!15 【轻量级 PR】:DecryptMessage接口中调用cJSON_Parse(data)的入参可能非字符串,增加保护

Merge pull request !15 from 我是一只小小鸟/N/A
This commit is contained in:
openharmony_ci
2021-03-30 15:54:23 +08:00
committed by Gitee
+22 -1
View File
@@ -386,13 +386,34 @@ static int GetKeyIndex(const char *in, unsigned int inOffset, unsigned int index
return val;
}
static cJSON *DecryptPlainMessage(const char *data, int dataLen)
{
unsigned int bufLen = dataLen + 1;
char *buf = malloc(bufLen);
if (buf == NULL) {
return NULL;
}
if (memset_s(buf, bufLen, 0, bufLen) != EOK) {
free(buf);
return NULL;
}
if (memcpy_s(buf, bufLen, data, dataLen) != EOK) {
free(buf);
return NULL;
}
cJSON *retJson = cJSON_Parse(buf);
free(buf);
return retJson;
}
static cJSON *DecryptMessage(int module, const char *data, int dataLen)
{
if (data == NULL) {
return NULL;
}
if (!ModuleUseCipherText(module)) {
return cJSON_Parse(data);
return DecryptPlainMessage(data, dataLen);
}
if (dataLen < MESSAGE_ENCRYPT_OVER_HEAD_LEN) {