From 8a870286b517468f1da8492c8db1f026e4104de2 Mon Sep 17 00:00:00 2001 From: Michael Dietz Date: Wed, 7 Sep 2022 09:39:24 -0500 Subject: [PATCH 1/4] fix auth query template, used by signAwsRequestInfoQueryParam --- src/source/Common/AwsV4Signer.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/source/Common/AwsV4Signer.h b/src/source/Common/AwsV4Signer.h index 951c7f068..71208e2da 100644 --- a/src/source/Common/AwsV4Signer.h +++ b/src/source/Common/AwsV4Signer.h @@ -51,14 +51,14 @@ extern "C" { #define AUTH_HEADER_TEMPLATE "%s Credential=%.*s/%s, SignedHeaders=%.*s, Signature=%s" // Authentication query template -#define AUTH_QUERY_TEMPLATE "&X-Amz-Algorithm=%s&X-Amz-Credential=%s&X-Amz-Date=%s&X-Amz-Expires=%u&X-Amz-SignedHeaders=%.*s" +#define AUTH_QUERY_TEMPLATE "?X-Amz-Algorithm=%s&X-Amz-Credential=%s&X-Amz-Date=%s&X-Amz-Expires=%u&X-Amz-SignedHeaders=%.*s" // Token query param template #define SECURITY_TOKEN_PARAM_TEMPLATE "&X-Amz-Security-Token=%s" // Authentication query template #define AUTH_QUERY_TEMPLATE_WITH_TOKEN \ - "&X-Amz-Algorithm=%s&X-Amz-Credential=%s&X-Amz-Date=%s&X-Amz-Expires=%u&X-Amz-SignedHeaders=%.*s" SECURITY_TOKEN_PARAM_TEMPLATE + "?X-Amz-Algorithm=%s&X-Amz-Credential=%s&X-Amz-Date=%s&X-Amz-Expires=%u&X-Amz-SignedHeaders=%.*s" SECURITY_TOKEN_PARAM_TEMPLATE // Signature query param template #define SIGNATURE_PARAM_TEMPLATE "&X-Amz-Signature=%s" From 220bffdf8b108ead592776d2853ccef78953cc56 Mon Sep 17 00:00:00 2001 From: Michael Dietz Date: Fri, 16 Sep 2022 12:57:26 -0500 Subject: [PATCH 2/4] aws service configurable for presigned urls, eg s3 --- .../amazonaws/kinesis/video/common/Include.h | 6 ++++ src/source/Common/AwsV4Signer.c | 29 ++++++++++++++----- src/source/Common/AwsV4Signer.h | 2 ++ 3 files changed, 30 insertions(+), 7 deletions(-) diff --git a/src/include/com/amazonaws/kinesis/video/common/Include.h b/src/include/com/amazonaws/kinesis/video/common/Include.h index d5e548792..a38a8e3e8 100644 --- a/src/include/com/amazonaws/kinesis/video/common/Include.h +++ b/src/include/com/amazonaws/kinesis/video/common/Include.h @@ -98,6 +98,11 @@ extern "C" { */ #define MAX_REGION_NAME_LEN 128 +/** + * Maximum allowed service name length + */ +#define MAX_SERVICE_NAME_LEN 128 + /** * Maximum allowed user agent string length */ @@ -483,6 +488,7 @@ struct __RequestInfo { //!< NOTE: The body will follow the main struct UINT32 bodySize; //!< Size of the body in bytes CHAR url[MAX_URI_CHAR_LEN + 1]; //!< The URL for the request + CHAR service[MAX_SERVICE_NAME_LEN + 1]; //!< The AWS service for the request CHAR certPath[MAX_PATH_LEN + 1]; //!< CA Certificate path to use - optional CHAR sslCertPath[MAX_PATH_LEN + 1]; //!< SSL Certificate file path to use - optional CHAR sslPrivateKeyPath[MAX_PATH_LEN + 1]; //!< SSL Certificate private key file path to use - optional diff --git a/src/source/Common/AwsV4Signer.c b/src/source/Common/AwsV4Signer.c index 3522b3dae..d47a5267b 100644 --- a/src/source/Common/AwsV4Signer.c +++ b/src/source/Common/AwsV4Signer.c @@ -73,7 +73,7 @@ STATUS generateAwsSigV4Signature(PRequestInfo pRequestInfo, PCHAR dateTimeStr, B hmacSize = SIZEOF(hmac); CHK_STATUS(generateRequestHmac((PBYTE) pScratchBuf, curSize, (PBYTE) dateTimeStr, SIGNATURE_DATE_STRING_LEN * SIZEOF(CHAR), hmac, &hmacSize)); CHK_STATUS(generateRequestHmac(hmac, hmacSize, (PBYTE) pRequestInfo->region, (UINT32) STRLEN(pRequestInfo->region), hmac, &hmacSize)); - CHK_STATUS(generateRequestHmac(hmac, hmacSize, (PBYTE) KINESIS_VIDEO_SERVICE_NAME, (UINT32) STRLEN(KINESIS_VIDEO_SERVICE_NAME), hmac, &hmacSize)); + CHK_STATUS(generateRequestHmac(hmac, hmacSize, (PBYTE) pRequestInfo->service, (UINT32) STRNLEN(pRequestInfo->service, MAX_SERVICE_NAME_LEN), hmac, &hmacSize)); CHK_STATUS(generateRequestHmac(hmac, hmacSize, (PBYTE) AWS_SIG_V4_SIGNATURE_END, (UINT32) STRLEN(AWS_SIG_V4_SIGNATURE_END), hmac, &hmacSize)); CHK_STATUS(generateRequestHmac(hmac, hmacSize, (PBYTE) pSignedStr, signedStrLen * SIZEOF(CHAR), hmac, &hmacSize)); @@ -117,6 +117,11 @@ STATUS signAwsRequestInfo(PRequestInfo pRequestInfo) CHK(pRequestInfo != NULL && pRequestInfo->pAwsCredentials != NULL, STATUS_NULL_ARG); + // signAwsRequestInfo is a public api function, if service is not specified default to "kinesisvideo" so no breaking changes are introduced to the api + if (pRequestInfo->service[0] == L'\0') { + STRNCPY(pRequestInfo->service, KINESIS_VIDEO_SERVICE_NAME, MAX_SERVICE_NAME_LEN); + } + // Generate the time CHK_STATUS(generateSignatureDateTime(pRequestInfo->currentTime, dateTimeStr)); @@ -167,6 +172,11 @@ STATUS signAwsRequestInfoQueryParam(PRequestInfo pRequestInfo) CHK(pRequestInfo != NULL && pRequestInfo->pAwsCredentials != NULL, STATUS_NULL_ARG); + // signAwsRequestInfoQueryParam is a public api function, if service is not specified default to "kinesisvideo" so no breaking changes are introduced to the api + if (pRequestInfo->service[0] == L'\0') { + STRNCPY(pRequestInfo->service, KINESIS_VIDEO_SERVICE_NAME, MAX_SERVICE_NAME_LEN); + } + // Generate the time CHK_STATUS(generateSignatureDateTime(pRequestInfo->currentTime, dateTimeStr)); @@ -498,8 +508,13 @@ STATUS generateCanonicalRequestString(PRequestInfo pRequestInfo, PCHAR pRequestS len = SHA256_DIGEST_LENGTH * 2; CHK(curLen + len <= requestLen, STATUS_BUFFER_TOO_SMALL); if (pRequestInfo->body == NULL) { - // Streaming treats this portion as if the body were empty - CHK_STATUS(hexEncodedSha256((PBYTE) EMPTY_STRING, 0, pCurPtr)); + if (STRNCMP(pRequestInfo->service, KINESIS_VIDEO_SERVICE_NAME, MAX_SERVICE_NAME_LEN) == 0) { + // Streaming treats this portion as if the body were empty + CHK_STATUS(hexEncodedSha256((PBYTE) EMPTY_STRING, 0, pCurPtr)); + } else { + len = (UINT32) (ARRAY_SIZE(PREDEFINED_UNSIGNED_PAYLOAD) - 1); + MEMCPY(pCurPtr, PREDEFINED_UNSIGNED_PAYLOAD, SIZEOF(CHAR) * len); + } } else { // standard signing CHK_STATUS(hexEncodedSha256((PBYTE) pRequestInfo->body, pRequestInfo->bodySize, pCurPtr)); @@ -678,14 +693,14 @@ STATUS generateCredentialScope(PRequestInfo pRequestInfo, PCHAR dateTimeStr, PCH CHK(pRequestInfo != NULL && dateTimeStr != NULL && pScopeLen != NULL, STATUS_NULL_ARG); // Calculate the max string length with a null terminator at the end - scopeLen = SIGNATURE_DATE_TIME_STRING_LEN + 1 + MAX_REGION_NAME_LEN + 1 + (UINT32) STRLEN(KINESIS_VIDEO_SERVICE_NAME) + 1 + + scopeLen = SIGNATURE_DATE_TIME_STRING_LEN + 1 + MAX_REGION_NAME_LEN + 1 + (UINT32) STRNLEN(pRequestInfo->service, MAX_SERVICE_NAME_LEN) + 1 + (UINT32) STRLEN(AWS_SIG_V4_SIGNATURE_END) + 1; // Early exit on buffer calculation CHK(pScope != NULL, retStatus); scopeLen = (UINT32) SNPRINTF(pScope, *pScopeLen, CREDENTIAL_SCOPE_TEMPLATE, SIGNATURE_DATE_STRING_LEN, dateTimeStr, pRequestInfo->region, - KINESIS_VIDEO_SERVICE_NAME, AWS_SIG_V4_SIGNATURE_END); + pRequestInfo->service, AWS_SIG_V4_SIGNATURE_END); CHK(scopeLen > 0 && scopeLen <= *pScopeLen, STATUS_BUFFER_TOO_SMALL); CleanUp: @@ -707,7 +722,7 @@ STATUS generateEncodedCredentials(PRequestInfo pRequestInfo, PCHAR dateTimeStr, CHK(pRequestInfo != NULL && dateTimeStr != NULL && pCredsLen != NULL, STATUS_NULL_ARG); // Calculate the max string length with '/' and a null terminator at the end - credsLen = MAX_ACCESS_KEY_LEN + 1 + SIGNATURE_DATE_TIME_STRING_LEN + 1 + MAX_REGION_NAME_LEN + 1 + (UINT32) STRLEN(KINESIS_VIDEO_SERVICE_NAME) + + credsLen = MAX_ACCESS_KEY_LEN + 1 + SIGNATURE_DATE_TIME_STRING_LEN + 1 + MAX_REGION_NAME_LEN + 1 + (UINT32) STRNLEN(pRequestInfo->service, MAX_SERVICE_NAME_LEN) + 1 + (UINT32) STRLEN(AWS_SIG_V4_SIGNATURE_END) + 1; // Early exit on buffer calculation @@ -715,7 +730,7 @@ STATUS generateEncodedCredentials(PRequestInfo pRequestInfo, PCHAR dateTimeStr, credsLen = (UINT32) SNPRINTF(pCreds, *pCredsLen, URL_ENCODED_CREDENTIAL_TEMPLATE, pRequestInfo->pAwsCredentials->accessKeyIdLen, pRequestInfo->pAwsCredentials->accessKeyId, SIGNATURE_DATE_STRING_LEN, dateTimeStr, pRequestInfo->region, - KINESIS_VIDEO_SERVICE_NAME, AWS_SIG_V4_SIGNATURE_END); + pRequestInfo->service, AWS_SIG_V4_SIGNATURE_END); CHK(credsLen > 0 && credsLen <= *pCredsLen, STATUS_BUFFER_TOO_SMALL); CleanUp: diff --git a/src/source/Common/AwsV4Signer.h b/src/source/Common/AwsV4Signer.h index 71208e2da..ea9a7f622 100644 --- a/src/source/Common/AwsV4Signer.h +++ b/src/source/Common/AwsV4Signer.h @@ -82,6 +82,8 @@ extern "C" { #define KVS_MAX_HMAC_SIZE 64 +#define PREDEFINED_UNSIGNED_PAYLOAD "UNSIGNED-PAYLOAD" + //////////////////////////////////////////////////// // Function definitions //////////////////////////////////////////////////// From fd9e19f888a7347619964e975e154da0532f1f88 Mon Sep 17 00:00:00 2001 From: James Delaplane Date: Tue, 5 Dec 2023 15:13:23 -0800 Subject: [PATCH 3/4] Clang format --- src/source/Common/AwsV4Signer.c | 47 ++++++++++++++++++--------------- 1 file changed, 25 insertions(+), 22 deletions(-) diff --git a/src/source/Common/AwsV4Signer.c b/src/source/Common/AwsV4Signer.c index d41780a3a..1e4e44b76 100644 --- a/src/source/Common/AwsV4Signer.c +++ b/src/source/Common/AwsV4Signer.c @@ -73,7 +73,8 @@ STATUS generateAwsSigV4Signature(PRequestInfo pRequestInfo, PCHAR dateTimeStr, B hmacSize = SIZEOF(hmac); CHK_STATUS(generateRequestHmac((PBYTE) pScratchBuf, curSize, (PBYTE) dateTimeStr, SIGNATURE_DATE_STRING_LEN * SIZEOF(CHAR), hmac, &hmacSize)); CHK_STATUS(generateRequestHmac(hmac, hmacSize, (PBYTE) pRequestInfo->region, (UINT32) STRLEN(pRequestInfo->region), hmac, &hmacSize)); - CHK_STATUS(generateRequestHmac(hmac, hmacSize, (PBYTE) pRequestInfo->service, (UINT32) STRNLEN(pRequestInfo->service, MAX_SERVICE_NAME_LEN), hmac, &hmacSize)); + CHK_STATUS(generateRequestHmac(hmac, hmacSize, (PBYTE) pRequestInfo->service, (UINT32) STRNLEN(pRequestInfo->service, MAX_SERVICE_NAME_LEN), hmac, + &hmacSize)); CHK_STATUS(generateRequestHmac(hmac, hmacSize, (PBYTE) AWS_SIG_V4_SIGNATURE_END, (UINT32) STRLEN(AWS_SIG_V4_SIGNATURE_END), hmac, &hmacSize)); CHK_STATUS(generateRequestHmac(hmac, hmacSize, (PBYTE) pSignedStr, signedStrLen * SIZEOF(CHAR), hmac, &hmacSize)); @@ -117,7 +118,8 @@ STATUS signAwsRequestInfo(PRequestInfo pRequestInfo) CHK(pRequestInfo != NULL && pRequestInfo->pAwsCredentials != NULL, STATUS_NULL_ARG); - // signAwsRequestInfo is a public api function, if service is not specified default to "kinesisvideo" so no breaking changes are introduced to the api + // signAwsRequestInfo is a public api function, if service is not specified default to "kinesisvideo" so no breaking changes are introduced to the + // api if (pRequestInfo->service[0] == L'\0') { STRNCPY(pRequestInfo->service, KINESIS_VIDEO_SERVICE_NAME, MAX_SERVICE_NAME_LEN); } @@ -127,7 +129,7 @@ STATUS signAwsRequestInfo(PRequestInfo pRequestInfo) // Get the host header CHK_STATUS(getRequestHost(pRequestInfo->url, &pHostStart, &pHostEnd)); - len = (UINT32) (pHostEnd - pHostStart); + len = (UINT32)(pHostEnd - pHostStart); CHK_STATUS(setRequestHeader(pRequestInfo, AWS_SIG_V4_HEADER_HOST, 0, pHostStart, len)); CHK_STATUS(setRequestHeader(pRequestInfo, AWS_SIG_V4_HEADER_AMZ_DATE, 0, dateTimeStr, 0)); @@ -172,7 +174,8 @@ STATUS signAwsRequestInfoQueryParam(PRequestInfo pRequestInfo) CHK(pRequestInfo != NULL && pRequestInfo->pAwsCredentials != NULL, STATUS_NULL_ARG); - // signAwsRequestInfoQueryParam is a public api function, if service is not specified default to "kinesisvideo" so no breaking changes are introduced to the api + // signAwsRequestInfoQueryParam is a public api function, if service is not specified default to "kinesisvideo" so no breaking changes are + // introduced to the api if (pRequestInfo->service[0] == L'\0') { STRNCPY(pRequestInfo->service, KINESIS_VIDEO_SERVICE_NAME, MAX_SERVICE_NAME_LEN); } @@ -182,7 +185,7 @@ STATUS signAwsRequestInfoQueryParam(PRequestInfo pRequestInfo) // Need to add host header CHK_STATUS(getRequestHost(pRequestInfo->url, &pHostStart, &pHostEnd)); - len = (UINT32) (pHostEnd - pHostStart); + len = (UINT32)(pHostEnd - pHostStart); CHK_STATUS(setRequestHeader(pRequestInfo, AWS_SIG_V4_HEADER_HOST, 0, pHostStart, len)); // Encode the credentials scope @@ -202,7 +205,7 @@ STATUS signAwsRequestInfoQueryParam(PRequestInfo pRequestInfo) // Calculate the expiration in seconds expirationInSeconds = MIN(MAX_AWS_SIGV4_CREDENTIALS_EXPIRATION_IN_SECONDS, - (UINT32) ((pRequestInfo->pAwsCredentials->expiration - pRequestInfo->currentTime) / HUNDREDS_OF_NANOS_IN_A_SECOND)); + (UINT32)((pRequestInfo->pAwsCredentials->expiration - pRequestInfo->currentTime) / HUNDREDS_OF_NANOS_IN_A_SECOND)); expirationInSeconds = MAX(MIN_AWS_SIGV4_CREDENTIALS_EXPIRATION_IN_SECONDS, expirationInSeconds); // Add the params @@ -288,7 +291,7 @@ STATUS getCanonicalQueryParams(PCHAR pUrl, UINT32 urlLen, BOOL uriEncode, PCHAR* CHK_STATUS(singleListCreate(&pSingleList)); while (iterate) { - pQueryParamEnd = STRNCHR(pQueryParamStart, (UINT32) (pEndPtr - pQueryParamStart), '&'); + pQueryParamEnd = STRNCHR(pQueryParamStart, (UINT32)(pEndPtr - pQueryParamStart), '&'); if (pQueryParamEnd == NULL) { // break the loop iterate = FALSE; @@ -297,12 +300,12 @@ STATUS getCanonicalQueryParams(PCHAR pUrl, UINT32 urlLen, BOOL uriEncode, PCHAR* } // Process the resulting param name and value - CHK(NULL != (pParamValue = STRNCHR(pQueryParamStart, (UINT32) (pQueryParamEnd - pQueryParamStart), '=')), STATUS_INVALID_ARG); - nameLen = (UINT32) (pParamValue - pQueryParamStart); + CHK(NULL != (pParamValue = STRNCHR(pQueryParamStart, (UINT32)(pQueryParamEnd - pQueryParamStart), '=')), STATUS_INVALID_ARG); + nameLen = (UINT32)(pParamValue - pQueryParamStart); // Advance param start past '=' pParamValue++; - valueLen = (UINT32) (pQueryParamEnd - pParamValue); + valueLen = (UINT32)(pQueryParamEnd - pParamValue); // Max len is 3 times the size of the allocation to account for max bloat for encoding maxLen = MIN(MAX_URI_CHAR_LEN, nameLen + 1 + valueLen * 3 + 1); @@ -391,7 +394,7 @@ STATUS getCanonicalQueryParams(PCHAR pUrl, UINT32 urlLen, BOOL uriEncode, PCHAR* } *pCurPtr = '\0'; - queryLen = (UINT32) (pCurPtr - pQuery); + queryLen = (UINT32)(pCurPtr - pQuery); CleanUp: @@ -467,7 +470,7 @@ STATUS generateCanonicalRequestString(PRequestInfo pRequestInfo, PCHAR pRequestS // Get the canonical URI CHK_STATUS(getCanonicalUri(pRequestInfo->url, urlLen, &pUriStart, &pUriEnd, &defaultPath)); - len = defaultPath ? 1 : (UINT32) (pUriEnd - pUriStart); + len = defaultPath ? 1 : (UINT32)(pUriEnd - pUriStart); CHK(curLen + len + 1 <= requestLen, STATUS_BUFFER_TOO_SMALL); MEMCPY(pCurPtr, pUriStart, len * SIZEOF(CHAR)); @@ -482,7 +485,7 @@ STATUS generateCanonicalRequestString(PRequestInfo pRequestInfo, PCHAR pRequestS // The start of the query params is either end of the URI or ? so we skip one in that case pQueryStart = (pUriEnd == pQueryEnd) ? pUriEnd : pUriEnd + 1; - len = (UINT32) (pQueryEnd - pQueryStart); + len = (UINT32)(pQueryEnd - pQueryStart); CHK(curLen + len + 1 <= requestLen, STATUS_BUFFER_TOO_SMALL); MEMCPY(pCurPtr, pQueryStart, len * SIZEOF(CHAR)); pCurPtr += len; @@ -512,7 +515,7 @@ STATUS generateCanonicalRequestString(PRequestInfo pRequestInfo, PCHAR pRequestS // Streaming treats this portion as if the body were empty CHK_STATUS(hexEncodedSha256((PBYTE) EMPTY_STRING, 0, pCurPtr)); } else { - len = (UINT32) (ARRAY_SIZE(PREDEFINED_UNSIGNED_PAYLOAD) - 1); + len = (UINT32)(ARRAY_SIZE(PREDEFINED_UNSIGNED_PAYLOAD) - 1); MEMCPY(pCurPtr, PREDEFINED_UNSIGNED_PAYLOAD, SIZEOF(CHAR) * len); } } else { @@ -561,7 +564,7 @@ STATUS generateCanonicalHeaders(PRequestInfo pRequestInfo, PCHAR pCanonicalHeade // Process only if we have a canonical header name if (IS_CANONICAL_HEADER_NAME(pRequestHeader->pName)) { CHK_STATUS(TRIMSTRALL(pRequestHeader->pValue, pRequestHeader->valueLen, &pStart, &pEnd)); - valueLen = (UINT32) (pEnd - pStart); + valueLen = (UINT32)(pEnd - pStart); // Increase the overall length as we use the lower-case header, colon, trimmed lower-case value and new line overallLen += pRequestHeader->nameLen + 1 + valueLen + 1; @@ -673,7 +676,7 @@ STATUS generateSignatureDateTime(UINT64 currentTime, PCHAR pDateTimeStr) CHK(pDateTimeStr != NULL, STATUS_NULL_ARG); // Convert to time_t - timeT = (time_t) (currentTime / HUNDREDS_OF_NANOS_IN_A_SECOND); + timeT = (time_t)(currentTime / HUNDREDS_OF_NANOS_IN_A_SECOND); retSize = STRFTIME(pDateTimeStr, SIGNATURE_DATE_TIME_STRING_LEN, DATE_TIME_STRING_FORMAT, GMTIME(&timeT)); CHK(retSize > 0, STATUS_BUFFER_TOO_SMALL); pDateTimeStr[retSize] = '\0'; @@ -722,8 +725,8 @@ STATUS generateEncodedCredentials(PRequestInfo pRequestInfo, PCHAR dateTimeStr, CHK(pRequestInfo != NULL && dateTimeStr != NULL && pCredsLen != NULL, STATUS_NULL_ARG); // Calculate the max string length with '/' and a null terminator at the end - credsLen = MAX_ACCESS_KEY_LEN + 1 + SIGNATURE_DATE_TIME_STRING_LEN + 1 + MAX_REGION_NAME_LEN + 1 + (UINT32) STRNLEN(pRequestInfo->service, MAX_SERVICE_NAME_LEN) + - 1 + (UINT32) STRLEN(AWS_SIG_V4_SIGNATURE_END) + 1; + credsLen = MAX_ACCESS_KEY_LEN + 1 + SIGNATURE_DATE_TIME_STRING_LEN + 1 + MAX_REGION_NAME_LEN + 1 + + (UINT32) STRNLEN(pRequestInfo->service, MAX_SERVICE_NAME_LEN) + 1 + (UINT32) STRLEN(AWS_SIG_V4_SIGNATURE_END) + 1; // Early exit on buffer calculation CHK(pCreds != NULL, retStatus); @@ -831,7 +834,7 @@ STATUS getCanonicalUri(PCHAR pUrl, UINT32 len, PCHAR* ppStart, PCHAR* ppEnd, PBO } else if (*pCur == '/') { // This is the case of the path which we find pStart = pCur; - pEnd = STRNCHR(pCur, urlLen - (UINT32) (pCur - pUrl), '?'); + pEnd = STRNCHR(pCur, urlLen - (UINT32)(pCur - pUrl), '?'); iterate = FALSE; } @@ -875,7 +878,7 @@ STATUS uriEncodeString(PCHAR pSrc, UINT32 srcLen, PCHAR pDst, PUINT32 pDstLen) CHK(pSrc != NULL && pDstLen != NULL, STATUS_NULL_ARG); - while (((UINT32) (pCurPtr - pSrc) < strLen) && ((ch = *pCurPtr++) != '\0')) { + while (((UINT32)(pCurPtr - pSrc) < strLen) && ((ch = *pCurPtr++) != '\0')) { if ((ch >= 'A' && ch <= 'Z') || (ch >= 'a' && ch <= 'z') || (ch >= '0' && ch <= '9') || ch == '_' || ch == '-' || ch == '~' || ch == '.') { encodedLen++; @@ -939,9 +942,9 @@ STATUS uriDecodeString(PCHAR pSrc, UINT32 srcLen, PCHAR pDst, PUINT32 pDstLen) CHK(pSrc != NULL && pDstLen != NULL, STATUS_NULL_ARG); - while (((UINT32) (pCurPtr - pSrc) < strLen) && ((ch = *pCurPtr) != '\0')) { + while (((UINT32)(pCurPtr - pSrc) < strLen) && ((ch = *pCurPtr) != '\0')) { if (ch == '%') { - CHK((UINT32) (pCurPtr - pSrc) + decLen <= strLen && *(pCurPtr + 1) != '\0' && *(pCurPtr + 2) != '\0', STATUS_INVALID_ARG); + CHK((UINT32)(pCurPtr - pSrc) + decLen <= strLen && *(pCurPtr + 1) != '\0' && *(pCurPtr + 2) != '\0', STATUS_INVALID_ARG); if (pDec != NULL) { size = remaining; CHK_STATUS(hexDecode(pCurPtr + 1, 2, (PBYTE) pDec, &size)); From eebe8a7b9d4caa955a9aee205237fea6e738a673 Mon Sep 17 00:00:00 2001 From: James Delaplane Date: Tue, 5 Dec 2023 15:42:22 -0800 Subject: [PATCH 4/4] Clang format, again --- src/source/Common/AwsV4Signer.c | 34 ++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/src/source/Common/AwsV4Signer.c b/src/source/Common/AwsV4Signer.c index 1e4e44b76..4c58739bf 100644 --- a/src/source/Common/AwsV4Signer.c +++ b/src/source/Common/AwsV4Signer.c @@ -129,7 +129,7 @@ STATUS signAwsRequestInfo(PRequestInfo pRequestInfo) // Get the host header CHK_STATUS(getRequestHost(pRequestInfo->url, &pHostStart, &pHostEnd)); - len = (UINT32)(pHostEnd - pHostStart); + len = (UINT32) (pHostEnd - pHostStart); CHK_STATUS(setRequestHeader(pRequestInfo, AWS_SIG_V4_HEADER_HOST, 0, pHostStart, len)); CHK_STATUS(setRequestHeader(pRequestInfo, AWS_SIG_V4_HEADER_AMZ_DATE, 0, dateTimeStr, 0)); @@ -185,7 +185,7 @@ STATUS signAwsRequestInfoQueryParam(PRequestInfo pRequestInfo) // Need to add host header CHK_STATUS(getRequestHost(pRequestInfo->url, &pHostStart, &pHostEnd)); - len = (UINT32)(pHostEnd - pHostStart); + len = (UINT32) (pHostEnd - pHostStart); CHK_STATUS(setRequestHeader(pRequestInfo, AWS_SIG_V4_HEADER_HOST, 0, pHostStart, len)); // Encode the credentials scope @@ -205,7 +205,7 @@ STATUS signAwsRequestInfoQueryParam(PRequestInfo pRequestInfo) // Calculate the expiration in seconds expirationInSeconds = MIN(MAX_AWS_SIGV4_CREDENTIALS_EXPIRATION_IN_SECONDS, - (UINT32)((pRequestInfo->pAwsCredentials->expiration - pRequestInfo->currentTime) / HUNDREDS_OF_NANOS_IN_A_SECOND)); + (UINT32) ((pRequestInfo->pAwsCredentials->expiration - pRequestInfo->currentTime) / HUNDREDS_OF_NANOS_IN_A_SECOND)); expirationInSeconds = MAX(MIN_AWS_SIGV4_CREDENTIALS_EXPIRATION_IN_SECONDS, expirationInSeconds); // Add the params @@ -291,7 +291,7 @@ STATUS getCanonicalQueryParams(PCHAR pUrl, UINT32 urlLen, BOOL uriEncode, PCHAR* CHK_STATUS(singleListCreate(&pSingleList)); while (iterate) { - pQueryParamEnd = STRNCHR(pQueryParamStart, (UINT32)(pEndPtr - pQueryParamStart), '&'); + pQueryParamEnd = STRNCHR(pQueryParamStart, (UINT32) (pEndPtr - pQueryParamStart), '&'); if (pQueryParamEnd == NULL) { // break the loop iterate = FALSE; @@ -300,12 +300,12 @@ STATUS getCanonicalQueryParams(PCHAR pUrl, UINT32 urlLen, BOOL uriEncode, PCHAR* } // Process the resulting param name and value - CHK(NULL != (pParamValue = STRNCHR(pQueryParamStart, (UINT32)(pQueryParamEnd - pQueryParamStart), '=')), STATUS_INVALID_ARG); - nameLen = (UINT32)(pParamValue - pQueryParamStart); + CHK(NULL != (pParamValue = STRNCHR(pQueryParamStart, (UINT32) (pQueryParamEnd - pQueryParamStart), '=')), STATUS_INVALID_ARG); + nameLen = (UINT32) (pParamValue - pQueryParamStart); // Advance param start past '=' pParamValue++; - valueLen = (UINT32)(pQueryParamEnd - pParamValue); + valueLen = (UINT32) (pQueryParamEnd - pParamValue); // Max len is 3 times the size of the allocation to account for max bloat for encoding maxLen = MIN(MAX_URI_CHAR_LEN, nameLen + 1 + valueLen * 3 + 1); @@ -394,7 +394,7 @@ STATUS getCanonicalQueryParams(PCHAR pUrl, UINT32 urlLen, BOOL uriEncode, PCHAR* } *pCurPtr = '\0'; - queryLen = (UINT32)(pCurPtr - pQuery); + queryLen = (UINT32) (pCurPtr - pQuery); CleanUp: @@ -470,7 +470,7 @@ STATUS generateCanonicalRequestString(PRequestInfo pRequestInfo, PCHAR pRequestS // Get the canonical URI CHK_STATUS(getCanonicalUri(pRequestInfo->url, urlLen, &pUriStart, &pUriEnd, &defaultPath)); - len = defaultPath ? 1 : (UINT32)(pUriEnd - pUriStart); + len = defaultPath ? 1 : (UINT32) (pUriEnd - pUriStart); CHK(curLen + len + 1 <= requestLen, STATUS_BUFFER_TOO_SMALL); MEMCPY(pCurPtr, pUriStart, len * SIZEOF(CHAR)); @@ -485,7 +485,7 @@ STATUS generateCanonicalRequestString(PRequestInfo pRequestInfo, PCHAR pRequestS // The start of the query params is either end of the URI or ? so we skip one in that case pQueryStart = (pUriEnd == pQueryEnd) ? pUriEnd : pUriEnd + 1; - len = (UINT32)(pQueryEnd - pQueryStart); + len = (UINT32) (pQueryEnd - pQueryStart); CHK(curLen + len + 1 <= requestLen, STATUS_BUFFER_TOO_SMALL); MEMCPY(pCurPtr, pQueryStart, len * SIZEOF(CHAR)); pCurPtr += len; @@ -515,7 +515,7 @@ STATUS generateCanonicalRequestString(PRequestInfo pRequestInfo, PCHAR pRequestS // Streaming treats this portion as if the body were empty CHK_STATUS(hexEncodedSha256((PBYTE) EMPTY_STRING, 0, pCurPtr)); } else { - len = (UINT32)(ARRAY_SIZE(PREDEFINED_UNSIGNED_PAYLOAD) - 1); + len = (UINT32) (ARRAY_SIZE(PREDEFINED_UNSIGNED_PAYLOAD) - 1); MEMCPY(pCurPtr, PREDEFINED_UNSIGNED_PAYLOAD, SIZEOF(CHAR) * len); } } else { @@ -564,7 +564,7 @@ STATUS generateCanonicalHeaders(PRequestInfo pRequestInfo, PCHAR pCanonicalHeade // Process only if we have a canonical header name if (IS_CANONICAL_HEADER_NAME(pRequestHeader->pName)) { CHK_STATUS(TRIMSTRALL(pRequestHeader->pValue, pRequestHeader->valueLen, &pStart, &pEnd)); - valueLen = (UINT32)(pEnd - pStart); + valueLen = (UINT32) (pEnd - pStart); // Increase the overall length as we use the lower-case header, colon, trimmed lower-case value and new line overallLen += pRequestHeader->nameLen + 1 + valueLen + 1; @@ -676,7 +676,7 @@ STATUS generateSignatureDateTime(UINT64 currentTime, PCHAR pDateTimeStr) CHK(pDateTimeStr != NULL, STATUS_NULL_ARG); // Convert to time_t - timeT = (time_t)(currentTime / HUNDREDS_OF_NANOS_IN_A_SECOND); + timeT = (time_t) (currentTime / HUNDREDS_OF_NANOS_IN_A_SECOND); retSize = STRFTIME(pDateTimeStr, SIGNATURE_DATE_TIME_STRING_LEN, DATE_TIME_STRING_FORMAT, GMTIME(&timeT)); CHK(retSize > 0, STATUS_BUFFER_TOO_SMALL); pDateTimeStr[retSize] = '\0'; @@ -834,7 +834,7 @@ STATUS getCanonicalUri(PCHAR pUrl, UINT32 len, PCHAR* ppStart, PCHAR* ppEnd, PBO } else if (*pCur == '/') { // This is the case of the path which we find pStart = pCur; - pEnd = STRNCHR(pCur, urlLen - (UINT32)(pCur - pUrl), '?'); + pEnd = STRNCHR(pCur, urlLen - (UINT32) (pCur - pUrl), '?'); iterate = FALSE; } @@ -878,7 +878,7 @@ STATUS uriEncodeString(PCHAR pSrc, UINT32 srcLen, PCHAR pDst, PUINT32 pDstLen) CHK(pSrc != NULL && pDstLen != NULL, STATUS_NULL_ARG); - while (((UINT32)(pCurPtr - pSrc) < strLen) && ((ch = *pCurPtr++) != '\0')) { + while (((UINT32) (pCurPtr - pSrc) < strLen) && ((ch = *pCurPtr++) != '\0')) { if ((ch >= 'A' && ch <= 'Z') || (ch >= 'a' && ch <= 'z') || (ch >= '0' && ch <= '9') || ch == '_' || ch == '-' || ch == '~' || ch == '.') { encodedLen++; @@ -942,9 +942,9 @@ STATUS uriDecodeString(PCHAR pSrc, UINT32 srcLen, PCHAR pDst, PUINT32 pDstLen) CHK(pSrc != NULL && pDstLen != NULL, STATUS_NULL_ARG); - while (((UINT32)(pCurPtr - pSrc) < strLen) && ((ch = *pCurPtr) != '\0')) { + while (((UINT32) (pCurPtr - pSrc) < strLen) && ((ch = *pCurPtr) != '\0')) { if (ch == '%') { - CHK((UINT32)(pCurPtr - pSrc) + decLen <= strLen && *(pCurPtr + 1) != '\0' && *(pCurPtr + 2) != '\0', STATUS_INVALID_ARG); + CHK((UINT32) (pCurPtr - pSrc) + decLen <= strLen && *(pCurPtr + 1) != '\0' && *(pCurPtr + 2) != '\0', STATUS_INVALID_ARG); if (pDec != NULL) { size = remaining; CHK_STATUS(hexDecode(pCurPtr + 1, 2, (PBYTE) pDec, &size));