Skip to content

Commit f3cd74f

Browse files
ejohnstownejohnstown
committed
Fix String References
1. Modify GetStringAlloc() to also take the string length as provided by GetUint32(). 2. New use of GetStringAlloc() was misusing the heap. Fix using the updated GetStringAlloc() function.
1 parent deddd33 commit f3cd74f

File tree

2 files changed

+23
-15
lines changed

2 files changed

+23
-15
lines changed

src/internal.c

Lines changed: 22 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -3599,7 +3599,8 @@ int GetString(char* s, word32* sSz, const byte* buf, word32 len, word32 *idx)
35993599

36003600
/* Gets the size of a string, allocates memory to hold it plus a NULL, then
36013601
* copies it into the allocated buffer, and terminates it with a NULL. */
3602-
int GetStringAlloc(void* heap, char** s, const byte* buf, word32 len, word32 *idx)
3602+
int GetStringAlloc(void* heap, char** s, word32* sSz,
3603+
const byte* buf, word32 len, word32 *idx)
36033604
{
36043605
int result;
36053606
const byte *str;
@@ -3617,9 +3618,14 @@ int GetStringAlloc(void* heap, char** s, const byte* buf, word32 len, word32 *id
36173618
WMEMCPY(newStr, str, strSz);
36183619
newStr[strSz] = 0;
36193620

3620-
if (*s != NULL)
3621-
WFREE(*s, heap, DYNTYPE_STRING);
3622-
*s = newStr;
3621+
if (s != NULL) {
3622+
if (*s != NULL)
3623+
WFREE(*s, heap, DYNTYPE_STRING);
3624+
*s = newStr;
3625+
if (sSz != NULL) {
3626+
*sSz = strSz;
3627+
}
3628+
}
36233629
}
36243630

36253631
return result;
@@ -8184,14 +8190,15 @@ static int DoUserAuthInfoRequest(WOLFSSH* ssh, byte* buf, word32 len,
81848190

81858191
if (ret == WS_SUCCESS) {
81868192
begin = *idx;
8187-
ret = GetStringAlloc(heap, (char**)&authName, buf, len, &begin);
8193+
ret = GetStringAlloc(heap, (char**)&authName, NULL, buf, len, &begin);
81888194
}
81898195

81908196
if (ret == WS_SUCCESS)
8191-
ret = GetStringAlloc(heap, (char**)&authInstruction, buf, len, &begin);
8197+
ret = GetStringAlloc(heap, (char**)&authInstruction, NULL,
8198+
buf, len, &begin);
81928199

81938200
if (ret == WS_SUCCESS)
8194-
ret = GetStringAlloc(heap, (char**)&language, buf, len, &begin);
8201+
ret = GetStringAlloc(heap, (char**)&language, NULL, buf, len, &begin);
81958202

81968203
if (ret == WS_SUCCESS)
81978204
ret = GetUint32(&promptSz, buf, len, &begin);
@@ -8218,7 +8225,7 @@ static int DoUserAuthInfoRequest(WOLFSSH* ssh, byte* buf, word32 len,
82188225
} else {
82198226
WMEMSET(echo, 0, sizeof(byte) * promptSz);
82208227
for (entry = 0; entry < promptSz; entry++) {
8221-
ret = GetStringAlloc(heap, (char**)&prompts[entry],
8228+
ret = GetStringAlloc(heap, (char**)&prompts[entry], NULL,
82228229
buf, len, &begin);
82238230
if (ret != WS_SUCCESS)
82248231
break;
@@ -8283,7 +8290,7 @@ static int DoGlobalRequestFwd(WOLFSSH* ssh,
82838290
if (ret == WS_SUCCESS) {
82848291
begin = *idx;
82858292
WLOG(WS_LOG_INFO, "wantReply = %d, isCancel = %d", wantReply, isCancel);
8286-
ret = GetStringAlloc(ssh->ctx->heap, &bindAddr, buf, len, &begin);
8293+
ret = GetStringAlloc(ssh->ctx->heap, &bindAddr, NULL, buf, len, &begin);
82878294
}
82888295

82898296
if (ret == WS_SUCCESS) {
@@ -8398,14 +8405,14 @@ static int DoChannelOpenForward(WOLFSSH* ssh,
83988405

83998406
if (ret == WS_SUCCESS) {
84008407
begin = *idx;
8401-
ret = GetStringAlloc(ssh->ctx->heap, host, buf, len, &begin);
8408+
ret = GetStringAlloc(ssh->ctx->heap, host, NULL, buf, len, &begin);
84028409
}
84038410

84048411
if (ret == WS_SUCCESS)
84058412
ret = GetUint32(hostPort, buf, len, &begin);
84068413

84078414
if (ret == WS_SUCCESS)
8408-
ret = GetStringAlloc(ssh->ctx->heap, origin, buf, len, &begin);
8415+
ret = GetStringAlloc(ssh->ctx->heap, origin, NULL, buf, len, &begin);
84098416

84108417
if (ret == WS_SUCCESS)
84118418
ret = GetUint32(originPort, buf, len, &begin);
@@ -9113,7 +9120,7 @@ static int DoChannelRequest(WOLFSSH* ssh,
91139120
ssh->clientState = CLIENT_DONE;
91149121
}
91159122
else if (WSTRNCMP(type, "exec", typeSz) == 0) {
9116-
ret = GetStringAlloc(ssh->ctx->heap, &channel->command,
9123+
ret = GetStringAlloc(ssh->ctx->heap, &channel->command, NULL,
91179124
buf, len, &begin);
91189125
channel->sessionType = WOLFSSH_SESSION_EXEC;
91199126
if (ssh->ctx->channelReqExecCb) {
@@ -9124,7 +9131,7 @@ static int DoChannelRequest(WOLFSSH* ssh,
91249131
WLOG(WS_LOG_DEBUG, " command = %s", channel->command);
91259132
}
91269133
else if (WSTRNCMP(type, "subsystem", typeSz) == 0) {
9127-
ret = GetStringAlloc(ssh->ctx->heap, &channel->command,
9134+
ret = GetStringAlloc(ssh->ctx->heap, &channel->command, NULL,
91289135
buf, len, &begin);
91299136
channel->sessionType = WOLFSSH_SESSION_SUBSYSTEM;
91309137
if (ssh->ctx->channelReqSubsysCb) {
@@ -9153,7 +9160,8 @@ static int DoChannelRequest(WOLFSSH* ssh,
91539160
if (ret == WS_SUCCESS)
91549161
ret = GetUint32(&heightPixels, buf, len, &begin);
91559162
if (ret == WS_SUCCESS)
9156-
ret = GetStringAlloc(&modesSz, &modes, buf, len, &begin);
9163+
ret = GetStringAlloc(ssh->ctx->heap, &modes, &modesSz,
9164+
buf, len, &begin);
91579165
if (ret == WS_SUCCESS) {
91589166
WLOG(WS_LOG_DEBUG, " term = %s", term);
91599167
WLOG(WS_LOG_DEBUG, " widthChar = %u", widthChar);

wolfssh/internal.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1024,7 +1024,7 @@ WOLFSSH_LOCAL int GetMpint(word32* mpintSz, const byte** mpint,
10241024
const byte* buf, word32 len, word32* idx);
10251025
WOLFSSH_LOCAL int GetString(char* s, word32* sSz,
10261026
const byte* buf, word32 len, word32* idx);
1027-
WOLFSSH_LOCAL int GetStringAlloc(void* heap, char** s,
1027+
WOLFSSH_LOCAL int GetStringAlloc(void* heap, char** s, word32* sSz,
10281028
const byte* buf, word32 len, word32* idx);
10291029
WOLFSSH_LOCAL int GetStringRef(word32* strSz, const byte **str,
10301030
const byte* buf, word32 len, word32* idx);

0 commit comments

Comments
 (0)