[core] fix cJSON compat

* only export used symbols, provide prototypes when required * clean up some length checks
2023-07-24 07:53:42 +02:00 · 2023-07-24 07:53:42 +02:00 · a5ea634516
commit a5ea634516
parent 5de7887d93
5 changed files with 46 additions and 29 deletions
--- a/client/common/client.c
+++ b/client/common/client.c
@ -61,6 +61,18 @@
 #ifdef WITH_AAD
 #include <cjson/cJSON.h>
 #include <freerdp/utils/http.h>
+
+#if CJSON_VERSION_MAJOR == 1
+#if CJSON_VERSION_MINOR <= 7
+#if CJSON_VERSION_PATCH < 13
+#define USE_CJSON_COMPAT
+#endif
+#endif
+#endif
+
+#if defined(USE_CJSON_COMPAT)
+extern cJSON* cJSON_ParseWithLength(const char* value, size_t buffer_length);
+#endif
 #endif

 #include <freerdp/log.h>
--- a/libfreerdp/core/aad.c
+++ b/libfreerdp/core/aad.c
@ -27,26 +27,12 @@
 #include "../crypto/privatekey.h"
 #include <freerdp/utils/http.h>

-#ifdef WITH_AAD
-#include <cjson/cJSON.h>
-#endif
-
 #include <winpr/crypto.h>

 #include "transport.h"

 #include "aad.h"

-#ifdef WITH_AAD
-#if CJSON_VERSION_MAJOR == 1
-#if CJSON_VERSION_MINOR <= 7
-#if CJSON_VERSION_PATCH < 13
-#define USE_CJSON_COMPAT
-#endif
-#endif
-#endif
-#endif
-
 struct rdp_aad
 {
 	AAD_STATE state;
@ -112,8 +98,7 @@ static BOOL json_get_object(wLog* wlog, cJSON* json, const char* key, cJSON** ob
 }

 #if defined(USE_CJSON_COMPAT)
-FREERDP_API double cJSON_GetNumberValue(const cJSON* const item);
-double cJSON_GetNumberValue(const cJSON* const prop)
+static double cJSON_GetNumberValue(const cJSON* const prop)
 {
 #ifndef NAN
 #ifdef _WIN32
@ -208,14 +193,15 @@ static BOOL json_get_string_alloc(wLog* wlog, cJSON* json, const char* key, char
 }

 #if defined(USE_CJSON_COMPAT)
-FREERDP_API cJSON* cJSON_ParseWithLength(const char* value, size_t buffer_length);
-
 cJSON* cJSON_ParseWithLength(const char* value, size_t buffer_length)
 {
 	// Check for string '\0' termination.
 	const size_t slen = strnlen(value, buffer_length);
 	if (slen >= buffer_length)
+	{
+		if (value[buffer_length] != '\0')
 			return NULL;
+	}
 	return cJSON_Parse(value);
 }
 #endif
@ -235,7 +221,7 @@ static BOOL aad_get_nonce(rdpAad* aad)
 		goto fail;
 	}

-	if (resp_code != 200)
+	if (resp_code != HTTP_STATUS_OK)
 	{
 		WLog_Print(aad->log, WLOG_ERROR,
 		           "Server unwilling to provide nonce; returned status code %li", resp_code);
--- a/libfreerdp/core/aad.h
+++ b/libfreerdp/core/aad.h
@ -32,6 +32,18 @@ typedef enum
 #include <freerdp/api.h>
 #include <freerdp/freerdp.h>

+#ifdef WITH_AAD
+#include <cjson/cJSON.h>
+
+#if CJSON_VERSION_MAJOR == 1
+#if CJSON_VERSION_MINOR <= 7
+#if CJSON_VERSION_PATCH < 13
+#define USE_CJSON_COMPAT
+#endif
+#endif
+#endif
+#endif
+
 FREERDP_LOCAL BOOL aad_is_supported(void);

 FREERDP_LOCAL int aad_client_begin(rdpAad* aad);
@ -42,4 +54,8 @@ FREERDP_LOCAL AAD_STATE aad_get_state(rdpAad* aad);
 FREERDP_LOCAL rdpAad* aad_new(rdpContext* context, rdpTransport* transport);
 FREERDP_LOCAL void aad_free(rdpAad* aad);

+#if defined(USE_CJSON_COMPAT)
+FREERDP_API cJSON* cJSON_ParseWithLength(const char* value, size_t buffer_length);
+#endif
+
 #endif /* FREERDP_LIB_CORE_AAD_H */
--- a/libfreerdp/core/gateway/arm.c
+++ b/libfreerdp/core/gateway/arm.c
@ -310,13 +310,13 @@ arm_create_cleanup:
 	return message;
 }

-static BOOL arm_fill_gateway_parameters(rdpArm* arm, const char* message)
+static BOOL arm_fill_gateway_parameters(rdpArm* arm, const char* message, size_t len)
 {
 	WINPR_ASSERT(arm);
 	WINPR_ASSERT(arm->context);
 	WINPR_ASSERT(message);

-	cJSON* json = cJSON_Parse(message);
+	cJSON* json = cJSON_ParseWithLength(message, len);
 	BOOL status = FALSE;
 	if (!json)
 		return FALSE;
@ -408,14 +408,15 @@ BOOL arm_resolve_endpoint(rdpContext* context, DWORD timeout)
 	StatusCode = http_response_get_status_code(response);
 	if (StatusCode == HTTP_STATUS_OK)
 	{
-		char* msg = calloc(http_response_get_body_length(response) + 1, sizeof(char));
+		const size_t len = http_response_get_body_length(response);
+		char* msg = calloc(len + 1, sizeof(char));
 		if (!msg)
 			goto arm_error;

-		memcpy(msg, http_response_get_body(response), http_response_get_body_length(response));
+		memcpy(msg, http_response_get_body(response), len);

 		WLog_DBG(TAG, "Got HTTP Response data: %s", msg);
-		const BOOL res = arm_fill_gateway_parameters(arm, msg);
+		const BOOL res = arm_fill_gateway_parameters(arm, msg, len);
 		free(msg);
 		if (!res)
 			goto arm_error;
--- a/libfreerdp/utils/http.c
+++ b/libfreerdp/utils/http.c
@ -121,9 +121,11 @@ BOOL freerdp_http_request(const char* url, const char* body, long* status_code,
 	if (!hostname)
 		return FALSE;

+	size_t blen = 0;
 	if (body)
 	{
-		if (winpr_asprintf(&headers, &size, post_header_fmt, path, hostname, strlen(body)) < 0)
+		blen = strlen(body);
+		if (winpr_asprintf(&headers, &size, post_header_fmt, path, hostname, blen) < 0)
 			return FALSE;
 	}
 	else
@ -182,7 +184,7 @@ BOOL freerdp_http_request(const char* url, const char* body, long* status_code,

 	WLog_Print(log, WLOG_DEBUG, "headers:\n%s", headers);
 	ERR_clear_error();
-	if (BIO_write(bio, headers, strlen(headers)) < 0)
+	if (BIO_write(bio, headers, strnlen(headers, size)) < 0)
 	{
 		log_errors(log, "could not write headers");
 		goto out;
@ -192,14 +194,14 @@ BOOL freerdp_http_request(const char* url, const char* body, long* status_code,
 	{
 		WLog_Print(log, WLOG_DEBUG, "body:\n%s", body);

-		if (strlen(body) > INT_MAX)
+		if (blen > INT_MAX)
 		{
 			WLog_Print(log, WLOG_ERROR, "body too long!");
 			goto out;
 		}

 		ERR_clear_error();
-		if (BIO_write(bio, body, strlen(body)) < 0)
+		if (BIO_write(bio, body, blen) < 0)
 		{
 			log_errors(log, "could not write body");
 			goto out;