diff options
author | Jose Bollo <jose.bollo@iot.bzh> | 2019-12-20 14:55:28 +0100 |
---|---|---|
committer | Jose Bollo <jose.bollo@iot.bzh> | 2019-12-20 14:58:10 +0100 |
commit | 2ed1d659b481c50380faed568818443d092f06ec (patch) | |
tree | 95d4cff1564446a8821f8fb31cc805c89992fcab | |
parent | 6422dd2e6bee2903690fe430b0e7a666179ec163 (diff) |
afb-token: Fix a critical bugicefish_8.99.4icefish/8.99.48.99.4
Management of tokens had a big bug, due to insufficent testing.
This fixes the issue that leaded to memory crashes.
BUG-AGL: SPEC-3066
Change-Id: If967ec58ed04dc715d255a5e7c2196133ce3ec4a
Signed-off-by: Jose Bollo <jose.bollo@iot.bzh>
-rw-r--r-- | src/afb-token.c | 7 | ||||
-rw-r--r-- | src/main-afb-client-demo.c | 68 |
2 files changed, 56 insertions, 19 deletions
diff --git a/src/afb-token.c b/src/afb-token.c index f6f5eb73..21eb3c0e 100644 --- a/src/afb-token.c +++ b/src/afb-token.c @@ -86,7 +86,7 @@ int afb_token_get(struct afb_token **token, const char *tokenstring) /* search the token */ tok = tokenset.first; - while (tok && memcmp(tokenstring, tok->text, length)) + while (tok && (memcmp(tokenstring, tok->text, length) || tokenstring[length])) tok = tok->next; /* search done */ @@ -96,7 +96,7 @@ int afb_token_get(struct afb_token **token, const char *tokenstring) rc = 0; } else { /* not found, create */ - tok = malloc(length + sizeof *tok); + tok = malloc(length + 1 + sizeof *tok); if (!tok) /* creation failed */ rc = -ENOMEM; @@ -106,7 +106,7 @@ int afb_token_get(struct afb_token **token, const char *tokenstring) tokenset.first = tok; tok->id = tokenset.idgen; tok->refcount = 1; - memcpy(tok->text, tokenstring, length); + memcpy(tok->text, tokenstring, length + 1); rc = 0; } } @@ -140,6 +140,7 @@ void afb_token_unref(struct afb_token *token) pthread_mutex_lock(&tokenset.mutex); pt = &tokenset.first; while (*pt && *pt != token) + pt = &(*pt)->next; if (*pt) *pt = token->next; pthread_mutex_unlock(&tokenset.mutex); diff --git a/src/main-afb-client-demo.c b/src/main-afb-client-demo.c index b5877485..2a85cdae 100644 --- a/src/main-afb-client-demo.c +++ b/src/main-afb-client-demo.c @@ -102,7 +102,11 @@ static int synchro; static int usein; static sd_event *loop; static sd_event_source *evsrc; -static char *sessionid = "afb-client-demo"; +static char *uuid; +static char *token; +static uint16_t numuuid; +static uint16_t numtoken; +static char *url; static int exitcode = 0; /* print usage of the program */ @@ -110,19 +114,21 @@ static void usage(int status, char *arg0) { char *name = strrchr(arg0, '/'); name = name ? name + 1 : arg0; - fprintf(status ? stderr : stdout, "usage: %s [-H [-r]] [-b] [-e] uri [api verb [data]]\n", name); - fprintf(status ? stderr : stdout, " %s -d [-H [-r]] [-b] [-e] uri [verb [data]]\n", name); + fprintf(status ? stderr : stdout, "usage: %s [options]... uri [api verb [data]]\n", name); + fprintf(status ? stderr : stdout, " %s -d [options]... uri [verb [data]]\n", name); fprintf(status ? stderr : stdout, "\n" "allowed options\n" - " --break, -b Break connection just after event/call has been emitted.\n" - " --direct, -d Direct api\n" - " --echo, -e Echo inputs\n" - " --help, -h Display this help\n" - " --human, -H Display human readable JSON\n" - " --raw, -r Raw output (default)\n" - " --sync, -s Synchronous: wait for answers (like -p 1)\n" - " --keep-running, -k Keep running until disconnect, even if input closed\n" - " --pipe, -p COUNT Allow to pipe COUNT requests\n" + " -b, --break Break connection just after event/call has been emitted.\n" + " -d, --direct Direct api\n" + " -e, --echo Echo inputs\n" + " -h, --help Display this help\n" + " -H, --human Display human readable JSON\n" + " -k, --keep-running Keep running until disconnect, even if input closed\n" + " -p, --pipe COUNT Allow to pipe COUNT requests\n" + " -r, --raw Raw output (default)\n" + " -s, --sync Synchronous: wait for answers (like -p 1)\n" + " -t, --token TOKEN The token to use" + " -u, --uuid UUID The identifier of session to use" "Example:\n" " %s --human 'localhost:1234/api?token=HELLO&uuid=magic' hello ping\n" "\n", name @@ -171,7 +177,16 @@ int main(int ac, char **av, char **env) av++; ac--; } - + else if (!strcmp(an, "--token") && av[2]) { /* token to use */ + token = av[2]; + av++; + ac--; + } + else if (!strcmp(an, "--uuid") && av[2]) { /* session id to join */ + uuid = av[2]; + av++; + ac--; + } /* emit usage and exit */ else usage(strcmp(an, "--help") ? Exit_Bad_Arg : Exit_Success, a0); @@ -186,8 +201,12 @@ int main(int ac, char **av, char **env) case 'k': keeprun = 1; break; case 's': synchro = 1; break; case 'e': echo = 1; break; + case 't': if (!av[2]) usage(Exit_Bad_Arg, a0); token = av[2]; av++; ac--; break; + case 'u': if (!av[2]) usage(Exit_Bad_Arg, a0); uuid = av[2]; av++; ac--; break; case 'p': if (av[2] && atoi(av[2]) > 0) { synchro = atoi(av[2]); av++; ac--; break; } /*@fallthrough@*/ - default: usage(an[rc] != 'h' ? Exit_Bad_Arg : Exit_Success, a0); + default: + usage(an[rc] != 'h' ? Exit_Bad_Arg : Exit_Success, a0); + break; } } av++; @@ -217,8 +236,25 @@ int main(int ac, char **av, char **env) return Exit_Cant_Connect; } afb_proto_ws_on_hangup(pws, on_pws_hangup); + if (uuid) { + numuuid = 1; + afb_proto_ws_client_session_create(pws, numuuid, uuid); + } + if (token) { + numtoken = 1; + afb_proto_ws_client_token_create(pws, numtoken, token); + } } else { - wsj1 = afb_ws_client_connect_wsj1(loop, av[1], &wsj1_itf, NULL); + rc = asprintf(&url, "%s%s%s%s%s%s%s", + av[1], + uuid || token ? "?" : "", + uuid ? "uuid=" : "", + uuid ?: "", + uuid && token ? "&" : "", + token ? "token=" : "", + token ?: "" + ); + wsj1 = afb_ws_client_connect_wsj1(loop, url, &wsj1_itf, NULL); if (wsj1 == NULL) { fprintf(stderr, "connection to %s failed: %m\n", av[1]); return Exit_Cant_Connect; @@ -564,7 +600,7 @@ static void pws_call(const char *verb, const char *object) if (jerr != json_tokener_success) o = json_object_new_string(object); } - rc = afb_proto_ws_client_call(pws, verb, o, 0, 0, key, NULL); + rc = afb_proto_ws_client_call(pws, verb, o, numuuid, numtoken, key, NULL); json_object_put(o); if (rc < 0) { fprintf(stderr, "calling %s(%s) failed: %m\n", verb, object?:""); |