[openssl-commits] [openssl] OpenSSL_1_0_1-stable update
Emilia Kasper
emilia at openssl.org
Tue Sep 22 18:12:38 UTC 2015
The branch OpenSSL_1_0_1-stable has been updated
via 456b9820ebaa7e9bfec8eec27326478cc0a3b0fa (commit)
via e56c77b8ee964b233137eea15b067eed1b1b44ea (commit)
via 69051874889696c2064b556ad4614d2f3644258a (commit)
from 9d1fcbebbc0b026c87f1ad37d47be2e87608ca11 (commit)
- Log -----------------------------------------------------------------
commit 456b9820ebaa7e9bfec8eec27326478cc0a3b0fa
Author: Emilia Kasper <emilia at openssl.org>
Date: Thu Sep 17 13:50:34 2015 +0200
BUF_strdup and friends: update docs
Reviewed-by: Matt Caswell <matt at openssl.org>
(cherry picked from commit 58e3457a82e8940ff36b36949f9c7a60e7614b2c)
(cherry picked from commit be250ee2d353a9c8ed858bf8ca274d3107ae2f64)
commit e56c77b8ee964b233137eea15b067eed1b1b44ea
Author: Emilia Kasper <emilia at openssl.org>
Date: Thu Sep 17 13:27:05 2015 +0200
BUF_strndup: tidy
Fix comment, add another overflow check, tidy style
Reviewed-by: Matt Caswell <matt at openssl.org>
(cherry picked from commit de8883e11befde31d9b6cfbbd1fc017c365e0bbf)
(cherry picked from commit f5afe9ce3f7ab8d2fef460054d1170427db0d02c)
commit 69051874889696c2064b556ad4614d2f3644258a
Author: Alessandro Ghedini <alessandro at ghedini.me>
Date: Wed Sep 16 17:54:05 2015 +0200
Make BUF_strndup() read-safe on arbitrary inputs
BUF_strndup was calling strlen through BUF_strlcpy, and ended up reading
past the input if the input was not a C string.
Make it explicitly part of BUF_strndup's contract to never read more
than |siz| input bytes. This augments the standard strndup contract to
be safer.
The commit also adds a check for siz overflow and some brief documentation
for BUF_strndup().
Reviewed-by: Matt Caswell <matt at openssl.org>
(cherry picked from commit 110f7b37de9feecfb64950601cc7cec77cf6130b)
(cherry picked from commit f61216ba9d17430fb5eb3e2b202a209960b9d51b)
-----------------------------------------------------------------------
Summary of changes:
crypto/buffer/buf_str.c | 21 ++++++++++++++-------
crypto/buffer/buffer.h | 6 ++++++
doc/crypto/buffer.pod | 47 ++++++++++++++++++++++++-----------------------
3 files changed, 44 insertions(+), 30 deletions(-)
diff --git a/crypto/buffer/buf_str.c b/crypto/buffer/buf_str.c
index fdde3d7..233af24 100644
--- a/crypto/buffer/buf_str.c
+++ b/crypto/buffer/buf_str.c
@@ -58,12 +58,13 @@
#include <stdio.h>
#include "cryptlib.h"
+#include <limits.h>
#include <openssl/buffer.h>
char *BUF_strdup(const char *str)
{
if (str == NULL)
- return (NULL);
+ return NULL;
return BUF_strndup(str, strlen(str));
}
@@ -72,14 +73,20 @@ char *BUF_strndup(const char *str, size_t siz)
char *ret;
if (str == NULL)
- return (NULL);
+ return NULL;
+
+ if (siz >= INT_MAX)
+ return NULL;
ret = OPENSSL_malloc(siz + 1);
if (ret == NULL) {
BUFerr(BUF_F_BUF_STRNDUP, ERR_R_MALLOC_FAILURE);
- return (NULL);
+ return NULL;
}
- BUF_strlcpy(ret, str, siz + 1);
+
+ memcpy(ret, str, siz);
+ ret[siz] = '\0';
+
return (ret);
}
@@ -87,13 +94,13 @@ void *BUF_memdup(const void *data, size_t siz)
{
void *ret;
- if (data == NULL)
- return (NULL);
+ if (data == NULL || siz >= INT_MAX)
+ return NULL;
ret = OPENSSL_malloc(siz);
if (ret == NULL) {
BUFerr(BUF_F_BUF_MEMDUP, ERR_R_MALLOC_FAILURE);
- return (NULL);
+ return NULL;
}
return memcpy(ret, data, siz);
}
diff --git a/crypto/buffer/buffer.h b/crypto/buffer/buffer.h
index 632df93..89183ad 100644
--- a/crypto/buffer/buffer.h
+++ b/crypto/buffer/buffer.h
@@ -85,7 +85,13 @@ void BUF_MEM_free(BUF_MEM *a);
int BUF_MEM_grow(BUF_MEM *str, size_t len);
int BUF_MEM_grow_clean(BUF_MEM *str, size_t len);
char *BUF_strdup(const char *str);
+
+/*
+ * Like strndup, but in addition, explicitly guarantees to never read past the
+ * first |siz| bytes of |str|.
+ */
char *BUF_strndup(const char *str, size_t siz);
+
void *BUF_memdup(const void *data, size_t siz);
void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz);
diff --git a/doc/crypto/buffer.pod b/doc/crypto/buffer.pod
index 781f5b1..9d6de53 100644
--- a/doc/crypto/buffer.pod
+++ b/doc/crypto/buffer.pod
@@ -2,8 +2,11 @@
=head1 NAME
-BUF_MEM_new, BUF_MEM_free, BUF_MEM_grow, BUF_strdup - simple
-character arrays structure
+BUF_MEM_new, BUF_MEM_new_ex, BUF_MEM_free, BUF_MEM_grow - simple
+character array structure
+
+BUF_strdup, BUF_strndup, BUF_memdup, BUF_strlcpy, BUF_strlcat -
+standard C library equivalents
=head1 SYNOPSIS
@@ -15,25 +18,20 @@ character arrays structure
int BUF_MEM_grow(BUF_MEM *str, int len);
- char * BUF_strdup(const char *str);
+ char *BUF_strdup(const char *str);
-=head1 DESCRIPTION
+ char *BUF_strndup(const char *str, size_t siz);
-The buffer library handles simple character arrays. Buffers are used for
-various purposes in the library, most notably memory BIOs.
+ void *BUF_memdup(const void *data, size_t siz);
-The library uses the BUF_MEM structure defined in buffer.h:
+ size_t BUF_strlcpy(char *dst, const char *src, size_t size);
- typedef struct buf_mem_st
- {
- int length; /* current number of bytes */
- char *data;
- int max; /* size of buffer */
- } BUF_MEM;
+ size_t BUF_strlcat(char *dst, const char *src, size_t size);
-B<length> is the current size of the buffer in bytes, B<max> is the amount of
-memory allocated to the buffer. There are three functions which handle these
-and one "miscellaneous" function.
+=head1 DESCRIPTION
+
+The buffer library handles simple character arrays. Buffers are used for
+various purposes in the library, most notably memory BIOs.
BUF_MEM_new() allocates a new buffer of zero size.
@@ -44,14 +42,17 @@ BUF_MEM_grow() changes the size of an already existing buffer to
B<len>. Any data already in the buffer is preserved if it increases in
size.
-BUF_strdup() copies a null terminated string into a block of allocated
-memory and returns a pointer to the allocated block.
-Unlike the standard C library strdup() this function uses OPENSSL_malloc() and so
-should be used in preference to the standard library strdup() because it can
-be used for memory leak checking or replacing the malloc() function.
+BUF_strdup(), BUF_strndup(), BUF_memdup(), BUF_strlcpy() and
+BUF_strlcat() are equivalents of the standard C library functions. The
+dup() functions use OPENSSL_malloc() underneath and so should be used
+in preference to the standard library for memory leak checking or
+replacing the malloc() function.
+
+Memory allocated from these functions should be freed up using the
+OPENSSL_free() function.
-The memory allocated from BUF_strdup() should be freed up using the OPENSSL_free()
-function.
+BUF_strndup makes the explicit guarantee that it will never read past
+the first B<siz> bytes of B<str>.
=head1 RETURN VALUES
More information about the openssl-commits
mailing list