[or-cvs] Be more proactive about noticing underflows: size_t values ...
Nick Mathewson
nickm at seul.org
Thu Dec 2 04:33:04 UTC 2004
Update of /home/or/cvsroot/tor/src/common
In directory moria.mit.edu:/tmp/cvs-serv28436/src/common
Modified Files:
compat.c crypto.c torint.h util.c
Log Message:
Be more proactive about noticing underflows: size_t values greater than 0x800...00 are likely to be trouble.
Index: compat.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/common/compat.c,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -d -r1.20 -r1.21
--- compat.c 1 Dec 2004 03:51:59 -0000 1.20
+++ compat.c 2 Dec 2004 04:33:01 -0000 1.21
@@ -100,6 +100,8 @@
int r;
if (size == 0)
return -1; /* no place for the NUL */
+ if (size > SIZE_T_CEILING)
+ return -1;
#ifdef MS_WINDOWS
r = _vsnprintf(str, size, format, args);
#else
Index: crypto.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/common/crypto.c,v
retrieving revision 1.126
retrieving revision 1.127
diff -u -d -r1.126 -r1.127
--- crypto.c 1 Dec 2004 03:48:12 -0000 1.126
+++ crypto.c 2 Dec 2004 04:33:01 -0000 1.127
@@ -1520,6 +1520,8 @@
*/
if (destlen < ((srclen/48)+1)*66)
return -1;
+ if (destlen > SIZE_T_CEILING)
+ return -1;
EVP_EncodeInit(&ctx);
EVP_EncodeUpdate(&ctx, dest, &len, (char*) src, srclen);
@@ -1543,6 +1545,8 @@
*/
if (destlen < ((srclen/64)+1)*49)
return -1;
+ if (destlen > SIZE_T_CEILING)
+ return -1;
EVP_DecodeInit(&ctx);
EVP_DecodeUpdate(&ctx, dest, &len, (char*) src, srclen);
@@ -1562,6 +1566,7 @@
tor_assert((nbits%5) == 0); /* We need an even multiple of 5 bits. */
tor_assert((nbits/5)+1 <= destlen); /* We need enough space. */
+ tor_assert(destlen < SIZE_T_CEILING);
for (i=0,bit=0; bit < nbits; ++i, bit+=5) {
/* set v to the 16-bit value starting at src[bits/8], 0-padded. */
@@ -1588,6 +1593,7 @@
uint8_t c;
size_t count;
char *tmp;
+ tor_assert(key_out_len < SIZE_T_CEILING);
#define EXPBIAS 6
c = s2k_specifier[8];
Index: torint.h
===================================================================
RCS file: /home/or/cvsroot/tor/src/common/torint.h,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -d -r1.14 -r1.15
--- torint.h 29 Nov 2004 22:25:28 -0000 1.14
+++ torint.h 2 Dec 2004 04:33:01 -0000 1.15
@@ -232,5 +232,8 @@
#endif
#endif
+/* Any size_t larger than this amount is likely to be an underflow. */
+#define SIZE_T_CEILING (1u<<(sizeof(size_t)*8 - 1))
+
#endif /* __TORINT_H */
Index: util.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/common/util.c,v
retrieving revision 1.192
retrieving revision 1.193
diff -u -d -r1.192 -r1.193
--- util.c 1 Dec 2004 03:48:12 -0000 1.192
+++ util.c 2 Dec 2004 04:33:01 -0000 1.193
@@ -18,6 +18,7 @@
#include "util.h"
#include "log.h"
#include "crypto.h"
+#include "torint.h"
#ifdef MS_WINDOWS
#include <io.h>
@@ -218,6 +219,8 @@
tor_assert(s);
tor_assert(insert);
tor_assert(n > 0);
+ tor_assert(n < SIZE_T_CEILING);
+ tor_assert(dest_len < SIZE_T_CEILING);
len_in = strlen(s);
len_ins = strlen(insert);
len_out = len_in + (len_in/n)*len_ins;
@@ -444,6 +447,7 @@
char *cp;
tor_assert(destlen >= srclen*2+1);
+ tor_assert(destlen < SIZE_T_CEILING);
cp = dest;
end = src+srclen;
@@ -477,7 +481,7 @@
int v1,v2;
if ((srclen % 2) != 0)
return -1;
- if (destlen < srclen/2)
+ if (destlen < srclen/2 || destlen > SIZE_T_CEILING)
return -1;
end = src+srclen;
while (src<end) {
@@ -703,6 +707,9 @@
size_t numread = 0;
int result;
+ if (count > SIZE_T_CEILING)
+ return -1;
+
while (numread != count) {
if (isSocket)
result = recv(fd, buf+numread, count-numread, 0);
More information about the tor-commits
mailing list