commons-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mt...@apache.org
Subject svn commit: r815345 - /commons/sandbox/runtime/trunk/src/main/native/os/win32/signals.c
Date Tue, 15 Sep 2009 14:30:35 GMT
Author: mturk
Date: Tue Sep 15 14:30:35 2009
New Revision: 815345

URL: http://svn.apache.org/viewvc?rev=815345&view=rev
Log:
Store the key as hashed with pid value. Increases the security a bit

Modified:
    commons/sandbox/runtime/trunk/src/main/native/os/win32/signals.c

Modified: commons/sandbox/runtime/trunk/src/main/native/os/win32/signals.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/os/win32/signals.c?rev=815345&r1=815344&r2=815345&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/os/win32/signals.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/os/win32/signals.c Tue Sep 15 14:30:35 2009
@@ -63,7 +63,7 @@
 
 static HANDLE   sig_pipe_handle = INVALID_HANDLE_VALUE;
 static wchar_t  sig_pipe_name[64];
-static wchar_t  sig_pipe_salt[64];
+static BYTE     sig_pipe_salt[ACR_SHA1_DIGEST_LENGTH];
 
 typedef struct sig_pipe_data_t {
     OVERLAPPED    ctx;
@@ -71,7 +71,7 @@
     HANDLE        pipe;
 } sig_pipe_data_t;
 
-static void make_security_cookie(acr_sig_msg_t *msg, const wchar_t *salt,
+static void make_security_cookie(acr_sig_msg_t *msg, const wchar_t *key,
                                  DWORD sn, DWORD to)
 {
     acr_sha1_ctx_t sha;
@@ -79,8 +79,15 @@
     acr_uint32_t tc = GetTickCount();
 
     ACR_SHA1Init(&sha);
-    if (salt && *salt)
-        ACR_SHA1UpdateW(&sha, salt, wcslen(salt));
+    if (key && *key) {
+        acr_sha1_ctx_t sk;
+        unsigned char salt[ACR_SHA1_DIGEST_LENGTH];
+        ACR_SHA1Init(&sk);
+        ACR_SHA1UpdateW(&sk, key, wcslen(key));
+        ACR_SHA1Update(&sk, (unsigned char *)&to, sizeof(acr_uint32_t));
+        ACR_SHA1Final(salt, &sk);
+        ACR_SHA1Update(&sha, salt, ACR_SHA1_DIGEST_LENGTH);
+    }
     ACR_SHA1Update(&sha, (unsigned char *)&sn, sizeof(acr_uint32_t));
     ACR_SHA1Update(&sha, (unsigned char *)&me, sizeof(acr_uint32_t));
     ACR_SHA1Update(&sha, (unsigned char *)&tc, sizeof(acr_uint32_t));
@@ -92,15 +99,15 @@
     msg->ticket = tc;
 }
 
-static int verify_security_cookie(acr_sig_msg_t *msg, const wchar_t *salt)
+static int verify_security_cookie(acr_sig_msg_t *msg)
 {
     unsigned char  digest[ACR_SHA1_DIGEST_LENGTH];
     acr_sha1_ctx_t sha;
     acr_uint32_t me = GetCurrentProcessId();
 
     ACR_SHA1Init(&sha);
-    if (salt && *salt)
-        ACR_SHA1UpdateW(&sha, salt, wcslen(salt));
+    if (sig_pipe_salt[0] && sig_pipe_salt[1])
+        ACR_SHA1Update(&sha, sig_pipe_salt, ACR_SHA1_DIGEST_LENGTH);
 
     ACR_SHA1Update(&sha, (unsigned char *)&(msg->signal), sizeof(acr_uint32_t));
     ACR_SHA1Update(&sha, (unsigned char *)&(msg->sender), sizeof(acr_uint32_t));
@@ -229,7 +236,7 @@
     BOOL ws = FALSE;
 
     if ((err == 0) && (nread == (DWORD)sizeof(acr_sig_msg_t))) {
-        if (verify_security_cookie(&pd->msg, sig_pipe_salt)) {
+        if (verify_security_cookie(&pd->msg)) {
             /* Invalid message signature.
              */
 #if defined(DEBUG)
@@ -481,7 +488,7 @@
     if (IS_INVALID_HANDLE(sig_raised_event))
         return ACR_GET_OS_ERROR();
 
-    
+
     for (i = 0; i < ACR_NUMSIG; i++)
         signal_handlers[i] = SIG_IGN;
     signal_handlers[SIGBUS]  = default_signal_handler;
@@ -633,3 +640,18 @@
         return ACR_GET_OS_ERROR();
     }
 }
+
+ACR_DECLARE(int) ACR_SignalSetKey(const wchar_t *key)
+{
+    acr_sha1_ctx_t sha;
+    acr_uint32_t me = GetCurrentProcessId();
+
+    if (!key || !*key)
+        return ACR_EINVAL;
+    ACR_SHA1Init(&sha);
+    ACR_SHA1UpdateW(&sha, key, wcslen(key));
+    ACR_SHA1Update(&sha, (unsigned char *)&me, sizeof(acr_uint32_t));
+    ACR_SHA1Final(sig_pipe_salt, &sha);
+
+    return 0;
+}



Mime
View raw message