PC SOFTWAEWE

Incorporates a Substring – The Each day WTF

43 seconds ago
Add Comment
by Theme control panel
0 Views

One of many perks of open supply software program is that it implies that giant corporations can and can patch it for his or her wants. Which implies we are able to see what a selected giant electronics vendor did with a video participant software.

For instance, they wanted to see if the URL pointed to a stream protected by WideVine, Vudu, or Netflix. They will do that by checking if the filename accommodates a sure substring. Let’s examine how they completed this…

int get_special_protocol_type(char *filename, char *identify)
{
	int sort = 0;
	int fWidevine = 0;
	int j;
    	char proto_str[2800] = {'', };
      	if (!strcmp("http", identify))
       {
		strcpy(proto_str, filename);
		for(j=0;proto_str[j] != '';j++)
		{
			if(proto_str[j] == '=')
			{
				j++;
				if(proto_str[j] == 'W')
				{
					j++;
					if(proto_str[j] == 'V')
					{
						sort = Widevine_PROTOCOL;
					}
				}
			}
		}
		if (sort == 0)
		{
			for(j=0;proto_str[j] != '';j++)
			{
				if(proto_str[j] == '=')
				{
					j++;
					if(proto_str[j] == 'V')
					{
						j++;
						if(proto_str[j] == 'U')
						{
							j++;
							if(proto_str[j] == 'D')
							{
								j++;
								if(proto_str[j] == 'U')
								{
									sort = VUDU_PROTOCOL;
								}
							}
						}
					}
				}
			}
		}
 		if (sort == 0)
      		{
			for(j=0;proto_str[j] != '';j++)
			{
				if(proto_str[j] == '=')
				{
					j++;
					if(proto_str[j] == 'N')
					{
						j++;
						if(proto_str[j] == 'F')
						{
							j++;
							if(proto_str[j] == 'L')
							{
								j++;
								if(proto_str[j] == 'X')
								{
									sort = Netflix_PROTOCOL;
								}
							}
						}
					}
				}
			}
		}
      	}
	return sort;
}

For starters, there’s been loads of dialogue across the significance of reminiscence protected languages these days. I might argue that in C/C++ it is not really exhausting to put in writing reminiscence protected code, it is simply very straightforward to not. And that is an example- all the pieces in here’s a buffer overrun ready to occur. The core drawback is that we’re passing pure tips to char, and counting on the strings being correctly null terminated. So we’re utilizing the outdated, unsafe string capabilities to by no means checking in opposition to the bounds of proto_str to verify we have not run off the sting. A malicious enter might simply run off the top of the string.

But additionally, let’s discuss that string comparability. They do not even simply loop throughout a pair of strings character by character, they use this weird set of nested ifs with incrementing loop variables. On condition that they use strcmp, I feel we are able to safely assume the C commonplace library exists for his or her goal, which suggests strnstr was proper there.

It is also price noting that, since it is a read-only operation, the strcpy shouldn’t be essential, although we’re in a tough place since they’re passing a pointer to char and never together with the dimensions, which will get us again to the entire “unsafe string operations” drawback.

You may also like

About the author

Theme control panel

View all posts

Leave a Comment