(buf_out[0].pvBuffer), reinterpret_cast(buf_out[0].pvBuffer) + buf_out[0].cbBuffer); } #endif @@ -594,14 +594,14 @@ eap::sanitizing_blob eap::method_tls::make_client_hello() // SSL header assert(size_data <= 0xffffff); unsigned int ssl_header = htonl((tls_handshake_type_client_hello << 24) | (unsigned int)size_data); - msg.insert(msg.end(), (unsigned char*)&ssl_header, (unsigned char*)(&ssl_header + 1)); + msg.insert(msg.end(), reinterpret_cast(&ssl_header), reinterpret_cast(&ssl_header + 1)); // SSL version - msg.insert(msg.end(), (unsigned char*)&m_tls_version, (unsigned char*)(&m_tls_version + 1)); + msg.insert(msg.end(), reinterpret_cast(&m_tls_version), reinterpret_cast(&m_tls_version + 1)); // Generate client random and add it to the message m_random_client.randomize(m_cp); - msg.insert(msg.end(), (unsigned char*)&m_random_client, (unsigned char*)(&m_random_client + 1)); + msg.insert(msg.end(), reinterpret_cast(&m_random_client), reinterpret_cast(&m_random_client + 1)); // Session ID assert(m_session_id.size() <= 32); @@ -610,7 +610,7 @@ eap::sanitizing_blob eap::method_tls::make_client_hello() // Cypher suite list unsigned short size_cipher_suite2 = htons((unsigned short)sizeof(s_cipher_suite)); - msg.insert(msg.end(), (unsigned char*)&size_cipher_suite2, (unsigned char*)(&size_cipher_suite2 + 1)); + msg.insert(msg.end(), reinterpret_cast(&size_cipher_suite2), reinterpret_cast(&size_cipher_suite2 + 1)); msg.insert(msg.end(), s_cipher_suite, s_cipher_suite + _countof(s_cipher_suite)); // Compression @@ -638,7 +638,7 @@ eap::sanitizing_blob eap::method_tls::make_client_cert() const // SSL header assert(size_data <= 0xffffff); unsigned int ssl_header = htonl((tls_handshake_type_certificate << 24) | (unsigned int)size_data); - msg.insert(msg.end(), (unsigned char*)&ssl_header, (unsigned char*)(&ssl_header + 1)); + msg.insert(msg.end(), reinterpret_cast(&ssl_header), reinterpret_cast(&ssl_header + 1)); // List size assert(size_list <= 0xffffff); @@ -663,7 +663,7 @@ eap::sanitizing_blob eap::method_tls::make_client_cert() const eap::sanitizing_blob eap::method_tls::make_client_key_exchange(_In_ const tls_master_secret &pms) const { // Encrypt pre-master key with server public key first. - sanitizing_blob pms_enc((const unsigned char*)&pms, (const unsigned char*)(&pms + 1)); + sanitizing_blob pms_enc(reinterpret_cast(&pms), reinterpret_cast(&pms + 1)); crypt_key key; if (!key.import_public(m_cp_enc_client, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, &(m_server_cert_chain.front()->pCertInfo->SubjectPublicKeyInfo))) throw win_runtime_error(__FUNCTION__ " Error importing server's public key."); @@ -681,7 +681,7 @@ eap::sanitizing_blob eap::method_tls::make_client_key_exchange(_In_ const tls_ma // SSL header assert(size_data <= 0xffffff); unsigned int ssl_header = htonl((tls_handshake_type_client_key_exchange << 24) | (unsigned int)size_data); - msg.insert(msg.end(), (unsigned char*)&ssl_header, (unsigned char*)(&ssl_header + 1)); + msg.insert(msg.end(), reinterpret_cast(&ssl_header), reinterpret_cast(&ssl_header + 1)); // Encrypted pre master secret size assert(size_pms_enc <= 0xffff); @@ -707,7 +707,7 @@ eap::sanitizing_blob eap::method_tls::make_finished() const // SSL header unsigned int ssl_header = htonl((unsigned int)(tls_handshake_type_finished << 24) | 12); - msg.insert(msg.end(), (unsigned char*)&ssl_header, (unsigned char*)(&ssl_header + 1)); + msg.insert(msg.end(), reinterpret_cast(&ssl_header), reinterpret_cast(&ssl_header + 1)); // Create label + hash MD5 + hash SHA-1 seed. crypt_hash hash; @@ -760,7 +760,7 @@ eap::sanitizing_blob eap::method_tls::make_message(_In_ tls_message_type_t type, sanitizing_blob msg; msg.reserve(sizeof(message_header) + size_data); - msg.assign((const unsigned char*)&hdr, (const unsigned char*)(&hdr + 1)); + msg.assign(reinterpret_cast(&hdr), reinterpret_cast(&hdr + 1)); msg.insert(msg.end(), data.begin(), data.end()); return msg; } @@ -774,8 +774,8 @@ void eap::method_tls::derive_msk() #if EAP_TLS < EAP_TLS_SCHANNEL static const unsigned char s_label[] = "client EAP encryption"; sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1); - seed.insert(seed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1)); - seed.insert(seed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1)); + seed.insert(seed.end(), reinterpret_cast(&m_random_client), reinterpret_cast(&m_random_client + 1)); + seed.insert(seed.end(), reinterpret_cast(&m_random_server), reinterpret_cast(&m_random_server + 1)); sanitizing_blob key_block(prf(m_cp, m_alg_prf, m_master_secret, seed, 2*sizeof(tls_random))); _key_block = key_block.data(); #else @@ -808,13 +808,13 @@ void eap::method_tls::process_packet(_In_bytecount_(size_pck) const void *_pck, { sanitizing_blob data; - for (const unsigned char *pck = (const unsigned char*)_pck, *pck_end = pck + size_pck; pck < pck_end; ) { + for (const unsigned char *pck = reinterpret_cast(_pck), *pck_end = pck + size_pck; pck < pck_end; ) { if (pck + 5 > pck_end) throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete message header."); const message_header *hdr = (const message_header*)pck; const unsigned char - *msg = (const unsigned char*)(hdr + 1), - *msg_end = msg + ntohs(*(unsigned short*)hdr->length); + *msg = reinterpret_cast(hdr + 1), + *msg_end = msg + ntohs(*reinterpret_cast(hdr->length)); if (msg_end > pck_end) throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete message data."); @@ -870,7 +870,7 @@ void eap::method_tls::process_change_cipher_spec(_In_bytecount_(size_msg) const if (size_msg < 1) throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete change cipher spec."); - const unsigned char *msg = (const unsigned char*)_msg; + const unsigned char *msg = reinterpret_cast(_msg); if (msg[0] != 1) throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, string_printf(__FUNCTION__ " Invalid change cipher spec message (expected 1, received %u).", msg[0])); @@ -885,8 +885,8 @@ void eap::method_tls::process_change_cipher_spec(_In_bytecount_(size_msg) const static const unsigned char s_label[] = "key expansion"; sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1); - seed.insert(seed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1)); - seed.insert(seed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1)); + seed.insert(seed.end(), reinterpret_cast(&m_random_server), reinterpret_cast(&m_random_server + 1)); + seed.insert(seed.end(), reinterpret_cast(&m_random_client), reinterpret_cast(&m_random_client + 1)); sanitizing_blob key_block(prf(m_cp, m_alg_prf, m_master_secret, seed, 2*m_state_server_pending.m_size_mac_key + // client_write_MAC_secret & server_write_MAC_secret (SHA1) 2*m_state_server_pending.m_size_enc_key + // client_write_key & server_write_key @@ -928,7 +928,7 @@ void eap::method_tls::process_alert(_In_bytecount_(size_msg) const void *_msg, _ if (size_msg < 2) throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete alert."); - const unsigned char *msg = (const unsigned char*)_msg; + const unsigned char *msg = reinterpret_cast(_msg); m_module.log_event(&EAPMETHOD_TLS_ALERT, event_data((unsigned int)eap_type_tls), event_data((unsigned char)msg[0]), event_data((unsigned char)msg[1]), event_data::blank); @@ -941,11 +941,11 @@ void eap::method_tls::process_alert(_In_bytecount_(size_msg) const void *_msg, _ void eap::method_tls::process_handshake(_In_bytecount_(size_msg) const void *_msg, _In_ size_t size_msg) { - for (const unsigned char *msg = (const unsigned char*)_msg, *msg_end = msg + size_msg; msg < msg_end; ) { + for (const unsigned char *msg = reinterpret_cast(_msg), *msg_end = msg + size_msg; msg < msg_end; ) { // Parse record header. if (msg + sizeof(unsigned int) > msg_end) throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete record header."); - unsigned int hdr = ntohl(*(unsigned int*)msg); + unsigned int hdr = ntohl(*reinterpret_cast(msg)); const unsigned char *rec = msg + sizeof(unsigned int), *rec_end = rec + (hdr & 0xffffff); @@ -959,9 +959,9 @@ void eap::method_tls::process_handshake(_In_bytecount_(size_msg) const void *_ms // TLS version if (rec + 2 > rec_end) throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Server SSL/TLS version missing or incomplete."); - else if (*(tls_version*)rec < tls_version_1_0 || m_tls_version < *(tls_version*)rec) + else if (*reinterpret_cast(rec) < tls_version_1_0 || m_tls_version < *reinterpret_cast(rec)) throw win_runtime_error(ERROR_NOT_SUPPORTED, __FUNCTION__ " Unsupported SSL/TLS version."); - m_tls_version = *(tls_version*)rec; + m_tls_version = *reinterpret_cast(rec); m_alg_prf = m_tls_version < tls_version_1_2 ? CALG_TLS1PRF : CALG_SHA_256; rec += 2; @@ -1171,7 +1171,7 @@ void eap::method_tls::process_handshake() // Send Schannel's token via EAP. assert(buf_out[0].BufferType == SECBUFFER_TOKEN); assert(m_sc_ctx.m_attrib & ISC_RET_ALLOCATED_MEMORY); - m_packet_res.m_data.assign((const unsigned char*)buf_out[0].pvBuffer, (const unsigned char*)buf_out[0].pvBuffer + buf_out[0].cbBuffer); + m_packet_res.m_data.assign(reinterpret_cast(buf_out[0].pvBuffer), reinterpret_cast(buf_out[0].pvBuffer) + buf_out[0].cbBuffer); if (buf_in[1].BufferType == SECBUFFER_EXTRA) { // Server appended extra data. m_sc_queue.erase(m_sc_queue.begin(), m_sc_queue.end() - buf_in[1].cbBuffer); @@ -1217,7 +1217,7 @@ void eap::method_tls::process_handshake() // Send alert via EAP. Not that EAP will transmit it once we throw this is an error... assert(buf_out[1].BufferType == SECBUFFER_ALERT); assert(m_sc_ctx.m_attrib & ISC_RET_ALLOCATED_MEMORY); - m_packet_res.m_data.assign((const unsigned char*)buf_out[1].pvBuffer, (const unsigned char*)buf_out[1].pvBuffer + buf_out[1].cbBuffer); + m_packet_res.m_data.assign(reinterpret_cast(buf_out[1].pvBuffer), reinterpret_cast(buf_out[1].pvBuffer) + buf_out[1].cbBuffer); } throw sec_runtime_error(status, __FUNCTION__ " Schannel error."); @@ -1265,7 +1265,7 @@ void eap::method_tls::process_application_data() std::vector extra; for (size_t i = 0; i < _countof(buf); i++) if (buf[i].BufferType == SECBUFFER_EXTRA) - extra.insert(extra.end(), (unsigned char*)buf[i].pvBuffer, (unsigned char*)buf[i].pvBuffer + buf[i].cbBuffer); + extra.insert(extra.end(), reinterpret_cast(buf[i].pvBuffer), reinterpret_cast(buf[i].pvBuffer) + buf[i].cbBuffer); m_sc_queue = std::move(extra); } else if (status == SEC_E_INCOMPLETE_MESSAGE) { // Schannel neeeds more data. Send ACK packet to server to send more. @@ -1647,7 +1647,7 @@ eap::sanitizing_blob eap::method_tls::prf( size_S2 = size_S1; const void *S1 = &secret, - *S2 = (const unsigned char*)&secret + (sizeof(tls_master_secret) - size_S2); + *S2 = reinterpret_cast(&secret) + (sizeof(tls_master_secret) - size_S2); // Precalculate HMAC padding for speed. hmac_padding @@ -1656,8 +1656,8 @@ eap::sanitizing_blob eap::method_tls::prf( // Prepare A for p_hash. sanitizing_blob - A1((unsigned char*)seed, (unsigned char*)seed + size_seed), - A2((unsigned char*)seed, (unsigned char*)seed + size_seed); + A1(reinterpret_cast(seed), reinterpret_cast(seed) + size_seed), + A2(reinterpret_cast(seed), reinterpret_cast(seed) + size_seed); sanitizing_blob hmac1, @@ -1706,7 +1706,7 @@ eap::sanitizing_blob eap::method_tls::prf( hmac_padding padding(cp, alg, &secret, sizeof(tls_master_secret)); // Prepare A for p_hash. - sanitizing_blob A((unsigned char*)seed, (unsigned char*)seed + size_seed); + sanitizing_blob A(reinterpret_cast(seed), reinterpret_cast(seed) + size_seed); sanitizing_blob hmac; for (size_t i = 0; i < size; ) { @@ -1759,8 +1759,8 @@ HCRYPTKEY eap::method_tls::create_key( }; sanitizing_blob key_blob; key_blob.reserve(sizeof(key_blob_prefix) + size_secret); - key_blob.assign((const unsigned char*)&prefix, (const unsigned char*)(&prefix + 1)); - key_blob.insert(key_blob.end(), (const unsigned char*)secret, (const unsigned char*)secret + size_secret); + key_blob.assign( reinterpret_cast(&prefix), reinterpret_cast(&prefix + 1)); + key_blob.insert(key_blob.end(), reinterpret_cast( secret), reinterpret_cast(secret) + size_secret); // Import the key. winstd::crypt_key key_out; @@ -1795,7 +1795,7 @@ HCRYPTKEY eap::method_tls::create_key( #pragma pack(pop) sanitizing_blob key_blob; key_blob.reserve(sizeof(key_blob_prefix) + size_key); - key_blob.assign((const unsigned char*)&prefix, (const unsigned char*)(&prefix + 1)); + key_blob.assign(reinterpret_cast(&prefix), reinterpret_cast(&prefix + 1)); // Key in EME-PKCS1-v1_5 (RFC 3447). key_blob.push_back(0); // Initial zero @@ -1818,7 +1818,7 @@ HCRYPTKEY eap::method_tls::create_key( key_blob.push_back(0); // PS and M zero delimiter // M - key_blob.insert(key_blob.end(), (const unsigned char*)secret, (const unsigned char*)secret + size_secret); + key_blob.insert(key_blob.end(), reinterpret_cast(secret), reinterpret_cast(secret) + size_secret); #ifdef _HOST_LOW_ENDIAN std::reverse(key_blob.end() - size_key, key_blob.end()); diff --git a/lib/TLS/src/TLS.cpp b/lib/TLS/src/TLS.cpp index f4ff6a7..c511951 100644 --- a/lib/TLS/src/TLS.cpp +++ b/lib/TLS/src/TLS.cpp @@ -496,11 +496,11 @@ bool eap::packet_tls::append_frag(_In_ const EapPacket *pck) if (pck->Data[1] & flags_req_length_incl) { // Length field is included. packet_data_ptr = pck->Data + 6; - size_packet_data = ntohs(*(unsigned short*)pck->Length) - 10; + size_packet_data = ntohs(*reinterpret_cast(pck->Length)) - 10; } else { // Length field not included. packet_data_ptr = pck->Data + 2; - size_packet_data = ntohs(*(unsigned short*)pck->Length) - 6; + size_packet_data = ntohs(*reinterpret_cast(pck->Length)) - 6; } // Do the EAP-TLS defragmentation. @@ -509,7 +509,7 @@ bool eap::packet_tls::append_frag(_In_ const EapPacket *pck) // Start a new packet. if (pck->Data[1] & flags_req_length_incl) { // Preallocate data according to the Length field. - size_t size_tot = ntohl(*(unsigned int*)(pck->Data + 2)); + size_t size_tot = ntohl(*reinterpret_cast(pck->Data + 2)); m_data.reserve(size_tot); //m_module.log_event(&EAPMETHOD_PACKET_RECV_FRAG_FIRST, event_data((unsigned int)eap_type_tls), event_data((unsigned int)size_packet_data), event_data((unsigned int)size_tot), event_data::blank); } else { @@ -561,7 +561,7 @@ unsigned short eap::packet_tls::get_frag(_Out_bytecap_(size_pck) EapPacket *pck, } else { // But it should be fragmented. m_flags |= flags_res_length_incl | flags_res_more_frag; - *(unsigned int*)(pck->Data + 2) = htonl(size_packet); + *reinterpret_cast(pck->Data + 2) = htonl(size_packet); data_dst = pck->Data + 6; size_data = size_packet_limit - 10; size_packet = size_packet_limit; @@ -585,7 +585,7 @@ unsigned short eap::packet_tls::get_frag(_Out_bytecap_(size_pck) EapPacket *pck, pck->Code = (BYTE)m_code; pck->Id = m_id; - *(unsigned short*)pck->Length = htons((unsigned short)size_packet); + *reinterpret_cast(pck->Length) = htons((unsigned short)size_packet); pck->Data[0] = (BYTE)eap_type_tls; pck->Data[1] = m_flags; memcpy(data_dst, m_data.data(), size_data); diff --git a/lib/TLS_UI/src/TLS_UI.cpp b/lib/TLS_UI/src/TLS_UI.cpp index ff9572f..a9e1bd0 100644 --- a/lib/TLS_UI/src/TLS_UI.cpp +++ b/lib/TLS_UI/src/TLS_UI.cpp @@ -521,7 +521,7 @@ void wxTLSServerTrustPanel::OnRootCAAddFile(wxCommandEvent& event) for (size_t i = 0, i_end = paths.GetCount(); i < i_end; i++) { // Load certificate(s) from file. winstd::cert_store cs; - if (cs.create(CERT_STORE_PROV_FILENAME, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, NULL, CERT_STORE_OPEN_EXISTING_FLAG | CERT_STORE_READONLY_FLAG, (LPCTSTR)(paths[i]))) { + if (cs.create(CERT_STORE_PROV_FILENAME, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, NULL, CERT_STORE_OPEN_EXISTING_FLAG | CERT_STORE_READONLY_FLAG, paths[i])) { for (PCCERT_CONTEXT cert = NULL; (cert = CertEnumCertificatesInStore(cs, cert)) != NULL;) AddRootCA(cert); } else diff --git a/lib/TTLS/src/Config.cpp b/lib/TTLS/src/Config.cpp index 53764b9..6df8fe5 100644 --- a/lib/TTLS/src/Config.cpp +++ b/lib/TTLS/src/Config.cpp @@ -38,7 +38,7 @@ eap::config_method_ttls::config_method_ttls(_In_ module &mod, _In_ unsigned int eap::config_method_ttls::config_method_ttls(const _In_ config_method_ttls &other) : - m_inner(other.m_inner ? (config_method_with_cred*)other.m_inner->clone() : nullptr), + m_inner(other.m_inner ? dynamic_cast(other.m_inner->clone()) : nullptr), m_anonymous_identity(other.m_anonymous_identity), config_method_tls(other) { @@ -57,7 +57,7 @@ eap::config_method_ttls& eap::config_method_ttls::operator=(const _In_ config_me { if (this != &other) { (config_method_tls&)*this = other; - m_inner.reset(other.m_inner ? (config_method_with_cred*)other.m_inner->clone() : nullptr); + m_inner.reset(other.m_inner ? dynamic_cast(other.m_inner->clone()) : nullptr); m_anonymous_identity = other.m_anonymous_identity; } diff --git a/lib/TTLS/src/Credentials.cpp b/lib/TTLS/src/Credentials.cpp index cb3ead9..7989993 100644 --- a/lib/TTLS/src/Credentials.cpp +++ b/lib/TTLS/src/Credentials.cpp @@ -35,7 +35,7 @@ eap::credentials_ttls::credentials_ttls(_In_ module &mod) : eap::credentials_ttls::credentials_ttls(_In_ const credentials_ttls &other) : - m_inner(other.m_inner ? (credentials*)other.m_inner->clone() : nullptr), + m_inner(other.m_inner ? dynamic_cast(other.m_inner->clone()) : nullptr), credentials_tls(other) { } @@ -52,7 +52,7 @@ eap::credentials_ttls& eap::credentials_ttls::operator=(_In_ const credentials_t { if (this != &other) { (credentials_tls&)*this = other; - m_inner.reset(other.m_inner ? (credentials*)other.m_inner->clone() : nullptr); + m_inner.reset(other.m_inner ? dynamic_cast(other.m_inner->clone()) : nullptr); } return *this; diff --git a/lib/TTLS/src/Method.cpp b/lib/TTLS/src/Method.cpp index 1bb4806..8a8b968 100644 --- a/lib/TTLS/src/Method.cpp +++ b/lib/TTLS/src/Method.cpp @@ -157,8 +157,8 @@ void eap::method_ttls::derive_msk() // static const unsigned char s_label[] = "ttls keying material"; sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1); - seed.insert(seed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1)); - seed.insert(seed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1)); + seed.insert(seed.end(), reinterpret_cast(&m_random_client), reinterpret_cast(&m_random_client + 1)); + seed.insert(seed.end(), reinterpret_cast(&m_random_server), reinterpret_cast(&m_random_server + 1)); sanitizing_blob key_block(prf(m_cp, CALG_TLS1PRF, m_master_secret, seed, 2*sizeof(tls_random))); _key_block = key_block.data(); #else @@ -197,8 +197,8 @@ void eap::method_ttls::derive_challenge() #if EAP_TLS < EAP_TLS_SCHANNEL static const unsigned char s_label[] = "ttls challenge"; sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1); - seed.insert(seed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1)); - seed.insert(seed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1)); + seed.insert(seed.end(), reinterpret_cast(&m_random_client), reinterpret_cast(&m_random_client + 1)); + seed.insert(seed.end(), reinterpret_cast(&m_random_server), reinterpret_cast(&m_random_server + 1)); sanitizing_blob keying(prf(m_cp, CALG_TLS1PRF, m_master_secret, seed, sizeof(challenge_mschapv2) + 1)); memcpy(&inner_mschapv2->m_challenge_server, keying.data(), sizeof(challenge_mschapv2)); inner_mschapv2->m_ident = keying[sizeof(challenge_mschapv2) + 0]; @@ -294,7 +294,7 @@ void eap::method_ttls::process_application_data(_In_bytecount_(size_msg) const v status = EncryptMessage(m_sc_ctx, 0, &buf_desc, 0); if (FAILED(status)) throw sec_runtime_error(status, __FUNCTION__ " Error encrypting message."); - m_packet_res.m_data.insert(m_packet_res.m_data.end(), (const unsigned char*)buf[0].pvBuffer, (const unsigned char*)buf[0].pvBuffer + buf[0].cbBuffer + buf[1].cbBuffer + buf[2].cbBuffer); + m_packet_res.m_data.insert(m_packet_res.m_data.end(), reinterpret_cast(buf[0].pvBuffer), reinterpret_cast(buf[0].pvBuffer) + buf[0].cbBuffer + buf[1].cbBuffer + buf[2].cbBuffer); #endif } else { // Empty packets represent ACK message, and are not encrypted. diff --git a/lib/WinStd b/lib/WinStd index 129b9c9..3b4448d 160000 --- a/lib/WinStd +++ b/lib/WinStd @@ -1 +1 @@ -Subproject commit 129b9c9a10c2145235e8f447706875dcafa4a4a3 +Subproject commit 3b4448dcf4f2cfd54dc40be1ef262835ac532550 diff --git a/lib/wxExtend b/lib/wxExtend index e9dd2b7..2e3e188 160000 --- a/lib/wxExtend +++ b/lib/wxExtend @@ -1 +1 @@ -Subproject commit e9dd2b7ae5faae80f2a5c785b6def4ad6f3aba21 +Subproject commit 2e3e188026b7e6845e9e2b5552faf7589d25cbfc