summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorꦌꦫꦶꦏ꧀ꦦꦿꦧꦮꦑꦩꦭ꧀ <erik@darapsa.co.id>2023-05-15 10:43:46 +0800
committerꦌꦫꦶꦏ꧀ꦦꦿꦧꦮꦑꦩꦭ꧀ <erik@darapsa.co.id>2023-05-15 10:43:46 +0800
commit42ad93d1f6e7dbca2264c2cf62db3b8c79a5120b (patch)
treeef64244afb7df437e848ae1642424324d21fd7ed
parent33c252c6b2f509b6420c24d610dd99a15cda5593 (diff)
POST copies contents so quantity doesn't leak
-rw-r--r--ord.c4
-rw-r--r--request.c8
2 files changed, 9 insertions, 3 deletions
diff --git a/ord.c b/ord.c
index 06d1798..4964931 100644
--- a/ord.c
+++ b/ord.c
@@ -15,7 +15,7 @@ void interchange_ord_order(const char *sku, const char *item,
do {
length++;
} while ((qty /= 10));
- char qty_str[length + 1];
+ char *qty_str = malloc(length + 1);
sprintf(qty_str, "%d", quantity);
request(parser, NULL, &(struct body){ 4, {
{ "mv_action", "refresh" },
@@ -34,7 +34,7 @@ void interchange_ord_update(const char *name, const unsigned int quantity,
do {
length++;
} while ((qty /= 10));
- char qty_str[length + 1];
+ char *qty_str = malloc(length + 1);
sprintf(qty_str, "%d", quantity);
request(parser, NULL, &(struct body){ 4 + (nextpage ? 1 : 0), {
{ "mv_quantity_update", "1" },
diff --git a/request.c b/request.c
index 32e46f0..2ab8fc4 100644
--- a/request.c
+++ b/request.c
@@ -134,6 +134,8 @@ void request(void (*handler)(interchange_response *), void (*callback)(void *),
if (i)
strcat(post, "&");
sprintf(post, "%s%s=%s", post, pair.key, pair.value);
+ if (!strncmp(pair.key, "quantity", 8))
+ free(pair.value);
}
strcpy(attr.requestMethod, "POST");
static const char *headers[] = { "Content-Type",
@@ -173,7 +175,11 @@ void request(void (*handler)(interchange_response *), void (*callback)(void *),
struct pair pair = body->pairs[i];
if (!pair.value)
continue;
- curl_formadd(&post, &last, CURLFORM_COPYNAME, pair.key, CURLFORM_PTRCONTENTS, pair.value, CURLFORM_END);
+ curl_formadd(&post, &last, CURLFORM_COPYNAME, pair.key,
+ CURLFORM_COPYCONTENTS, pair.value,
+ CURLFORM_END);
+ if (!strncmp(pair.key, "quantity", 8))
+ free(pair.value);
}
last = NULL;
curl_easy_setopt(curl, CURLOPT_HTTPPOST, post);