From 84d327d586197c242cc29b29b172e9e231a4d5d2 Mon Sep 17 00:00:00 2001 From: lafrigolet Date: Tue, 23 Apr 2024 19:13:18 +0200 Subject: [PATCH 1/2] Fixed buffer overwritten on libcurl for https notification request --- src/lib/orionld/notifications/notificationSend.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/lib/orionld/notifications/notificationSend.cpp b/src/lib/orionld/notifications/notificationSend.cpp index b1d3683e28..4fd31be44d 100644 --- a/src/lib/orionld/notifications/notificationSend.cpp +++ b/src/lib/orionld/notifications/notificationSend.cpp @@ -699,7 +699,8 @@ int notificationSend(OrionldAlterationMatch* mAltP, double timestamp, CURL** cur } long unsigned int payloadBodySize = kjFastRenderSize(notificationP); - char* payloadBody = (payloadBodySize < sizeof(body))? body : kaAlloc(&orionldState.kalloc, payloadBodySize); + bool allocate = (payloadBodySize < sizeof(body)) || (mAltP->subP->protocol == HTTPS); + char* payloadBody = (allocate == false)? body : kaAlloc(&orionldState.kalloc, payloadBodySize); kjFastRender(notificationP, payloadBody); From b4f7347a684c7bee7de0063733e17b2a6932522b Mon Sep 17 00:00:00 2001 From: Ken Zangelin Date: Tue, 23 Apr 2024 23:21:34 +0200 Subject: [PATCH 2/2] Fixed a functest and an unexpected crash --- src/lib/orionld/notifications/notificationSend.cpp | 11 +---------- .../cases/0000_ngsild/ngsild_issue_1322.test | 2 +- 2 files changed, 2 insertions(+), 11 deletions(-) diff --git a/src/lib/orionld/notifications/notificationSend.cpp b/src/lib/orionld/notifications/notificationSend.cpp index 4fd31be44d..868e5f641c 100644 --- a/src/lib/orionld/notifications/notificationSend.cpp +++ b/src/lib/orionld/notifications/notificationSend.cpp @@ -85,14 +85,6 @@ size_t userAgentHeaderLen = 0; // Set in orionldServiceInit() -// ----------------------------------------------------------------------------- -// -// static buffer for small notifications (payload body) -// -static __thread char body[4 * 1024]; - - - // ----------------------------------------------------------------------------- // // attributeToSimplified - move to its own module @@ -699,8 +691,7 @@ int notificationSend(OrionldAlterationMatch* mAltP, double timestamp, CURL** cur } long unsigned int payloadBodySize = kjFastRenderSize(notificationP); - bool allocate = (payloadBodySize < sizeof(body)) || (mAltP->subP->protocol == HTTPS); - char* payloadBody = (allocate == false)? body : kaAlloc(&orionldState.kalloc, payloadBodySize); + char* payloadBody = kaAlloc(&orionldState.kalloc, payloadBodySize + 512); kjFastRender(notificationP, payloadBody); diff --git a/test/functionalTest/cases/0000_ngsild/ngsild_issue_1322.test b/test/functionalTest/cases/0000_ngsild/ngsild_issue_1322.test index fde0289efe..ac00abab79 100644 --- a/test/functionalTest/cases/0000_ngsild/ngsild_issue_1322.test +++ b/test/functionalTest/cases/0000_ngsild/ngsild_issue_1322.test @@ -268,7 +268,7 @@ Ngsild-Attribute-Format: Normalized ], "id": "urn:ngsi-ld:Notification:REGEX(.*)", "notifiedAt": "202REGEX(.*)Z", - "subscriptionId": "urn:S1", + "subscriptionId": "urn:S2", "type": "Notification" } =======================================