gfwleak/tango-verify-policy
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-15049 修复命中路径越界导致策略验证重启

Browse Source
This commit is contained in:
fengweihao
2023-05-15 15:21:39 +08:00
parent 412d6f8944
commit 0c0c6bdeac
1 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
platform/src/verify_matcher.cpp
View File

@@ -141,7 +141,7 @@ struct policy_scan_ctx
size_t n_enforce; size_t n_enforce;
struct rule_data_ctx * enforce_rules; struct rule_data_ctx * enforce_rules;
int n_read; int n_read;
struct maat_hit_path hit_path[2048]; struct maat_hit_path hit_path[HIT_PATH_SIZE];
int tunnel_endpoint_x; int tunnel_endpoint_x;
int bool_id_array_idx; int bool_id_array_idx;
@@ -1164,7 +1164,7 @@ int ip_location_scan(long long *result, struct ip_addr *sip, struct ip_addr *dip
size_t n_hit_result=0; size_t n_hit_result=0;
int scan_ret=0, hit_cnt_ip=0; int scan_ret=0, hit_cnt_ip=0;
char buff[VERIFY_STRING_MAX * 2]={0}; char buff[VERIFY_STRING_MAX * 2]={0};
struct maat_hit_path hit_path[2048]; struct maat_hit_path hit_path[HIT_PATH_SIZE];
struct ip_data_table* ip_location_client=NULL, *ip_location_server=NULL; struct ip_data_table* ip_location_client=NULL, *ip_location_server=NULL;
maat_ip_plugin_table_get_ex_data(g_policy_rt->feather[vsys_id], g_policy_rt->profile_table_id[POLICY_LOCATION_USER_DEFINED], sip, (void **)&ip_location_client, 1); maat_ip_plugin_table_get_ex_data(g_policy_rt->feather[vsys_id], g_policy_rt->profile_table_id[POLICY_LOCATION_USER_DEFINED], sip, (void **)&ip_location_client, 1);
@@ -1209,7 +1209,7 @@ int ip_location_scan(long long *result, struct ip_addr *sip, struct ip_addr *dip
{ {
hit_cnt_ip+=n_hit_result; hit_cnt_ip+=n_hit_result;
} }
ctx->n_read=maat_state_get_hit_paths(ctx->scan_mid, hit_path, sizeof(hit_path)); ctx->n_read=maat_state_get_hit_paths(ctx->scan_mid, hit_path, HIT_PATH_SIZE);
} }
if(ip_location_client!=NULL) if(ip_location_client!=NULL)
{ {
@@ -1241,7 +1241,7 @@ int ip_location_scan(long long *result, struct ip_addr *sip, struct ip_addr *dip
{ {
hit_cnt_ip+=n_hit_result; hit_cnt_ip+=n_hit_result;
} }
ctx->n_read=maat_state_get_hit_paths(ctx->scan_mid, hit_path, sizeof(hit_path)); ctx->n_read=maat_state_get_hit_paths(ctx->scan_mid, hit_path, HIT_PATH_SIZE);
} }
if(ip_location_server) if(ip_location_server)
@@ -1255,7 +1255,7 @@ int http_ip_asn_scan(long long *result, struct ip_addr* sip, struct ip_addr* dip
{ {
size_t n_hit_result=0; size_t n_hit_result=0;
int scan_ret=0, hit_cnt_ip=0; int scan_ret=0, hit_cnt_ip=0;
struct maat_hit_path hit_path[2048]; struct maat_hit_path hit_path[HIT_PATH_SIZE];
struct ip_data_table* ip_asn_client=NULL, *ip_asn_server=NULL; struct ip_data_table* ip_asn_client=NULL, *ip_asn_server=NULL;
maat_ip_plugin_table_get_ex_data(g_policy_rt->feather[vsys_id], g_policy_rt->profile_table_id[POLICY_ASN_USER_DEFINED], sip, (void **)&ip_asn_client, 1); maat_ip_plugin_table_get_ex_data(g_policy_rt->feather[vsys_id], g_policy_rt->profile_table_id[POLICY_ASN_USER_DEFINED], sip, (void **)&ip_asn_client, 1);
@@ -1284,7 +1284,7 @@ int http_ip_asn_scan(long long *result, struct ip_addr* sip, struct ip_addr* dip
{ {
hit_cnt_ip+=n_hit_result; hit_cnt_ip+=n_hit_result;
} }
ctx->n_read=maat_state_get_hit_paths(ctx->scan_mid, hit_path, sizeof(hit_path)); ctx->n_read=maat_state_get_hit_paths(ctx->scan_mid, hit_path, HIT_PATH_SIZE);
} }
if(ip_asn_client!=NULL) if(ip_asn_client!=NULL)
{ {
@@ -1299,7 +1299,7 @@ int http_ip_asn_scan(long long *result, struct ip_addr* sip, struct ip_addr* dip
{ {
hit_cnt_ip+=n_hit_result; hit_cnt_ip+=n_hit_result;
} }
ctx->n_read=maat_state_get_hit_paths(ctx->scan_mid, hit_path, sizeof(hit_path)); ctx->n_read=maat_state_get_hit_paths(ctx->scan_mid, hit_path, HIT_PATH_SIZE);
} }
if(ip_asn_server) if(ip_asn_server)
ip_table_free(ip_asn_server); ip_table_free(ip_asn_server);