Addressed Checkmarx issues

2026-01-09 20:13:56 +00:00 · 2020-09-17 12:59:15 -07:00
parent 20d4345a87
commit 8cdcfcb187
16 changed files with 77 additions and 33 deletions
--- a/microscript/ILibDuktape_Commit.h
+++ b/microscript/ILibDuktape_Commit.h
@@ -1,3 +1,3 @@
-// This file is auto-generated, any edits may be overwritten 
-#define SOURCE_COMMIT_DATE "2019-Nov-26 11:09:12-0800"  
-#define SOURCE_COMMIT_HASH "170536b267edea4ab1c67a6fb93c4a4a723d5470"  
+// This file is auto-generated, any edits may be overwritten
+#define SOURCE_COMMIT_DATE "2020-Sep-17 12:49:12-0700"
+#define SOURCE_COMMIT_HASH "20d4345a87cb5a912f4d891da35bb2ba690b4588"
--- a/microscript/ILibDuktape_Helpers.c
+++ b/microscript/ILibDuktape_Helpers.c
@@ -51,6 +51,32 @@ typedef struct Duktape_EventLoopDispatchData
 	void *user;
 }Duktape_EventLoopDispatchData;

+
+duk_ret_t duk_fixed_buffer_finalizer(duk_context *ctx)
+{
+	duk_size_t bufLen;
+	char *buf = (char*)Duktape_GetBuffer(ctx, 0, &bufLen);
+	memset(buf, 0, bufLen);
+	return(0);
+}
+void duk_buffer_enable_autoclear(duk_context *ctx)
+{
+	duk_size_t len;
+
+	duk_push_buffer_object(ctx, -1, 0, len, DUK_BUFOBJ_NODEJS_BUFFER);	// [buffer][obj]
+	duk_remove(ctx, -2);												// [bufobj]
+	duk_push_c_function(ctx, duk_fixed_buffer_finalizer, DUK_VARARGS);	// [bufobj][func]
+	duk_set_finalizer(ctx, -2);											// [bufobj]
+}
+void* duk_push_fixed_buffer_autoclear(duk_context *ctx, duk_size_t size)
+{
+	void *ret = duk_push_fixed_buffer(ctx, size);						// [buffer]
+	duk_push_buffer_object(ctx, -1, 0, size, DUK_BUFOBJ_NODEJS_BUFFER);	// [buffer][obj]
+	duk_remove(ctx, -2);												// [obj]
+	duk_push_c_function(ctx, duk_fixed_buffer_finalizer, DUK_VARARGS);
+	duk_set_finalizer(ctx, -2);
+	return(ret);
+}
 void* Duktape_DynamicBuffer_Resize(duk_context *ctx, duk_idx_t idx, duk_size_t bufSize)
 {
 	void *buffer = ILibMemory_FromRaw(duk_resize_buffer(ctx, idx, bufSize + sizeof(ILibMemory_Header)));
@@ -152,7 +178,10 @@ duk_ret_t ILibDuktape_Error(duk_context *ctx, char *format, ...)
 	va_list argptr;

 	va_start(argptr, format);
-	len += vsnprintf(dest + len, sizeof(dest) - len, format, argptr);
+	if ((size_t)len < sizeof(dest))
+	{
+		len += vsnprintf(dest + len, sizeof(dest) - len, format, argptr);
+	}
 	va_end(argptr);

 	duk_push_string(ctx, dest);
@@ -651,7 +680,7 @@ duk_ret_t ILibDuktape_Process_UncaughtExceptionExGetter(duk_context *ctx)
 }
 void ILibDuktape_Process_UncaughtExceptionEx(duk_context *ctx, char *format, ...)
 {
-	if (ctx == NULL) { return; }
+	if (ctx == NULL || !duk_ctx_is_alive(ctx)) { return; }
 	char dest[4096];
 	int len = 0;
 	va_list argptr;
@@ -667,7 +696,10 @@ void ILibDuktape_Process_UncaughtExceptionEx(duk_context *ctx, char *format, ...
 	duk_pop(ctx);																		// ...

 	va_start(argptr, format);
-	len += vsnprintf(dest + len, sizeof(dest) - len, format, argptr);
+	if (len < sizeof(dest))
+	{
+		len += vsnprintf(dest + len, sizeof(dest) - len, format, argptr);
+	}
 	va_end(argptr);

 	if (errmsgLen + len < sizeof(dest))
@@ -743,7 +775,7 @@ void Duktape_SafeDestroyHeap(duk_context *ctx)
 			threadList[i++] = ILibLinkedList_GetDataFromNode(node);
 			ILibLinkedList_Remove(node);
 		}
-		while (WaitForMultipleObjectsEx(i, threadList, TRUE, 5000, TRUE) == WAIT_IO_COMPLETION);
+		while (WaitForMultipleObjectsEx(i, threadList, TRUE, 1000, TRUE) == WAIT_IO_COMPLETION);
 		ILibMemory_Free(threadList);
 #else
 		int rv;
--- a/microscript/ILibDuktape_Helpers.h
+++ b/microscript/ILibDuktape_Helpers.h
@@ -156,6 +156,7 @@ char *ILibDuktape_String_WideToUTF8(duk_context *ctx, char *wstr);
 char *ILibDuktape_String_UTF8ToWide(duk_context *ctx, char *str);
 void ILibDuktape_String_UTF8ToWideEx(duk_context *ctx, char *str);

+void duk_buffer_enable_autoclear(duk_context *ctx);
 #define Duktape_PushBuffer(ctx, bufSize) ILibMemory_Init(duk_push_fixed_buffer(ctx, (duk_size_t)(bufSize) + sizeof(ILibMemory_Header)), (bufSize), 0, ILibMemory_Types_OTHER)
 #define Duktape_PushDynamicBuffer(ctx, bufSize) ILibMemory_Init(duk_push_dynamic_buffer(ctx, (duk_size_t)(bufSize) + sizeof(ILibMemory_Header)), (bufSize), 0, ILibMemory_Types_OTHER)
 void* Duktape_DynamicBuffer_Resize(duk_context *ctx, duk_idx_t idx, duk_size_t bufSize);
--- a/microscript/ILibDuktape_HttpStream.c
+++ b/microscript/ILibDuktape_HttpStream.c
@@ -466,6 +466,7 @@ duk_ret_t ILibDuktape_HttpStream_http_onUpgrade(duk_context *ctx)
 	duk_get_prop_string(ctx, 0, "headers");						// [headers]
 	duk_get_prop_string(ctx, -1, "Sec-WebSocket-Accept");		// [headers][key]
 	key = (char*)Duktape_GetBuffer(ctx, -1, &keyLen);
+	if (keyLen > 255) { keyLen = 255; }

 	if (duk_has_prop_string(ctx, -2, "Sec-WebSocket-Extensions"))
 	{
@@ -2891,6 +2892,7 @@ duk_ret_t ILibDuktape_HttpStream_IncomingMessage_Digest_ValidatePassword(duk_con

 	retVal = (responseLen == 32 && strncmp(result3, response, 32)) == 0 ? 1 : 0;
 	duk_push_int(ctx, retVal);
+	password = NULL;
 	return(1);
 }
 duk_ret_t ILibDuktape_HttpStream_IncomingMessage_finalizer(duk_context *ctx)
@@ -3803,6 +3805,7 @@ duk_ret_t ILibDuktape_httpStream_parseUri(duk_context *ctx)
 	{
 		duk_push_null(ctx);
 	}
+	password = NULL;
 	return 1;
 }

--- a/microscript/ILibDuktape_SHA256.c
+++ b/microscript/ILibDuktape_SHA256.c
@@ -264,6 +264,7 @@ void ILibDuktape_SHA256_SIGNER_PUSH(duk_context *ctx, void *chain)
 	ILibDuktape_SHA256_Signer_Data* data;
 	duk_push_object(ctx);													// [signer]
 	data = (ILibDuktape_SHA256_Signer_Data*)Duktape_PushBuffer(ctx, sizeof(ILibDuktape_SHA256_Signer_Data));
+	duk_buffer_enable_autoclear(ctx);
 	duk_put_prop_string(ctx, -2, ILibDuktape_SHA256_SIGNER_PTR);			// [signer]
 	data->obj = duk_get_heapptr(ctx, -1);
 	data->ctx = ctx;
--- a/microscript/ILibDuktape_WebRTC.c
+++ b/microscript/ILibDuktape_WebRTC.c
@@ -74,13 +74,14 @@ duk_ret_t ILibWebRTC_Duktape_ConnectionFactory_SetTurn(duk_context *ctx)
 	struct sockaddr_in6* server;
 	ILibWrapper_WebRTC_ConnectionFactory factory;

-	if (host == NULL || username == NULL) { return(ILibDuktape_Error(ctx, "Invalid TURN parameters")); }
+	if (host == NULL || username == NULL) { password = NULL;  return(ILibDuktape_Error(ctx, "Invalid TURN parameters")); }
 	server = Duktape_IPAddress4_FromString(host, (unsigned short)port);

 	duk_push_this(ctx);
 	factory = Duktape_GetPointerProperty(ctx, -1, "FactoryPtr");
 	
 	ILibWrapper_WebRTC_ConnectionFactory_SetTurnServer(factory, server, username, (int)usernameLen, password, (int)passwordLen, flags);
+	password = NULL;
 	return 0;
 }

--- a/microscript/ILibDuktape_net.c
+++ b/microscript/ILibDuktape_net.c
@@ -2324,6 +2324,7 @@ duk_ret_t ILibDuktape_TLS_generateCertificate(duk_context *ctx)
 	ILibDuktape_WriteID(ctx, "tls.pfxCertificate");
 	util_free(data);
 	util_freecert(&cert);
+	passphrase = NULL;
 	return 1;
 }
 duk_ret_t ILibDuktape_TLS_loadpkcs7b(duk_context *ctx)
@@ -2473,7 +2474,7 @@ void ILibDuktape_ipaddress_PUSH(duk_context *ctx, struct sockaddr_in6* addr)
 	ILibDuktape_CreateInstanceMethod(ctx, "toString", ILibDuktape_ipaddress_toString, 1);
 	struct sockaddr_in6* _addr = (struct sockaddr_in6*)Duktape_PushBuffer(ctx, sizeof(struct sockaddr_in6));// [Address4][addr]
 	duk_put_prop_string(ctx, -2, ILibDuktape_IPAddress_SockAddr);											// [Address4]
-	memcpy(_addr, addr, sizeof(struct sockaddr_in6));
+	memcpy_s(_addr, sizeof(struct sockaddr_in6), addr, sizeof(struct sockaddr_in6));
 }

 duk_ret_t ILibDuktape_ipaddress_address4_constructor(duk_context *ctx)
--- a/microscript/ILibduktape_EventEmitter.c
+++ b/microscript/ILibduktape_EventEmitter.c
@@ -435,7 +435,9 @@ ILibDuktape_EventEmitter* ILibDuktape_EventEmitter_GetEmitter_fromThis(duk_conte
 }
 ILibDuktape_EventEmitter* ILibDuktape_EventEmitter_GetEmitter(duk_context *ctx, duk_idx_t i)
 {
+	if (!duk_ctx_is_alive(ctx)) { return(NULL); }
 	ILibDuktape_EventEmitter *retVal = (ILibDuktape_EventEmitter*)Duktape_GetBufferProperty(ctx, i, ILibDuktape_EventEmitter_Data);
+	if (!duk_ctx_is_alive(retVal->object)) { retVal = NULL; }
 	return retVal;
 }
 duk_ret_t ILibDuktape_EventEmitter_removeListener(duk_context *ctx)
@@ -495,8 +497,12 @@ duk_ret_t ILibDuktape_EventEmitter_removeAllListeners(duk_context *ctx)

 duk_ret_t ILibDuktape_EventEmitter_EmbeddedFinalizer(duk_context *ctx)
 {
+	ILibDuktape_EventEmitter *data = ILibDuktape_EventEmitter_GetEmitter(ctx, 0);
+	if (!ILibMemory_CanaryOK(data) || !duk_ctx_is_alive(data->ctx)) { return(0); }
+
 	ILibDuktape_EventEmitter_SetupEmit(ctx, duk_get_heapptr(ctx, 0), "~");	// [emit][this][~]
 	duk_dup(ctx, 0);														// [emit][this][~][self]
+	char *meta = Duktape_GetStringPropertyValue(ctx, -1, ILibDuktape_OBJID, "UNKNOWN");
 	if (g_displayFinalizerMessages)
 	{
 		printf("+-+- Finalizer Event for: %s [%p] -+-+\n", Duktape_GetStringPropertyValue(ctx, -1, ILibDuktape_OBJID, "UNKNOWN"), duk_get_heapptr(ctx, -1));
@@ -532,17 +538,10 @@ duk_ret_t ILibDuktape_EventEmitter_EmbeddedFinalizer(duk_context *ctx)
 	}
 	if (duk_pcall_method(ctx, 2) != 0)
 	{
-		ILibDuktape_Process_UncaughtExceptionEx(ctx, "Error in Finalizer: [Invalid C function means you forgot to return 0] ");
+		ILibDuktape_Process_UncaughtExceptionEx(ctx, "Error in Finalizer (%s): [Invalid C function means you forgot to return 0] ", meta);
 	}

-	ILibDuktape_EventEmitter *data = ILibDuktape_EventEmitter_GetEmitter(ctx, 0);
-	if (data == NULL) { return(ILibDuktape_Error(ctx, "Internal Error")); }			// This is deadcode, will never occur, but is here because Klockwork thinks this could happen
-	if (!ILibMemory_CanaryOK(data) || !duk_ctx_is_alive(data->ctx)) { return(0); }
 	sem_destroy(&(data->listenerCountTableLock));
-
-	// We need to clear the Native Dispatcher, while destroying the Hashtable
-	
-	memset(ILibMemory_RawPtr(data), 0, ILibMemory_RawSize(data));
 	return(0);
 }
 duk_ret_t ILibDuktape_EventEmitter_emitReturnValue(duk_context *ctx)