balloonwj / flamingo Goto Github PK
View Code? Open in Web Editor NEWflamingo 一款高性能轻量级开源即时通讯软件
flamingo 一款高性能轻量级开源即时通讯软件
在removeChannel函数中有个越界判断的条件
if (0 > idx && idx >= static_cast<int>(pollfds_.size())) return;
这里的“&&”应该改成“||”吧
用户使用远程桌面时,对话框会卡住,点击无效
安装客户端,无法修改和保存服务器地址,收取信息错乱,对方发送到图片,显示空白消息,对方发送表情,收到的不同的表情,发送消息给对方无法接收。
对方的对话框也会错乱
Field.cpp里面 m_strValue,m_strFieldName 不都是类的私有变量吗,你这里直接这样写f.m_strValue, f.m_strFieldName是不是有问题。
我用java也写了一个im 但是如果两台电脑不在一个路由下 就无法通信 请问我应该怎么做 或者这个问题称做什么 我可以自己搜索一下
谢谢!
`
void TimerQueue::doTimer()
{
loop_->assertInLoopThread();
Timestamp now(Timestamp::now());
for (auto iter = timers_.begin(); iter != timers_.end(); )
{
//if (iter->first <= now)
if (iter->second->expiration() <= now)
{
//LOGD("time: %lld", iter->second->expiration().microSecondsSinceEpoch());
iter->second->run();
if (iter->second->getRepeatCount() == 0)
{
iter = timers_.erase(iter);
}
else
{
++iter;
}
}
else
{
break;
}
}
`
在TimerQueue中的doTimer()函数中,最外层的else里面应该是continue而不是break吧
UI,, 界面直接照搬了QQ, 建议对UI重新编排, 图标也建议更换.
WIN10截图不能保存 新建群没反应
StringUtil::cut函数中,给substr2赋值时,应该偏移delimiterlength,而不是1,
源代码
substr2 = buf.substr(pos + 1);
应修改为
substr2 = buf.substr(pos + delimiterlength);
您用java 编写的该软件 为什么要归类到c++中去?
还有好多文档打开是空的?
我看你这个里面确实有 c++ 也有java 两个可以混用?我是菜鸟 求指教?
群功能无法使用
了解下远程桌面是可以用的吗?看见很多代码都是注释的
There is a SQL injection vulnerability in the UserManager::addUser
method.
The related business corresponding to the method is the registered account.
userid
,username
, nickname
can be controlled, no filtering measures, and directly execute the entire SQL statement.
Looking at the code, it is found that the client does not encrypt the transmission data, and the registration information is returned to the server in clear text. Therefore, it can be injected directly in the client registration window.
bool UserManager::addUser(User& u)
{
……
……
……
char sql[256] = { 0 };
snprintf(sql, 256, "INSERT INTO t_user(f_user_id, f_username, f_nickname, f_password, f_register_time) VALUES(%d, '%s', '%s', '%s', NOW())", m_baseUserId.load(), u.username.c_str(), u.nickname.c_str(), u.password.c_str());
if (!pConn->execute(sql))
{
LOGW("insert user error, sql: %s", sql);
return false;
}
……
……
}
payload:ad','ad','ads',sleep(10));#
or ad','ad','ads',user());#
There is a SQL injection vulnerability in the UserManager::updateUserTeamInfoInDbAndMemory
method.
newteaminfo
can be controlled
bool UserManager::updateUserTeamInfoInDbAndMemory(int32_t userid, const std::string& newteaminfo)
{
……
……
std::ostringstream osSql;
osSql << "UPDATE t_user SET f_teaminfo='"
<< newteaminfo << "' WHERE f_user_id="
<< userid;
if (!pConn->execute(osSql.str().c_str()))
{
LOGE("Update Team Info error, sql: %s", osSql.str().c_str());
return false;
}
……
……
}
The client has an input length limit, but the defense of the client is invalid. Hard code the payload into the program.
payload: 1"}]' or updatexml(2,concat(0x7e,version()),0) or'
There is a SQL injection vulnerability in the UserManager::addGroup
method.
groupname
can be controlled
bool UserManager::addGroup(const char* groupname, int32_t ownerid, int32_t& groupid)
{
……
……
++m_baseGroupId;
char sql[256] = { 0 };
snprintf(sql, 256, "INSERT INTO t_user(f_user_id, f_username, f_nickname, f_password, f_owner_id, f_register_time) VALUES(%d, '%d', '%s', '', %d, NOW())", m_baseGroupId.load(), m_baseGroupId.load(), groupname, ownerid);
if (!pConn->execute(sql))
{
LOGE("insert group error, sql: %s", sql);
return false;
}
……
……
}
Create a group chat function can trigger this function.
payload: 1','','1',version());#
The client has an input length limit, but the defense of the client is invalid. Hard code the payload into the program.
Find the place where the client sends the json, and hard code the payload in.
There is a SQL injection vulnerability in the UserManager::updateUserInfoInDb
method.
bool UserManager::updateUserInfoInDb(int32_t userid, const User& newuserinfo)
{
……
……
std::ostringstream osSql;
osSql << "UPDATE t_user SET f_nickname='"
<< newuserinfo.nickname << "', f_facetype="
<< newuserinfo.facetype << ", f_customface='"
<< newuserinfo.customface << "', f_gender="
<< newuserinfo.gender << ", f_birthday="
<< newuserinfo.birthday << ", f_signature='"
<< newuserinfo.signature << "', f_address='"
<< newuserinfo.address << "', f_phonenumber='"
<< newuserinfo.phonenumber << "', f_mail='"
<< newuserinfo.mail << "' WHERE f_user_id="
<< userid;
if (!pConn->execute(osSql.str().c_str()))
{
LOGE("UpdateUserInfo error, sql: %s", osSql.str().c_str());
return false;
}
……
……
}
payload:1' or updatexml(2,concat(0x7e,version()),0) or'
实测会设置errno22
你好,我这边fileserve和imgserver都正常,就是chatserver无法运行,没有错误提示;
P.S.数据库表是手动建的,版本:CentOS Linux release 7.5.1804 (Core),gcc version 4.8.5
##########flamingo bug反馈页面###################
注意:反馈bug时请说明flamingo的代码来源和终端类型(服务器、pc、还是安卓),并说清楚出现bug的步骤。
RT
CMake Error at CMakeLists.txt:14 (MESSAGE):
mysqlclient not found
C++ 初学者,希望了解一下这个工程中所使用到的相关技术,例如:PC端的UI是基于什么做的?
感谢。
Through code audit, it is found that the file download function in flamingo has a problem with directory traversal. Through this vulnerability, files can be downloaded anywhere on the server through the directory.
mysql> select version();
+-------------------------+
| version() |
+-------------------------+
| 5.7.32-0ubuntu0.16.04.1 |
+-------------------------+
1 row in set (0.02 sec)
Flamingo is a C/S mode communication software.User A sends the file to user B. The server saves the file in A specific folder of the server and waits for User B to receive it. After User B sends the receive request, the server sends the corresponding file to user B.
When uploading files, use the result of file md5 encoding as the file name (unfortunately, the encryption process is on the client side).
The base directory of the cache file is hard-coded in the configuration file, and the corresponding file path is directly spliced through the base directory and the md5 result. The file has no identification for a specific user, all files exist together, and there is no distinction between different users (that is, the server does not know who the file belongs to, and it can be downloaded as long as the correct file path is provided to the server).
From the simple analysis above, it can be seen that this file transfer function has a lot of security issues. Only the most serious problems are demonstrated here.
It can be seen from the declaration of the onDownloadFileResponse
function in FileSession.cpp
string filename = m_strFileBaseDir;
filename += filemd5;
m_fp = fopen(filename.c_str(), "rb+");
Since the download path is directly spliced by the base directory and the md5 result, as long as the file name can be controlled, the file name of the form ../../../pwd.txt can be used to achieve directory traversal and download any file .
Flamingo's problem is that MD5 encryption is done on the client side, and because the communication protocol is open source, it is easy to forge.
Find the location where the client sends the download command and tamper with the file name.
Add the following statement to the filetaskThread.cpp
During the test, it is found that when the tampered file path does not exist, the server will first create the file, then write the contents of the sent file, and then download it for the recipient.So using this vulnerability can also achieve arbitrary location write (can be multi-level directory traversal).
Send the file again here.The file is written on Desktop.
I would like to point out that identifiers like “__BUSSINESS_LOGIC_H__
” and “__MONITOR_SERVER_H__
” do not fit to the expected naming convention of the C++ language standard.
Would you like to adjust your selection for unique names?
上图中的
void makeSpace(size_t len)
{
//kCheapPrepend为保留的空间
if (writableBytes() + prependableBytes() < len + kCheapPrepend)
{
// FIXME: move readable data
m_buffer.resize(m_writerIndex + len);
}
else
{
// move readable data to the front, make space inside buffer
//assert(kCheapPrepend < readerIndex_);
if (kCheapPrepend >= m_readerIndex)
return;
size_t readable = readableBytes();
std::copy(begin() + m_readerIndex,
begin() + m_writerIndex,
begin() + kCheapPrepend);
m_readerIndex = kCheapPrepend;
m_writerIndex = m_readerIndex + readable;
}
}
应该在收包的过程中,这种copy数据应该是很常发生的
ubuntu安装mariaDB,需要安装如下客户端
sudo apt-get install mysql-client
sudo apt-get install libmysqlclient-dev python3-dev
CIUSocket::ConnectToFileServer和CIUSocket::ConnectToImgServer中select等待写事件时:
FD_SET(m_hSocket, &writeset);
应该是:
FD_SET(m_hFileSocket , &writeset);
你好 开发人员
建议使用这种登录机制
起了两个客户端,一个客户端A,一个客户端B
客户端A向客户端B发送图片文件,客户端A的日志显示upload文件成功,在imgserver上面的imgcache目录下也看到了md命名的文件
但是客户端B下载文件失败,客户端失败日志如下:
[2019-04-10 15:37:13:0378][INFO][ThreadID: 3236260][bool __thiscall CIUSocket::ConnectToImgServer(int):428]Connect to img server:118.24.67.107, port:20002 successfully.
[2019-04-10 15:37:13:0378][Error][ThreadID: 3236260][bool __thiscall CIUSocket::SendOnImgPort(const char *,__int64,int):674]Send data error, disconnect img server:118.24.67.107, port:20002, socket errorCode: 10057.
[2019-04-10 15:37:13:0378][Error][ThreadID: 3236260][void __thiscall CIUSocket::CloseImgServerConnection(void):787]Disconnect img server:118.24.67.107, port:20002.
[2019-04-10 15:37:13:0378][Error][ThreadID: 3236260][long thiscall CImageTaskThread::DownloadImage(const char *,const wchar_t *,int,struct HWND *,void *):617]Failed to download image: E:\chenqw\Bin\Users\15877860558\ChatImage\cc665afa6d80769676618de0c53fdb6c.jpg.
仔细看了一下源代码,上传和下载的逻辑都调用同样的接口发起connect 为什么会上传成功 下载失败? 是不是imgserver处理的有问题?
ubuntu
我已安装mysql-server mysql-client
但还是在cmake步骤提示:
CMake Error at CMakeLists.txt:14 (MESSAGE):
mysqlclient not found
如何是好?
在本地用vs2019打开.sln文件后,运行,提示缺少很多头文件
问题描述:A发送文件给B,同时C发送文件给D,其中任何一组发送完成都会导致fileserver服务崩溃。
问题原因:FileServer::onDisconnected 函数逻辑错误,任何会话完成传输都会清理掉其他会话。
我的解决方法:
void FileServer::onDisconnected(const std::shared_ptr<TcpConnection>& conn)
{
std::lock_guard<std::mutex> guard(m_sessionMutex);
for (auto iter = m_sessions.begin(); iter != m_sessions.end(); ++iter)
{
if ((*iter)->getConnectionPtr() == NULL)
{
LOGE("connection is NULL");
continue;
}
if ((*iter)->getConnectionPtr() == conn)
{
//用户下线
m_sessions.erase(iter);
//bUserOffline = true;
LOGI("client disconnected: %s", conn->peerAddress().toIpPort().c_str());
break;
}
}
}
“..\utils\UUIDGenerator.cpp”: No such file or directory imgserver
弹出 “”网络故障,注册失败,请稍后重试“”
如题
Would you like to wrap any pointers with the class template “std::unique_ptr”?
Update candidates:
能否解决一下这个问题呢
2017.05.26
2017.05.27
1.服务器端增加配置文件,端口号和数据库账号改为可配置项;
2.服务器端增加异步日志;
3. 协议接口调整,统一在32位机器和64位机器上协议包字节数大小。
2017.06.07
2017.06.14
2017.08.02
2017.10.24
服务器端更新:
2017.11.16
2018.04.22
2018.08.21
2018.09.17
2019.05.05
2019.05.22
2019.06.18
2019.06.24
2019.06.26
2019.07.17
2019.10.10
2020.04.01
2024.07.22
您好,我最近在学习这款开源框架的源代码。有个疑问是为什么数据传输协议里的包头部分可以直接拷贝内存而不需要转换字节序?
服务端代码:ChatSession::onLoad()
//取包头信息
chat_msg_header header;
memcpy(&header, pBuffer->peek(), sizeof(chat_msg_header));
客户端代码:IUSocket::Login()
msg header;
memset(&header, 0, sizeof(header));
header.compressflag = 1;
header.originsize = outbuf.length();
header.compresssize = strDestBuf.length();
//std::string strX;
//if (!::UncompressBuf(strDestBuf, strX, header.originsize))
//{
// int x = 0;
//}
std::string strSendBuf;
strSendBuf.append((const char*)&header, sizeof(header));
strSendBuf.append(strDestBuf);
移动端添加好友时,搜索好友未实现,不能添加好友
报错:
flamingoserver/base/fileutil.cpp:89:2: error: static assertion failed: sizeof(off_t) not 8
static_assert(sizeof(off_t) == 8, "sizeof(off_t) not 8");
我用的是卡片机,大概得改源码才行了吧.
您好。注册的时候出现网络故障,服务器端的chatserver的端口号不是8888,请问怎么解决?
请问 richFace.dll 这个dll 是闭源的吗?
文件名中文是utf8的 但是文件内中文却是GB2312的 好奇怪啊。
An extra null pointer check is not needed in functions like the following.
我用centos8搭了服务环境,编译也都成功,自动生成的数据库。使用安卓客户端能够注册信息,但是使用数据库内的客户信息登录,toast一直提示登录失败,一头雾水。希望看一下。
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.