You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by bl...@apache.org on 2016/04/16 06:48:31 UTC
svn commit: r1739407 - in /santuario/xml-security-cpp/trunk/xsec:
tools/xklient/xklient.cpp utils/XSECDOMUtils.cpp utils/XSECSafeBuffer.cpp
utils/winutils/XSECBinHTTPURIInputStream.cpp
Author: blautenb
Date: Sat Apr 16 04:48:31 2016
New Revision: 1739407
URL: http://svn.apache.org/viewvc?rev=1739407&view=rev
Log:
Cleaning up handling of buffers
Modified:
santuario/xml-security-cpp/trunk/xsec/tools/xklient/xklient.cpp
santuario/xml-security-cpp/trunk/xsec/utils/XSECDOMUtils.cpp
santuario/xml-security-cpp/trunk/xsec/utils/XSECSafeBuffer.cpp
santuario/xml-security-cpp/trunk/xsec/utils/winutils/XSECBinHTTPURIInputStream.cpp
Modified: santuario/xml-security-cpp/trunk/xsec/tools/xklient/xklient.cpp
URL: http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/tools/xklient/xklient.cpp?rev=1739407&r1=1739406&r2=1739407&view=diff
==============================================================================
--- santuario/xml-security-cpp/trunk/xsec/tools/xklient/xklient.cpp (original)
+++ santuario/xml-security-cpp/trunk/xsec/tools/xklient/xklient.cpp Sat Apr 16 04:48:31 2016
@@ -271,6 +271,8 @@ XSECCryptoX509 * loadX509(const char * i
i = (int) fread(buf, 1, 1024, f);
}
+ fclose(f);
+
sb[j] = '\0';
XSECCryptoX509 * ret =
Modified: santuario/xml-security-cpp/trunk/xsec/utils/XSECDOMUtils.cpp
URL: http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/utils/XSECDOMUtils.cpp?rev=1739407&r1=1739406&r2=1739407&view=diff
==============================================================================
--- santuario/xml-security-cpp/trunk/xsec/utils/XSECDOMUtils.cpp (original)
+++ santuario/xml-security-cpp/trunk/xsec/utils/XSECDOMUtils.cpp Sat Apr 16 04:48:31 2016
@@ -720,6 +720,10 @@ static bool isHexDigit(const XMLCh toChe
static unsigned int xlatHexDigit(const XMLCh toXlat)
{
+ if (!isHexDigit(toXlat)) {
+ throw XSECException(XSECException::ErrorOpeningURI,
+ "Unknown hex char");
+ }
if ((toXlat >= chDigit_0) && (toXlat <= chDigit_9))
return (unsigned int)(toXlat - chDigit_0);
Modified: santuario/xml-security-cpp/trunk/xsec/utils/XSECSafeBuffer.cpp
URL: http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/utils/XSECSafeBuffer.cpp?rev=1739407&r1=1739406&r2=1739407&view=diff
==============================================================================
--- santuario/xml-security-cpp/trunk/xsec/utils/XSECSafeBuffer.cpp (original)
+++ santuario/xml-security-cpp/trunk/xsec/utils/XSECSafeBuffer.cpp Sat Apr 16 04:48:31 2016
@@ -55,13 +55,27 @@ void safeBuffer::checkAndExpand(xsecsize
// For a given size, check it will fit (with one byte spare)
// and expand if necessary
- if (size + 1 < bufferSize)
+ if (size + 2 < bufferSize)
return;
- // Make the new size twice the size of the new string requirement
- xsecsize_t newBufferSize = size * 2;
+ // Resize and add 1K for further growth
+ xsecsize_t newBufferSize = size + 1024;
+
+ // Did we overflow?
+ if (size + 2 > newBufferSize) {
+ /* We've got a string that's too big to deal with */
+ throw XSECException(XSECException::SafeBufferError,
+ "Buffer has grown too large");
+ }
unsigned char * newBuffer = new unsigned char[newBufferSize];
+ if (newBuffer == NULL)
+ {
+ /* Ran out of memory */
+ throw XSECException(XSECException::MemoryAllocationFail,
+ "Error allocating memory for Buffer");
+ }
+
memset((void *) newBuffer, 0, newBufferSize);
memcpy(newBuffer, buffer, bufferSize);
@@ -73,7 +87,6 @@ void safeBuffer::checkAndExpand(xsecsize
bufferSize = newBufferSize;
delete[] buffer;
buffer = newBuffer;
-
}
void safeBuffer::checkBufferType(bufferType bt) const {
@@ -107,6 +120,7 @@ safeBuffer::safeBuffer(xsecsize_t initia
buffer = new unsigned char[initialSize];
memset((void *) buffer, 0, bufferSize);
mp_XMLCh = NULL;
+ m_bufferType = BUFFER_UNKNOWN;
m_isSensitive = false;
}
@@ -205,6 +219,7 @@ void safeBuffer::sbStrncpyIn(const char
xsecsize_t len = (xsecsize_t) strlen(inStr);
checkAndExpand((n < len) ? n : len);
strncpy((char *) buffer, inStr, n);
+ buffer[n] = '\0';
m_bufferType = BUFFER_CHAR;
}
@@ -224,7 +239,7 @@ void safeBuffer::sbStrncpyIn(const safeB
void safeBuffer::sbStrcatIn(const char * inStr) {
checkBufferType(BUFFER_CHAR);
- checkAndExpand((xsecsize_t) (strlen((char *) buffer) + strlen(inStr)));
+ checkAndExpand((xsecsize_t) (strlen((char *) buffer) + strlen(inStr) + 1));
strcat((char *) buffer, inStr);
}
@@ -240,8 +255,10 @@ void safeBuffer::sbStrcatIn(const safeBu
void safeBuffer::sbStrncatIn(const char * inStr, xsecsize_t n) {
checkBufferType(BUFFER_CHAR);
xsecsize_t len = (xsecsize_t) strlen(inStr);
- checkAndExpand(((n < len) ? n : len) + (xsecsize_t) strlen((char *) buffer) + 2);
+ xsecsize_t totalLen = ((n < len) ? n : len) + (xsecsize_t)strlen((char *)buffer);
+ checkAndExpand(totalLen + 2);
strncat((char *) buffer, inStr, n);
+ buffer[totalLen] = '\0';
}
@@ -272,7 +289,7 @@ void safeBuffer::sbStrinsIn(const char *
"Attempt to insert string after termination point");
}
- checkAndExpand(bl + il);
+ checkAndExpand(bl + il + 1);
memmove(&buffer[offset + il], &buffer[offset], bl - offset + 1);
memcpy(&buffer[offset], inStr, il);
@@ -292,7 +309,7 @@ void safeBuffer::sbStrinsIn(const XMLCh
"Attempt to insert string after termination point");
}
- checkAndExpand(bl + il);
+ checkAndExpand(bl + il + size_XMLCh);
memmove(&buffer[xoffset + il], &buffer[xoffset], bl - xoffset + size_XMLCh);
memcpy(&buffer[xoffset], inStr, il);
@@ -305,6 +322,11 @@ void safeBuffer::sbMemcpyOut(void *outBu
// WARNING - JUST ASSUMES OUTPUT BUFFER LONG ENOUGH
// ALSO MAKES NO ASSUMPTION OF THE BUFFER TYPE
+ if (n > bufferSize) {
+ throw XSECException(XSECException::SafeBufferError,
+ "safeBuffer::sbMemcpyOut Attempt to copy more data than buffer can hold");
+ }
+
memcpy(outBuf, buffer, n);
}
Modified: santuario/xml-security-cpp/trunk/xsec/utils/winutils/XSECBinHTTPURIInputStream.cpp
URL: http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/utils/winutils/XSECBinHTTPURIInputStream.cpp?rev=1739407&r1=1739406&r2=1739407&view=diff
==============================================================================
--- santuario/xml-security-cpp/trunk/xsec/utils/winutils/XSECBinHTTPURIInputStream.cpp (original)
+++ santuario/xml-security-cpp/trunk/xsec/utils/winutils/XSECBinHTTPURIInputStream.cpp Sat Apr 16 04:48:31 2016
@@ -303,6 +303,47 @@ unsigned int XSECBinHTTPURIInputStream::
// To do: We should really support http 1.1. This implementation
// is weak.
+ safeBuffer request("GET ");
+ request.sbStrcatIn(pathAsCharStar.get());
+
+ if (queryAsCharStar.get() != 0)
+ {
+ // Tack on a ? before the fragment
+ request.sbStrcatIn("?");
+ request.sbStrcatIn(queryAsCharStar.get());
+ }
+
+ if (fragmentAsCharStar.get() != 0)
+ {
+ request.sbStrcatIn(fragmentAsCharStar.get());
+ }
+ request.sbStrcatIn(" HTTP/1.0\r\n");
+
+
+ request.sbStrcatIn("Host: ");
+ request.sbStrcatIn(hostNameAsCharStar.get());
+ if (portNumber != 80)
+ {
+ char portNumberStr[34];
+ request.sbStrcatIn(":");
+ _itoa(portNumber, portNumberStr, 10);
+ request.sbStrcatIn(portNumberStr);
+ }
+ request.sbStrcatIn("\r\n\r\n");
+
+ // Send the http request
+ int lent = (int)request.sbStrlen();
+ int aLent = 0;
+ if ((aLent = send((unsigned short)s, (const char *) request.rawBuffer(), lent, 0)) != lent)
+ {
+ // Call WSAGetLastError() to get the error number.
+ throw XSECException(XSECException::HTTPURIInputStreamError,
+ "Error reported writing to socket");
+ }
+
+
+#if 0
+
memset(fBuffer, 0, sizeof(fBuffer));
strcpy(fBuffer, "GET ");
@@ -342,7 +383,7 @@ unsigned int XSECBinHTTPURIInputStream::
"Error reported writing to socket");
}
-
+#endif
//
// get the response, check the http header for errors from the server.
//
@@ -437,7 +478,7 @@ unsigned int XSECBinHTTPURIInputStream::
// Now read
p++;
- for (q=0; q < 255 && p[q] != '\r' && p[q] !='\n'; ++q)
+ for (q=0; q < 255 && p[q] != '\r' && p[q] !='\n' && p[q] != '\0'; ++q)
redirectBuf[q] = p[q];
redirectBuf[q] = '\0';