漏洞"/>
如何修复这个错误和这个漏洞
`大家好,代码中有一个bug导致在命令行中使用这段代码会出现漏洞
socket.emit("广播", { 命令:“新” });
结果来自 0|服务器|类型错误:无法设置未定义的属性“id”
还有这个
socket.emit("广播", { 命令:“发送” });
结果来自 0|服务器| SyntaxError:JSON 中位置 0
中的意外标记 u你能修复这段代码吗? `
socket.on("broadcasting", (data) => {
if (typeof data != "object") {
return;
}
if(UserInfo[socket.id]){
if (data.cmd == "new") {
if (UserInfo[socket.id].rep >= SiteSetting["miclikes"]) {
io.to(UserInfo[socket.id].idroom).emit("broadcasting", { cmd: "new", it: data.it, user:socket.id });
socket.emit("broadcasting", { cmd: "new", it: data.it });
PeerRoom[UserInfo[socket.id].idroom][data.it].id = socket.id;
PeerRoom[UserInfo[socket.id].idroom][data.it].ev = true;
} else {
socket.emit("msg", {
cmd: "not",
data: {
topic: "",
force: 1,
msg: SiteSetting["miclikes"] + " " + "عدد الايكات المطلوبة للمايك",
user: "",
},
});
}
} else if (data.cmd == "send") {
const myfr = JSON.parse(data.mj);
if (myfr.type == "new-ice-candidate") {
socket.to(myfr["target"]).emit("broadcasting", {
cmd: "send",
msgString: JSON.stringify({
type: myfr["type"],
it: myfr["it"],
target: myfr["target"],
user: socket.id,
candidate: myfr["candidate"],
}),
});
} else if (myfr.type == "video-offer") {
socket.to(myfr["target"]).broadcast.emit("broadcasting", {
cmd: "send",
msgString: JSON.stringify({
type: myfr["type"],
it: myfr["it"],
target: myfr["target"],
sdp: myfr["sdp"],
user: socket.id,
}),
});
} else if (myfr["type"] == "hang-up") {
// if(myfr["target"] == socket.id || VerRoomsOwner(UserInfo[socket.id].power)){
if( PeerRoom[UserInfo[socket.id].idroom][myfr["it"]]){
PeerRoom[UserInfo[socket.id].idroom][myfr["it"]].id = "";
PeerRoom[UserInfo[socket.id].idroom][myfr["it"]].ev = false;
io.to(UserInfo[socket.id].idroom).emit("broadcasting", { cmd: "send", msgString: data.mj });
};
} else if (myfr["type"] == "video-answer") {
socket.to(myfr["target"]).emit("broadcasting", {
cmd: "send",
msgString: JSON.stringify({
type: myfr["type"],
it: myfr["it"],
target: myfr["target"],
sdp: myfr["sdp"],
user: socket.id,
}),
});
} else {
io.to(UserInfo[socket.id].idroom).emit("broadcasting", { cmd: "send", msgString: data.mj });
}
}
}
});
我尝试了很多修复它,但没有用
回答如下:如果你收到一个包含无效数据的数据包,你可以忽略它。你应该忽略它,或者阻止发件人。所以你需要检查你是否有无效数据。
if(UserInfo[socket.id]){
if (data.cmd == "new") {
if (!PeerRoom[UserInfo[socket.id].idroom][data.it]) return; // INVALID
if (UserInfo[socket.id].rep >= SiteSetting["miclikes"]) {
....
}
} else if (data.cmd == "send") {
try {
const myfr = JSON.parse(data.mj);
} catch (e) {
// INVALID? Or possibly a normal string to send to all users?
return;
}
if (typeof myfr !== 'object') return;
// you may need additional check for each case below...
if (myfr.type == "new-ice-candidate") {
...
} else if (myfr.type == "video-offer") {
...
} else if (myfr["type"] == "hang-up") {
...
} else if (myfr["type"] == "video-answer") {
...
} else {
...
}
}
更多推荐
如何修复这个错误和这个漏洞
发布评论