upstream: fix buffer overflow, upstream: replace rand() -> MT19937 random number generator;

5 years ago · 3c58db84b4
parent 5ec7330423
commit 3c58db84b4
3 changed files with 39 additions and 23 deletions
--- a/Log.cpp
+++ b/Log.cpp
@ -102,7 +102,7 @@ static bool LogOpen()
            ::fclose(m_fpLog);
    }

-    char filename[100U];
+    char filename[200U];
 #if defined(_WIN32) || defined(_WIN64)
    ::sprintf(filename, "%s\\%s-%04d-%02d-%02d.log", m_filePath.c_str(), m_fileRoot.c_str(), tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday);
 #else
@ -134,7 +134,7 @@ static bool ActivityLogOpen()
            ::fclose(m_actFpLog);
    }

-    char filename[100U];
+    char filename[200U];
 #if defined(_WIN32) || defined(_WIN64)
    ::sprintf(filename, "%s\\%s-%04d-%02d-%02d.activity.log", m_filePath.c_str(), m_fileRoot.c_str(), tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday);
 #else
@ -180,7 +180,7 @@ void ActivityLog(const char *mode, const bool sourceRf, const char* msg, ...)
    assert(mode != NULL);
    assert(msg != NULL);

-    char buffer[400U];
+    char buffer[501U];
 #if defined(_WIN32) || defined(_WIN64)
    SYSTEMTIME st;
    ::GetSystemTime(&st);
@ -198,7 +198,7 @@ void ActivityLog(const char *mode, const bool sourceRf, const char* msg, ...)
    va_list vl;
    va_start(vl, msg);

-    ::vsprintf(buffer + ::strlen(buffer), msg, vl);
+    ::vsnprintf(buffer + ::strlen(buffer), 500, msg, vl);

    va_end(vl);

@ -274,7 +274,7 @@ void Log(uint32_t level, const char *module, const char* fmt, ...)
 {
    assert(fmt != NULL);

-    char buffer[300U];
+    char buffer[501U];
 #if defined(_WIN32) || defined(_WIN64)
    SYSTEMTIME st;
    ::GetSystemTime(&st);
@ -302,7 +302,7 @@ void Log(uint32_t level, const char *module, const char* fmt, ...)
    va_list vl;
    va_start(vl, fmt);

-    ::vsprintf(buffer + ::strlen(buffer), fmt, vl);
+    ::vsnprintf(buffer + ::strlen(buffer), 500, fmt, vl);

    va_end(vl);

--- a/network/BaseNetwork.cpp
+++ b/network/BaseNetwork.cpp
@ -32,7 +32,6 @@
 #include "edac/SHA256.h"
 #include "network/BaseNetwork.h"
 #include "Log.h"
-#include "StopWatch.h"
 #include "Utils.h"

 using namespace network;
@ -71,7 +70,8 @@ BaseNetwork::BaseNetwork(uint32_t localPort, uint32_t id, bool duplex, bool debu
    m_p25StreamId(0U),
    m_rxDMRData(4000U, "DMR Net Buffer"),
    m_rxP25Data(4000U, "P25 Net Buffer"),
-    m_audio()
+    m_audio(),
+    m_random()
 {
    assert(id > 1000U);

@ -79,12 +79,14 @@ BaseNetwork::BaseNetwork(uint32_t localPort, uint32_t id, bool duplex, bool debu
    m_salt = new uint8_t[sizeof(uint32_t)];
    m_streamId = new uint32_t[2U];

-    m_p25StreamId = 0U;
-    m_streamId[0U] = 0x00U;
-    m_streamId[1U] = 0x00U;
+    std::random_device rd;
+    std::mt19937 mt(rd());
+    m_random = mt;

-    StopWatch stopWatch;
-    ::srand((uint32_t)stopWatch.start());
+    std::uniform_int_distribution<uint32_t> dist(DVM_RAND_MIN, DVM_RAND_MAX);
+    m_p25StreamId = dist(m_random);
+    m_streamId[0U] = dist(m_random);
+    m_streamId[1U] = dist(m_random);
 }

 /// <summary>
@ -256,12 +258,13 @@ bool BaseNetwork::writeDMR(const dmr::data::Data& data)

    uint32_t slotIndex = slotNo - 1U;

+    std::uniform_int_distribution<uint32_t> dist(DVM_RAND_MIN, DVM_RAND_MAX);
    if (dataType == dmr::DT_VOICE_LC_HEADER) {
-        m_streamId[slotIndex] = ::rand() + 1U;
+        m_streamId[slotIndex] = dist(m_random);
    }

    if (dataType == dmr::DT_CSBK || dataType == dmr::DT_DATA_HEADER) {
-        m_streamId[slotIndex] = ::rand() + 1U;
+        m_streamId[slotIndex] = dist(m_random);
    }

    return writeDMR(m_id, m_streamId[slotIndex], data);
@ -279,8 +282,9 @@ bool BaseNetwork::writeP25LDU1(const p25::lc::LC& control, const p25::data::LowS
    if (m_status != NET_STAT_RUNNING && m_status != NET_STAT_MST_RUNNING)
        return false;

+    std::uniform_int_distribution<uint32_t> dist(DVM_RAND_MIN, DVM_RAND_MAX);
    if (m_p25StreamId == 0U)
-        m_p25StreamId = ::rand() + 1U;
+        m_p25StreamId = dist(m_random);

    m_streamId[0] = m_p25StreamId;

@ -299,8 +303,9 @@ bool BaseNetwork::writeP25LDU2(const p25::lc::LC& control, const p25::data::LowS
    if (m_status != NET_STAT_RUNNING && m_status != NET_STAT_MST_RUNNING)
        return false;

+    std::uniform_int_distribution<uint32_t> dist(DVM_RAND_MIN, DVM_RAND_MAX);
    if (m_p25StreamId == 0U)
-        m_p25StreamId = ::rand() + 1U;
+        m_p25StreamId = dist(m_random);

    m_streamId[0] = m_p25StreamId;

@ -318,8 +323,9 @@ bool BaseNetwork::writeP25TDU(const p25::lc::LC& control, const p25::data::LowSp
    if (m_status != NET_STAT_RUNNING && m_status != NET_STAT_MST_RUNNING)
        return false;

+    std::uniform_int_distribution<uint32_t> dist(DVM_RAND_MIN, DVM_RAND_MAX);
    if (m_p25StreamId == 0U)
-        m_p25StreamId = ::rand() + 1U;
+        m_p25StreamId = dist(m_random);

    m_streamId[0] = m_p25StreamId;

@ -337,8 +343,9 @@ bool BaseNetwork::writeP25TSDU(const p25::lc::TSBK& tsbk, const uint8_t* data)
    if (m_status != NET_STAT_RUNNING && m_status != NET_STAT_MST_RUNNING)
        return false;

+    std::uniform_int_distribution<uint32_t> dist(DVM_RAND_MIN, DVM_RAND_MAX);
    if (m_p25StreamId == 0U)
-        m_p25StreamId = ::rand() + 1U;
+        m_p25StreamId = dist(m_random);

    m_streamId[0] = m_p25StreamId;

@ -358,8 +365,9 @@ bool BaseNetwork::writeP25PDU(const uint32_t llId, const uint8_t dataType, const
    if (m_status != NET_STAT_RUNNING && m_status != NET_STAT_MST_RUNNING)
        return false;

+    std::uniform_int_distribution<uint32_t> dist(DVM_RAND_MIN, DVM_RAND_MAX);
    if (m_p25StreamId == 0U)
-        m_p25StreamId = ::rand() + 1U;
+        m_p25StreamId = dist(m_random);

    m_streamId[0] = m_p25StreamId;

@ -398,11 +406,12 @@ void BaseNetwork::resetDMR(uint32_t slotNo)
 {
    assert(slotNo == 1U || slotNo == 2U);

+    std::uniform_int_distribution<uint32_t> dist(DVM_RAND_MIN, DVM_RAND_MAX);
    if (slotNo == 1U) {
-        m_streamId[0U] = ::rand() + 1U;
+        m_streamId[0U] = dist(m_random);
    }
    else {
-        m_streamId[1U] = ::rand() + 1U;
+        m_streamId[1U] = dist(m_random);
    }

    m_rxDMRData.clear();
@ -413,7 +422,8 @@ void BaseNetwork::resetDMR(uint32_t slotNo)
 /// </summary>
 void BaseNetwork::resetP25()
 {
-    m_p25StreamId = ::rand() + 1U;
+    std::uniform_int_distribution<uint32_t> dist(DVM_RAND_MIN, DVM_RAND_MAX);
+    m_p25StreamId = dist(m_random);
    m_streamId[0] = m_p25StreamId;

    m_rxP25Data.clear();
--- a/network/BaseNetwork.h
+++ b/network/BaseNetwork.h
@ -46,10 +46,14 @@

 #include <string>
 #include <cstdint>
+#include <random>

 // ---------------------------------------------------------------------------
 //  Constants
 // ---------------------------------------------------------------------------
+#define DVM_RAND_MIN 0x00000001
+#define DVM_RAND_MAX 0xfffffffe
+
 #define TAG_DMR_DATA            "DMRD"
 #define TAG_P25_DATA            "P25D"

@ -239,6 +243,8 @@ namespace network

        p25::Audio m_audio;

+        std::mt19937 m_random;
+
        /// <summary>Writes DMR frame data to the network.</summary>
        bool writeDMR(const uint32_t id, const uint32_t streamId, const dmr::data::Data& data);
        /// <summary>Writes P25 LDU1 frame data to the network.</summary>