[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Emilia Kasper emilia at openssl.org
Tue Sep 22 18:05:18 UTC 2015 

The branch OpenSSL_1_0_2-stable has been updated
       via  51ff683c12104f667c33f37c1fdb35ab47571ea1 (commit)
       via  be250ee2d353a9c8ed858bf8ca274d3107ae2f64 (commit)
       via  f5afe9ce3f7ab8d2fef460054d1170427db0d02c (commit)
       via  f61216ba9d17430fb5eb3e2b202a209960b9d51b (commit)
      from  c038e6b50497a4c63044a509e925a6eebff3e747 (commit)


- Log -----------------------------------------------------------------
commit 51ff683c12104f667c33f37c1fdb35ab47571ea1
Author: Emilia Kasper <emilia at openssl.org>
Date:   Thu Sep 17 13:55:09 2015 +0200

    Document BUF_strnlen
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (cherry picked from commit 21b0fa91186ff1c1c3d956c0593ef4ac02521695)

commit be250ee2d353a9c8ed858bf8ca274d3107ae2f64
Author: Emilia Kasper <emilia at openssl.org>
Date:   Thu Sep 17 13:50:34 2015 +0200

    BUF_strdup and friends: update docs
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (cherry picked from commit 58e3457a82e8940ff36b36949f9c7a60e7614b2c)

commit f5afe9ce3f7ab8d2fef460054d1170427db0d02c
Author: Emilia Kasper <emilia at openssl.org>
Date:   Thu Sep 17 13:27:05 2015 +0200

    BUF_strndup: tidy
    
    Fix comment, add another overflow check, tidy style
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (cherry picked from commit de8883e11befde31d9b6cfbbd1fc017c365e0bbf)

commit f61216ba9d17430fb5eb3e2b202a209960b9d51b
Author: Alessandro Ghedini <alessandro at ghedini.me>
Date:   Wed Sep 16 17:54:05 2015 +0200

    Make BUF_strndup() read-safe on arbitrary inputs
    
    BUF_strndup was calling strlen through BUF_strlcpy, and ended up reading
    past the input if the input was not a C string.
    
    Make it explicitly part of BUF_strndup's contract to never read more
    than |siz| input bytes. This augments the standard strndup contract to
    be safer.
    
    The commit also adds a check for siz overflow and some brief documentation
    for BUF_strndup().
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (cherry picked from commit 110f7b37de9feecfb64950601cc7cec77cf6130b)

-----------------------------------------------------------------------

Summary of changes:
 crypto/buffer/buf_str.c | 21 ++++++++++++++-------
 crypto/buffer/buffer.h  |  6 ++++++
 doc/crypto/buffer.pod   | 49 ++++++++++++++++++++++++++-----------------------
 3 files changed, 46 insertions(+), 30 deletions(-)

diff --git a/crypto/buffer/buf_str.c b/crypto/buffer/buf_str.c
index ebc5ab4..fa0d608 100644
--- a/crypto/buffer/buf_str.c
+++ b/crypto/buffer/buf_str.c
@@ -58,6 +58,7 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
+#include <limits.h>
 #include <openssl/buffer.h>
 
 size_t BUF_strnlen(const char *str, size_t maxlen)
@@ -72,7 +73,7 @@ size_t BUF_strnlen(const char *str, size_t maxlen)
 char *BUF_strdup(const char *str)
 {
     if (str == NULL)
-        return (NULL);
+        return NULL;
     return BUF_strndup(str, strlen(str));
 }
 
@@ -81,16 +82,22 @@ char *BUF_strndup(const char *str, size_t siz)
     char *ret;
 
     if (str == NULL)
-        return (NULL);
+        return NULL;
 
     siz = BUF_strnlen(str, siz);
 
+    if (siz >= INT_MAX)
+        return NULL;
+
     ret = OPENSSL_malloc(siz + 1);
     if (ret == NULL) {
         BUFerr(BUF_F_BUF_STRNDUP, ERR_R_MALLOC_FAILURE);
-        return (NULL);
+        return NULL;
     }
-    BUF_strlcpy(ret, str, siz + 1);
+
+    memcpy(ret, str, siz);
+    ret[siz] = '\0';
+
     return (ret);
 }
 
@@ -98,13 +105,13 @@ void *BUF_memdup(const void *data, size_t siz)
 {
     void *ret;
 
-    if (data == NULL)
-        return (NULL);
+    if (data == NULL || siz >= INT_MAX)
+        return NULL;
 
     ret = OPENSSL_malloc(siz);
     if (ret == NULL) {
         BUFerr(BUF_F_BUF_MEMDUP, ERR_R_MALLOC_FAILURE);
-        return (NULL);
+        return NULL;
     }
     return memcpy(ret, data, siz);
 }
diff --git a/crypto/buffer/buffer.h b/crypto/buffer/buffer.h
index c343dd7..efd240a 100644
--- a/crypto/buffer/buffer.h
+++ b/crypto/buffer/buffer.h
@@ -86,7 +86,13 @@ int BUF_MEM_grow(BUF_MEM *str, size_t len);
 int BUF_MEM_grow_clean(BUF_MEM *str, size_t len);
 size_t BUF_strnlen(const char *str, size_t maxlen);
 char *BUF_strdup(const char *str);
+
+/*
+ * Like strndup, but in addition, explicitly guarantees to never read past the
+ * first |siz| bytes of |str|.
+ */
 char *BUF_strndup(const char *str, size_t siz);
+
 void *BUF_memdup(const void *data, size_t siz);
 void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz);
 
diff --git a/doc/crypto/buffer.pod b/doc/crypto/buffer.pod
index 781f5b1..52c5c84 100644
--- a/doc/crypto/buffer.pod
+++ b/doc/crypto/buffer.pod
@@ -2,8 +2,11 @@
 
 =head1 NAME
 
-BUF_MEM_new, BUF_MEM_free, BUF_MEM_grow, BUF_strdup - simple
-character arrays structure
+BUF_MEM_new, BUF_MEM_new_ex, BUF_MEM_free, BUF_MEM_grow - simple
+character array structure
+
+BUF_strdup, BUF_strndup, BUF_memdup, BUF_strlcpy, BUF_strlcat -
+standard C library equivalents
 
 =head1 SYNOPSIS
 
@@ -15,25 +18,22 @@ character arrays structure
 
  int	BUF_MEM_grow(BUF_MEM *str, int len);
 
- char *	BUF_strdup(const char *str);
+ char *BUF_strdup(const char *str);
 
-=head1 DESCRIPTION
+ char *BUF_strndup(const char *str, size_t siz);
 
-The buffer library handles simple character arrays. Buffers are used for
-various purposes in the library, most notably memory BIOs.
+ void *BUF_memdup(const void *data, size_t siz);
+
+ size_t BUF_strlcpy(char *dst, const char *src, size_t size);
 
-The library uses the BUF_MEM structure defined in buffer.h:
+ size_t BUF_strlcat(char *dst, const char *src, size_t size);
 
- typedef struct buf_mem_st
- {
-        int length;     /* current number of bytes */
-        char *data;
-        int max;        /* size of buffer */
- } BUF_MEM;
+ size_t BUF_strnlen(const char *str, size_t maxlen);
 
-B<length> is the current size of the buffer in bytes, B<max> is the amount of
-memory allocated to the buffer. There are three functions which handle these
-and one "miscellaneous" function.
+=head1 DESCRIPTION
+
+The buffer library handles simple character arrays. Buffers are used for
+various purposes in the library, most notably memory BIOs.
 
 BUF_MEM_new() allocates a new buffer of zero size.
 
@@ -44,14 +44,17 @@ BUF_MEM_grow() changes the size of an already existing buffer to
 B<len>. Any data already in the buffer is preserved if it increases in
 size.
 
-BUF_strdup() copies a null terminated string into a block of allocated
-memory and returns a pointer to the allocated block.
-Unlike the standard C library strdup() this function uses OPENSSL_malloc() and so
-should be used in preference to the standard library strdup() because it can
-be used for memory leak checking or replacing the malloc() function.
+BUF_strdup(), BUF_strndup(), BUF_memdup(), BUF_strlcpy(),
+BUF_strlcat() and BUF_strnlen are equivalents of the standard C
+library functions. The dup() functions use OPENSSL_malloc() underneath
+and so should be used in preference to the standard library for memory
+leak checking or replacing the malloc() function.
+
+Memory allocated from these functions should be freed up using the
+OPENSSL_free() function.
 
-The memory allocated from BUF_strdup() should be freed up using the OPENSSL_free()
-function.
+BUF_strndup makes the explicit guarantee that it will never read past
+the first B<siz> bytes of B<str>.
 
 =head1 RETURN VALUES

More information about the openssl-commits mailing list