Reverted some recent buffer.[ch] changes, including r3058 (except for

likely() and unlikely() macro additions to syshead.h) and r3061.

I would like to give more thought to the bigger issue of fortifying
buffer.[ch] through the use of additional defensive programming techniques.

git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3081 e7ae566f-a301-0410-adde-c780ea21d3b5

diff --git a/buffer.c b/buffer.c
index c71cd86871f7a10bec3f1c52f85ba26ad791389f..8febc911b0f5207fac325a78b32600b28f47b905 100644 (file)
--- a/buffer.c
+++ b/buffer.c
@@ -64,7 +64,6 @@ alloc_buf_gc (size_t size, struct gc_arena *gc)
 #endif
 {
   struct buffer buf;
-  ASSERT (size <= BUF_MAX);
   buf.capacity = (int)size;
   buf.offset = 0;
   buf.len = 0;

diff --git a/buffer.h b/buffer.h
index 1b4b8ef88619aa215ce498b1bdb1e623f9a57212..d8ef00ffbdf2f14fd46eec5fb25c88cf45894a28 100644 (file)
--- a/buffer.h
+++ b/buffer.h
@@ -43,8 +43,6 @@
 
 /* basic buffer class for OpenVPN */
 
-#define BUF_MAX (1<<20) /* maximum allowed size of struct buffer offset and len */
-
 struct buffer
 {
   int capacity;           /* size of buffer allocated by malloc */
@@ -151,10 +149,7 @@ buf_reset_len (struct buffer *buf)
 static inline bool
 buf_init_dowork (struct buffer *buf, int offset)
 {
-  if (unlikely (offset < 0)
-      || unlikely (offset > buf->capacity)
-      || unlikely (offset > BUF_MAX)
-      || unlikely (buf->data == NULL))
+  if (offset < 0 || offset > buf->capacity || buf->data == NULL)
     return false;
   buf->len = 0;
   buf->offset = offset;
@@ -181,8 +176,6 @@ buf_set_write (struct buffer *buf, uint8_t *data, int size)
 static inline void
 buf_set_read (struct buffer *buf, const uint8_t *data, int size)
 {
-  if (unlikely(size > BUF_MAX))
-    size = 0;
   buf->len = buf->capacity = size;
   buf->offset = 0;
   buf->data = (uint8_t *)data;
@@ -292,50 +285,32 @@ struct buffer buf_sub (struct buffer *buf, int size, bool prepend);
 static inline bool
 buf_safe (const struct buffer *buf, int len)
 {
-  if (unlikely(buf->offset > BUF_MAX) || unlikely(buf->len) > BUF_MAX || unlikely(len > BUF_MAX))
-    return false;
-  else
-    return likely(len >= 0) && likely(buf->offset + buf->len + len <= buf->capacity);
+  return len >= 0 && buf->offset + buf->len + len <= buf->capacity;
 }
 
 static inline bool
 buf_safe_bidir (const struct buffer *buf, int len)
 {
-  if (unlikely(buf->offset > BUF_MAX) || unlikely(buf->len) > BUF_MAX || unlikely(len > BUF_MAX))
-    return false;
-  else
-    {
-      const int newlen = buf->len + len;
-      return likely(newlen >= 0) && likely(buf->offset + newlen <= buf->capacity);
-    }
+  const int newlen = buf->len + len;
+  return newlen >= 0 && buf->offset + newlen <= buf->capacity;
 }
 
 static inline int
 buf_forward_capacity (const struct buffer *buf)
 {
-  if (unlikely(buf->offset > BUF_MAX) || unlikely(buf->len) > BUF_MAX)
-    return 0;
-  else
-    {
-      int ret = buf->capacity - (buf->offset + buf->len);
-      if (ret < 0)
-       ret = 0;
-      return ret;
-    }
+  int ret = buf->capacity - (buf->offset + buf->len);
+  if (ret < 0)
+    ret = 0;
+  return ret;
 }
 
 static inline int
 buf_forward_capacity_total (const struct buffer *buf)
 {
-  if (unlikely(buf->offset > BUF_MAX))
-    return 0;
-  else
-    {
-      int ret = buf->capacity - buf->offset;
-      if (ret < 0)
-       ret = 0;
-      return ret;
-    }
+  int ret = buf->capacity - buf->offset;
+  if (ret < 0)
+    ret = 0;
+  return ret;
 }
 
 static inline int
@@ -347,7 +322,7 @@ buf_reverse_capacity (const struct buffer *buf)
 static inline bool
 buf_inc_len (struct buffer *buf, int inc)
 {
-  if (unlikely(!buf_safe_bidir (buf, inc)))
+  if (!buf_safe_bidir (buf, inc))
     return false;
   buf->len += inc;
   return true;
@@ -361,11 +336,7 @@ buf_inc_len (struct buffer *buf, int inc)
 static inline uint8_t *
 buf_prepend (struct buffer *buf, int size)
 {
-  if (unlikely(size < 0)
-      || unlikely(size > buf->offset)
-      || unlikely(size > BUF_MAX)
-      || unlikely(buf->offset > BUF_MAX)
-      || unlikely(buf->len > BUF_MAX))
+  if (size < 0 || size > buf->offset)
     return NULL;
   buf->offset -= size;
   buf->len += size;
@@ -375,11 +346,7 @@ buf_prepend (struct buffer *buf, int size)
 static inline bool
 buf_advance (struct buffer *buf, int size)
 {
-  if (unlikely(size < 0)
-      || unlikely(buf->len < size)
-      || unlikely(size > BUF_MAX)
-      || unlikely(buf->offset > BUF_MAX)
-      || unlikely(buf->len > BUF_MAX))
+  if (size < 0 || buf->len < size)
     return false;
   buf->offset += size;
   buf->len -= size;
@@ -483,15 +450,11 @@ buf_copy_range (struct buffer *dest,
                int src_index,
                int src_len)
 {
-  if (unlikely(src_index < 0)
-      || unlikely(src_len < 0)
-      || unlikely(src_index > BUF_MAX)
-      || unlikely(src_len > BUF_MAX)
-      || unlikely(dest->offset > BUF_MAX)
-      || unlikely(dest_index > BUF_MAX)
-      || unlikely(src_index + src_len > src->len)
-      || unlikely(dest_index < 0)
-      || unlikely(dest->offset + dest_index + src_len > dest->capacity))
+  if (src_index < 0
+      || src_len < 0
+      || src_index + src_len > src->len
+      || dest_index < 0
+      || dest->offset + dest_index + src_len > dest->capacity)
     return false;
   memcpy (dest->data + dest->offset + dest_index, src->data + src->offset + src_index, src_len);
   if (dest_index + src_len > dest->len)

diff --git a/tun.c b/tun.c
index bc3466bd4e5b90f677e4719dddec37a75b2f9bad..c1494d9548158d87e6d79626471d1725deee1191 100644 (file)
--- a/tun.c
+++ b/tun.c
@@ -2033,12 +2033,7 @@ tun_finalize (
     }
 
   if (buf)
-    {
-      if (ret < 0)
-       buf->len = 0;
-      else
-       buf->len = ret;
-    }
+    buf->len = ret;
   return ret;
 }