1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
|
#define _BSD_SOURCE 1
#define _POSIX_C_SOURCE 200112
#include <string.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <npapi.h>
#include <npruntime.h>
#include <X11/X.h>
#include "pluginutil.h"
/**
* Implementation of strndup in case the system doesn't have that.
*/
static char *f_strndup(const char *source, size_t maxLength) {
size_t i;
for (i = 0;; i++) {
if ((i >= maxLength) || (source[i] == '\0')) break;
}
char *ret = malloc(i+1);
if (!ret) return NULL;
memcpy(ret, source, i);
ret[i] = '\0';
return ret;
}
/**
* Creates a new null terminated string from an NPVariant string.
*/
char *variantToStringZ(const NPVariant *variant) {
return f_strndup(NPVARIANT_TO_STRING(*variant).utf8characters, NPVARIANT_TO_STRING(*variant).utf8length);
}
// Re-allocates a string with NPN_MemAlloc instead of malloc
static char *npstr(char *source) {
size_t size = strlen(source)+1;
char *dest = NULL;
if (size <= INT32_MAX && (dest = NPN_MemAlloc(size)) != NULL) {
memcpy(dest, source, size);
}
free(source);
return dest;
}
/**
* Converts a string to a NPVariant. The original string is freed. If the
* string pointer is NULL, then the variant is set to the type
* NPVariantType_Null.
*/
bool convertStringZToVariant(char *string, NPVariant *result) {
if (!string) {
NULL_TO_NPVARIANT(*result);
return true;
}
// The macro below evaluates it's first parameter twice
// and npstr frees it's input...
string = npstr(string);
if (!string) return false;
STRINGZ_TO_NPVARIANT(string, *result);
return true;
}
static bool getProperty(NPP instance, NPObject *obj, const char *name, NPVariant *result) {
NPIdentifier ident = NPN_GetStringIdentifier(name);
if (!ident) return NULL;
return NPN_GetProperty(instance, obj, ident, result);
}
/**
* Returns a property from the window Javascript object.
* The identifiers parameter must point to a sequence of null terminated
* strings followed by an extra null terminator. E.g.
* "document\0location\0href\0"
*/
static char *getWindowProperty(NPP instance, const char *identifiers) {
NPObject *obj;
NPN_GetValue(instance, NPNVWindowNPObject, &obj);
if (!obj) return NULL;
const char *identifier = identifiers;
while (1) {
NPVariant value;
bool ok = getProperty(instance, obj, identifier, &value);
NPN_ReleaseObject(obj);
if (!ok) return NULL;
identifier += strlen(identifier)+1;
if (*identifier) {
// Expecting an object
if (!NPVARIANT_IS_OBJECT(value)) {
NPN_ReleaseVariantValue(&value);
return NULL;
}
obj = NPVARIANT_TO_OBJECT(value);
} else {
// Reached end. Expecting a string
if (!NPVARIANT_IS_STRING(value)) {
NPN_ReleaseVariantValue(&value);
return NULL;
}
char *url = f_strndup(NPVARIANT_TO_STRING(value).utf8characters,
NPVARIANT_TO_STRING(value).utf8length);
NPN_ReleaseVariantValue(&value);
return url;
}
}
}
char *getDocumentURL(NPP instance) {
return getWindowProperty(instance, "document\0location\0href\0");
}
char *getDocumentHostname(NPP instance) {
return getWindowProperty(instance, "document\0location\0hostname\0");
}
/**
* Finds the IP address of the server hosting the document containing the
* plugin. This IP address is placed in the signature as an additional
* security measure to detect spoofing.
*/
char *getDocumentIP(NPP instance) {
// FIXME This function performs a DNS lookup independently of the
// browser. So it's possible that the browser and the plugin
// get different addresses. This is a (small) security problem
// since the browser might have loaded a maliciuous page while
// the plugin authenticates with the real IP.
char *hostname = getDocumentHostname(instance);
if (!hostname) return NULL;
struct addrinfo *firstAddrInfo;
int ret = getaddrinfo(hostname, NULL, NULL, &firstAddrInfo);
free(hostname);
if (ret != 0) return NULL;
// Find first INET (IPv4) address (BankID supports IPv4 addresses only)
const struct addrinfo *ai = firstAddrInfo;
while (ai && ai->ai_family != AF_INET)
ai = ai->ai_next;
if (!ai) return NULL;
char ip[NI_MAXHOST];
if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ip, NI_MAXHOST,
NULL, 0, NI_NUMERICHOST) != 0) {
freeaddrinfo(firstAddrInfo);
return NULL;
}
freeaddrinfo(firstAddrInfo);
return strdup(ip);
}
/**
* Returns the native ID of the browser window, or None (= 0) on error.
*/
Window getWindowId(NPP instance) {
Window id;
if (NPN_GetValue(instance, NPNVnetscapeWindow, &id) == NPERR_NO_ERROR) {
return id;
} else {
return None;
}
}
bool copyIdentifierName(NPIdentifier ident, char *name, size_t maxLength) {
char *heapStr = NPN_UTF8FromIdentifier(ident);
if (!heapStr) return false;
size_t len = strlen(heapStr);
bool ok = (len < maxLength-1);
if (ok) memcpy(name, heapStr, len+1);
NPN_MemFree(heapStr);
return ok;
}
|
