From 1511441e6042c02f38280426ced9ab423c38befa Mon Sep 17 00:00:00 2001
From: Constantin Papizh <p.const@bk.ru>
Date: Tue, 22 Dec 2020 17:51:12 +0300
Subject: [PATCH] Trash data check + UB fixed
---
modules/global-db/dap_chain_global_db.c | 30 ++++++++++---------------
modules/net/dap_chain_node_cli_cmd.c | 11 ++++-----
2 files changed, 18 insertions(+), 23 deletions(-)
diff --git a/modules/global-db/dap_chain_global_db.c b/modules/global-db/dap_chain_global_db.c
index ce7ccc6756..144b2a225f 100644
--- a/modules/global-db/dap_chain_global_db.c
+++ b/modules/global-db/dap_chain_global_db.c
@@ -671,26 +671,20 @@ dap_global_db_obj_t* dap_chain_global_db_gr_load(const char *a_group, size_t *a_
*a_data_size_out = 0;
return NULL;
}
- dap_global_db_obj_t *l_data = DAP_NEW_Z_SIZE(dap_global_db_obj_t,
- (count + 1) * sizeof(dap_global_db_obj_t)); // last item in mass must be zero
- // clear only last item
- //memset(&l_data[count], 0, sizeof(dap_global_db_obj_t));
+ dap_global_db_obj_t *l_data = DAP_NEW_Z_SIZE(dap_global_db_obj_t, (count + 1) * sizeof(dap_global_db_obj_t)); // last item in mass must be zero
for(size_t i = 0; i < count; i++) {
- dap_store_obj_t *l_store_obj_cur = l_store_obj + i;
- /*assert(l_store_obj_cur);
- l_data[i] = DAP_NEW(dap_global_db_obj_t);
- l_data[i]->key = dap_strdup(l_store_obj_cur->key);
- l_data[i]->value_len = l_store_obj_cur->value_len;
- l_data[i]->value = DAP_NEW_Z_SIZE(uint8_t, l_store_obj_cur->value_len + 1);
- memcpy(l_data[i]->value, l_store_obj_cur->value, l_store_obj_cur->value_len);*/
- //dap_global_db_obj_t *l_data = l_data0 + i;
- l_data[i].key = l_store_obj_cur->key;
- l_data[i].value_len = l_store_obj_cur->value_len;
- l_data[i].value = l_store_obj_cur->value;
- DAP_DELETE(l_store_obj_cur->group);
+ if (l_store_obj[i].value_len > 1024*1024) {
+ char l_temp[64] = { '\0' };
+ log_it(L_ERROR, "Trash datum in gdb, key: %s, size: %d, created: %s", l_store_obj[i].key, l_store_obj[i].value_len, dap_ctime_r(&(l_store_obj[i].timestamp), l_temp));
+ --count;
+ continue;
+ }
+ l_data[i].key = dap_strdup(l_store_obj[i].key);
+ l_data[i].value_len = l_store_obj[i].value_len;
+ l_data[i].value = DAP_NEW_Z_SIZE(uint8_t, l_store_obj[i].value_len + 1);
+ memcpy(l_data[i].value, l_store_obj[i].value, l_store_obj[i].value_len);
}
- // inner data are use in l_data0
- DAP_DELETE(l_store_obj); //dap_store_obj_free(l_store_obj, count);
+ dap_store_obj_free(l_store_obj, count);
if(a_data_size_out)
*a_data_size_out = count;
return l_data;
diff --git a/modules/net/dap_chain_node_cli_cmd.c b/modules/net/dap_chain_node_cli_cmd.c
index 76e3b8361f..c1fd94f152 100644
--- a/modules/net/dap_chain_node_cli_cmd.c
+++ b/modules/net/dap_chain_node_cli_cmd.c
@@ -2052,19 +2052,20 @@ void s_com_mempool_list_print_for_chain(dap_chain_net_t * a_net, dap_chain_t * a
dap_string_append_printf(a_str_tmp, "%s.%s: Not found records\n", a_net->pub.name, a_chain->name);
for(size_t i = 0; i < l_objs_size; i++) {
dap_chain_datum_t * l_datum = (dap_chain_datum_t*) l_objs[i].value;
- char buf[50];
- char * l_key = dap_strdup(l_objs[i].key);
time_t l_ts_create = (time_t) l_datum->header.ts_create;
-
+ if (l_datum->header.data_size > l_objs[i].value_len) {
+ log_it(L_ERROR, "Trash datum in GDB %s.%s, key: %s", a_net->pub.name, a_chain->name, l_objs[i].key);
+ continue;
+ }
+ char buf[50];
dap_hash_fast_t l_data_hash;
char l_data_hash_str[70]={[0]='\0'};
dap_hash_fast(l_datum->data,l_datum->header.data_size,&l_data_hash);
dap_hash_fast_to_str(&l_data_hash,l_data_hash_str,sizeof (l_data_hash_str)-1);
dap_string_append_printf(a_str_tmp, "hash %s: type_id=%s data_size=%u data_hash=%s ts_create=%s", // \n included in timestamp
- l_key, c_datum_type_str[l_datum->header.type_id],
+ l_objs[i].key, c_datum_type_str[l_datum->header.type_id],
l_datum->header.data_size, l_data_hash_str, dap_ctime_r(&l_ts_create, buf));
- DAP_DELETE(l_key);
dap_chain_net_dump_datum(a_str_tmp, l_datum, a_hash_out_type);
}
--
GitLab