DecryptMessage接口中调用cJSON_Parse(data)的入参可能非字符串,增加保护

This commit is contained in:
我是一只小小鸟
2021-03-17 15:19:06 +08:00
committed by Gitee
parent 3f130bf3ff
commit e928e0f6e7
+22 -1
View File
@@ -386,13 +386,34 @@ static int GetKeyIndex(const char *in, unsigned int inOffset, unsigned int index
return val;
}
static cJSON *DecryptPlainMessage(const char *data, int dataLen)
{
unsigned int bufLen = dataLen + 1;
char *buf = malloc(bufLen);
if (buf == NULL) {
return NULL;
}
if (memset_s(buf, bufLen, 0, bufLen) != EOK) {
free(buf);
return NULL;
}
if (memcpy_s(buf, bufLen, data, dataLen) != EOK) {
free(buf);
return NULL;
}
cJSON *retJson = cJSON_Parse(buf);
free(buf);
return retJson;
}
static cJSON *DecryptMessage(int module, const char *data, int dataLen)
{
if (data == NULL) {
return NULL;
}
if (!ModuleUseCipherText(module)) {
return cJSON_Parse(data);
return DecryptPlainMessage(data, dataLen);
}
if (dataLen < MESSAGE_ENCRYPT_OVER_HEAD_LEN) {