Closed marckwei closed 3 years ago
字符串的话,是否要修改成:sizeof是否要-1:
#define S2J_STRUCT_GET_string_ELEMENT(to_struct, from_json, _element) \
json_temp = cJSON_GetObjectItem(from_json, #_element); \
if (json_temp) strncpy((to_struct)->_element, json_temp->valuestring,sizeof((to_struct)->_element) -1 );
CVE-2020-29203 was assigned to this issue.
Thanks for your feedback, can you submit a PR for it?
Thanks for your feedback, can you submit a PR for it?
It's my first time to submit a PR, so please check my work carefully...And thank you for giving me this chance!
Thanks for your feedback, can you submit a PR for it?
It's my first time to submit a PR, so please check my work carefully...And thank you for giving me this chance!
Good job.
Thank you for your contribution, PR has been merged
struct2json
Vulnerability Analysis
An unsafe operation is found in the
S2J_STRUCT_GET_string_ELEMENTfunction
. Thestrcpy
function is used to copyJSON->value
to thestruct
, which may cause overflow whenJSON->value
is longer than structure defined array size.POC
Run:
Suggestion
Use
strncpy
instead ofstrcpy
to control the length ofJSON->value
:After modification: