Skip to content

Commit

Permalink
client: remove usage of unsafe sprintf function
Browse files Browse the repository at this point in the history
  • Loading branch information
@joelguittet
joelguittet committed May 27, 2024
1 parent 13f4255 commit 7143016
Show file tree
Hide file tree
Showing 11 changed files with 110 additions and 86 deletions.
82 changes: 46 additions & 36 deletions core/src/mender-api.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,10 +130,10 @@ mender_err_t
mender_api_perform_authentication(void) {

mender_err_t ret;
char * public_key_pem = NULL;
cJSON * json_identity = NULL;
char * tmp = NULL;
char * identity = NULL;
char * public_key_pem = NULL;
cJSON * json_payload = NULL;
char * payload = NULL;
char * response = NULL;
char * signature = NULL;
Expand All @@ -156,30 +156,22 @@ mender_api_perform_authentication(void) {
ret = MENDER_FAIL;
goto END;
}
if (NULL == (tmp = mender_utils_str_replace(identity, "\"", "\\\""))) {

/* Format payload */
if (NULL == (json_payload = cJSON_CreateObject())) {
mender_log_error("Unable to allocate memory");
ret = MENDER_FAIL;
goto END;
}
identity = tmp;

/* Format payload */
cJSON_AddStringToObject(json_payload, "id_data", identity);
cJSON_AddStringToObject(json_payload, "pubkey", public_key_pem);
if (NULL != mender_api_config.tenant_token) {
if (NULL
== (payload = (char *)malloc(strlen("{ \"id_data\": \"\", \"pubkey\": \"\", \"tenant_token\": \"\" }") + strlen(identity) + strlen(public_key_pem)
+ strlen(mender_api_config.tenant_token) + 1))) {
mender_log_error("Unable to allocate memory");
ret = MENDER_FAIL;
goto END;
}
sprintf(payload, "{ \"id_data\": \"%s\", \"pubkey\": \"%s\", \"tenant_token\": \"%s\" }", identity, public_key_pem, mender_api_config.tenant_token);
} else {
if (NULL == (payload = (char *)malloc(strlen("{ \"id_data\": \"\", \"pubkey\": \"\" }") + strlen(identity) + strlen(public_key_pem) + 1))) {
mender_log_error("Unable to allocate memory");
ret = MENDER_FAIL;
goto END;
}
sprintf(payload, "{ \"id_data\": \"%s\", \"pubkey\": \"%s\" }", identity, public_key_pem);
cJSON_AddStringToObject(json_payload, "tenant_token", mender_api_config.tenant_token);
}
if (NULL == (payload = cJSON_PrintUnformatted(json_payload))) {
mender_log_error("Unable to allocate memory");
ret = MENDER_FAIL;
goto END;
}

/* Sign payload */
Expand Down Expand Up @@ -235,15 +227,18 @@ mender_api_perform_authentication(void) {
if (NULL != payload) {
free(payload);
}
if (NULL != public_key_pem) {
free(public_key_pem);
if (NULL != json_payload) {
cJSON_Delete(json_payload);
}
if (NULL != identity) {
free(identity);
}
if (NULL != json_identity) {
cJSON_Delete(json_identity);
}
if (NULL != public_key_pem) {
free(public_key_pem);
}

return ret;
}
Expand All @@ -260,14 +255,19 @@ mender_api_check_for_deployment(char **id, char **artifact_name, char **uri) {
int status = 0;

/* Compute path */
if (NULL
== (path = (char *)malloc(strlen("?artifact_name=&device_type=") + strlen(MENDER_API_PATH_GET_NEXT_DEPLOYMENT) + strlen(mender_api_config.artifact_name)
+ strlen(mender_api_config.device_type) + 1))) {
size_t str_length = strlen("?artifact_name=&device_type=") + strlen(MENDER_API_PATH_GET_NEXT_DEPLOYMENT) + strlen(mender_api_config.artifact_name)
+ strlen(mender_api_config.device_type) + 1;
if (NULL == (path = (char *)malloc(str_length))) {
mender_log_error("Unable to allocate memory");
ret = MENDER_FAIL;
goto END;
}
sprintf(path, "%s?artifact_name=%s&device_type=%s", MENDER_API_PATH_GET_NEXT_DEPLOYMENT, mender_api_config.artifact_name, mender_api_config.device_type);
snprintf(path,
str_length,
"%s?artifact_name=%s&device_type=%s",
MENDER_API_PATH_GET_NEXT_DEPLOYMENT,
mender_api_config.artifact_name,
mender_api_config.device_type);

/* Perform HTTP request */
if (MENDER_OK
Expand Down Expand Up @@ -348,11 +348,12 @@ mender_api_publish_deployment_status(char *id, mender_deployment_status_t deploy

assert(NULL != id);
mender_err_t ret;
char * value = NULL;
char * payload = NULL;
char * path = NULL;
char * response = NULL;
int status = 0;
char * value = NULL;
cJSON * json_payload = NULL;
char * payload = NULL;
char * path = NULL;
char * response = NULL;
int status = 0;

/* Deployment status to string */
if (NULL == (value = mender_utils_deployment_status_to_string(deployment_status))) {
Expand All @@ -362,20 +363,26 @@ mender_api_publish_deployment_status(char *id, mender_deployment_status_t deploy
}

/* Format payload */
if (NULL == (payload = (char *)malloc(strlen("{ \"status\": \"\" }") + strlen(value) + 1))) {
if (NULL == (json_payload = cJSON_CreateObject())) {
mender_log_error("Unable to allocate memory");
ret = MENDER_FAIL;
goto END;
}
cJSON_AddStringToObject(json_payload, "status", value);
if (NULL == (payload = cJSON_PrintUnformatted(json_payload))) {
mender_log_error("Unable to allocate memory");
ret = MENDER_FAIL;
goto END;
}
sprintf(payload, "{ \"status\": \"%s\" }", value);

/* Compute path */
if (NULL == (path = (char *)malloc(strlen(MENDER_API_PATH_PUT_DEPLOYMENT_STATUS) - strlen("%s") + strlen(id) + 1))) {
size_t str_length = strlen(MENDER_API_PATH_PUT_DEPLOYMENT_STATUS) - strlen("%s") + strlen(id) + 1;
if (NULL == (path = (char *)malloc(str_length))) {
mender_log_error("Unable to allocate memory");
ret = MENDER_FAIL;
goto END;
}
sprintf(path, MENDER_API_PATH_PUT_DEPLOYMENT_STATUS, id);
snprintf(path, str_length, MENDER_API_PATH_PUT_DEPLOYMENT_STATUS, id);

/* Perform HTTP request */
if (MENDER_OK
Expand Down Expand Up @@ -405,6 +412,9 @@ mender_api_publish_deployment_status(char *id, mender_deployment_status_t deploy
if (NULL != payload) {
free(payload);
}
if (NULL != json_payload) {
cJSON_Delete(json_payload);
}

return ret;
}
Expand Down
5 changes: 3 additions & 2 deletions core/src/mender-artifact.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -307,11 +307,12 @@ mender_artifact_parse_tar_header(mender_artifact_ctx_t *ctx) {

/* Compute the new file name */
if (NULL != ctx->file.name) {
if (NULL == (tmp = (char *)malloc(strlen(ctx->file.name) + strlen("/") + strlen(tar_header->name) + 1))) {
size_t str_length = strlen(ctx->file.name) + strlen("/") + strlen(tar_header->name) + 1;
if (NULL == (tmp = (char *)malloc(str_length))) {
mender_log_error("Unable to allocate memory");
return MENDER_FAIL;
}
sprintf(tmp, "%s/%s", ctx->file.name, tar_header->name);
snprintf(tmp, str_length, "%s/%s", ctx->file.name, tar_header->name);
} else {
if (NULL == (tmp = strdup(tar_header->name))) {
mender_log_error("Unable to allocate memory");
Expand Down
5 changes: 3 additions & 2 deletions platform/flash/posix/src/mender-flash.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,11 +53,12 @@ mender_flash_open(char *name, size_t size, void **handle) {
mender_log_info("Start flashing artifact '%s' with size %d", name, size);

/* Compute path */
if (NULL == (path = (char *)malloc(strlen(CONFIG_MENDER_FLASH_PATH) + strlen(name) + 1))) {
size_t str_length = strlen(CONFIG_MENDER_FLASH_PATH) + strlen(name) + 1;
if (NULL == (path = (char *)malloc(str_length))) {
mender_log_error("Unable to allocate memory");
return MENDER_FAIL;
}
sprintf(path, "%s%s", CONFIG_MENDER_FLASH_PATH, name);
snprintf(path, str_length, "%s%s", CONFIG_MENDER_FLASH_PATH, name);

/* Begin deployment with sequential writes */
if (NULL == (*handle = fopen(path, "wb"))) {
Expand Down
10 changes: 6 additions & 4 deletions platform/net/esp-idf/src/mender-http.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,12 +87,13 @@ mender_http_perform(char * jwt,

/* Compute URL if required */
if ((false == mender_utils_strbeginwith(path, "http://")) && (false == mender_utils_strbeginwith(path, "https://"))) {
if (NULL == (url = (char *)malloc(strlen(mender_http_config.host) + strlen(path) + 1))) {
size_t str_length = strlen(mender_http_config.host) + strlen(path) + 1;
if (NULL == (url = (char *)malloc(str_length))) {
mender_log_error("Unable to allocate memory");
ret = MENDER_FAIL;
goto END;
}
sprintf(url, "%s%s", mender_http_config.host, path);
snprintf(url, str_length, "%s%s", mender_http_config.host, path);
}

/* Configuration of the client */
Expand All @@ -107,12 +108,13 @@ mender_http_perform(char * jwt,
}
esp_http_client_set_method(client, mender_http_method_to_esp_http_client_method(method));
if (NULL != jwt) {
if (NULL == (bearer = (char *)malloc(strlen("Bearer ") + strlen(jwt) + 1))) {
size_t str_length = strlen("Bearer ") + strlen(jwt) + 1;
if (NULL == (bearer = (char *)malloc(str_length))) {
mender_log_error("Unable to allocate memory");
ret = MENDER_FAIL;
goto END;
}
sprintf(bearer, "Bearer %s", jwt);
snprintf(bearer, str_length, "Bearer %s", jwt);
esp_http_client_set_header(client, "Authorization", bearer);
}
if (NULL != signature) {
Expand Down
15 changes: 9 additions & 6 deletions platform/net/esp-idf/src/mender-websocket.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,19 +130,21 @@ mender_websocket_connect(
/* Compute URL if required */
if ((false == mender_utils_strbeginwith(path, "ws://")) && (false == mender_utils_strbeginwith(path, "wss://"))) {
if ((true == mender_utils_strbeginwith(path, "http://")) || (true == mender_utils_strbeginwith(mender_websocket_config.host, "http://"))) {
if (NULL == (url = (char *)malloc(strlen(mender_websocket_config.host) - strlen("http://") + strlen("ws://") + strlen(path) + 1))) {
size_t str_length = strlen(mender_websocket_config.host) - strlen("http://") + strlen("ws://") + strlen(path) + 1;
if (NULL == (url = (char *)malloc(str_length))) {
mender_log_error("Unable to allocate memory");
ret = MENDER_FAIL;
goto FAIL;
}
sprintf(url, "ws://%s%s", mender_websocket_config.host + strlen("http://"), path);
snprintf(url, str_length, "ws://%s%s", mender_websocket_config.host + strlen("http://"), path);
} else if ((true == mender_utils_strbeginwith(path, "https://")) || (true == mender_utils_strbeginwith(mender_websocket_config.host, "https://"))) {
if (NULL == (url = (char *)malloc(strlen(mender_websocket_config.host) - strlen("https://") + strlen("wss://") + strlen(path) + 1))) {
size_t str_length = strlen(mender_websocket_config.host) - strlen("https://") + strlen("wss://") + strlen(path) + 1;
if (NULL == (url = (char *)malloc(str_length))) {
mender_log_error("Unable to allocate memory");
ret = MENDER_FAIL;
goto FAIL;
}
sprintf(url, "wss://%s%s", mender_websocket_config.host + strlen("https://"), path);
snprintf(url, str_length, "wss://%s%s", mender_websocket_config.host + strlen("https://"), path);
}
}

Expand All @@ -161,12 +163,13 @@ mender_websocket_connect(
config.transport = WEBSOCKET_TRANSPORT_UNKNOWN;
}
if (NULL != jwt) {
if (NULL == (bearer = (char *)malloc(strlen("Authorization: Bearer ") + strlen(jwt) + strlen("\r\n") + 1))) {
size_t str_length = strlen("Authorization: Bearer ") + strlen(jwt) + strlen("\r\n") + 1;
if (NULL == (bearer = (char *)malloc(str_length))) {
mender_log_error("Unable to allocate memory");
ret = MENDER_FAIL;
goto END;
}
sprintf(bearer, "Authorization: Bearer %s\r\n", jwt);
snprintf(bearer, str_length, "Authorization: Bearer %s\r\n", jwt);
}
config.headers = bearer;

Expand Down
15 changes: 9 additions & 6 deletions platform/net/generic/curl/src/mender-http.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,12 +111,13 @@ mender_http_perform(char * jwt,

/* Compute URL if required */
if ((false == mender_utils_strbeginwith(path, "http://")) && (false == mender_utils_strbeginwith(path, "https://"))) {
if (NULL == (url = (char *)malloc(strlen(mender_http_config.host) + strlen(path) + 1))) {
size_t str_length = strlen(mender_http_config.host) + strlen(path) + 1;
if (NULL == (url = (char *)malloc(str_length))) {
mender_log_error("Unable to allocate memory");
ret = MENDER_FAIL;
goto END;
}
sprintf(url, "%s%s", mender_http_config.host, path);
snprintf(url, str_length, "%s%s", mender_http_config.host, path);
}

/* Initialization of the client */
Expand Down Expand Up @@ -164,21 +165,23 @@ mender_http_perform(char * jwt,
goto END;
}
if (NULL != jwt) {
if (NULL == (bearer = (char *)malloc(strlen("Authorization: Bearer ") + strlen(jwt) + 1))) {
size_t str_length = strlen("Authorization: Bearer ") + strlen(jwt) + 1;
if (NULL == (bearer = (char *)malloc(str_length))) {
mender_log_error("Unable to allocate memory");
ret = MENDER_FAIL;
goto END;
}
sprintf(bearer, "Authorization: Bearer %s", jwt);
snprintf(bearer, str_length, "Authorization: Bearer %s", jwt);
headers = curl_slist_append(headers, bearer);
}
if (NULL != signature) {
if (NULL == (x_men_signature = (char *)malloc(strlen("X-MEN-Signature: ") + strlen(signature) + 1))) {
size_t str_length = strlen("X-MEN-Signature: ") + strlen(signature) + 1;
if (NULL == (x_men_signature = (char *)malloc(str_length))) {
mender_log_error("Unable to allocate memory");
ret = MENDER_FAIL;
goto END;
}
sprintf(x_men_signature, "X-MEN-Signature: %s", signature);
snprintf(x_men_signature, str_length, "X-MEN-Signature: %s", signature);
headers = curl_slist_append(headers, x_men_signature);
}
if (NULL != payload) {
Expand Down
15 changes: 9 additions & 6 deletions platform/net/generic/curl/src/mender-websocket.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -145,19 +145,21 @@ mender_websocket_connect(
/* Compute URL if required */
if ((false == mender_utils_strbeginwith(path, "ws://")) && (false == mender_utils_strbeginwith(path, "wss://"))) {
if ((true == mender_utils_strbeginwith(path, "http://")) || (true == mender_utils_strbeginwith(mender_websocket_config.host, "http://"))) {
if (NULL == (url = (char *)malloc(strlen(mender_websocket_config.host) - strlen("http://") + strlen("ws://") + strlen(path) + 1))) {
size_t str_length = strlen(mender_websocket_config.host) - strlen("http://") + strlen("ws://") + strlen(path) + 1;
if (NULL == (url = (char *)malloc(str_length))) {
mender_log_error("Unable to allocate memory");
ret = MENDER_FAIL;
goto FAIL;
}
sprintf(url, "ws://%s%s", mender_websocket_config.host + strlen("http://"), path);
snprintf(url, str_length, "ws://%s%s", mender_websocket_config.host + strlen("http://"), path);
} else if ((true == mender_utils_strbeginwith(path, "https://")) || (true == mender_utils_strbeginwith(mender_websocket_config.host, "https://"))) {
if (NULL == (url = (char *)malloc(strlen(mender_websocket_config.host) - strlen("https://") + strlen("wss://") + strlen(path) + 1))) {
size_t str_length = strlen(mender_websocket_config.host) - strlen("https://") + strlen("wss://") + strlen(path) + 1;
if (NULL == (url = (char *)malloc(str_length))) {
mender_log_error("Unable to allocate memory");
ret = MENDER_FAIL;
goto FAIL;
}
sprintf(url, "wss://%s%s", mender_websocket_config.host + strlen("https://"), path);
snprintf(url, str_length, "wss://%s%s", mender_websocket_config.host + strlen("https://"), path);
}
}

Expand Down Expand Up @@ -205,12 +207,13 @@ mender_websocket_connect(
goto FAIL;
}
if (NULL != jwt) {
if (NULL == (bearer = (char *)malloc(strlen("Authorization: Bearer ") + strlen(jwt) + 1))) {
size_t str_length = strlen("Authorization: Bearer ") + strlen(jwt) + 1;
if (NULL == (bearer = (char *)malloc(str_length))) {
mender_log_error("Unable to allocate memory");
ret = MENDER_FAIL;
goto FAIL;
}
sprintf(bearer, "Authorization: Bearer %s", jwt);
snprintf(bearer, str_length, "Authorization: Bearer %s", jwt);
((mender_websocket_handle_t *)*handle)->headers = curl_slist_append(((mender_websocket_handle_t *)*handle)->headers, bearer);
}
if (NULL != ((mender_websocket_handle_t *)*handle)->headers) {
Expand Down
15 changes: 9 additions & 6 deletions platform/net/zephyr/src/mender-http.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -138,29 +138,32 @@ mender_http_perform(char * jwt,
goto END;
}
request.recv_buf_len = MENDER_HTTP_RECV_BUF_LENGTH;
if (NULL == (header_fields[header_index] = malloc(strlen("User-Agent: ") + strlen(MENDER_HTTP_USER_AGENT) + strlen("\r\n") + 1))) {
size_t str_length = strlen("User-Agent: ") + strlen(MENDER_HTTP_USER_AGENT) + strlen("\r\n") + 1;
if (NULL == (header_fields[header_index] = malloc(str_length))) {
mender_log_error("Unable to allocate memory");
ret = MENDER_FAIL;
goto END;
}
sprintf(header_fields[header_index], "User-Agent: %s\r\n", MENDER_HTTP_USER_AGENT);
snprintf(header_fields[header_index], str_length, "User-Agent: %s\r\n", MENDER_HTTP_USER_AGENT);
header_index++;
if (NULL != jwt) {
if (NULL == (header_fields[header_index] = (char *)malloc(strlen("Authorization: Bearer ") + strlen(jwt) + strlen("\r\n") + 1))) {
str_length = strlen("Authorization: Bearer ") + strlen(jwt) + strlen("\r\n") + 1;
if (NULL == (header_fields[header_index] = (char *)malloc(str_length))) {
mender_log_error("Unable to allocate memory");
ret = MENDER_FAIL;
goto END;
}
sprintf(header_fields[header_index], "Authorization: Bearer %s\r\n", jwt);
snprintf(header_fields[header_index], str_length, "Authorization: Bearer %s\r\n", jwt);
header_index++;
}
if (NULL != signature) {
if (NULL == (header_fields[header_index] = (char *)malloc(strlen("X-MEN-Signature: ") + strlen(signature) + strlen("\r\n") + 1))) {
str_length = strlen("X-MEN-Signature: ") + strlen(signature) + strlen("\r\n") + 1;
if (NULL == (header_fields[header_index] = (char *)malloc(str_length))) {
mender_log_error("Unable to allocate memory");
ret = MENDER_FAIL;
goto END;
}
sprintf(header_fields[header_index], "X-MEN-Signature: %s\r\n", signature);
snprintf(header_fields[header_index], str_length, "X-MEN-Signature: %s\r\n", signature);
header_index++;
}
if (NULL != payload) {
Expand Down
Loading

0 comments on commit 7143016

Please sign in to comment.