1. Implemented missing event 'net.server.connect'

2. Added integer overflow checks on ILibMemory operations 3. Added better bounds checking for DNS resolve and PE header parsing
2025-12-26 05:03:15 +00:00 · 2020-06-26 23:10:43 -07:00
parent a765847f0a
commit 0d4f0f6adc
7 changed files with 55 additions and 127 deletions
--- a/meshconsole/main.c
+++ b/meshconsole/main.c
@@ -64,33 +64,6 @@ void BreakSink(int s)
 }
 #endif

-#if defined(WIN32) && defined(MeshLibInterface)
-extern void ILibDuktape_ScriptContainer_GetEmbeddedJS_Raw(char *exePath, char **script, int *scriptLen);
-typedef void(__stdcall *ExternalDispatch)(void *data);
-__declspec(dllexport)  ExternalDispatch ExternalDispatchSink = NULL;
-__declspec(dllexport) int mainEx(int argc, char **argv, ExternalDispatch ptr)
-{
-	int retCode = 0;
-	char *js = NULL;
-	int jsLen = 0;
-
-	ExternalDispatchSink = ptr;
-	ILibDuktape_ScriptContainer_GetEmbeddedJS_Raw(argv[0], &js, &jsLen);
-
-	agentHost = MeshAgent_Create(0);
-	agentHost->exePath = (char*)ILibMemory_AllocateA(strnlen_s(argv[0], _MAX_PATH) + 1);
-	memcpy_s(agentHost->exePath, ILibMemory_AllocateA_Size(agentHost->exePath), argv[0], ILibMemory_AllocateA_Size(agentHost->exePath) - 1);
-	
-	agentHost->meshCoreCtx_embeddedScript = js;
-	agentHost->meshCoreCtx_embeddedScriptLen = jsLen;
-	while (MeshAgent_Start(agentHost, argc, argv) != 0);
-	retCode = agentHost->exitCode;
-	MeshAgent_Destroy(agentHost);
-	agentHost = NULL;
-	return(retCode);
-}
-#endif
-
 #if defined(_LINKVM) && defined(__APPLE__)
 extern void* kvm_server_mainloop(void *parm);
 extern void senddebug(int val);
--- a/meshcore/agentcore.c
+++ b/meshcore/agentcore.c
@@ -2263,29 +2263,38 @@ int GenerateSHA384FileHash(char *filePath, char *fileHash)
 			// PE Image
 			optHeader = ILibMemory_AllocateA(((unsigned short*)ILibScratchPad)[10]);
 			ignore_result(fread(optHeader, 1, ILibMemory_AllocateA_Size(optHeader), tmpFile));
+			if (ILibMemory_AllocateA_Size(optHeader) > 4)
+			{
 				switch (((unsigned short*)optHeader)[0])
 				{
 				case 0x10B:
+					if (ILibMemory_AllocateA_Size(optHeader) >= 132)
+					{
 						if (((unsigned int*)(optHeader + 128))[0] != 0)
 						{
 							endIndex = ((unsigned int*)(optHeader + 128))[0];
 						}
 						tableIndex = NTHeaderIndex + 24 + 128;
 						retVal = 0;
+					}
 					break;
 				case 0x20B:
+					if (ILibMemory_AllocateA_Size(optHeader) >= 148)
+					{
 						if (((unsigned int*)(optHeader + 144))[0] != 0)
 						{
 							endIndex = ((unsigned int*)(optHeader + 144))[0];
 						}
 						tableIndex = NTHeaderIndex + 24 + 144;
 						retVal = 0;
+					}
 					break;
 				default:
 					break;
 				}
 			}
 		}
+	}
 	if (retVal != 0)
 	{
 		fclose(tmpFile);
--- a/meshservice/ServiceMain.c
+++ b/meshservice/ServiceMain.c
@@ -786,7 +786,7 @@ int wmain(int argc, char* wargv[])
 	{
 		char* data;
 		int len = MeshInfo_GetSystemInformation(&data);
-		if (len > 0) { printf(data); }
+		if (len > 0) { printf_s(data); }
 	}
 	else if (argc > 1 && (strcasecmp(argv[1], "-setfirewall") == 0))
 	{
@@ -820,7 +820,7 @@ int wmain(int argc, char* wargv[])
 			}
 			RegCloseKey(hKey);
 		}
-		if (strEx != NULL) printf(strEx); else printf("Not defined, start the mesh service to create a nodeid.");
+		if (strEx != NULL) printf_s(strEx); else printf("Not defined, start the mesh service to create a nodeid.");
 		wmain_free(argv);
 		return 0;
 	}
--- a/microscript/ILibDuktape_HttpStream.c
+++ b/microscript/ILibDuktape_HttpStream.c
@@ -2983,6 +2983,21 @@ void ILibDuktape_HttpStream_OnReceive(ILibWebClient_StateObject WebStateObject,
 		if (header->DirectiveLength == 7 && strncasecmp(header->Directive, "CONNECT", 7) == 0)
 		{
 			// Connect
+			duk_push_string(ctx, "connect");																							// [emit][this][request]
+			ILibDuktape_HttpStream_IncomingMessage_PUSH(ctx, header, data->DS->ParentObject);											// [emit][this][request][imsg]
+			data->bodyStream = ILibDuktape_ReadableStream_InitEx(ctx, ILibDuktape_HttpStream_IncomingMessage_PauseSink, ILibDuktape_HttpStream_IncomingMessage_ResumeSink, ILibDuktape_HttpStream_IncomingMessage_UnshiftBytes, data);
+			duk_dup(ctx, -3); duk_dup(ctx, -2);																							// [emit][this][request][imsg][httpstream][imsg]
+			duk_put_prop_string(ctx, -2, ILibDuktape_HTTPStream2IMSG); duk_pop(ctx);													// [emit][this][request][imsg]
+
+			ILibDuktape_HttpStream_ServerResponse_PUSH(ctx, data->DS->writableStream->pipedReadable, header, data->DS->ParentObject);	// [emit][this][request][imsg][rsp]
+
+			if (duk_pcall_method(ctx, 3) != 0) { ILibDuktape_Process_UncaughtExceptionEx(ctx, "http.httpStream.onReceive->request(): "); }
+			duk_pop(ctx);
+
+			if (bodyBuffer != NULL && endPointer > 0)
+			{
+				ILibDuktape_readableStream_WriteData(data->bodyStream, bodyBuffer + *beginPointer, endPointer);
+			}
 		}
 		else
 		{
--- a/microscript/ILibDuktape_ScriptContainer.c
+++ b/microscript/ILibDuktape_ScriptContainer.c
@@ -288,79 +288,6 @@ void ILibDuktape_ScriptContainer_Slave_OnBrokenPipe(ILibProcessPipe_Pipe sender)
 	}
 }

-
-#if defined(WIN32) && defined(MeshLibInterface)
-void ILibDuktape_ScriptContainer_GetEmbeddedJS_Raw(char *exePath, char **script, int *scriptLen)
-{
-	char *integratedJavaScript = NULL;
-	int integratedJavaScriptLen = 0;
-	FILE* tmpFile = NULL;
-
-	_wfopen_s(&tmpFile, ILibUTF8ToWide(exePath, -1), L"rb");
-	if (tmpFile != NULL)
-	{
-		// Read the PE Headers, to determine where to look for the Embedded JS
-		char *optHeader = NULL;
-		fseek(tmpFile, 0, SEEK_SET);
-		ignore_result(fread(ILibScratchPad, 1, 2, tmpFile));
-		if (ntohs(((unsigned int*)ILibScratchPad)[0]) == 19802) // 5A4D
-		{
-			fseek(tmpFile, 60, SEEK_SET);
-			ignore_result(fread(ILibScratchPad, 1, 4, tmpFile));
-			fseek(tmpFile, ((unsigned *)ILibScratchPad)[0], SEEK_SET);
-			ignore_result(fread(ILibScratchPad, 1, 24, tmpFile));
-			if (((unsigned int*)ILibScratchPad)[0] == 17744)
-			{
-				// PE Image
-				optHeader = ILibMemory_AllocateA(((unsigned short*)ILibScratchPad)[10]);
-				ignore_result(fread(optHeader, 1, ILibMemory_AllocateA_Size(optHeader), tmpFile));
-				switch (((unsigned short*)optHeader)[0])
-				{
-				case 0x10B:
-					if (((unsigned int*)(optHeader + 128))[0] != 0)
-					{
-						fseek(tmpFile, ((unsigned int*)(optHeader + 128))[0] - 16, SEEK_SET);
-					}
-					else
-					{
-						fseek(tmpFile, -16, SEEK_END);
-					}
-					break;
-				case 0x20B:
-					if (((unsigned int*)(optHeader + 144))[0] != 0)
-					{
-						fseek(tmpFile, ((unsigned int*)(optHeader + 144))[0] - 16, SEEK_SET);
-					}
-					else
-					{
-						fseek(tmpFile, -16, SEEK_END);
-					}
-					break;
-				default:
-					fclose(tmpFile);
-					return;
-				}
-				ignore_result(fread(ILibScratchPad, 1, 16, tmpFile));
-				util_hexToBuf(exeJavaScriptGuid, 32, ILibScratchPad2);
-				if (memcmp(ILibScratchPad, ILibScratchPad2, 16) == 0)
-				{
-					// Found an Embedded JS
-					fseek(tmpFile, -20, SEEK_CUR);
-					ignore_result(fread((void*)&integratedJavaScriptLen, 1, 4, tmpFile));
-					integratedJavaScriptLen = (int)ntohl(integratedJavaScriptLen);
-					fseek(tmpFile, -4 - integratedJavaScriptLen, SEEK_CUR);
-					integratedJavaScript = ILibMemory_Allocate(integratedJavaScriptLen + 1, 0, NULL, NULL);
-					ignore_result(fread(integratedJavaScript, 1, integratedJavaScriptLen, tmpFile));
-					integratedJavaScript[integratedJavaScriptLen] = 0;
-				}
-			}
-		}
-		fclose(tmpFile);
-	}
-	*script = integratedJavaScript;
-	*scriptLen = integratedJavaScriptLen;
-}
-#endif
 void ILibDuktape_ScriptContainer_CheckEmbeddedEx(char *exePath, char **script, int *scriptLen)
 {
 	int i;
@@ -433,10 +360,12 @@ void ILibDuktape_ScriptContainer_CheckEmbeddedEx(char *exePath, char **script, i
 			{
 				// PE Image
 				optHeader = ILibMemory_AllocateA(((unsigned short*)ILibScratchPad)[10]);
+				if (ILibMemory_AllocateA_Size(optHeader) < 4) { fclose(tmpFile); return; }
 				ignore_result(fread(optHeader, 1, ILibMemory_AllocateA_Size(optHeader), tmpFile));
 				switch (((unsigned short*)optHeader)[0])
 				{
 				case 0x10B:
+					if (ILibMemory_AllocateA_Size(optHeader) < 132) { fclose(tmpFile); return; }
 					if (((unsigned int*)(optHeader + 128))[0] != 0)
 					{
 						fseek(tmpFile, ((unsigned int*)(optHeader + 128))[0] - 16, SEEK_SET);
@@ -447,6 +376,7 @@ void ILibDuktape_ScriptContainer_CheckEmbeddedEx(char *exePath, char **script, i
 					}
 					break;
 				case 0x20B:
+					if (ILibMemory_AllocateA_Size(optHeader) < 148) { fclose(tmpFile); return; }
 					if (((unsigned int*)(optHeader + 144))[0] != 0)
 					{
 						fseek(tmpFile, ((unsigned int*)(optHeader + 144))[0] - 16, SEEK_SET);
@@ -3698,10 +3628,6 @@ duk_ret_t ILibDuktape_ScriptContainer_Create(duk_context *ctx)
 		}
 	}

-#if defined(MeshLibInterface)
-	if (processIsolation != 0) { return(ILibDuktape_Error(ctx, "Process Isolation is not supported with this runtime")); }
-#endif
-
 	duk_push_heap_stash(ctx);
 	duk_get_prop_string(ctx, -1, ILibDuktape_ScriptContainer_ExePath);
 	duk_get_prop_string(ctx, -2, ILibDuktape_ScriptContainer_PipeManager);
--- a/microstack/ILibParsers.c
+++ b/microstack/ILibParsers.c
@@ -1130,6 +1130,8 @@ void* ILibMemory_AllocateA_Get(void *buffer, size_t sz)
 }
 void* ILibMemory_Allocate(int containerSize, int extraMemorySize, void** allocatedContainer, void **extraMemory)
 {
+	if (!((containerSize < (INT32_MAX - extraMemorySize)) && (containerSize + extraMemorySize) < (INT32_MAX - 4))) { ILIBCRITICALEXIT(254); }
+
 	char* retVal = (char*)malloc(containerSize + extraMemorySize + (extraMemorySize > 0 ? 4 : 0));
 	if (retVal == NULL) { ILIBCRITICALEXIT(254); }
 	memset(retVal, 0, containerSize + extraMemorySize + (extraMemorySize > 0 ? 4 : 0));
@@ -10134,6 +10136,7 @@ int ILibResolveEx3(char* hostname, char *service, struct sockaddr_in6* addr6, in
 	{
 		int hostnameLen = (int)strnlen_s(hostname, 4096);
 		char *newHost = _alloca((size_t)hostnameLen);
+		if (hostnameLen < 2) { return(-1); }
 		memcpy_s(newHost, hostnameLen, hostname + 1, hostnameLen - 2);
 		newHost[hostnameLen - 2] = 0;
 		hostname = newHost;
--- a/microstack/ILibParsers.h
+++ b/microstack/ILibParsers.h
@@ -414,20 +414,22 @@ int ILibIsRunningOnChainThread(void* chain);
 	#define ILibMemory_Extra(ptr) (ILibMemory_ExtraSize(ptr)>0?((char*)(ptr) + ILibMemory_Size((ptr)) + sizeof(ILibMemory_Header)):NULL)
 	#define ILibMemory_FromRaw(ptr) ((char*)(ptr) + sizeof(ILibMemory_Header))

+	#define ILibMemory_Size_Validate(primaryLen, extraLen) (((size_t)primaryLen<(UINT32_MAX - (size_t)extraLen))&&((size_t)extraLen<(UINT32_MAX-(size_t)primaryLen))&&((size_t)(primaryLen + extraLen)<(UINT32_MAX - sizeof(ILibMemory_Header)))&&(extraLen==0 || ((size_t)(primaryLen+extraLen+sizeof(ILibMemory_Header))<(UINT32_MAX-sizeof(ILibMemory_Header)))))
 	#define ILibMemory_Init_Size(primaryLen, extraLen) (primaryLen + extraLen + sizeof(ILibMemory_Header) + (extraLen>0?sizeof(ILibMemory_Header):0))
 	void* ILibMemory_Init(void *ptr, size_t primarySize, size_t extraSize, ILibMemory_Types memType);
-	#define ILibMemory_SmartAllocate(len) ILibMemory_Init(malloc(len+sizeof(ILibMemory_Header)), (int)len, 0, ILibMemory_Types_HEAP)
-	#define ILibMemory_SmartAllocateEx(primaryLen, extraLen) ILibMemory_Init(malloc(primaryLen + extraLen + sizeof(ILibMemory_Header) + (extraLen>0?sizeof(ILibMemory_Header):0)), (int)primaryLen, (int)extraLen, ILibMemory_Types_HEAP)
+	#define ILibMemory_SmartAllocate(len) ILibMemory_Init(ILibMemory_Size_Validate(len,0)?malloc(ILibMemory_Init_Size(len, 0)):NULL, (int)len, 0, ILibMemory_Types_HEAP)
+	#define ILibMemory_SmartAllocateEx(primaryLen, extraLen) ILibMemory_Init(ILibMemory_Size_Validate(primaryLen,extraLen)?malloc(ILibMemory_Init_Size(primaryLen, extraLen)):NULL, (int)primaryLen, (int)extraLen, ILibMemory_Types_HEAP)
 	void* ILibMemory_SmartReAllocate(void *ptr, size_t len);
 	void* ILibMemory_SmartAllocateEx_ResizeExtra(void *ptr, size_t extraSize);

 	void ILibMemory_Free(void *ptr);
 	void* ILibMemory_AllocateTemp(void* chain, size_t sz);

+	#define ILibMemory_AllocateA_ValidateSize(bufferLen) (bufferLen<(UINT32_MAX-(sizeof(void*) + (2*sizeof(ILibMemory_Header)))))
 #ifdef WIN32
-	#define ILibMemory_AllocateA(bufferLen) ILibMemory_AllocateA_Init(ILibMemory_Init(_alloca(bufferLen + sizeof(void*) + (2*sizeof(ILibMemory_Header))), bufferLen, sizeof(void*), ILibMemory_Types_STACK))
+	#define ILibMemory_AllocateA(bufferLen) ILibMemory_AllocateA_Init(ILibMemory_Init(ILibMemory_AllocateA_ValidateSize(bufferLen)?_alloca(bufferLen + sizeof(void*) + (2*sizeof(ILibMemory_Header))):NULL, bufferLen, sizeof(void*), ILibMemory_Types_STACK))
 #else
-	#define ILibMemory_AllocateA(bufferLen) ILibMemory_AllocateA_Init(ILibMemory_Init(alloca(bufferLen + sizeof(void*) + (2*sizeof(ILibMemory_Header))), bufferLen, sizeof(void*), ILibMemory_Types_STACK))
+	#define ILibMemory_AllocateA(bufferLen) ILibMemory_AllocateA_Init(ILibMemory_Init(ILibMemory_AllocateA_ValidateSize(bufferLen)?alloca(bufferLen + sizeof(void*) + (2*sizeof(ILibMemory_Header))):NULL, bufferLen, sizeof(void*), ILibMemory_Types_STACK))
 #endif
 	#define ILibMemory_AllocateA_Size(buffer)		ILibMemory_Size(buffer)
 	#define ILibMemory_AllocateA_Next(buffer)		(((void**)buffer)[0])