- Fix for out of bounds integers, thanks to OSTIF audit. It is in

  allocation debug code.

git-svn-id: file:///svn/unbound/trunk@5143 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/Changelog b/doc/Changelog
index 998b67a6f7be2322190406379350525b478b5f71..6740be1e847b1ac663ff9c955ffa6b52b5c7c32d 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,6 +1,8 @@
 2 April 2019: Wouter
        - Fix auth-zone NSEC3 response for empty nonterminals with exact
          match nsec3 records.
+       - Fix for out of bounds integers, thanks to OSTIF audit.  It is in
+         allocation debug code.
 
 25 March 2019: Wouter
        - Fix that tls-session-ticket-keys: "" on its own in unbound.conf

diff --git a/util/alloc.c b/util/alloc.c
index 908b1f42361f2bce89c68980a5572f4241802772..7e9618931ca6ab8a6ed58319f7f9c3bb7aea8c3e 100644 (file)
--- a/util/alloc.c
+++ b/util/alloc.c
@@ -376,6 +376,7 @@ void *unbound_stat_malloc(size_t size)
 {
        void* res;
        if(size == 0) size = 1;
+       log_assert(size <= SIZE_MAX-16);
        res = malloc(size+16);
        if(!res) return NULL;
        unbound_mem_alloc += size;
@@ -398,6 +399,7 @@ void *unbound_stat_calloc(size_t nmemb, size_t size)
        if(nmemb != 0 && INT_MAX/nmemb < size)
                return NULL; /* integer overflow check */
        s = (nmemb*size==0)?(size_t)1:nmemb*size;
+       log_assert(s <= SIZE_MAX-16);
        res = calloc(1, s+16);
        if(!res) return NULL;
        log_info("stat %p=calloc(%u, %u)", res+16, (unsigned)nmemb, (unsigned)size);
@@ -447,6 +449,7 @@ void *unbound_stat_realloc(void *ptr, size_t size)
                /* nothing changes */
                return ptr;
        }
+       log_assert(size <= SIZE_MAX-16);
        res = malloc(size+16);
        if(!res) return NULL;
        unbound_mem_alloc += size;
@@ -521,7 +524,9 @@ void *unbound_stat_malloc_lite(size_t size, const char* file, int line,
         const char* func)
 {
        /*  [prefix .. len .. actual data .. suffix] */
-       void* res = malloc(size+lite_pad*2+sizeof(size_t));
+       void* res;
+       log_assert(size <= SIZE_MAX-(lite_pad*2+sizeof(size_t)));
+       res = malloc(size+lite_pad*2+sizeof(size_t));
        if(!res) return NULL;
        memmove(res, lite_pre, lite_pad);
        memmove(res+lite_pad, &size, sizeof(size_t));
@@ -538,6 +543,7 @@ void *unbound_stat_calloc_lite(size_t nmemb, size_t size, const char* file,
        if(nmemb != 0 && INT_MAX/nmemb < size)
                return NULL; /* integer overflow check */
        req = nmemb * size;
+       log_assert(req <= SIZE_MAX-(lite_pad*2+sizeof(size_t)));
        res = malloc(req+lite_pad*2+sizeof(size_t));
        if(!res) return NULL;
        memmove(res, lite_pre, lite_pad);