From 8423d2407237598ad640e9a87f00ab414e1d17a4 Mon Sep 17 00:00:00 2001 From: vms Date: Wed, 21 Aug 2019 14:28:50 +0200 Subject: [PATCH] add some hardering --- backend-c/src/main.c | 22 ++++++++++++++++++---- backend-c/src/model.c | 9 +++++++++ 2 files changed, 27 insertions(+), 4 deletions(-) diff --git a/backend-c/src/main.c b/backend-c/src/main.c index 331009c..2eb9464 100644 --- a/backend-c/src/main.c +++ b/backend-c/src/main.c @@ -12,7 +12,15 @@ const char *fetch_posts_request(const json_t *json); bool isInited = 0; -const char *invoke(char *str, int length) { +/** + * Executes given request and returns result in as a pointer to the following structure: + * | result size (4 bytes, le)| result (size bytes) |. + * + * @param request a pointer to the supplied request in JSON format + * @param request_size a size of the supplied sql request + * @return a pointer to the struct contains result_size and result + */ + const char *invoke(char *request, int request_size) { // initialize SQLite by creating schema if(0 == isInited) { create_scheme(); @@ -23,7 +31,7 @@ const char *invoke(char *str, int length) { const unsigned int pool_size = sizeof pool / sizeof *pool; // try to parse json and extract action field - const json_t *json = json_create(str, pool, pool_size); + const json_t *json = json_create(request, pool, pool_size); if(!json) { const char error[] = "Mailformed json given"; return prepare_response(error, sizeof error); @@ -49,8 +57,11 @@ const char *invoke(char *str, int length) { } else if(0 == strcmp(action, "Fetch")) { result = fetch_posts_request(json); } else { - // no suitable action given - char *error = (char *)malloc(1024); + // no suitable action is given + char *error = malloc(1024); + if(0 == error) { + return 0; + } const int error_size = snprintf(error, 1024, "%s given as the action field, but only `Post` and `Fetch` are supported", action); result = prepare_response(error, error_size); free(error); @@ -139,6 +150,9 @@ const char *fetch_posts_request(const json_t *json) { const int result_len = strlen(result) + 100; char *result_out = malloc(result_len); + if(0 == result_out) { + return 0; + } const int result_out_len = snprintf(result_out, result_len, "{ posts: \"%s\" }", result); diff --git a/backend-c/src/model.c b/backend-c/src/model.c index cfcea26..6308be0 100644 --- a/backend-c/src/model.c +++ b/backend-c/src/model.c @@ -17,6 +17,9 @@ char *add_post(const char *username, int username_length, const char *message, i // at now wasm-ld has 1024 bytes for stack permission by default - that why dynamic allocation here const int request_size = username_length + message_length + 50; char *add_sql = (char *)malloc(request_size); + if(0 == add_sql) { + return 0; + } const int add_sql_length = snprintf(add_sql, request_size, "INSERT INTO messages VALUES(\"%s\", \"%s\")", message, username); if(add_sql_length < 0) { @@ -29,6 +32,9 @@ char *add_post(const char *username, int username_length, const char *message, i char *get_all_posts(int offset, int count) { // at now wasm-ld has 1024 bytes for stack permission by default - that why dynamic allocation here char *get_sql = (char *)malloc(256); + if(0 == get_sql) { + return 0; + } const int get_sql_length = snprintf(get_sql, 256, "SELECT json_group_array(" @@ -47,6 +53,9 @@ char *get_posts_by_username(const char *username, int username_length, int offse // at now wasm-ld has 1024 bytes for stack permission by default - that why dynamic allocation here const int request_size = username_length + 300; char *get_sql = (char *)malloc(request_size); + if(0 == get_sql) { + return 0; + } const int add_sql_length = snprintf(get_sql, request_size, "SELECT json_group_array("