Fix buffer overflow for section arm event

frozer · frozer · commit f05eaefaaa09 · 2025-01-10T05:10:06.000+05:00
diff --git a/libdozor/device-event.c b/libdozor/device-event.c
@@ -97,7 +97,7 @@ unsigned short int getDeviceEvents(const uint8_t * raw, long int bufSize, Device
         
       blobToHexStr(hexStr, &raw[index], eventSize);
 
-      logger(LOG_LEVEL_DEBUG, "device-event(getDeviceEvents)", "event id 0x%x: %s", raw[index], hexStr);
+      logger(LOG_LEVEL_DEBUG, "device-event(getDeviceEvents)", "[%d] event id 0x%x: %s", eventCount, raw[index], hexStr);
 
       free(hexStr);
     }
diff --git a/libdozor/event.c b/libdozor/event.c
@@ -446,10 +446,10 @@ static char * getAuthEventData(uint8_t type, uint8_t * data, uint8_t len)
 static char * getSecurityEventData(uint8_t type, uint8_t * data, uint8_t len)
 {
   char * template = ",\"user\":%s,\"event\":\"%s\",\"scope\":\"Security\",\"sections\":%s";
-  char * res = malloc(sizeof(char) * (strlen(template) + MAX_EVENT_NAME_LENGTH + 2));
+  char * res = malloc(sizeof(char) * (strlen(template) + MAX_EVENT_NAME_LENGTH + MAX_SECTION_LENGTH + 2));
   char * extractedData = getData(data, USER_DATA_POSITION, len);
   uint8_t state_byte = data[0];
-  char affectedSections[50];
+  char affectedSections[MAX_SECTION_LENGTH];
 
   get_affected_sections(state_byte, affectedSections);
 
diff --git a/libdozor/event.h b/libdozor/event.h
@@ -25,6 +25,7 @@
 #define EVENT_COUNT 64
 #define EVENT_TIMESTAMP_LENGTH 25
 #define MAX_EVENT_NAME_LENGTH 25
+#define MAX_SECTION_LENGTH 22 // like, "[1, 2, 3, 4, 5, 7, 8]"
 #define COMMAND_RESULT_COUNT 8
 #define MAX_COMMAND_RESULT_NAME_LENGTH 32
 #define COMMON_EVENT_SCOPE "Common"
diff --git a/libdozor/rc4.c b/libdozor/rc4.c
@@ -54,9 +54,9 @@ void codec(unsigned char* data, CryptoSession * crypto, const size_t msgLength)
   unsigned short int data_index;
   unsigned char old;
 
-  logger(LOG_LEVEL_DEBUG, "rc4(codec)", "called for - %s\n", data);
-  logger(LOG_LEVEL_DEBUG, "rc4(codec)", "iterator %d\n", i);
-  logger(LOG_LEVEL_DEBUG, "rc4(codec)", "pointer %d\n", j);
+  // logger(LOG_LEVEL_DEBUG, "rc4(codec)", "called for - %s\n", data);
+  // logger(LOG_LEVEL_DEBUG, "rc4(codec)", "iterator %d\n", i);
+  // logger(LOG_LEVEL_DEBUG, "rc4(codec)", "pointer %d\n", j);
 
   // convert data
   for (data_index = 0; data_index < msgLength; data_index++) {    
@@ -67,7 +67,7 @@ void codec(unsigned char* data, CryptoSession * crypto, const size_t msgLength)
     kword = crypto->pool[(crypto->pool[i] + crypto->pool[j]) % POOL_SIZE];
     data[data_index] = old ^ kword;
 
-    logger(LOG_LEVEL_DEBUG, "rc4(codec)", "[%d] 0x%x -> 0x%x\n", data_index, old, data[data_index]);
+    // logger(LOG_LEVEL_DEBUG, "rc4(codec)", "[%d] 0x%x -> 0x%x\n", data_index, old, data[data_index]);
   }
 
   crypto->iterator = i;

Original file line number	Diff line number	Diff line change
`@@ -97,7 +97,7 @@ unsigned short int getDeviceEvents(const uint8_t * raw, long int bufSize, Device`
`97`	`97`
`98`	`98`	`blobToHexStr(hexStr, &raw[index], eventSize);`
`99`	`99`
`100`		`- logger(LOG_LEVEL_DEBUG, "device-event(getDeviceEvents)", "event id 0x%x: %s", raw[index], hexStr);`
	`100`	`+ logger(LOG_LEVEL_DEBUG, "device-event(getDeviceEvents)", "[%d] event id 0x%x: %s", eventCount, raw[index], hexStr);`
`101`	`101`
`102`	`102`	`free(hexStr);`
`103`	`103`	`}`