summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJose Bollo <jose.bollo@iot.bzh>2019-12-20 14:55:28 +0100
committerJose Bollo <jose.bollo@iot.bzh>2019-12-20 14:58:10 +0100
commit2ed1d659b481c50380faed568818443d092f06ec (patch)
tree95d4cff1564446a8821f8fb31cc805c89992fcab
parent6422dd2e6bee2903690fe430b0e7a666179ec163 (diff)
afb-token: Fix a critical bugicefish_8.99.4icefish/8.99.48.99.4
Management of tokens had a big bug, due to insufficent testing. This fixes the issue that leaded to memory crashes. BUG-AGL: SPEC-3066 Change-Id: If967ec58ed04dc715d255a5e7c2196133ce3ec4a Signed-off-by: Jose Bollo <jose.bollo@iot.bzh>
-rw-r--r--src/afb-token.c7
-rw-r--r--src/main-afb-client-demo.c68
2 files changed, 56 insertions, 19 deletions
diff --git a/src/afb-token.c b/src/afb-token.c
index f6f5eb73..21eb3c0e 100644
--- a/src/afb-token.c
+++ b/src/afb-token.c
@@ -86,7 +86,7 @@ int afb_token_get(struct afb_token **token, const char *tokenstring)
/* search the token */
tok = tokenset.first;
- while (tok && memcmp(tokenstring, tok->text, length))
+ while (tok && (memcmp(tokenstring, tok->text, length) || tokenstring[length]))
tok = tok->next;
/* search done */
@@ -96,7 +96,7 @@ int afb_token_get(struct afb_token **token, const char *tokenstring)
rc = 0;
} else {
/* not found, create */
- tok = malloc(length + sizeof *tok);
+ tok = malloc(length + 1 + sizeof *tok);
if (!tok)
/* creation failed */
rc = -ENOMEM;
@@ -106,7 +106,7 @@ int afb_token_get(struct afb_token **token, const char *tokenstring)
tokenset.first = tok;
tok->id = tokenset.idgen;
tok->refcount = 1;
- memcpy(tok->text, tokenstring, length);
+ memcpy(tok->text, tokenstring, length + 1);
rc = 0;
}
}
@@ -140,6 +140,7 @@ void afb_token_unref(struct afb_token *token)
pthread_mutex_lock(&tokenset.mutex);
pt = &tokenset.first;
while (*pt && *pt != token)
+ pt = &(*pt)->next;
if (*pt)
*pt = token->next;
pthread_mutex_unlock(&tokenset.mutex);
diff --git a/src/main-afb-client-demo.c b/src/main-afb-client-demo.c
index b5877485..2a85cdae 100644
--- a/src/main-afb-client-demo.c
+++ b/src/main-afb-client-demo.c
@@ -102,7 +102,11 @@ static int synchro;
static int usein;
static sd_event *loop;
static sd_event_source *evsrc;
-static char *sessionid = "afb-client-demo";
+static char *uuid;
+static char *token;
+static uint16_t numuuid;
+static uint16_t numtoken;
+static char *url;
static int exitcode = 0;
/* print usage of the program */
@@ -110,19 +114,21 @@ static void usage(int status, char *arg0)
{
char *name = strrchr(arg0, '/');
name = name ? name + 1 : arg0;
- fprintf(status ? stderr : stdout, "usage: %s [-H [-r]] [-b] [-e] uri [api verb [data]]\n", name);
- fprintf(status ? stderr : stdout, " %s -d [-H [-r]] [-b] [-e] uri [verb [data]]\n", name);
+ fprintf(status ? stderr : stdout, "usage: %s [options]... uri [api verb [data]]\n", name);
+ fprintf(status ? stderr : stdout, " %s -d [options]... uri [verb [data]]\n", name);
fprintf(status ? stderr : stdout, "\n"
"allowed options\n"
- " --break, -b Break connection just after event/call has been emitted.\n"
- " --direct, -d Direct api\n"
- " --echo, -e Echo inputs\n"
- " --help, -h Display this help\n"
- " --human, -H Display human readable JSON\n"
- " --raw, -r Raw output (default)\n"
- " --sync, -s Synchronous: wait for answers (like -p 1)\n"
- " --keep-running, -k Keep running until disconnect, even if input closed\n"
- " --pipe, -p COUNT Allow to pipe COUNT requests\n"
+ " -b, --break Break connection just after event/call has been emitted.\n"
+ " -d, --direct Direct api\n"
+ " -e, --echo Echo inputs\n"
+ " -h, --help Display this help\n"
+ " -H, --human Display human readable JSON\n"
+ " -k, --keep-running Keep running until disconnect, even if input closed\n"
+ " -p, --pipe COUNT Allow to pipe COUNT requests\n"
+ " -r, --raw Raw output (default)\n"
+ " -s, --sync Synchronous: wait for answers (like -p 1)\n"
+ " -t, --token TOKEN The token to use"
+ " -u, --uuid UUID The identifier of session to use"
"Example:\n"
" %s --human 'localhost:1234/api?token=HELLO&uuid=magic' hello ping\n"
"\n", name
@@ -171,7 +177,16 @@ int main(int ac, char **av, char **env)
av++;
ac--;
}
-
+ else if (!strcmp(an, "--token") && av[2]) { /* token to use */
+ token = av[2];
+ av++;
+ ac--;
+ }
+ else if (!strcmp(an, "--uuid") && av[2]) { /* session id to join */
+ uuid = av[2];
+ av++;
+ ac--;
+ }
/* emit usage and exit */
else
usage(strcmp(an, "--help") ? Exit_Bad_Arg : Exit_Success, a0);
@@ -186,8 +201,12 @@ int main(int ac, char **av, char **env)
case 'k': keeprun = 1; break;
case 's': synchro = 1; break;
case 'e': echo = 1; break;
+ case 't': if (!av[2]) usage(Exit_Bad_Arg, a0); token = av[2]; av++; ac--; break;
+ case 'u': if (!av[2]) usage(Exit_Bad_Arg, a0); uuid = av[2]; av++; ac--; break;
case 'p': if (av[2] && atoi(av[2]) > 0) { synchro = atoi(av[2]); av++; ac--; break; } /*@fallthrough@*/
- default: usage(an[rc] != 'h' ? Exit_Bad_Arg : Exit_Success, a0);
+ default:
+ usage(an[rc] != 'h' ? Exit_Bad_Arg : Exit_Success, a0);
+ break;
}
}
av++;
@@ -217,8 +236,25 @@ int main(int ac, char **av, char **env)
return Exit_Cant_Connect;
}
afb_proto_ws_on_hangup(pws, on_pws_hangup);
+ if (uuid) {
+ numuuid = 1;
+ afb_proto_ws_client_session_create(pws, numuuid, uuid);
+ }
+ if (token) {
+ numtoken = 1;
+ afb_proto_ws_client_token_create(pws, numtoken, token);
+ }
} else {
- wsj1 = afb_ws_client_connect_wsj1(loop, av[1], &wsj1_itf, NULL);
+ rc = asprintf(&url, "%s%s%s%s%s%s%s",
+ av[1],
+ uuid || token ? "?" : "",
+ uuid ? "uuid=" : "",
+ uuid ?: "",
+ uuid && token ? "&" : "",
+ token ? "token=" : "",
+ token ?: ""
+ );
+ wsj1 = afb_ws_client_connect_wsj1(loop, url, &wsj1_itf, NULL);
if (wsj1 == NULL) {
fprintf(stderr, "connection to %s failed: %m\n", av[1]);
return Exit_Cant_Connect;
@@ -564,7 +600,7 @@ static void pws_call(const char *verb, const char *object)
if (jerr != json_tokener_success)
o = json_object_new_string(object);
}
- rc = afb_proto_ws_client_call(pws, verb, o, 0, 0, key, NULL);
+ rc = afb_proto_ws_client_call(pws, verb, o, numuuid, numtoken, key, NULL);
json_object_put(o);
if (rc < 0) {
fprintf(stderr, "calling %s(%s) failed: %m\n", verb, object?:"");