gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修正certstore_rpc_on_succ()中添加字符串结尾0导致内存越界的问题

Browse Source
This commit is contained in:
luqiuwen
2019-01-08 15:09:38 +06:00
parent c303326c40
commit 41eca75fa3
2 changed files with 11 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
platform/src/key_keeper.cpp
View File

@@ -218,7 +218,6 @@ static EVP_PKEY* transform_key_to_EVP(const char* str)
static struct keyring_private* get_keyring_from_response(const char* data) static struct keyring_private* get_keyring_from_response(const char* data)
{ {
X509* cert = NULL; X509* cert = NULL;
X509* chain_cert = NULL; X509* chain_cert = NULL;
struct keyring_private* _kyr=NULL; struct keyring_private* _kyr=NULL;
@@ -290,7 +289,6 @@ error_out:
if(key) EVP_PKEY_free(key); if(key) EVP_PKEY_free(key);
if(chain) sk_X509_pop_free(chain, X509_free); if(chain) sk_X509_pop_free(chain, X509_free);
return NULL; return NULL;
} }
static long keyring_local_cache_query_cb(void * data, const uchar * key, uint size, void * user_arg) static long keyring_local_cache_query_cb(void * data, const uchar * key, uint size, void * user_arg)
@@ -335,17 +333,23 @@ static void certstore_rpc_on_succ(void* result, void* user)
struct tfe_rpc_response_result* response = tfe_rpc_release(result); struct tfe_rpc_response_result* response = tfe_rpc_release(result);
int status_code = response->status_code; int status_code = response->status_code;
const char* status_msg = response->status_msg; const char* status_msg = response->status_msg;
char* data = response->data;
size_t len = response->len;
if(status_code == HTTP_OK) if(status_code == HTTP_OK)
{ {
*(data+len) = '\0'; /* Copy a buffer ending with zero */
struct keyring_private* kyr= get_keyring_from_response(data); char * data_as_string = (char *)malloc(response->len + 1);
memcpy(data_as_string, response->data, response->len);
data_as_string[response->len] = '\0';
struct keyring_private* kyr= get_keyring_from_response(data_as_string);
FREE(&data_as_string);
if(kyr == NULL) if(kyr == NULL)
{ {
promise_failed(p, FUTURE_ERROR_EXCEPTION, "get_keyring_from_response failed"); promise_failed(p, FUTURE_ERROR_EXCEPTION, "get_keyring_from_response failed");
return; return;
} }
if(!ctx->ref_keeper->no_cache) if(!ctx->ref_keeper->no_cache)
{ {
keyring_ref_inc(kyr); keyring_ref_inc(kyr);

3
plugin/business/decrypt-mirroring/src/decrypt_mirror_plugin.cpp
View File

@@ -26,8 +26,7 @@ int decrypt_mirror_on_open_cb(const struct tfe_stream * stream, unsigned int thr
enum tfe_stream_action decrypt_mirror_on_data_cb(const struct tfe_stream * stream, unsigned int thread_id, enum tfe_stream_action decrypt_mirror_on_data_cb(const struct tfe_stream * stream, unsigned int thread_id,
enum tfe_conn_dir dir, const unsigned char * data, size_t len, void ** pme) enum tfe_conn_dir dir, const unsigned char * data, size_t len, void ** pme)
{ {
int ret=0; mirror_stream_write(dir, data,len, pme, thread_id);
ret=mirror_stream_write(dir, data,len, pme, thread_id);
return ACTION_FORWARD_DATA; return ACTION_FORWARD_DATA;
} }