Fixed critical bug in Depot packing function

DecoderCoder · DecoderCoder · commit b1a4f68e6f6c · 2024-06-11T05:31:31.000+02:00
There was the bug that cause Heap corruption because of wrong DepotSize calculation (encrypted file size mismatch with original file)
diff --git a/Manager/UpdateManager/UpdateManager.cpp b/Manager/UpdateManager/UpdateManager.cpp
@@ -1,5 +1,4 @@
 #include "UpdateManager.h"
-
 #include "Utils/httplib/httplib.h"
 
 std::map<Host*, std::future<void>> fGetAccessGroups;
@@ -199,7 +198,7 @@ UpdateManager::Host::AddAppResponse UpdateManager::Host::AddApp(string name, str
 		else
 			res = cli.Get("/pipeline/v2/update/app/add/" + name + "/" + accessGroupValue, headers);
 		reader.parse(res->body, root);
-		if (!root.isMember("status")) {
+		if (root.isMember("status")) {
 			string status = root["status"].asString();
 			if (status == "has_deleted") {
 				return Host::AddAppResponse::HasDeleted;
@@ -539,6 +538,7 @@ void UpdateManager::Build::RemoveDepot(string name, bool onServer)
 
 void UpdateManager::BuildDepot::UploadDepot()
 {
+
 	httplib::Client cli("https://" + this->Build->App->Host->Uri);
 	string auth = this->Build->App->Host->Login + ":" + this->Build->App->Host->Password;
 	httplib::Headers headers = {
@@ -553,11 +553,16 @@ void UpdateManager::BuildDepot::UploadDepot()
 	else {
 		Log("Depot " + dye::light_blue(this->Name) + " wasn't upload, error: " + dye::red(to_string(res.error())));
 	}
+
 }
 
 void UpdateManager::BuildDepot::DownloadDepot(std::function<bool(uint64_t current, uint64_t total)> callback)
 {
 	Log("Downloading file " + this->Name);
+	if (this->Url == "") {
+		this->Downloaded = true;
+		return;
+	}
 
 	httplib::Client cli("https://" + this->Build->App->Host->Uri);
 	httplib::Result res;
@@ -888,8 +893,12 @@ bool UpdateManager::BuildDepot::PackDepot()
 		loadedFiles.insert(loadedFiles.begin(), make_pair(jsonF, json.size()));
 		fileShas.insert(fileShas.begin(), headerSha);
 
+		allSize = 0;
+
 		for (int i = 0; i < loadedFiles.size(); i++) {
+			allSize += 4;
 			string encrypted = EncryptAES(string(loadedFiles[i].first, loadedFiles[i].second), this->Key.Value, GetIV(fileShas[i], this->Key.Name));
+			allSize += encrypted.size();
 			free(loadedFiles[i].first);
 			loadedFiles[i].second = encrypted.size();
 			loadedFiles[i].first = (char*)malloc(loadedFiles[i].second);
@@ -899,6 +908,7 @@ bool UpdateManager::BuildDepot::PackDepot()
 	}
 	}
 
+
 	string jsonString = mainJson.toStyledString();
 	free(this->Depot);
 	this->DepotSize = 8 + jsonString.size() + allSize;
@@ -925,7 +935,8 @@ bool UpdateManager::BuildDepot::PackDepot()
 		offset += sizeof(unsigned int);
 		memcpy(this->Depot + offset, loadedFiles[i].first, loadedFiles[i].second);
 		offset += loadedFiles[i].second;
-		//free(loadedFiles[i].first);
+		free(loadedFiles[i].first);
+		loadedFiles[i].first = nullptr;
 	}
 
 	WriteToFile(this->FullPath, this->Depot, this->DepotSize);
diff --git a/Manager/UpdateManager/Utils/Encryption.h b/Manager/UpdateManager/Utils/Encryption.h
@@ -5,7 +5,6 @@
 #include "openssl/engine.h"
 #include "Base64.hpp"
 
-
 static string GetIV(string sha, string keyName) {
 	unsigned char out_key[32];
 	memset(out_key, 0, sizeof(out_key));
@@ -20,32 +19,34 @@ static string DecryptAES(string cipherText, string keyValue, string IV) {
 	// GetIV
 	// E8 ? ? ? ? 48 8B 76 18 
 	int actual_size = 0, final_size = 0;
-	EVP_CIPHER_CTX* d_ctx = EVP_CIPHER_CTX_new();
+	EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new();
 	string keyIn = base64::from_base64(keyValue);
 
 	unsigned char* out = (unsigned char*)malloc(cipherText.size());
 	memset(out, 0, cipherText.size());
-	EVP_DecryptInit(d_ctx, EVP_aes_128_gcm(), 0, 0);
-	EVP_CIPHER_CTX_ctrl(d_ctx, EVP_CTRL_GCM_SET_IVLEN, IV.size(), 0);
-	EVP_DecryptInit(d_ctx, 0, (const unsigned char*)keyIn.c_str(), (const unsigned char*)IV.c_str());
-	EVP_DecryptUpdate(d_ctx, out, &actual_size, (const unsigned char*)cipherText.c_str(), cipherText.size()); // E8 ? ? ? ? 0F B6 4E 06 
-	EVP_DecryptFinal(d_ctx, out, &final_size);
+	EVP_DecryptInit(ctx, EVP_aes_128_gcm(), 0, 0);
+	EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, IV.size(), 0);
+	EVP_DecryptInit(ctx, 0, (const unsigned char*)keyIn.c_str(), (const unsigned char*)IV.c_str());
+	EVP_DecryptUpdate(ctx, out, &actual_size, (const unsigned char*)cipherText.c_str(), cipherText.size()); // E8 ? ? ? ? 0F B6 4E 06 
+	EVP_DecryptFinal(ctx, out, &final_size);
+	EVP_CIPHER_CTX_free(ctx);
 	return string((char*)out, actual_size);
 }
 
 static string EncryptAES(string text, string keyValue, string IV) {
 	int actual_size = 0, final_size = 0;
-	EVP_CIPHER_CTX* d_ctx = EVP_CIPHER_CTX_new();
+	EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new();
 	string keyIn = base64::from_base64(keyValue);
 
 	unsigned char* out = (unsigned char*)malloc(text.size());
 	memset(out, 0, text.size());
 
-	EVP_EncryptInit(d_ctx, EVP_aes_128_gcm(), 0, 0);
-	EVP_CIPHER_CTX_ctrl(d_ctx, EVP_CTRL_GCM_SET_IVLEN, IV.size(), 0);
+	EVP_EncryptInit(ctx, EVP_aes_128_gcm(), 0, 0);
+	EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, IV.size(), 0);
 
-	EVP_EncryptInit(d_ctx, 0, (const unsigned char*)keyIn.c_str(), (const unsigned char*)IV.c_str());
-	EVP_EncryptUpdate(d_ctx, out, &actual_size, (const unsigned char*)text.c_str(), text.size()); // E8 ? ? ? ? 0F B6 4E 06 
-	EVP_EncryptFinal(d_ctx, out, &final_size);
+	EVP_EncryptInit(ctx, 0, (const unsigned char*)keyIn.c_str(), (const unsigned char*)IV.c_str());
+	EVP_EncryptUpdate(ctx, out, &actual_size, (const unsigned char*)text.c_str(), text.size()); // E8 ? ? ? ? 0F B6 4E 06 
+	EVP_EncryptFinal(ctx, out, &final_size);
+	EVP_CIPHER_CTX_free(ctx);
 	return string((char*)out, actual_size);
 }
