GOSTSec/sgminer
1
0
Fork 0
mirror of https://github.com/GOSTSec/sgminer synced 2025-01-10 23:08:07 +00:00
Code Issues Releases Wiki Activity

stratum: parse_reconnect(): treat pool-sent URL as untrusted.

Browse Source 
Thanks to Mick Ayzenberg <mick@dejavusecurity.com> for reminding
that this existed and highlighting the offender.

Also to Luke-jr for actually fixing this in bfgminer. :D
This commit is contained in:
Noel Maersk 2014-06-05 21:45:01 +03:00
parent 91d29ea972
commit cab6e28b12
1 changed files with 5 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
util.c
View File

@ -1682,15 +1682,14 @@ static void __suspend_stratum(struct pool *pool)
static bool parse_reconnect(struct pool *pool, json_t *val) static bool parse_reconnect(struct pool *pool, json_t *val)
{ {
char *sockaddr_url, *stratum_port, *tmp;
char *url, *port, address[256];
if (opt_disable_client_reconnect) { if (opt_disable_client_reconnect) {
applog(LOG_WARNING, "Stratum client.reconnect forbidden, aborting."); applog(LOG_WARNING, "Stratum client.reconnect received but is disabled, not reconnecting.");
return false; return false;
} }
memset(address, 0, 255); char *url, *port, address[256];
char *sockaddr_url, *stratum_port, *tmp; /* Tempvars. */
url = (char *)json_string_value(json_array_get(val, 0)); url = (char *)json_string_value(json_array_get(val, 0));
if (!url) if (!url)
url = pool->sockaddr_url; url = pool->sockaddr_url;
@ -1699,8 +1698,7 @@ static bool parse_reconnect(struct pool *pool, json_t *val)
if (!port) if (!port)
port = pool->stratum_port; port = pool->stratum_port;
sprintf(address, "%s:%s", url, port); snprintf(address, sizeof(address), "%s:%s", url, port);
if (!extract_sockaddr(address, &sockaddr_url, &stratum_port)) if (!extract_sockaddr(address, &sockaddr_url, &stratum_port))
return false; return false;