fix buffer overflow in sqli's fingerprint

arvancloud · May 16, 2022 · ff30d57 · ff30d57
1 parent 763f310
commit ff30d57
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 11 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "libinjection"
-version = "0.2.4"
+version = "0.2.5"
 authors = ["Navid <[email protected]>"]
 license = "MIT/Apache-2.0"
 readme = "README.md"

diff --git a/src/wrapper.rs b/src/wrapper.rs
@@ -1,20 +1,16 @@
 use bindings;
-use std::ffi::CString;
+use std::ffi::{CStr, CString};
 
 /// Checks `input` for SQL injection detection, and returns an option of (is_sqli, fingerprint)
 pub fn sqli(input: &str) -> Option<(bool, String)> {
-    let fingerprint_cstring = CString::new("").ok()?;
-    let fingerprint_raw_ptr = fingerprint_cstring.into_raw();
+    let mut fingerprint = ['\0'; 8];
+    let fingerprint_ptr = fingerprint.as_mut_ptr() as *mut i8;
     let input_cstring = CString::new(input).ok()?;
     let input_ptr = input_cstring.as_ptr();
     let is_sqli =
-        unsafe { bindings::libinjection_sqli(input_ptr, input.len() as u64, fingerprint_raw_ptr) };
-    Some((
-        is_sqli == 1,
-        unsafe { CString::from_raw(fingerprint_raw_ptr) }
-            .into_string()
-            .ok()?,
-    ))
+        unsafe { bindings::libinjection_sqli(input_ptr, input.len() as u64, fingerprint_ptr) };
+    let fingerprint = unsafe { CStr::from_ptr(fingerprint_ptr).to_str().ok()?.to_string() };
+    Some((is_sqli == 1, fingerprint))
 }
 
 /// Checks `input` for XSS detection, and returns an option of is_xss