From 5d0328c9f8895729cbba80247d62558947860b16 Mon Sep 17 00:00:00 2001 From: luwenpeng Date: Mon, 27 Apr 2020 11:57:18 +0800 Subject: [PATCH] =?UTF-8?q?TSG-1280=20=E4=BF=AE=E6=94=B9=20decryption=20pr?= =?UTF-8?q?ofile=20=E5=8A=9F=E8=83=BD=E7=9A=84=E6=8E=A5=E5=8F=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- plugin/business/ssl-policy/src/ssl_policy.cpp | 53 ++++++++----------- 1 file changed, 23 insertions(+), 30 deletions(-) diff --git a/plugin/business/ssl-policy/src/ssl_policy.cpp b/plugin/business/ssl-policy/src/ssl_policy.cpp index 410aef7..259cb79 100644 --- a/plugin/business/ssl-policy/src/ssl_policy.cpp +++ b/plugin/business/ssl-policy/src/ssl_policy.cpp @@ -277,30 +277,26 @@ void profile_param_free(struct decryption_param* param) } void profile_param_new_cb(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) { - int i; int ret=0; - size_t offset[3]={0} , len[3]={0}; - char* json_str[3]={NULL}; - cJSON *json[3]={NULL}, *exclusions=NULL, *cert_verify=NULL, *approach=NULL, *ssl_ver=NULL, *item=NULL; + size_t offset=0, len=0; + char* json_str=NULL; + cJSON *json=NULL, *exclusions=NULL, *cert_verify=NULL, *approach=NULL, *ssl_ver=NULL, *item=NULL; struct decryption_param* param=NULL; struct ssl_policy_enforcer* enforcer=(struct ssl_policy_enforcer*)argp; - for (i=0; i<3; i++) + ret=Maat_helper_read_column(table_line, 3, &offset, &len); + if(ret<0) { - ret=Maat_helper_read_column(table_line, i+3, &offset[i], &len[i]); - if(ret<0) - { - TFE_LOG_ERROR(enforcer->logger, "Get decryption param: %s", table_line); - goto error_out; - } - json_str[i]=ALLOC(char, len[i]+1); - memcpy(json_str[i], table_line+offset[i], len[i]); - json[i]=cJSON_Parse(json_str[i]); - if(json[i]==NULL) - { - TFE_LOG_ERROR(enforcer->logger, "Invalid decryption parameter: %s", table_line); - goto error_out; - } + TFE_LOG_ERROR(enforcer->logger, "Get decryption param: %s", table_line); + goto error_out; + } + json_str=ALLOC(char, len+1); + memcpy(json_str, table_line+offset, len); + json=cJSON_Parse(json_str); + if(json==NULL) + { + TFE_LOG_ERROR(enforcer->logger, "Invalid decryption parameter: %s", table_line); + goto error_out; } param=ALLOC(struct decryption_param, 1); @@ -309,7 +305,7 @@ void profile_param_new_cb(int table_id, const char* key, const char* table_line, param->bypass_pinning=1; param->mirror_client_version=1; - exclusions=cJSON_GetObjectItem(json[0], "dynamic_bypass"); + exclusions=cJSON_GetObjectItem(json, "dynamic_bypass"); if(exclusions) { item=cJSON_GetObjectItem(exclusions, "ev_cert"); @@ -324,7 +320,7 @@ void profile_param_new_cb(int table_id, const char* key, const char* table_line, if(item && item->type==cJSON_Number) param->bypass_protocol_errors=item->valueint; } - ssl_ver=cJSON_GetObjectItem(json[1], "protocol_version"); + ssl_ver=cJSON_GetObjectItem(json, "protocol_version"); if(ssl_ver) { item=cJSON_GetObjectItem(ssl_ver, "mirror_client"); @@ -344,7 +340,7 @@ void profile_param_new_cb(int table_id, const char* key, const char* table_line, item=cJSON_GetObjectItem(ssl_ver, "allow_http2"); if(item && item->type==cJSON_Number) param->allow_http2=item->valueint; } - cert_verify=cJSON_GetObjectItem(json[2], "certificate_checks"); + cert_verify=cJSON_GetObjectItem(json, "certificate_checks"); if(cert_verify) { approach=cJSON_GetObjectItem(cert_verify, "approach"); @@ -370,15 +366,12 @@ void profile_param_new_cb(int table_id, const char* key, const char* table_line, } *ad=param; - TFE_LOG_INFO(enforcer->logger, "decryption profile key=%s, value=%s, %s, %s", key, json_str[0], json_str[1], json_str[2]); + TFE_LOG_INFO(enforcer->logger, "decryption profile key=%s, value=%s", key, json_str); error_out: - for (i=0; i<3; i++) - { - if (json[i]) - cJSON_Delete(json[i]); - if (json_str[i]) - free(json_str[i]); - } + if (json) + cJSON_Delete(json); + if (json_str) + free(json_str); return; } struct ssl_policy_enforcer* ssl_policy_enforcer_create(void* logger)