[openssl-commits] [openssl] master update
Emilia Kasper
emilia at openssl.org
Tue Sep 22 17:57:42 UTC 2015
The branch master has been updated
via 21b0fa91186ff1c1c3d956c0593ef4ac02521695 (commit)
via 58e3457a82e8940ff36b36949f9c7a60e7614b2c (commit)
via de8883e11befde31d9b6cfbbd1fc017c365e0bbf (commit)
via 110f7b37de9feecfb64950601cc7cec77cf6130b (commit)
from db9defdfe306e1adf0af7188b187d535eb0268da (commit)
- Log -----------------------------------------------------------------
commit 21b0fa91186ff1c1c3d956c0593ef4ac02521695
Author: Emilia Kasper <emilia at openssl.org>
Date: Thu Sep 17 13:55:09 2015 +0200
Document BUF_strnlen
Reviewed-by: Matt Caswell <matt at openssl.org>
commit 58e3457a82e8940ff36b36949f9c7a60e7614b2c
Author: Emilia Kasper <emilia at openssl.org>
Date: Thu Sep 17 13:50:34 2015 +0200
BUF_strdup and friends: update docs
Reviewed-by: Matt Caswell <matt at openssl.org>
commit de8883e11befde31d9b6cfbbd1fc017c365e0bbf
Author: Emilia Kasper <emilia at openssl.org>
Date: Thu Sep 17 13:27:05 2015 +0200
BUF_strndup: tidy
Fix comment, add another overflow check, tidy style
Reviewed-by: Matt Caswell <matt at openssl.org>
commit 110f7b37de9feecfb64950601cc7cec77cf6130b
Author: Alessandro Ghedini <alessandro at ghedini.me>
Date: Wed Sep 16 17:54:05 2015 +0200
Make BUF_strndup() read-safe on arbitrary inputs
BUF_strndup was calling strlen through BUF_strlcpy, and ended up reading
past the input if the input was not a C string.
Make it explicitly part of BUF_strndup's contract to never read more
than |siz| input bytes. This augments the standard strndup contract to
be safer.
The commit also adds a check for siz overflow and some brief documentation
for BUF_strndup().
Reviewed-by: Matt Caswell <matt at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/buffer/buf_str.c | 21 +++++++++++++-------
doc/crypto/buffer.pod | 51 +++++++++++++++++++++++++-----------------------
include/openssl/buffer.h | 6 ++++++
3 files changed, 47 insertions(+), 31 deletions(-)
diff --git a/crypto/buffer/buf_str.c b/crypto/buffer/buf_str.c
index 1e8d7f6..1f3e8a4 100644
--- a/crypto/buffer/buf_str.c
+++ b/crypto/buffer/buf_str.c
@@ -57,6 +57,7 @@
*/
#include <stdio.h>
+#include <limits.h>
#include "internal/cryptlib.h"
#include <openssl/buffer.h>
@@ -72,7 +73,7 @@ size_t BUF_strnlen(const char *str, size_t maxlen)
char *BUF_strdup(const char *str)
{
if (str == NULL)
- return (NULL);
+ return NULL;
return BUF_strndup(str, strlen(str));
}
@@ -81,16 +82,22 @@ char *BUF_strndup(const char *str, size_t siz)
char *ret;
if (str == NULL)
- return (NULL);
+ return NULL;
siz = BUF_strnlen(str, siz);
+ if (siz >= INT_MAX)
+ return NULL;
+
ret = OPENSSL_malloc(siz + 1);
if (ret == NULL) {
BUFerr(BUF_F_BUF_STRNDUP, ERR_R_MALLOC_FAILURE);
- return (NULL);
+ return NULL;
}
- BUF_strlcpy(ret, str, siz + 1);
+
+ memcpy(ret, str, siz);
+ ret[siz] = '\0';
+
return (ret);
}
@@ -98,13 +105,13 @@ void *BUF_memdup(const void *data, size_t siz)
{
void *ret;
- if (data == NULL)
- return (NULL);
+ if (data == NULL || siz >= INT_MAX)
+ return NULL;
ret = OPENSSL_malloc(siz);
if (ret == NULL) {
BUFerr(BUF_F_BUF_MEMDUP, ERR_R_MALLOC_FAILURE);
- return (NULL);
+ return NULL;
}
return memcpy(ret, data, siz);
}
diff --git a/doc/crypto/buffer.pod b/doc/crypto/buffer.pod
index c56cc89..d43518a 100644
--- a/doc/crypto/buffer.pod
+++ b/doc/crypto/buffer.pod
@@ -2,8 +2,11 @@
=head1 NAME
-BUF_MEM_new, BUF_MEM_free, BUF_MEM_grow, BUF_strdup - simple
-character arrays structure
+BUF_MEM_new, BUF_MEM_new_ex, BUF_MEM_free, BUF_MEM_grow - simple
+character array structure
+
+BUF_strdup, BUF_strndup, BUF_memdup, BUF_strlcpy, BUF_strlcat -
+standard C library equivalents
=head1 SYNOPSIS
@@ -13,31 +16,28 @@ character arrays structure
#define BUF_MEM_FLAG_SECURE
- BUF_MEM * BUF_MEM_new_ex(unsigned long flags);
+ BUF_MEM *BUF_MEM_new_ex(unsigned long flags);
void BUF_MEM_free(BUF_MEM *a);
int BUF_MEM_grow(BUF_MEM *str, int len);
- char * BUF_strdup(const char *str);
+ char *BUF_strdup(const char *str);
-=head1 DESCRIPTION
+ char *BUF_strndup(const char *str, size_t siz);
-The buffer library handles simple character arrays. Buffers are used for
-various purposes in the library, most notably memory BIOs.
+ void *BUF_memdup(const void *data, size_t siz);
+
+ size_t BUF_strlcpy(char *dst, const char *src, size_t size);
-The library uses the BUF_MEM structure defined in buffer.h:
+ size_t BUF_strlcat(char *dst, const char *src, size_t size);
- typedef struct buf_mem_st
- {
- int length; /* current number of bytes */
- char *data;
- int max; /* size of buffer */
- } BUF_MEM;
+ size_t BUF_strnlen(const char *str, size_t maxlen);
-B<length> is the current size of the buffer in bytes, B<max> is the amount of
-memory allocated to the buffer. There are three functions which handle these
-and one "miscellaneous" function.
+=head1 DESCRIPTION
+
+The buffer library handles simple character arrays. Buffers are used for
+various purposes in the library, most notably memory BIOs.
BUF_MEM_new() allocates a new buffer of zero size.
@@ -52,14 +52,17 @@ BUF_MEM_grow() changes the size of an already existing buffer to
B<len>. Any data already in the buffer is preserved if it increases in
size.
-BUF_strdup() copies a null terminated string into a block of allocated
-memory and returns a pointer to the allocated block.
-Unlike the standard C library strdup() this function uses OPENSSL_malloc() and so
-should be used in preference to the standard library strdup() because it can
-be used for memory leak checking or replacing the malloc() function.
+BUF_strdup(), BUF_strndup(), BUF_memdup(), BUF_strlcpy(),
+BUF_strlcat() and BUF_strnlen are equivalents of the standard C
+library functions. The dup() functions use OPENSSL_malloc() underneath
+and so should be used in preference to the standard library for memory
+leak checking or replacing the malloc() function.
+
+Memory allocated from these functions should be freed up using the
+OPENSSL_free() function.
-The memory allocated from BUF_strdup() should be freed up using the OPENSSL_free()
-function.
+BUF_strndup makes the explicit guarantee that it will never read past
+the first B<siz> bytes of B<str>.
=head1 RETURN VALUES
diff --git a/include/openssl/buffer.h b/include/openssl/buffer.h
index af30a90..f22ed09 100644
--- a/include/openssl/buffer.h
+++ b/include/openssl/buffer.h
@@ -90,7 +90,13 @@ size_t BUF_MEM_grow(BUF_MEM *str, size_t len);
size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len);
size_t BUF_strnlen(const char *str, size_t maxlen);
char *BUF_strdup(const char *str);
+
+/*
+ * Like strndup, but in addition, explicitly guarantees to never read past the
+ * first |siz| bytes of |str|.
+ */
char *BUF_strndup(const char *str, size_t siz);
+
void *BUF_memdup(const void *data, size_t siz);
void BUF_reverse(unsigned char *out, unsigned char *in, size_t siz);
More information about the openssl-commits
mailing list