From 3bb513282d80c341411d69bf9319552a55259266 Mon Sep 17 00:00:00 2001 From: Steffen Vogel Date: Wed, 23 Nov 2022 10:02:51 +0100 Subject: [PATCH] ngsi: fix use after free in heap --- lib/nodes/ngsi.cpp | 4 ++-- lib/socket_addr.cpp | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/nodes/ngsi.cpp b/lib/nodes/ngsi.cpp index 951ff3c04..5c03be593 100644 --- a/lib/nodes/ngsi.cpp +++ b/lib/nodes/ngsi.cpp @@ -518,7 +518,7 @@ int ngsi_request_context_query(CURL *handle, const char *endpoint, json_t *json_ char *reason; json_t *json_response; - json_t *json_request = json_pack("{ s: [ o ] }", "entities", json_entity); + json_t *json_request = json_pack("{ s: [ O ] }", "entities", json_entity); ret = ngsi_request(handle, endpoint, "queryContext", json_request, &json_response, logger); if (ret) { @@ -543,7 +543,7 @@ int ngsi_request_context_update(CURL *handle, const char *endpoint, const char * char *reason; json_t *json_response; - json_t *json_request = json_pack("{ s: s, s: [ o ] }", + json_t *json_request = json_pack("{ s: s, s: [ O ] }", "updateAction", action, "contextElements", json_entity ); diff --git a/lib/socket_addr.cpp b/lib/socket_addr.cpp index bc26398a2..0b18425b3 100644 --- a/lib/socket_addr.cpp +++ b/lib/socket_addr.cpp @@ -25,7 +25,7 @@ using namespace villas::utils; char * villas::node::socket_print_addr(struct sockaddr *saddr) { union sockaddr_union *sa = (union sockaddr_union *) saddr; - char *buf = new char[256]; + auto *buf = reinterpret_cast(::malloc(256)); if (!buf) throw MemoryAllocationError();