nginx-ssl-ja3: fix curves bad heap allocation

fooinha · fooinha · commit d2b182f05167 · 2017-08-21T01:03:36.000Z
- fix warning of unused function when compiling --with-debug
diff --git a/src/ngx_ssl_ja3.c b/src/ngx_ssl_ja3.c
@@ -92,12 +92,12 @@ static const int nid_list[] = {
 };
 
 
-static int
+static unsigned char
 ngx_ssl_ja3_nid_to_cid(int nid)
 {
-    size_t sz = (sizeof(nid_list) / sizeof(nid_list[0]));
+    unsigned char sz = (sizeof(nid_list) / sizeof(nid_list[0]));
 
-    for (size_t i = 0; i < sz; i++) {
+    for (unsigned char i = 0; i < sz; i++) {
         if (nid == nid_list[i]) {
             return i+1;
         }
@@ -119,6 +119,7 @@ ngx_ssj_ja3_num_digits(int n)
 }
 
 
+#if (NGX_DEBUG)
 static void
 ngx_ssl_ja3_detail_print(ngx_pool_t *pool, ngx_ssl_ja3_t *ja3)
 {
@@ -173,6 +174,7 @@ ngx_ssl_ja3_detail_print(ngx_pool_t *pool, ngx_ssl_ja3_t *ja3)
         );
     }
 }
+#endif
 
 
 void
@@ -357,7 +359,7 @@ ngx_ssl_ja3(ngx_connection_t *c, ngx_pool_t *pool, ngx_ssl_ja3_t *ja3) {
     /* Elliptic curve points */
     ja3->curves_sz = SSL_get1_curves(ssl, NULL);
     if (ja3->curves_sz) {
-        curves_out = OPENSSL_malloc(ja3->curves_sz);
+        curves_out = OPENSSL_malloc(ja3->curves_sz * sizeof(int));
         if (curves_out == NULL) {
             return NGX_DECLINED;
         }
@@ -369,7 +371,7 @@ ngx_ssl_ja3(ngx_connection_t *c, ngx_pool_t *pool, ngx_ssl_ja3_t *ja3) {
         if (ja3->curves == NULL) {
             return NGX_DECLINED;
         }
-        for (size_t i = 0; i < ja3->curves_sz; ++i) {
+        for (size_t i = 0; i < ja3->curves_sz; i++) {
             ja3->curves[i] = ngx_ssl_ja3_nid_to_cid(curves_out[i]);
         }
 

Original file line number	Diff line number	Diff line change
`@@ -92,12 +92,12 @@ static const int nid_list[] = {`
`92`	`92`	`};`
`93`	`93`
`94`	`94`
`95`		`-static int`
	`95`	`+static unsigned char`
`96`	`96`	`ngx_ssl_ja3_nid_to_cid(int nid)`
`97`	`97`	`{`
`98`		`- size_t sz = (sizeof(nid_list) / sizeof(nid_list[0]));`
	`98`	`+ unsigned char sz = (sizeof(nid_list) / sizeof(nid_list[0]));`
`99`	`99`
`100`		`- for (size_t i = 0; i < sz; i++) {`
	`100`	`+ for (unsigned char i = 0; i < sz; i++) {`
`101`	`101`	`if (nid == nid_list[i]) {`
`102`	`102`	`return i+1;`
`103`	`103`	`}`
`@@ -119,6 +119,7 @@ ngx_ssj_ja3_num_digits(int n)`
`119`	`119`	`}`
`120`	`120`
`121`	`121`
	`122`	`+#if (NGX_DEBUG)`
`122`	`123`	`static void`
`123`	`124`	`ngx_ssl_ja3_detail_print(ngx_pool_t pool, ngx_ssl_ja3_t ja3)`
`124`	`125`	`{`
`@@ -173,6 +174,7 @@ ngx_ssl_ja3_detail_print(ngx_pool_t pool, ngx_ssl_ja3_t ja3)`
`173`	`174`	`);`
`174`	`175`	`}`
`175`	`176`	`}`
	`177`	`+#endif`
`176`	`178`
`177`	`179`
`178`	`180`	`void`
`@@ -357,7 +359,7 @@ ngx_ssl_ja3(ngx_connection_t c, ngx_pool_t pool, ngx_ssl_ja3_t *ja3) {`
`357`	`359`	`/* Elliptic curve points */`
`358`	`360`	`ja3->curves_sz = SSL_get1_curves(ssl, NULL);`
`359`	`361`	`if (ja3->curves_sz) {`
`360`		`- curves_out = OPENSSL_malloc(ja3->curves_sz);`
	`362`	`+ curves_out = OPENSSL_malloc(ja3->curves_sz * sizeof(int));`
`361`	`363`	`if (curves_out == NULL) {`
`362`	`364`	`return NGX_DECLINED;`
`363`	`365`	`}`
`@@ -369,7 +371,7 @@ ngx_ssl_ja3(ngx_connection_t c, ngx_pool_t pool, ngx_ssl_ja3_t *ja3) {`
`369`	`371`	`if (ja3->curves == NULL) {`
`370`	`372`	`return NGX_DECLINED;`
`371`	`373`	`}`
`372`		`- for (size_t i = 0; i < ja3->curves_sz; ++i) {`
	`374`	`+ for (size_t i = 0; i < ja3->curves_sz; i++) {`
`373`	`375`	`ja3->curves[i] = ngx_ssl_ja3_nid_to_cid(curves_out[i]);`
`374`	`376`	`}`
`375`	`377`