Chiebot-Mirror
/
grpc
mirror of https://github.com/grpc/grpc.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix out-of-bounds access loading pem files in Objective-C.

Browse Source 
dataUsingEncoding: method of NSString does *not* return
a null-terminated string. Passing it to GRPC core results in an
out-of-bounds access when the resulting non-null-terminated buffer is
passed to strlen.
pull/15554/head
Konstantin Varlamov 7 years ago
parent 35201969e8
commit a9b235a224
1 changed files with 11 additions and 7 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 18
      src/objective-c/GRPCClient/private/GRPCHost.m

18
src/objective-c/GRPCClient/private/GRPCHost.m
Unescape View File

@ -126,6 +126,13 @@ static NSMutableDictionary *kHostCache;
completionQueue:queue];
}
- (NSData *)dataWithNsString:(NSString *)string {
NSData *data = [string dataUsingEncoding:NSASCIIStringEncoding allowLossyConversion:YES];
NSMutableData *nullTerminated = [NSMutableData dataWithData: data];
[nullTerminated appendBytes:"\0" length:1];
return nullTerminated;
}
- (BOOL)setTLSPEMRootCerts:(nullable NSString *)pemRootCerts
withPrivateKey:(nullable NSString *)pemPrivateKey
withCertChain:(nullable NSString *)pemCertChain
@ -147,13 +154,12 @@ static NSMutableDictionary *kHostCache;
kDefaultRootsError = error;
return;
}
kDefaultRootsASCII =
[contentInUTF8 dataUsingEncoding:NSASCIIStringEncoding allowLossyConversion:YES];
kDefaultRootsASCII = [self dataWithNsString:contentInUTF8];
});
NSData *rootsASCII;
if (pemRootCerts != nil) {
rootsASCII = [pemRootCerts dataUsingEncoding:NSASCIIStringEncoding allowLossyConversion:YES];
rootsASCII = [self dataWithNsString:pemRootCerts];
} else {
if (kDefaultRootsASCII == nil) {
if (errorPtr) {
@ -176,10 +182,8 @@ static NSMutableDictionary *kHostCache;
creds = grpc_ssl_credentials_create(rootsASCII.bytes, NULL, NULL);
} else {
grpc_ssl_pem_key_cert_pair key_cert_pair;
NSData *privateKeyASCII =
[pemPrivateKey dataUsingEncoding:NSASCIIStringEncoding allowLossyConversion:YES];
NSData *certChainASCII =
[pemCertChain dataUsingEncoding:NSASCIIStringEncoding allowLossyConversion:YES];
NSData *privateKeyASCII = [self dataWithNsString:pemPrivateKey];
NSData *certChainASCII = [self dataWithNsString:pemCertChain];
key_cert_pair.private_key = privateKeyASCII.bytes;
key_cert_pair.cert_chain = certChainASCII.bytes;
creds = grpc_ssl_credentials_create(rootsASCII.bytes, &key_cert_pair, NULL);

Write Preview
Loading…
Cancel
Save