From: Martin Willi <martin@revosec.ch>
Date: Tue, 31 Mar 2015 15:25:05 +0000 (+0200)
Subject: utils: Add malloc/free wrappers returning aligned data
X-Git-Tag: 5.3.1dr1~17^2~5
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f206bb74449f46c0558993f2b779ffa096fb32f2;p=thirdparty%2Fstrongswan.git

utils: Add malloc/free wrappers returning aligned data

While we could use posix_memalign(3), that is not fully portable. Further, it
might be difficult on some platforms to properly catch it in leak-detective,
which results in invalid free()s when releasing such memory.

We instead use a simple wrapper, which allocates larger data, and saves the
padding size in the allocated header. This requires that memory is released
using a dedicated function.

To reduce the risk of invalid free() when working on corrupted data, we fill up
all the padding with the padding length, and verify it during free_align().
---

diff --git a/src/libstrongswan/tests/suites/test_utils.c b/src/libstrongswan/tests/suites/test_utils.c
index f151fb35e0..b38f2cb521 100644
--- a/src/libstrongswan/tests/suites/test_utils.c
+++ b/src/libstrongswan/tests/suites/test_utils.c
@@ -228,6 +228,41 @@ START_TEST(test_strpfx)
 }
 END_TEST
 
+/*******************************************************************************
+ * mallac_align/free_align
+ */
+
+START_TEST(test_malloc_align)
+{
+	void *ptr[128][256];
+	int size, align;
+
+	for (size = 0; size < countof(ptr); size++)
+	{
+		for (align = 0; align < countof(ptr[0]); align++)
+		{
+			ptr[size][align] = malloc_align(size, align);
+			if (align)
+			{
+				ck_assert((uintptr_t)ptr[size][align] % align == 0);
+			}
+			if (size)
+			{
+				ck_assert(ptr[size][align]);
+				memset(ptr[size][align], 0xEF, size);
+			}
+		}
+	}
+	for (size = 0; size < countof(ptr); size++)
+	{
+		for (align = 0; align < countof(ptr[0]); align++)
+		{
+			free_align(ptr[size][align]);
+		}
+	}
+}
+END_TEST
+
 /*******************************************************************************
  * memxor
  */
@@ -816,6 +851,10 @@ Suite *utils_suite_create()
 	tcase_add_loop_test(tc, test_strpfx, 0, countof(strpfx_data));
 	suite_add_tcase(s, tc);
 
+	tc = tcase_create("malloc_align");
+	tcase_add_test(tc, test_malloc_align);
+	suite_add_tcase(s, tc);
+
 	tc = tcase_create("memxor");
 	tcase_add_test(tc, test_memxor);
 	tcase_add_test(tc, test_memxor_aligned);
diff --git a/src/libstrongswan/utils/utils.c b/src/libstrongswan/utils/utils.c
index 3d5e3dfc90..119c6563a8 100644
--- a/src/libstrongswan/utils/utils.c
+++ b/src/libstrongswan/utils/utils.c
@@ -58,6 +58,50 @@ ENUM(status_names, SUCCESS, NEED_MORE,
 	"NEED_MORE",
 );
 
+/**
+ * Described in header.
+ */
+void* malloc_align(size_t size, u_int8_t align)
+{
+	u_int8_t pad;
+	void *ptr;
+
+	if (align == 0)
+	{
+		align = 1;
+	}
+	ptr = malloc(align + sizeof(pad) + size);
+	if (!ptr)
+	{
+		return NULL;
+	}
+	/* store padding length just before data, down to the allocation boundary
+	 * to do some verification during free_align() */
+	pad = align - ((uintptr_t)ptr % align);
+	memset(ptr, pad, pad);
+	return ptr + pad;
+}
+
+/**
+ * Described in header.
+ */
+void free_align(void *ptr)
+{
+	u_int8_t pad, *pos;
+
+	pos = ptr - 1;
+	/* verify padding to check any corruption */
+	for (pad = *pos; (void*)pos >= ptr - pad; pos--)
+	{
+		if (*pos != pad)
+		{
+			DBG1(DBG_LIB, "!!!! invalid free_align() !!!!");
+			return;
+		}
+	}
+	free(ptr - pad);
+}
+
 /**
  * Described in header.
  */
diff --git a/src/libstrongswan/utils/utils.h b/src/libstrongswan/utils/utils.h
index 235f283731..a9791ed771 100644
--- a/src/libstrongswan/utils/utils.h
+++ b/src/libstrongswan/utils/utils.h
@@ -566,6 +566,24 @@ typedef struct timespec timespec_t;
  */
 typedef struct sockaddr sockaddr_t;
 
+/**
+ * malloc(), but returns aligned memory.
+ *
+ * The returned pointer must be freed using free_align(), not free().
+ *
+ * @param size			size of allocated data
+ * @param align			alignment, up to 255 bytes, usually a power of 2
+ * @return				allocated hunk, aligned to align bytes
+ */
+void* malloc_align(size_t size, u_int8_t align);
+
+/**
+ * Free a hunk allocated by malloc_align().
+ *
+ * @param ptr			hunk to free
+ */
+void free_align(void *ptr);
+
 /**
  * Same as memcpy, but XORs src into dst instead of copy
  */