From: Wouter Wijngaards Date: Tue, 17 Mar 2015 08:24:24 +0000 (+0000) Subject: - Use reallocarray for integer overflow protection, patch submitted X-Git-Tag: release-1.5.4~66 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=63b5d109f8a1593627ca6dac3cabc64cf7993830;p=thirdparty%2Funbound.git - Use reallocarray for integer overflow protection, patch submitted by Loganaden Velvindron. git-svn-id: file:///svn/unbound/trunk@3365 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/Makefile.in b/Makefile.in index bd3580701..5b5e4bc33 100644 --- a/Makefile.in +++ b/Makefile.in @@ -131,7 +131,7 @@ compat/memcmp.c compat/memmove.c compat/snprintf.c compat/strlcat.c \ compat/strlcpy.c compat/strptime.c compat/getentropy_linux.c \ compat/getentropy_osx.c compat/getentropy_solaris.c compat/getentropy_win.c \ compat/explicit_bzero.c compat/arc4random.c compat/arc4random_uniform.c \ -compat/arc4_lock.c compat/sha512.c +compat/arc4_lock.c compat/sha512.c compat/reallocarray.c COMPAT_OBJ=$(LIBOBJS:.o=.lo) COMPAT_OBJ_WITHOUT_CTIME=$(LIBOBJ_WITHOUT_CTIME:.o=.lo) COMPAT_OBJ_WITHOUT_CTIMEARC4=$(LIBOBJ_WITHOUT_CTIMEARC4:.o=.lo) @@ -1217,6 +1217,7 @@ memmove.lo memmove.o: $(srcdir)/compat/memmove.c config.h snprintf.lo snprintf.o: $(srcdir)/compat/snprintf.c config.h strlcat.lo strlcat.o: $(srcdir)/compat/strlcat.c config.h strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c config.h +reallocarray.lo reallocarray.o: $(srcdir)/compat/reallocarray.c config.h strptime.lo strptime.o: $(srcdir)/compat/strptime.c config.h getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h \ diff --git a/acx_nlnetlabs.m4 b/acx_nlnetlabs.m4 index e1cf83a70..decf0f586 100644 --- a/acx_nlnetlabs.m4 +++ b/acx_nlnetlabs.m4 @@ -2,7 +2,8 @@ # Copyright 2009, Wouter Wijngaards, NLnet Labs. # BSD licensed. # -# Version 26 +# Version 27 +# 2015-03-17 AHX_CONFIG_REALLOCARRAY added # 2013-09-19 FLTO help text improved. # 2013-07-18 Enable ACX_CHECK_COMPILER_FLAG to test for -Wstrict-prototypes # 2013-06-25 FLTO has --disable-flto option. @@ -1213,6 +1214,16 @@ struct tm *gmtime_r(const time_t *timep, struct tm *result); #endif ]) +dnl provide reallocarray compat prototype. +dnl $1: unique name for compat code +AC_DEFUN([AHX_CONFIG_REALLOCARRAY], +[ +#ifndef HAVE_REALLOCARRAY +#define reallocarray reallocarray$1 +void* reallocarray(void *ptr, size_t nmemb, size_t size); +#endif +]) + dnl provide w32 compat definition for sleep AC_DEFUN([AHX_CONFIG_W32_SLEEP], [ diff --git a/compat/reallocarray.c b/compat/reallocarray.c index aa7068682..04d5d71c8 100644 --- a/compat/reallocarray.c +++ b/compat/reallocarray.c @@ -15,6 +15,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#include "config.h" #include #include #include diff --git a/config.h.in b/config.h.in index c36d4b98b..723b3ad02 100644 --- a/config.h.in +++ b/config.h.in @@ -70,6 +70,10 @@ if you don't. */ #undef HAVE_DECL_NID_X9_62_PRIME256V1 +/* Define to 1 if you have the declaration of `reallocarray', and to 0 if you + don't. */ +#undef HAVE_DECL_REALLOCARRAY + /* Define to 1 if you have the declaration of `sk_SSL_COMP_pop_free', and to 0 if you don't. */ #undef HAVE_DECL_SK_SSL_COMP_POP_FREE @@ -266,6 +270,9 @@ /* Define to 1 if you have the `random' function. */ #undef HAVE_RANDOM +/* Define to 1 if you have the `reallocarray' function. */ +#undef HAVE_REALLOCARRAY + /* Define to 1 if you have the `recvmsg' function. */ #undef HAVE_RECVMSG @@ -889,6 +896,12 @@ struct tm *gmtime_r(const time_t *timep, struct tm *result); #endif +#ifndef HAVE_REALLOCARRAY +#define reallocarray reallocarrayunbound +void* reallocarray(void *ptr, size_t nmemb, size_t size); +#endif + + #if !defined(HAVE_SLEEP) || defined(HAVE_WINDOWS_H) #define sleep(x) Sleep((x)*1000) /* on win32 */ #endif /* HAVE_SLEEP */ @@ -954,6 +967,9 @@ uint32_t arc4random(void); # if !HAVE_DECL_ARC4RANDOM_UNIFORM && defined(HAVE_ARC4RANDOM_UNIFORM) uint32_t arc4random_uniform(uint32_t upper_bound); # endif +# if !HAVE_DECL_REALLOCARRAY +void *reallocarray(void *ptr, size_t nmemb, size_t size); +# endif #endif /* HAVE_LIBRESSL */ #ifndef HAVE_ARC4RANDOM void explicit_bzero(void* buf, size_t len); diff --git a/configure b/configure index 0089ad1d4..425466ebd 100755 --- a/configure +++ b/configure @@ -16729,6 +16729,16 @@ fi cat >>confdefs.h <<_ACEOF #define HAVE_DECL_ARC4RANDOM_UNIFORM $ac_have_decl _ACEOF +ac_fn_c_check_decl "$LINENO" "reallocarray" "ac_cv_have_decl_reallocarray" "$ac_includes_default" +if test "x$ac_cv_have_decl_reallocarray" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_REALLOCARRAY $ac_have_decl +_ACEOF else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 @@ -18137,6 +18147,20 @@ esac fi +ac_fn_c_check_func "$LINENO" "reallocarray" "ac_cv_func_reallocarray" +if test "x$ac_cv_func_reallocarray" = xyes; then : + $as_echo "#define HAVE_REALLOCARRAY 1" >>confdefs.h + +else + case " $LIBOBJS " in + *" reallocarray.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS reallocarray.$ac_objext" + ;; +esac + +fi + + LIBOBJ_WITHOUT_CTIMEARC4="$LIBOBJS" if test "$USE_NSS" = "no"; then diff --git a/configure.ac b/configure.ac index 2fd1a4d8f..602813834 100644 --- a/configure.ac +++ b/configure.ac @@ -569,7 +569,7 @@ if grep OPENSSL_VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL AC_DEFINE([HAVE_LIBRESSL], [1], [Define if we have LibreSSL]) # libressl provides these compat functions, but they may also be # declared by the OS in libc. See if they have been declared. - AC_CHECK_DECLS([strlcpy,strlcat,arc4random,arc4random_uniform]) + AC_CHECK_DECLS([strlcpy,strlcat,arc4random,arc4random_uniform,reallocarray]) else AC_MSG_RESULT([no]) fi @@ -996,6 +996,7 @@ AC_REPLACE_FUNCS(strlcat) AC_REPLACE_FUNCS(strlcpy) AC_REPLACE_FUNCS(memmove) AC_REPLACE_FUNCS(gmtime_r) +AC_REPLACE_FUNCS(reallocarray) LIBOBJ_WITHOUT_CTIMEARC4="$LIBOBJS" AC_SUBST(LIBOBJ_WITHOUT_CTIMEARC4) if test "$USE_NSS" = "no"; then @@ -1236,6 +1237,7 @@ AHX_CONFIG_MEMMOVE(unbound) AHX_CONFIG_STRLCAT(unbound) AHX_CONFIG_STRLCPY(unbound) AHX_CONFIG_GMTIME_R(unbound) +AHX_CONFIG_REALLOCARRAY(unbound) AHX_CONFIG_W32_SLEEP AHX_CONFIG_W32_USLEEP AHX_CONFIG_W32_RANDOM @@ -1269,6 +1271,9 @@ uint32_t arc4random(void); # if !HAVE_DECL_ARC4RANDOM_UNIFORM && defined(HAVE_ARC4RANDOM_UNIFORM) uint32_t arc4random_uniform(uint32_t upper_bound); # endif +# if !HAVE_DECL_REALLOCARRAY +void *reallocarray(void *ptr, size_t nmemb, size_t size); +# endif #endif /* HAVE_LIBRESSL */ #ifndef HAVE_ARC4RANDOM void explicit_bzero(void* buf, size_t len); diff --git a/doc/Changelog b/doc/Changelog index 14f0d9f40..163e57473 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,7 @@ +17 March 2015: Wouter + - Use reallocarray for integer overflow protection, patch submitted + by Loganaden Velvindron. + 16 March 2015: Wouter - Fixup compile on cygwin, more portable openssl thread id. diff --git a/libunbound/context.c b/libunbound/context.c index c21f94184..e02af5e89 100644 --- a/libunbound/context.c +++ b/libunbound/context.c @@ -360,7 +360,7 @@ context_serialize_cancel(struct ctx_query* q, uint32_t* len) /* format of cancel: * o uint32 cmd * o uint32 async-id */ - uint8_t* p = (uint8_t*)malloc(2*sizeof(uint32_t)); + uint8_t* p = (uint8_t*)reallocarray(NULL, sizeof(uint32_t), 2); if(!p) return NULL; *len = 2*sizeof(uint32_t); sldns_write_uint32(p, UB_LIBCMD_CANCEL); diff --git a/util/config_file.c b/util/config_file.c index 41f8cd520..86755690a 100644 --- a/util/config_file.c +++ b/util/config_file.c @@ -454,7 +454,8 @@ int config_set_option(struct config_file* cfg, const char* opt, { IS_NUMBER_OR_ZERO; cfg->val_sig_skew_max = (int32_t)atoi(val); } else if (strcmp(opt, "outgoing-interface:") == 0) { char* d = strdup(val); - char** oi = (char**)malloc((cfg->num_out_ifs+1)*sizeof(char*)); + char** oi = + (char**)reallocarray(NULL, (cfg->num_out_ifs+1), sizeof(char*)); if(!d || !oi) { free(d); free(oi); return -1; } if(cfg->out_ifs && cfg->num_out_ifs) { memmove(oi, cfg->out_ifs, cfg->num_out_ifs*sizeof(char*)); @@ -1001,7 +1002,7 @@ int cfg_condense_ports(struct config_file* cfg, int** avail) *avail = NULL; if(num == 0) return 0; - *avail = (int*)malloc(sizeof(int)*num); + *avail = (int*)reallocarray(NULL, num, sizeof(int)); if(!*avail) return 0; for(i=0; i<65536; i++) { diff --git a/util/net_help.c b/util/net_help.c index 993ea2b5b..2cefac5a9 100644 --- a/util/net_help.c +++ b/util/net_help.c @@ -789,8 +789,8 @@ int ub_openssl_lock_init(void) { #if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) int i; - ub_openssl_locks = (lock_basic_t*)malloc( - sizeof(lock_basic_t)*CRYPTO_num_locks()); + ub_openssl_locks = (lock_basic_t*)reallocarray( + NULL, CRYPTO_num_locks(), sizeof(lock_basic_t)); if(!ub_openssl_locks) return 0; for(i=0; icount = num; pd->trust = rrset_trust_ultimate; - pd->rr_len = (size_t*)malloc(num*sizeof(size_t)); + pd->rr_len = (size_t*)reallocarray(NULL, num, sizeof(size_t)); if(!pd->rr_len) { free(pd); free(pkey->rk.dname); free(pkey); return NULL; } - pd->rr_ttl = (time_t*)malloc(num*sizeof(time_t)); + pd->rr_ttl = (time_t*)reallocarray(NULL, num, sizeof(time_t)); if(!pd->rr_ttl) { free(pd->rr_len); free(pd); @@ -897,7 +897,7 @@ assemble_it(struct trust_anchor* ta, size_t num, uint16_t type) free(pkey); return NULL; } - pd->rr_data = (uint8_t**)malloc(num*sizeof(uint8_t*)); + pd->rr_data = (uint8_t**)reallocarray(NULL, num, sizeof(uint8_t*)); if(!pd->rr_data) { free(pd->rr_ttl); free(pd->rr_len);