From d5fd3f996e22f90b6ea1b5533be09388fb4a4a8c Mon Sep 17 00:00:00 2001 From: wmayer Date: Thu, 24 Mar 2022 11:43:39 +0100 Subject: [PATCH] Base: make Parameter class less vulnerable for invalid user config files --- src/Base/Parameter.cpp | 37 ++++++++++++++++++++++--------------- src/Base/Parameter.h | 3 +++ 2 files changed, 25 insertions(+), 15 deletions(-) diff --git a/src/Base/Parameter.cpp b/src/Base/Parameter.cpp index 7db2965627..c5e9eb9221 100644 --- a/src/Base/Parameter.cpp +++ b/src/Base/Parameter.cpp @@ -371,7 +371,6 @@ std::vector > ParameterGrp::GetGroups(void) std::string Name; DOMElement *pcTemp = FindElement(_pGroupNode,"FCParamGroup"); - while (pcTemp) { Name = StrX(pcTemp->getAttributes()->getNamedItem(XStr("Name").unicodeForm())->getNodeValue()).c_str(); // already created? @@ -440,7 +439,7 @@ std::vector ParameterGrp::GetBools(const char * sFilter) const DOMElement *pcTemp = FindElement(_pGroupNode,"FCBool"); while ( pcTemp) { - Name = StrX(pcTemp->getAttributes()->getNamedItem(XStr("Name").unicodeForm())->getNodeValue()).c_str(); + Name = StrX(pcTemp->getAttribute(XStr("Name").unicodeForm())).c_str(); // check on filter condition if (sFilter == nullptr || Name.find(sFilter)!= std::string::npos) { if (strcmp(StrX(pcTemp->getAttribute(XStr("Value").unicodeForm())).c_str(),"1")) @@ -461,7 +460,7 @@ std::vector > ParameterGrp::GetBoolMap(const char * DOMElement *pcTemp = FindElement(_pGroupNode,"FCBool"); while ( pcTemp) { - Name = StrX(pcTemp->getAttributes()->getNamedItem(XStr("Name").unicodeForm())->getNodeValue()).c_str(); + Name = StrX(pcTemp->getAttribute(XStr("Name").unicodeForm())).c_str(); // check on filter condition if (sFilter == nullptr || Name.find(sFilter)!= std::string::npos) { if (strcmp(StrX(pcTemp->getAttribute(XStr("Value").unicodeForm())).c_str(),"1")) @@ -506,7 +505,7 @@ std::vector ParameterGrp::GetInts(const char * sFilter) const DOMElement *pcTemp = FindElement(_pGroupNode,"FCInt") ; while ( pcTemp ) { - Name = StrX(pcTemp->getAttributes()->getNamedItem(XStr("Name").unicodeForm())->getNodeValue()).c_str(); + Name = StrX(pcTemp->getAttribute(XStr("Name").unicodeForm())).c_str(); // check on filter condition if (sFilter == nullptr || Name.find(sFilter)!= std::string::npos) { vrValues.push_back(atol(StrX(pcTemp->getAttribute(XStr("Value").unicodeForm())).c_str()) ); @@ -524,7 +523,7 @@ std::vector > ParameterGrp::GetIntMap(const char * s DOMElement *pcTemp = FindElement(_pGroupNode,"FCInt") ; while ( pcTemp ) { - Name = StrX(pcTemp->getAttributes()->getNamedItem(XStr("Name").unicodeForm())->getNodeValue()).c_str(); + Name = StrX(pcTemp->getAttribute(XStr("Name").unicodeForm())).c_str(); // check on filter condition if (sFilter == nullptr || Name.find(sFilter)!= std::string::npos) { vrValues.emplace_back(Name, @@ -567,7 +566,7 @@ std::vector ParameterGrp::GetUnsigneds(const char * sFilter) cons DOMElement *pcTemp = FindElement(_pGroupNode,"FCUInt"); while ( pcTemp ) { - Name = StrX(pcTemp->getAttributes()->getNamedItem(XStr("Name").unicodeForm())->getNodeValue()).c_str(); + Name = StrX(pcTemp->getAttribute(XStr("Name").unicodeForm())).c_str(); // check on filter condition if (sFilter == nullptr || Name.find(sFilter)!= std::string::npos) { vrValues.push_back( strtoul (StrX(pcTemp->getAttribute(XStr("Value").unicodeForm())).c_str(),nullptr,10) ); @@ -585,7 +584,7 @@ std::vector > ParameterGrp::GetUnsignedMap( DOMElement *pcTemp = FindElement(_pGroupNode,"FCUInt"); while ( pcTemp ) { - Name = StrX(pcTemp->getAttributes()->getNamedItem(XStr("Name").unicodeForm())->getNodeValue()).c_str(); + Name = StrX(pcTemp->getAttribute(XStr("Name").unicodeForm())).c_str(); // check on filter condition if (sFilter == nullptr || Name.find(sFilter)!= std::string::npos) { vrValues.emplace_back(Name, @@ -628,7 +627,7 @@ std::vector ParameterGrp::GetFloats(const char * sFilter) const DOMElement *pcTemp = FindElement(_pGroupNode,"FCFloat") ; while ( pcTemp ) { - Name = StrX(pcTemp->getAttributes()->getNamedItem(XStr("Name").unicodeForm())->getNodeValue()).c_str(); + Name = StrX(pcTemp->getAttribute(XStr("Name").unicodeForm())).c_str(); // check on filter condition if (sFilter == nullptr || Name.find(sFilter)!= std::string::npos) { vrValues.push_back( atof (StrX(pcTemp->getAttribute(XStr("Value").unicodeForm())).c_str()) ); @@ -646,7 +645,7 @@ std::vector > ParameterGrp::GetFloatMap(const char DOMElement *pcTemp = FindElement(_pGroupNode,"FCFloat") ; while ( pcTemp ) { - Name = StrX(pcTemp->getAttributes()->getNamedItem(XStr("Name").unicodeForm())->getNodeValue()).c_str(); + Name = StrX(pcTemp->getAttribute(XStr("Name").unicodeForm())).c_str(); // check on filter condition if (sFilter == nullptr || Name.find(sFilter)!= std::string::npos) { vrValues.emplace_back(Name, @@ -658,8 +657,6 @@ std::vector > ParameterGrp::GetFloatMap(const char return vrValues; } - - void ParameterGrp::SetBlob(const char* /*Name*/, void* /*pValue*/, long /*lLength*/) { // not implemented so far @@ -718,7 +715,7 @@ std::vector ParameterGrp::GetASCIIs(const char * sFilter) const DOMElement *pcTemp = FindElement(_pGroupNode,"FCText"); while ( pcTemp ) { - Name = StrXUTF8(pcTemp->getAttributes()->getNamedItem(XStr("Name").unicodeForm())->getNodeValue()).c_str(); + Name = StrXUTF8(pcTemp->getAttribute(XStr("Name").unicodeForm())).c_str(); // check on filter condition if (sFilter == nullptr || Name.find(sFilter)!= std::string::npos) { // retrieve the text element @@ -741,7 +738,7 @@ std::vector > ParameterGrp::GetASCIIMap(const DOMElement *pcTemp = FindElement(_pGroupNode,"FCText"); while ( pcTemp) { - Name = StrXUTF8(pcTemp->getAttributes()->getNamedItem(XStr("Name").unicodeForm())->getNodeValue()).c_str(); + Name = StrXUTF8(pcTemp->getAttribute(XStr("Name").unicodeForm())).c_str(); // check on filter condition if (sFilter == nullptr || Name.find(sFilter)!= std::string::npos) { // retrieve the text element @@ -950,7 +947,7 @@ bool ParameterGrp::ShouldRemove() const { if (this->getRefCount() > 1) return false; - for (auto it : _GroupMap) { + for (const auto& it : _GroupMap) { bool ok = it.second->ShouldRemove(); if (!ok) return false; @@ -971,7 +968,8 @@ XERCES_CPP_NAMESPACE_QUALIFIER DOMElement *ParameterGrp::FindElement(XERCES_CPP_ if (!strcmp(Type,StrX(clChild->getNodeName()).c_str())) { if (clChild->getAttributes()->getLength() > 0) { if (Name) { - if (!strcmp(Name,StrX(clChild->getAttributes()->getNamedItem(XStr("Name").unicodeForm())->getNodeValue()).c_str())) + DOMNode* attr = FindAttribute(clChild, "Name"); + if (attr && !strcmp(Name,StrX(attr->getNodeValue()).c_str())) return static_cast(clChild); } else @@ -1023,6 +1021,15 @@ XERCES_CPP_NAMESPACE_QUALIFIER DOMElement *ParameterGrp::FindOrCreateElement(XER return pcElem; } +XERCES_CPP_NAMESPACE_QUALIFIER DOMNode *ParameterGrp::FindAttribute(XERCES_CPP_NAMESPACE_QUALIFIER DOMNode *Node, const char* Name) const +{ + DOMNamedNodeMap* attr = Node->getAttributes(); + if (attr) { + return attr->getNamedItem(XStr(Name).unicodeForm()); + } + return nullptr; +} + void ParameterGrp::NotifyAll() { // get all ints and notify diff --git a/src/Base/Parameter.h b/src/Base/Parameter.h index 0cbad8c344..62a84d2f2a 100644 --- a/src/Base/Parameter.h +++ b/src/Base/Parameter.h @@ -252,6 +252,9 @@ protected: */ XERCES_CPP_NAMESPACE_QUALIFIER DOMElement *FindOrCreateElement(XERCES_CPP_NAMESPACE_QUALIFIER DOMElement *Start, const char* Type, const char* Name) const; + /** Find an attribute specified by Name + */ + XERCES_CPP_NAMESPACE_QUALIFIER DOMNode *FindAttribute(XERCES_CPP_NAMESPACE_QUALIFIER DOMNode *Node, const char* Name) const; /// DOM Node of the Base node of this group XERCES_CPP_NAMESPACE_QUALIFIER DOMElement *_pGroupNode;