Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

ID 3. C style pointer casting from security audit fixed

Browse Source
This commit is contained in:
Simon Rozman
2016-10-03 11:40:30 +02:00
parent c768b44c56
commit c0b51f767c
20 changed files with 178 additions and 178 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/EAPBase/include/EAP.h
View File

@@ -772,7 +772,7 @@ inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const unsigned int
{
eap::cursor_out::ptr_type ptr_end = cursor.ptr + sizeof(unsigned int);
assert(ptr_end <= cursor.ptr_end);
*(unsigned int*)cursor.ptr = val;
*reinterpret_cast<unsigned int*>(cursor.ptr) = val;
cursor.ptr = ptr_end;
}
@@ -788,7 +788,7 @@ inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ unsigned int &val)
{
eap::cursor_in::ptr_type ptr_end = cursor.ptr + sizeof(unsigned int);
assert(ptr_end <= cursor.ptr_end);
val = *(unsigned int*)cursor.ptr;
val = *reinterpret_cast<const unsigned int*>(cursor.ptr);
cursor.ptr = ptr_end;
}

6
lib/EAPBase/include/Module.h
View File

@@ -330,12 +330,12 @@ namespace eap
// Import the 256-bit AES session key.
winstd::crypt_key key_aes;
if (!CryptImportKey(hProv, (LPCBYTE)data, 268, key_rsa, 0, &key_aes))
if (!CryptImportKey(hProv, reinterpret_cast<LPCBYTE>(data), 268, key_rsa, 0, &key_aes))
throw win_runtime_error(__FUNCTION__ " CryptImportKey failed.");
// Decrypt the data using AES session key.
std::vector<unsigned char, winstd::sanitizing_allocator<unsigned char> > buf;
buf.assign((const unsigned char*)data + 268, (const unsigned char*)data + size);
buf.assign(reinterpret_cast<const unsigned char*>(data) + 268, reinterpret_cast<const unsigned char*>(data) + size);
if (!CryptDecrypt(key_aes, hHash, TRUE, 0, buf))
throw win_runtime_error(__FUNCTION__ " CryptDecrypt failed.");
@@ -412,7 +412,7 @@ namespace eap
std::vector<unsigned char> hash_bin;
if (!CryptGetHashParam(hash, HP_HASHVAL, hash_bin, 0))
throw win_runtime_error(__FUNCTION__ " Calculating MD5 hash failed.");
if (memcmp((unsigned char*)data + enc_size, hash_bin.data(), dwHashSize) != 0)
if (memcmp(reinterpret_cast<const unsigned char*>(data) + enc_size, hash_bin.data(), dwHashSize) != 0)
throw invalid_argument(__FUNCTION__ " Invalid encrypted data.");
return dec;