From ff30d579d2fa7217160f38baa01485c7b26474cf Mon Sep 17 00:00:00 2001 From: sahandevs Date: Mon, 16 May 2022 15:20:48 +0430 Subject: [PATCH] fix buffer overflow in `sqli`'s fingerprint --- Cargo.toml | 2 +- src/wrapper.rs | 16 ++++++---------- 2 files changed, 7 insertions(+), 11 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 75c7cf0..c5c3be4 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "libinjection" -version = "0.2.4" +version = "0.2.5" authors = ["Navid "] license = "MIT/Apache-2.0" readme = "README.md" diff --git a/src/wrapper.rs b/src/wrapper.rs index cd908ed..3cd3cf9 100644 --- a/src/wrapper.rs +++ b/src/wrapper.rs @@ -1,20 +1,16 @@ use bindings; -use std::ffi::CString; +use std::ffi::{CStr, CString}; /// Checks `input` for SQL injection detection, and returns an option of (is_sqli, fingerprint) pub fn sqli(input: &str) -> Option<(bool, String)> { - let fingerprint_cstring = CString::new("").ok()?; - let fingerprint_raw_ptr = fingerprint_cstring.into_raw(); + let mut fingerprint = ['\0'; 8]; + let fingerprint_ptr = fingerprint.as_mut_ptr() as *mut i8; let input_cstring = CString::new(input).ok()?; let input_ptr = input_cstring.as_ptr(); let is_sqli = - unsafe { bindings::libinjection_sqli(input_ptr, input.len() as u64, fingerprint_raw_ptr) }; - Some(( - is_sqli == 1, - unsafe { CString::from_raw(fingerprint_raw_ptr) } - .into_string() - .ok()?, - )) + unsafe { bindings::libinjection_sqli(input_ptr, input.len() as u64, fingerprint_ptr) }; + let fingerprint = unsafe { CStr::from_ptr(fingerprint_ptr).to_str().ok()?.to_string() }; + Some((is_sqli == 1, fingerprint)) } /// Checks `input` for XSS detection, and returns an option of is_xss