Apps

Contains a subseries – The Daily WTF

10 months ago
Apps
No Comments

One of the advantages of open source software is that it means large companies can and will patch it for their needs. Which means we can see what a certain major electronics vendor has done with a video player app.

For example, they had to see if the URL pointed to a stream protected by WideVine, Vudu, or Netflix. I can do this by checking if the filename contains a specific substring. Let’s see how they did it…

int get_special_protocol_type(char *filename, char *name)
{
	int type = 0;
	int fWidevine = 0;
	int j;
    	char proto_str[2800] = '\0', ;
      	if (!strcmp("http", name))
       {
		strcpy(proto_str, filename);
		for(j=0;proto_str[j] != '\0';j++)
		
			if(proto_str[j] == '=')
			
				j++;
				if(proto_str[j] == 'W')
				
					j++;
					if(proto_str[j] == 'V')
					
						type = Widevine_PROTOCOL;
					
				
			
		
		if (type == 0)
		{
			for(j=0;proto_str[j] != '\0';j++)
			{
				if(proto_str[j] == '=')
				{
					j++;
					if(proto_str[j] == 'V')
					
						j++;
						if(proto_str[j] == 'U')
						
							j++;
							if(proto_str[j] == 'D')
							
								j++;
								if(proto_str[j] == 'U')
								
									type = VUDU_PROTOCOL;
								
							
						
					
				}
			}
		}
 		if (type == 0)
      		{
			for(j=0;proto_str[j] != '\0';j++)
			{
				if(proto_str[j] == '=')
				{
					j++;
					if(proto_str[j] == 'N')
					
						j++;
						if(proto_str[j] == 'F')
						
							j++;
							if(proto_str[j] == 'L')
							
								j++;
								if(proto_str[j] == 'X')
								
									type = Netflix_PROTOCOL;
								
							
						
					
				}
			}
		}
      	}
	return type;
}

To begin with, there has been a lot of discussion lately about the importance of memory-safe languages. I’d say that’s not really the case in C/C++ heavy for writing memory safe code, it’s very simple easy no yes. And this is an example – everything here is a buffer overflow waiting to happen. The basic problem is that we are passing clean guidelines char, and relying on strings being properly null-terminated. So we use the old, unsafe array functions to never check the bounds proto_str to make sure we didn’t run off the edge. Malicious input could easily escape from the end of the string.

But also, let’s talk about that string comparison. They don’t even just go through a couple of strings character by character, they use this bizarre set of nested ones ifss incrementing loop variables. Given that they use strcmpI think we can safely assume that the C standard library exists for their purpose, which means strnstr he was right there.

It is also worth noting that since this is a read-only operation, strcpy is not necessary, although we are in a difficult position since they are passing a pointer to char and not including the size, which brings us back to the whole “unsafe string operations” problem.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Apps

Small Partition – The Daily WTF

9 months ago
Apps
Apps

Email theme in PrestaShop using the module

9 months ago
Apps
Apps

Odoo AI Engine Using LLM (Ollama) User Manual

9 months ago
Apps
Apps

CodeSOD: Top Level Validator

9 months ago
Apps