From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Tue, 2 Apr 2019 12:28:20 +0000 (+0000)
Subject: - Fix for out of bounds integers, thanks to OSTIF audit.  It is in
X-Git-Tag: final-svn-state~32
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e3381436394f5959c715bcb3f9a810feb996584b;p=thirdparty%2Funbound.git

- Fix for out of bounds integers, thanks to OSTIF audit.  It is in
  allocation debug code.


git-svn-id: file:///svn/unbound/trunk@5143 be551aaa-1e26-0410-a405-d3ace91eadb9
---

diff --git a/doc/Changelog b/doc/Changelog
index 998b67a6f..6740be1e8 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,6 +1,8 @@
 2 April 2019: Wouter
 	- Fix auth-zone NSEC3 response for empty nonterminals with exact
 	  match nsec3 records.
+	- Fix for out of bounds integers, thanks to OSTIF audit.  It is in
+	  allocation debug code.
 
 25 March 2019: Wouter
 	- Fix that tls-session-ticket-keys: "" on its own in unbound.conf
diff --git a/util/alloc.c b/util/alloc.c
index 908b1f423..7e9618931 100644
--- a/util/alloc.c
+++ b/util/alloc.c
@@ -376,6 +376,7 @@ void *unbound_stat_malloc(size_t size)
 {
 	void* res;
 	if(size == 0) size = 1;
+	log_assert(size <= SIZE_MAX-16);
 	res = malloc(size+16);
 	if(!res) return NULL;
 	unbound_mem_alloc += size;
@@ -398,6 +399,7 @@ void *unbound_stat_calloc(size_t nmemb, size_t size)
 	if(nmemb != 0 && INT_MAX/nmemb < size)
 		return NULL; /* integer overflow check */
 	s = (nmemb*size==0)?(size_t)1:nmemb*size;
+	log_assert(s <= SIZE_MAX-16);
 	res = calloc(1, s+16);
 	if(!res) return NULL;
 	log_info("stat %p=calloc(%u, %u)", res+16, (unsigned)nmemb, (unsigned)size);
@@ -447,6 +449,7 @@ void *unbound_stat_realloc(void *ptr, size_t size)
 		/* nothing changes */
 		return ptr;
 	}
+	log_assert(size <= SIZE_MAX-16);
 	res = malloc(size+16);
 	if(!res) return NULL;
 	unbound_mem_alloc += size;
@@ -521,7 +524,9 @@ void *unbound_stat_malloc_lite(size_t size, const char* file, int line,
         const char* func)
 {
 	/*  [prefix .. len .. actual data .. suffix] */
-	void* res = malloc(size+lite_pad*2+sizeof(size_t));
+	void* res;
+	log_assert(size <= SIZE_MAX-(lite_pad*2+sizeof(size_t)));
+	res = malloc(size+lite_pad*2+sizeof(size_t));
 	if(!res) return NULL;
 	memmove(res, lite_pre, lite_pad);
 	memmove(res+lite_pad, &size, sizeof(size_t));
@@ -538,6 +543,7 @@ void *unbound_stat_calloc_lite(size_t nmemb, size_t size, const char* file,
 	if(nmemb != 0 && INT_MAX/nmemb < size)
 		return NULL; /* integer overflow check */
 	req = nmemb * size;
+	log_assert(req <= SIZE_MAX-(lite_pad*2+sizeof(size_t)));
 	res = malloc(req+lite_pad*2+sizeof(size_t));
 	if(!res) return NULL;
 	memmove(res, lite_pre, lite_pad);