MeshCentral/MeshAgent
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshAgent synced 2025-12-25 20:53:15 +00:00
Code Issues Releases Wiki Activity

Addressed IOActive issues

Browse Source
This commit is contained in:
Bryan Roe
2020-07-15 01:24:56 -07:00
parent 70593e995b
commit 67fc6c54b1
14 changed files with 65 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
microscript/ILibDuktape_Debugger.c
View File

@@ -565,7 +565,7 @@ void ILibDuktape_Debugger_JSAttach_PopulateSource(duk_context *ctx, char *source
{
int CoreModuleLen = 0;
ILibSimpleDataStore *db = (ILibSimpleDataStore*)Duktape_GetPointerProperty(ctx, -1, "\xFF_MasterDB");
if (db == NULL || (CoreModuleLen = ILibSimpleDataStore_Get(db, "CoreModule", NULL, 0)) <= 0)
if (db == NULL || (CoreModuleLen = ILibSimpleDataStore_Get(db, "CoreModule", NULL, 0)) <= 4)
{
ILibDuktape_Error(ctx, "Could Not retrive CoreModule from MeshAgent"); return;
}

4
microscript/ILibDuktape_EncryptionStream.c
View File

@@ -143,7 +143,7 @@ duk_ret_t ILibDuktape_EncryptionStream_CreateEncryption(duk_context *ctx)
duk_size_t tmpLen;
char *tmp = (char*)duk_get_lstring(ctx, -1, &tmpLen);
duk_push_object(ctx); // [key][stream]
duk_push_fixed_buffer(ctx, ILibBase64DecodeLength((int)tmpLen));// [key][stream][buffer]
duk_push_fixed_buffer(ctx, ILibBase64DecodeLength(tmpLen));// [key][stream][buffer]
key = (char*)Duktape_GetBuffer(ctx, -1, NULL);
ILibBase64Decode((unsigned char*)tmp, (int)tmpLen, (unsigned char**)&key);
duk_put_prop_string(ctx, -2, "\xFF_key"); // [key][stream]
@@ -162,7 +162,7 @@ duk_ret_t ILibDuktape_EncryptionStream_CreateEncryption(duk_context *ctx)
{
duk_size_t tmpLen;
char *tmp = (char*)duk_get_lstring(ctx, -1, &tmpLen);
duk_push_fixed_buffer(ctx, ILibBase64DecodeLength((int)tmpLen)); // [stream][iv][buffer]
duk_push_fixed_buffer(ctx, ILibBase64DecodeLength(tmpLen)); // [stream][iv][buffer]
duk_swap_top(ctx, -2); // [stream][buffer][iv]
iv = (char*)Duktape_GetBuffer(ctx, -2, NULL);
ILibBase64Decode((unsigned char*)tmp, (int)tmpLen, (unsigned char**)&iv);

2
microscript/ILibDuktape_GenericMarshal.c
View File

@@ -160,7 +160,7 @@ duk_ret_t ILibDuktape_GenericMarshal_Variable_Val_HSTRING2(duk_context *ctx)
{
void *ptr;
int size;
char hexString[255];
char hexString[3*255];
duk_push_this(ctx); // [var]
duk_get_prop_string(ctx, -1, "_ptr"); // [var][ptr]

2
microscript/ILibDuktape_HttpStream.c
View File

@@ -2786,7 +2786,7 @@ duk_ret_t ILibDuktape_HttpStream_IncomingMessage_Digest_ValidatePassword(duk_con
ILibGetEntryEx(DigestTable, "response", 8, (void**)&response, &responseLen);
ILibGetEntryEx(DigestTable, "opaque", 6, (void**)&opaque, &opaqueLen);
if (username == NULL || uri == NULL || password == NULL || passwordLen == 0 || response == NULL)
if (username == NULL || uri == NULL || password == NULL || passwordLen == 0 || response == NULL || opaqueLen != 16)
{
duk_push_false(ctx);
return(1);

4
microscript/ILibDuktape_Polyfills.c
View File

@@ -145,7 +145,7 @@ duk_ret_t ILibDuktape_Polyfills_Buffer_toString(duk_context *ctx)
cType = (char*)duk_require_string(ctx, 0);
if (strcmp(cType, "base64") == 0)
{
duk_push_fixed_buffer(ctx, ILibBase64EncodeLength((int)bufferLen));
duk_push_fixed_buffer(ctx, ILibBase64EncodeLength(bufferLen));
tmpBuffer = Duktape_GetBuffer(ctx, -1, NULL);
ILibBase64Encode((unsigned char*)buffer, (int)bufferLen, (unsigned char**)&tmpBuffer);
duk_push_string(ctx, tmpBuffer);
@@ -208,7 +208,7 @@ duk_ret_t ILibDuktape_Polyfills_Buffer_from(duk_context *ctx)
if (strcmp(encoding, "base64") == 0)
{
// Base64
buffer = duk_push_fixed_buffer(ctx, ILibBase64DecodeLength((int)strlength));
buffer = duk_push_fixed_buffer(ctx, ILibBase64DecodeLength(strlength));
bufferLen = ILibBase64Decode((unsigned char*)str, (int)strlength, (unsigned char**)&buffer);
duk_push_buffer_object(ctx, -1, 0, bufferLen, DUK_BUFOBJ_NODEJS_BUFFER);
}

4
microscript/ILibDuktape_ScriptContainer.c
View File

@@ -3156,8 +3156,8 @@ duk_ret_t ILibDuktape_ScriptContainer_ExecuteString(duk_context *ctx)
char *payload;
duk_size_t payloadLen;
payload = (char*)duk_get_lstring(ctx, 0, &payloadLen);
int encodedPayloadLen = ILibBase64EncodeLength((int)payloadLen);
ILibDuktape_ScriptContainer_NonIsolated_Command *cmd = (ILibDuktape_ScriptContainer_NonIsolated_Command*)ILibMemory_Allocate(sizeof(ILibDuktape_ScriptContainer_NonIsolated_Command) + encodedPayloadLen + sizeof(json), 0, NULL, NULL);
size_t encodedPayloadLen = ILibBase64EncodeLength(payloadLen);
ILibDuktape_ScriptContainer_NonIsolated_Command *cmd = (ILibDuktape_ScriptContainer_NonIsolated_Command*)ILibMemory_Allocate((int)(sizeof(ILibDuktape_ScriptContainer_NonIsolated_Command) + encodedPayloadLen + sizeof(json)), 0, NULL, NULL);
cmd->container.slave = (ILibDuktape_ScriptContainer_Slave*)((void**)ILibMemory_GetExtraMemory(master->PeerChain, ILibMemory_CHAIN_CONTAINERSIZE))[1];
int i = sprintf_s(cmd->json, sizeof(json) + encodedPayloadLen, json);