From b40c061ccfe1eb1f0374a10340bf4b471a68a36f Mon Sep 17 00:00:00 2001 From: Francesco Date: Tue, 6 Jan 2026 18:21:54 +0100 Subject: [PATCH] refactor(methods): improve security --- src/methods.c | 24 +++++++++++++++++++----- src/tgbot.c | 1 + 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/src/methods.c b/src/methods.c index 2217dfb..068149f 100644 --- a/src/methods.c +++ b/src/methods.c @@ -1,14 +1,23 @@ #include +#include +#include #include +#include "common.h" #include "json.h" +#include "json_object.h" #include "methods.h" -static size_t write_callback(void *ptr, size_t size, size_t nmemb, char **userdata) { +static size_t write_callback(void *ptr, size_t size, size_t nmemb, char *userdata) { size_t real_size = size * nmemb; struct memory_buffer *mem = (struct memory_buffer *)userdata; - mem->data = realloc(mem->data, mem->size + real_size + 1); + char *tmp = realloc(mem->data, mem->size + real_size + 1); + if (!tmp) { + return 0; + } + mem->data = tmp; + memcpy(&(mem->data[mem->size]), ptr, real_size); mem->size += real_size; mem->data[mem->size] = '\0'; @@ -17,6 +26,8 @@ static size_t write_callback(void *ptr, size_t size, size_t nmemb, char **userda } static size_t discard_callback(char *ptr, size_t size, size_t nmemb, void *userdata) { + (void)userdata; + (void)ptr; return size * nmemb; } @@ -40,8 +51,10 @@ tgbot_rc tgbot_get_update(tgbot_s *bot, tgbot_update_s *update, Callback cbq_han tgbot_rc ret = tgbot_request(url, &mb, rjson); json_object_put(rjson); if (ret != TGBOT_OK) { - free(mb->data); - free(mb); + if (mb) { + free(mb->data); + free(mb); + } return TGBOT_GETUPDATES_ERROR; } @@ -125,7 +138,7 @@ tgbot_rc tgbot_parse_message(tgbot_s *bot, tgbot_update_s *update, json_object * json_object *text = json_object_object_get(message, "text"); if (text) { - strncpy(update->text, json_object_get_string(text), sizeof(update->text) - 1); + snprintf(update->text, sizeof(update->text), "%s", json_object_get_string(text)); } return TGBOT_OK; @@ -216,6 +229,7 @@ tgbot_rc tgbot_request(const char *url, struct memory_buffer **mb, json_object * curl_slist_free_all(headers); if (res != CURLE_OK) { + curl_easy_cleanup(curl); if (mb != NULL && *mb) { free((*mb)->data); free(*mb); diff --git a/src/tgbot.c b/src/tgbot.c index 28595a8..8bdaab4 100644 --- a/src/tgbot.c +++ b/src/tgbot.c @@ -2,6 +2,7 @@ #include #include #include +#include #include "tgbot.h"