forked from Mirrors/freeswitch
[mod_http_cache] Handle error cases to avoid using uninitialized variables in aws logic.
This commit is contained in:
parent
4aa1c1736f
commit
cfdd1d9be8
@ -144,10 +144,12 @@ static char* aws_s3_signature_key(char* key_signing, switch_aws_s3_profile* aws_
|
|||||||
char key_service[SHA256_DIGEST_LENGTH];
|
char key_service[SHA256_DIGEST_LENGTH];
|
||||||
char* aws4_secret_access_key = switch_mprintf("AWS4%s", aws_s3_profile->access_key_secret);
|
char* aws4_secret_access_key = switch_mprintf("AWS4%s", aws_s3_profile->access_key_secret);
|
||||||
|
|
||||||
hmac256(key_date, SHA256_DIGEST_LENGTH, aws4_secret_access_key, strlen(aws4_secret_access_key), aws_s3_profile->date_stamp);
|
if (!hmac256(key_date, SHA256_DIGEST_LENGTH, aws4_secret_access_key, (unsigned int)strlen(aws4_secret_access_key), aws_s3_profile->date_stamp)
|
||||||
hmac256(key_region, SHA256_DIGEST_LENGTH, key_date, SHA256_DIGEST_LENGTH, aws_s3_profile->region);
|
|| !hmac256(key_region, SHA256_DIGEST_LENGTH, key_date, SHA256_DIGEST_LENGTH, aws_s3_profile->region)
|
||||||
hmac256(key_service, SHA256_DIGEST_LENGTH, key_region, SHA256_DIGEST_LENGTH, "s3");
|
|| !hmac256(key_service, SHA256_DIGEST_LENGTH, key_region, SHA256_DIGEST_LENGTH, "s3")
|
||||||
hmac256(key_signing, SHA256_DIGEST_LENGTH, key_service, SHA256_DIGEST_LENGTH, "aws4_request");
|
|| !hmac256(key_signing, SHA256_DIGEST_LENGTH, key_service, SHA256_DIGEST_LENGTH, "aws4_request")) {
|
||||||
|
key_signing = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
switch_safe_free(aws4_secret_access_key);
|
switch_safe_free(aws4_secret_access_key);
|
||||||
|
|
||||||
@ -166,7 +168,7 @@ static char* aws_s3_standardized_query_string(switch_aws_s3_profile* aws_s3_prof
|
|||||||
char* standardized_query_string;
|
char* standardized_query_string;
|
||||||
|
|
||||||
credential = switch_mprintf("%s%%2F%s%%2F%s%%2Fs3%%2Faws4_request", aws_s3_profile->access_key_id, aws_s3_profile->date_stamp, aws_s3_profile->region);
|
credential = switch_mprintf("%s%%2F%s%%2F%s%%2Fs3%%2Faws4_request", aws_s3_profile->access_key_id, aws_s3_profile->date_stamp, aws_s3_profile->region);
|
||||||
switch_snprintf(expires, 9, "%ld", aws_s3_profile->expires);
|
switch_snprintf(expires, 9, "%" SWITCH_TIME_T_FMT, aws_s3_profile->expires);
|
||||||
|
|
||||||
standardized_query_string = switch_mprintf(
|
standardized_query_string = switch_mprintf(
|
||||||
"X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=%s&X-Amz-Date=%s&X-Amz-Expires=%s&X-Amz-SignedHeaders=host",
|
"X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=%s&X-Amz-Date=%s&X-Amz-Expires=%s&X-Amz-SignedHeaders=host",
|
||||||
@ -243,13 +245,14 @@ static char *aws_s3_authentication_create(switch_aws_s3_profile* aws_s3_profile)
|
|||||||
string_to_sign = aws_s3_string_to_sign(standardized_request, aws_s3_profile);
|
string_to_sign = aws_s3_string_to_sign(standardized_request, aws_s3_profile);
|
||||||
|
|
||||||
// Get signature_key
|
// Get signature_key
|
||||||
aws_s3_signature_key(signature_key, aws_s3_profile);
|
if (!aws_s3_signature_key(signature_key, aws_s3_profile)
|
||||||
|
|
||||||
// Get signature
|
// Get signature
|
||||||
hmac256_hex(signature, signature_key, SHA256_DIGEST_LENGTH, string_to_sign);
|
|| !hmac256_hex(signature, signature_key, SHA256_DIGEST_LENGTH, string_to_sign)) {
|
||||||
|
query_param = NULL;
|
||||||
|
} else {
|
||||||
// Build final query string
|
// Build final query string
|
||||||
query_param = switch_mprintf("%s&X-Amz-Signature=%s", standardized_query_string, signature);
|
query_param = switch_mprintf("%s&X-Amz-Signature=%s", standardized_query_string, signature);
|
||||||
|
}
|
||||||
|
|
||||||
switch_safe_free(string_to_sign);
|
switch_safe_free(string_to_sign);
|
||||||
switch_safe_free(standardized_query_string);
|
switch_safe_free(standardized_query_string);
|
||||||
|
Loading…
Reference in New Issue
Block a user