修正certstore_rpc_on_succ()中添加字符串结尾0导致内存越界的问题

2019-01-08 15:09:38 +06:00
parent c303326c40
commit 41eca75fa3
2 changed files with 11 additions and 8 deletions
--- a/platform/src/key_keeper.cpp
+++ b/platform/src/key_keeper.cpp
@@ -218,7 +218,6 @@ static EVP_PKEY* transform_key_to_EVP(const char* str)

 static struct keyring_private* get_keyring_from_response(const char* data)
 {
-
 	X509* cert = NULL;
 	X509* chain_cert = NULL;
 	struct keyring_private* _kyr=NULL;
@@ -290,7 +289,6 @@ error_out:
 	if(key) EVP_PKEY_free(key);
 	if(chain) sk_X509_pop_free(chain, X509_free);
 	return NULL;
-
 }

 static long keyring_local_cache_query_cb(void * data, const uchar * key, uint size, void * user_arg)
@@ -335,17 +333,23 @@ static void certstore_rpc_on_succ(void* result, void* user)
 	struct tfe_rpc_response_result* response = tfe_rpc_release(result);
 	int status_code = response->status_code;
 	const char* status_msg = response->status_msg;
-	char* data = response->data;
-	size_t len = response->len;
+
 	if(status_code == HTTP_OK)
 	{
-		*(data+len) = '\0';
-		struct keyring_private* kyr= get_keyring_from_response(data);
+		/* Copy a buffer ending with zero */
+		char * data_as_string = (char *)malloc(response->len + 1);
+		memcpy(data_as_string, response->data, response->len);
+		data_as_string[response->len] = '\0';
+
+		struct keyring_private* kyr= get_keyring_from_response(data_as_string);
+		FREE(&data_as_string);
+
 		if(kyr == NULL)
 		{
 			promise_failed(p, FUTURE_ERROR_EXCEPTION, "get_keyring_from_response failed");
 			return;
 		}
+
 		if(!ctx->ref_keeper->no_cache)
 		{
 			keyring_ref_inc(kyr);