Skip to content

Commit dc38e5e

Browse files
SaSukiTBSaSukiTB
authored
Fix memory leaks and improve error handling in req() function
1. Added curl_easy_cleanup(curl); to free resources after request 2. Changed to 2L (Enforces full hostname verification) 3. Added cleanup before calling error() 4. Properly convert to C-string XorStr("keyauth.win").c_str() 5. Proper Cleanup to Avoid Memory Leaks Your original function doesn’t call curl_easy_cleanup(), which means CURL resources aren’t freed in case of errors. this leads to memory leaks if the function is called multiple times (and its already called multiple times) almost every function in keyAuth library use it. Stronger SSL Security curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 1); only checks if the SSL certificate exists, but does not verify the hostname properly. Change it to curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2L); Enforces full hostname verification, preventing MITM attacks
1 parent 6f33417 commit dc38e5e

File tree

1 file changed

+17
-16
lines changed

1 file changed

+17
-16
lines changed

auth.cpp

Lines changed: 17 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -1664,40 +1664,41 @@ void KeyAuth::api::setDebug(bool value) {
16641664
KeyAuth::api::debug = value;
16651665
}
16661666

1667-
std::string KeyAuth::api::req(std::string data, std::string url) {
1667+
std::string KeyAuth::api::req(const std::string& data, const std::string& url) {
1668+
16681669
CURL* curl = curl_easy_init();
1669-
if (!curl)
1670-
return XorStr("null");
1670+
if (!curl) {
1671+
error(XorStr("CURL Initialization Failed!"));
1672+
}
16711673

16721674
std::string to_return;
16731675
std::string headers;
16741676

1677+
// Set CURL options
16751678
curl_easy_setopt(curl, CURLOPT_URL, url.c_str());
1676-
1677-
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 1);
1678-
1679-
curl_easy_setopt(curl, CURLOPT_NOPROXY, XorStr( "keyauth.win" ) );
1680-
1679+
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2L);
16811680
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);
16821681
curl_easy_setopt(curl, CURLOPT_CERTINFO, 1L);
1683-
1682+
curl_easy_setopt(curl, CURLOPT_NOPROXY, XorStr("keyauth.win").c_str());
16841683
curl_easy_setopt(curl, CURLOPT_POSTFIELDS, data.c_str());
1685-
16861684
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_callback);
16871685
curl_easy_setopt(curl, CURLOPT_WRITEDATA, &to_return);
1688-
16891686
curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, header_callback);
16901687
curl_easy_setopt(curl, CURLOPT_HEADERDATA, &headers);
16911688

1692-
auto code = curl_easy_perform(curl);
1693-
1694-
if (code != CURLE_OK)
1695-
error(curl_easy_strerror(code));
1689+
// Perform the request
1690+
CURLcode code = curl_easy_perform(curl);
1691+
if (code != CURLE_OK) {
1692+
std::string errorMsg = "CURL Error: " + std::string(curl_easy_strerror(code));
1693+
curl_easy_cleanup(curl);
1694+
error(errorMsg);
1695+
}
16961696

16971697
debugInfo(data, url, to_return, "Sig: " + signature + "\nTimestamp:" + signatureTimestamp);
1698-
1698+
curl_easy_cleanup(curl);
16991699
return to_return;
17001700
}
1701+
17011702
void error(std::string message) {
17021703
system((XorStr("start cmd /C \"color b && title Error && echo ").c_str() + message + XorStr(" && timeout /t 5\"")).c_str());
17031704
LI_FN(__fastfail)(0);

0 commit comments

Comments
 (0)