Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Nspv json response buffer fix #530

Closed
wants to merge 3 commits into from
Closed

Nspv json response buffer fix #530

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
24ddfca
nspv json resp buffer malloc'ed
dimxy Feb 3, 2022
9d6a343
adde malloc result check
dimxy Jun 11, 2022
fafe04d
added constructor to NSPV_remoterpcresp to init as null
dimxy Jul 14, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion src/komodo_nSPV.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -441,8 +441,10 @@ int32_t NSPV_rwremoterpcresp(int32_t rwflag,uint8_t *serialized,struct NSPV_remo

void NSPV_remoterpc_purge(struct NSPV_remoterpcresp *ptr)
{
if ( ptr != 0 )
if ( ptr != 0 ) {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do not know much of the NSPV code, so take this as food for thought. Would this be better off in a destructor?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I totally refactored the nspv code and replaced all such read/write functions to CDataStream object, sent it into research-new branch. So eventually all this code will be replaced

if (ptr->json) free (ptr->json);
memset(ptr,0,sizeof(*ptr));
}
}

// useful utility functions
Expand Down
3 changes: 2 additions & 1 deletion src/komodo_nSPV_defs.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -185,8 +185,9 @@ struct NSPV_CCmtxinfo

struct NSPV_remoterpcresp
{
NSPV_remoterpcresp() { method[0] = '\0'; json = nullptr; }
char method[64];
char json[11000];
char *json;
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note that in some cases, json != nullptr. It may be better to explicitly initialize it to nullptr here. This will make _purge method less dangerous.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there is a memset to zero NSPV_remoterpcresp after the var decl
but just added a constructor to auto init to zeros

};

#endif // KOMODO_NSPV_DEFSH
4 changes: 4 additions & 0 deletions src/komodo_nSPV_fullnode.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -688,6 +688,9 @@ int32_t NSPV_remoterpc(struct NSPV_remoterpcresp *ptr,char *json,int n)
{
rpc_result = JSONRPCReplyObj(result, NullUniValue, jreq.id);
response=rpc_result.write();
ptr->json = (char*)malloc(response.size());
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe it possible that response.size() could be a large number. Should there be checks to assure that the malloc here (and below) did not return nullptr?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

definitely should be checked, thank you

if (ptr->json == nullptr)
throw JSONRPCError(RPC_OUT_OF_MEMORY, "Cannot allocate memory for response");
memcpy(ptr->json,response.c_str(),response.size());
len+=response.size();
return (len);
Expand All @@ -709,6 +712,7 @@ int32_t NSPV_remoterpc(struct NSPV_remoterpcresp *ptr,char *json,int n)
rpc_result = JSONRPCReplyObj(NullUniValue,JSONRPCError(RPC_PARSE_ERROR, e.what()), jreq.id);
response=rpc_result.write();
}
ptr->json = (char*)malloc(response.size()); // only not a big size error responses are here
memcpy(ptr->json,response.c_str(),response.size());
len+=response.size();
return (len);
Expand Down