Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refactor code to remove security leak functions #677

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Refactor code to remove security leak functions #677

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions Adjust/ADJAdditions/NSString+ADJAdditions.m
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,11 +59,12 @@ - (NSString *)adjUrlDecode {

- (NSString *)adjSha256 {
const char* str = [self UTF8String];
NSUInteger length = [self lengthOfBytesUsingEncoding:NSUTF8StringEncoding];
unsigned char result[CC_SHA256_DIGEST_LENGTH];
CC_SHA256(str, (CC_LONG)strlen(str), result);
CC_SHA256(str, (CC_LONG)length, result);
NSMutableString *ret = [NSMutableString stringWithCapacity:CC_SHA256_DIGEST_LENGTH * 2];
for (int i = 0; i<CC_SHA256_DIGEST_LENGTH; i++) {
[ret appendFormat:@"%02x",result[i]];
for (int i = 0; i < CC_SHA256_DIGEST_LENGTH; i++) {
[ret appendFormat:@"%02x", result[i]];
}
return ret;
}
Expand Down
19 changes: 16 additions & 3 deletions Adjust/ADJPackageBuilder.m
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -365,9 +365,22 @@ - (void)signWithSigV2Plugin:(ADJActivityPackage *)activityPackage {
const char *sdkVersionChar = [activityPackage.clientSdk UTF8String];

// Stack allocated strings to ensure their lifetime stays until the next iteration
static char activityKind[64], sdkVersion[64];
strncpy(activityKind, activityKindChar, strlen(activityKindChar) + 1);
strncpy(sdkVersion, sdkVersionChar, strlen(sdkVersionChar) + 1);
static char activityKind[64] = {0};
static char sdkVersion[64] = {0};

size_t activityKindCharLength = 0;
while (activityKindChar[activityKindCharLength] != '\0' && activityKindCharLength < sizeof(activityKind) - 1) {
activityKind[activityKindCharLength] = activityKindChar[activityKindCharLength];
activityKindCharLength++;
}
activityKind[activityKindCharLength] = '\0';

size_t sdkVersionCharLength = 0;
while (sdkVersionChar[sdkVersionCharLength] != '\0' && sdkVersionCharLength < sizeof(sdkVersion) - 1) {
sdkVersion[sdkVersionCharLength] = sdkVersionChar[sdkVersionCharLength];
sdkVersionCharLength++;
}
sdkVersion[sdkVersionCharLength] = '\0';

// NSInvocation setArgument requires lvalue references with exact matching types to the executed function signature.
// With this usage we ensure that the lifetime of the object remains until the next iteration, as it points to the
Expand Down