Fix use after free in DRMProcessorClientImpl::sendHTTPRequest()

Update version
Support HTTP error codes != 200 (exception) and cookies in drmprocessorclientimpl
2024-01-24 19:13:22 +01:00 · 2024-01-16 11:09:31 +01:00 · 2024-01-06 09:25:11 +01:00 · 2024-01-06 09:23:03 +01:00 · 2024-01-06 09:22:11 +01:00
6 changed files with 49 additions and 28 deletions
--- a/include/libgourou.h
+++ b/include/libgourou.h
@@ -37,7 +37,7 @@
 #define ACS_SERVER              "http://adeactivate.adobe.com/adept"
 #endif
-#define LIBGOUROU_VERSION       "0.8.3"
+#define LIBGOUROU_VERSION       "0.8.5"
 namespace gourou
 {
--- a/include/libgourou_common.h
+++ b/include/libgourou_common.h
@@ -120,6 +120,7 @@ namespace gourou
 	CLIENT_OSSL_ERROR,
 	CLIENT_CRYPT_ERROR,
 	CLIENT_DIGEST_ERROR,
 	CLIENT_HTTP_ERROR
    };
    enum DRM_REMOVAL_ERROR {
--- a/src/libgourou.cpp
+++ b/src/libgourou.cpp
@@ -398,31 +398,7 @@ namespace gourou
 	    }
 	}
-	doOperatorAuth(operatorURL);
+	doOperatorAuth(operatorURL);	
 	// Add new operatorURL to list
 	pugi::xml_document activationDoc;
 	user->readActivation(activationDoc);
 	pugi::xml_node root;
 	pugi::xpath_node xpathRes = activationDoc.select_node("//adept:operatorURLList");
 	// Create adept:operatorURLList if it doesn't exists
 	if (!xpathRes)
 	{
 	    xpathRes = activationDoc.select_node("/activationInfo");
 	    root = xpathRes.node();
 	    root = root.append_child("adept:operatorURLList");
 	    root.append_attribute("xmlns:adept") = ADOBE_ADEPT_NS;
 	    appendTextElem(root, "adept:user",       user->getUUID());
 	}
 	else
 	    root = xpathRes.node();
 	appendTextElem(root, "adept:operatorURL", operatorURL);
 	user->updateActivationFile(activationDoc);
    }
    void DRMProcessor::buildFulfillRequest(pugi::xml_document& acsmDoc, pugi::xml_document& fulfillReq)
@@ -492,6 +468,24 @@ namespace gourou
 	appendTextElem(root, "adept:licenseURL", licenseURL);
 	appendTextElem(root, "adept:certificate", certificate);
 	// Add new operatorURL to list
 	xpathRes = activationDoc.select_node("//adept:operatorURLList");
 	// Create adept:operatorURLList if it doesn't exists
 	if (!xpathRes)
 	{
 	    xpathRes = activationDoc.select_node("/activationInfo");
 	    root = xpathRes.node();
 	    root = root.append_child("adept:operatorURLList");
 	    root.append_attribute("xmlns:adept") = ADOBE_ADEPT_NS;
 	    appendTextElem(root, "adept:user",       user->getUUID());
 	}
 	else
 	    root = xpathRes.node();
 	appendTextElem(root, "adept:operatorURL", operatorURL);
 	user->updateActivationFile(activationDoc);
    }
--- a/utils/adept_loan_mgt.cpp
+++ b/utils/adept_loan_mgt.cpp
@@ -183,8 +183,13 @@ private:
 	    loan->bookName = node.first_child().value();
 	    struct tm tm;
 #ifdef __ANDROID__
 	    res = strptime(loan->validity.c_str(), "%Y-%m-%dT%H:%M:%S%z", &tm);
 #else
 	    res = strptime(loan->validity.c_str(), "%Y-%m-%dT%H:%M:%S%Z", &tm);
-	    if (*res == 0)
+#endif
 	    if (res != NULL && *res == 0)
 	    {
 		if (mktime(&tm) <= time(NULL))
 		    loan->validity = "     (Expired)";
--- a/utils/drmprocessorclientimpl.cpp
+++ b/utils/drmprocessorclientimpl.cpp
@@ -30,6 +30,7 @@
 #include <algorithm> 
 #include <cctype>
 #include <locale>
 #include <stdlib.h>
 #define OPENSSL_NO_DEPRECATED 1
@@ -60,6 +61,14 @@ DRMProcessorClientImpl::DRMProcessorClientImpl():
    if (!deflt)
 	EXCEPTION(gourou::CLIENT_OSSL_ERROR, "Error, OpenSSL default provider not available");
 #endif
 #ifdef WIN32
    strcpy(cookiejar, "C:\\temp\\libgourou_cookie_jar_XXXXXX");
 #else
    strcpy(cookiejar, "/tmp/libgourou_cookie_jar_XXXXXX");
 #endif
    mkstemp(cookiejar);
 }
 DRMProcessorClientImpl::~DRMProcessorClientImpl()
@@ -71,6 +80,8 @@ DRMProcessorClientImpl::~DRMProcessorClientImpl()
    if (deflt)
 	OSSL_PROVIDER_unload(deflt);
 #endif
    unlink(cookiejar);
 }
 /* Digest interface */
@@ -227,6 +238,7 @@ std::string DRMProcessorClientImpl::sendHTTPRequest(const std::string& URL, cons
    }
    curl_easy_setopt(curl, CURLOPT_HTTPHEADER, list);
    curl_easy_setopt(curl, CURLOPT_COOKIEJAR, cookiejar);
    if (POSTData.size())
    {
@@ -286,11 +298,18 @@ std::string DRMProcessorClientImpl::sendHTTPRequest(const std::string& URL, cons
    }
    curl_slist_free_all(list);
    long http_code = 400;
    curl_easy_getinfo (curl, CURLINFO_RESPONSE_CODE, &http_code);
    curl_easy_cleanup(curl);
    if (res != CURLE_OK)
 	EXCEPTION(gourou::CLIENT_NETWORK_ERROR, "Error " << curl_easy_strerror(res));
-    
+
    if (http_code >= 400)
 	EXCEPTION(gourou::CLIENT_HTTP_ERROR, "HTTP Error code " << http_code);
    if ((downloadedBytes >= DISPLAY_THRESHOLD || replyData.size() >= DISPLAY_THRESHOLD) &&
 	gourou::logLevel >= gourou::LG_LOG_WARN)
 	std::cout << std::endl;
--- a/utils/drmprocessorclientimpl.h
+++ b/utils/drmprocessorclientimpl.h
@@ -136,6 +136,8 @@ private:
 #else
    void *legacy, *deflt;
 #endif
    char cookiejar[64];
 };
 #endif
Author	SHA1	Message	Date
Grégory Soutadé	68bf982b6f	Fix use after free in DRMProcessorClientImpl::sendHTTPRequest()	2024-01-24 19:13:22 +01:00
Grégory Soutadé	ef8c2644ca	Update version	2024-01-16 11:09:31 +01:00
Grégory Soutadé	e05639c09d	Support HTTP error codes != 200 (exception) and cookies in drmprocessorclientimpl	2024-01-06 09:25:11 +01:00
Grégory Soutadé	69865e005b	Register operatorURL only when certificate from operator is fetched	2024-01-06 09:23:03 +01:00
Grégory Soutadé	fd38e84da6	Fix for Android for adept_loan_mgt.cpp (strptime format)	2024-01-06 09:22:11 +01:00