[security] Without verifying whether malloc is successful, copy the enclave buf outside directly

[jmp0x7c00]

in file win/Enclave/Current_bloomberg.cpp:

static int construct_query(char* symbol, char** buf) {
    int len;
    char query[1000];
    query[0] = 0;

    strncat(query, "/quote/", sizeof query);
    strncat(query, symbol, sizeof query);
    strncat(query, ":US", sizeof query);

    len = strlen(query);
    *buf = (char*)malloc(len+1);
    // doesn't check malloc result. buf may be NULL
    memcpy(*buf, query, len);
    (*buf)[len] = 0;
    return len;
}

and here:

static int parse_response(char* resp, char** buf) {
    int len;
    char ret[100];
    char * end;
    char * temp = resp;

    while (strncmp(temp, "itemprop=\"price\"", 16) != 0) {
        temp += 1;
    }
    temp += 17;
    while (*temp != '"') {
        temp += 1;
    }
    temp += 1;
    end = temp;
    while (*end != '"') {
        end += 1;
    }
    *end = 0;

    /*double price;

    price = atof(resp);*/

    ret[0] = 0;
    strncat(ret, temp, sizeof ret);

    len = strlen(ret);
    *buf = (char*)malloc(len+1);
//doesn't check malloc result. buf may be NULL
    memcpy(*buf, ret, len);
    (*buf)[len] = 0;
    return len;
}

[jmp0x7c00]

same bugs in file win/Enclave/Steam2.cpp: line 49:

 *buf = (char*)malloc(len+1);
    memcpy(*buf, query, len);
    (*buf)[len] = 0;
    return len;

and line 115

*resp = (char*)malloc(len+1);
    memcpy(*resp, query, len);

and line 69:

  *buf = (char*)malloc(len+1);
    memcpy(*buf, query, len);
    (*buf)[len] = 0;

[jmp0x7c00]

file win/Enclave/Current_Yahoo.cpp: line 20:

*buf = (char*)malloc(len+1);
    memcpy(*buf, query, len);

and file win/Enclave/Current_Google.cpp line 48 and file win/Enclave/Transaction.cpp line 202 and file /win/Enclave/Flight.cpp line 64 and file win/Enclave/ECDAS.c line 101

[bl4ck5un]

Thanks. Do you want to submit a PR?