aboutsummaryrefslogtreecommitdiff
path: root/src/common
diff options
context:
space:
mode:
Diffstat (limited to 'src/common')
-rw-r--r--src/common/compat.c15
-rw-r--r--src/common/compat.h16
-rw-r--r--src/common/crypto.c11
-rw-r--r--src/common/memarea.c3
-rw-r--r--src/common/mempool.c4
-rw-r--r--src/common/torint.h2
-rw-r--r--src/common/tortls.c13
-rw-r--r--src/common/util.c11
8 files changed, 55 insertions, 20 deletions
diff --git a/src/common/compat.c b/src/common/compat.c
index b2dab5c34..4cc8d9979 100644
--- a/src/common/compat.c
+++ b/src/common/compat.c
@@ -126,6 +126,7 @@ tor_mmap_file(const char *filename)
return NULL;
}
+ /* XXXX why not just do fstat here? */
size = filesize = (size_t) lseek(fd, 0, SEEK_END);
lseek(fd, 0, SEEK_SET);
/* ensure page alignment */
@@ -294,7 +295,7 @@ tor_vsnprintf(char *str, size_t size, const char *format, va_list args)
int r;
if (size == 0)
return -1; /* no place for the NUL */
- if (size > SSIZE_T_MAX-16)
+ if (size > SIZE_T_CEILING)
return -1;
#ifdef MS_WINDOWS
r = _vsnprintf(str, size, format, args);
@@ -430,7 +431,7 @@ tor_fix_source_file(const char *fname)
* unaligned memory access.
*/
uint16_t
-get_uint16(const char *cp)
+get_uint16(const void *cp)
{
uint16_t v;
memcpy(&v,cp,2);
@@ -442,7 +443,7 @@ get_uint16(const char *cp)
* unaligned memory access.
*/
uint32_t
-get_uint32(const char *cp)
+get_uint32(const void *cp)
{
uint32_t v;
memcpy(&v,cp,4);
@@ -454,7 +455,7 @@ get_uint32(const char *cp)
* unaligned memory access.
*/
uint64_t
-get_uint64(const char *cp)
+get_uint64(const void *cp)
{
uint64_t v;
memcpy(&v,cp,8);
@@ -466,7 +467,7 @@ get_uint64(const char *cp)
* *(uint16_t*)(cp) = v, but will not cause segfaults on platforms that forbid
* unaligned memory access. */
void
-set_uint16(char *cp, uint16_t v)
+set_uint16(void *cp, uint16_t v)
{
memcpy(cp,&v,2);
}
@@ -475,7 +476,7 @@ set_uint16(char *cp, uint16_t v)
* *(uint32_t*)(cp) = v, but will not cause segfaults on platforms that forbid
* unaligned memory access. */
void
-set_uint32(char *cp, uint32_t v)
+set_uint32(void *cp, uint32_t v)
{
memcpy(cp,&v,4);
}
@@ -484,7 +485,7 @@ set_uint32(char *cp, uint32_t v)
* *(uint64_t*)(cp) = v, but will not cause segfaults on platforms that forbid
* unaligned memory access. */
void
-set_uint64(char *cp, uint64_t v)
+set_uint64(void *cp, uint64_t v)
{
memcpy(cp,&v,8);
}
diff --git a/src/common/compat.h b/src/common/compat.h
index fbbbb3fc9..209d9fc38 100644
--- a/src/common/compat.h
+++ b/src/common/compat.h
@@ -448,18 +448,18 @@ typedef enum {
/* ===== OS compatibility */
const char *get_uname(void);
-uint16_t get_uint16(const char *cp) ATTR_PURE ATTR_NONNULL((1));
-uint32_t get_uint32(const char *cp) ATTR_PURE ATTR_NONNULL((1));
-uint64_t get_uint64(const char *cp) ATTR_PURE ATTR_NONNULL((1));
-void set_uint16(char *cp, uint16_t v) ATTR_NONNULL((1));
-void set_uint32(char *cp, uint32_t v) ATTR_NONNULL((1));
-void set_uint64(char *cp, uint64_t v) ATTR_NONNULL((1));
+uint16_t get_uint16(const void *cp) ATTR_PURE ATTR_NONNULL((1));
+uint32_t get_uint32(const void *cp) ATTR_PURE ATTR_NONNULL((1));
+uint64_t get_uint64(const void *cp) ATTR_PURE ATTR_NONNULL((1));
+void set_uint16(void *cp, uint16_t v) ATTR_NONNULL((1));
+void set_uint32(void *cp, uint32_t v) ATTR_NONNULL((1));
+void set_uint64(void *cp, uint64_t v) ATTR_NONNULL((1));
/* These uint8 variants are defined to make the code more uniform. */
#define get_uint8(cp) (*(const uint8_t*)(cp))
-static void set_uint8(char *cp, uint8_t v);
+static void set_uint8(void *cp, uint8_t v);
static INLINE void
-set_uint8(char *cp, uint8_t v)
+set_uint8(void *cp, uint8_t v)
{
*(uint8_t*)cp = v;
}
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 8aef4771c..751a5b0c6 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -811,6 +811,8 @@ crypto_pk_public_checksig_digest(crypto_pk_env_t *env, const char *data,
tor_assert(env);
tor_assert(data);
tor_assert(sig);
+ tor_assert(datalen < SIZE_T_CEILING);
+ tor_assert(siglen < SIZE_T_CEILING);
if (crypto_digest(digest,data,datalen)<0) {
log_warn(LD_BUG, "couldn't compute digest");
@@ -911,6 +913,7 @@ crypto_pk_public_hybrid_encrypt(crypto_pk_env_t *env,
tor_assert(env);
tor_assert(from);
tor_assert(to);
+ tor_assert(fromlen < SIZE_T_CEILING);
overhead = crypto_get_rsa_padding_overhead(crypto_get_rsa_padding(padding));
pkeylen = crypto_pk_keysize(env);
@@ -978,6 +981,7 @@ crypto_pk_private_hybrid_decrypt(crypto_pk_env_t *env,
crypto_cipher_env_t *cipher = NULL;
char *buf = NULL;
+ tor_assert(fromlen < SIZE_T_CEILING);
pkeylen = crypto_pk_keysize(env);
if (fromlen <= pkeylen) {
@@ -1027,7 +1031,7 @@ crypto_pk_asn1_encode(crypto_pk_env_t *pk, char *dest, size_t dest_len)
int len;
unsigned char *buf, *cp;
len = i2d_RSAPublicKey(pk->key, NULL);
- if (len < 0 || (size_t)len > dest_len)
+ if (len < 0 || (size_t)len > dest_len || dest_len > SIZE_T_CEILING)
return -1;
cp = buf = tor_malloc(len+1);
len = i2d_RSAPublicKey(pk->key, &cp);
@@ -1102,6 +1106,8 @@ add_spaces_to_fp(char *out, size_t outlen, const char *in)
{
int n = 0;
char *end = out+outlen;
+ tor_assert(outlen < SIZE_T_CEILING);
+
while (*in && out<end) {
*out++ = *in++;
if (++n == 4 && *in && out<end) {
@@ -1252,6 +1258,7 @@ crypto_cipher_encrypt(crypto_cipher_env_t *env, char *to,
tor_assert(from);
tor_assert(fromlen);
tor_assert(to);
+ tor_assert(fromlen < SIZE_T_CEILING);
aes_crypt(env->cipher, from, fromlen, to);
return 0;
@@ -1268,6 +1275,7 @@ crypto_cipher_decrypt(crypto_cipher_env_t *env, char *to,
tor_assert(env);
tor_assert(from);
tor_assert(to);
+ tor_assert(fromlen < SIZE_T_CEILING);
aes_crypt(env->cipher, from, fromlen, to);
return 0;
@@ -1279,6 +1287,7 @@ crypto_cipher_decrypt(crypto_cipher_env_t *env, char *to,
int
crypto_cipher_crypt_inplace(crypto_cipher_env_t *env, char *buf, size_t len)
{
+ tor_assert(len < SIZE_T_CEILING);
aes_crypt_inplace(env->cipher, buf, len);
return 0;
}
diff --git a/src/common/memarea.c b/src/common/memarea.c
index 9d908bae5..edd7bbe9e 100644
--- a/src/common/memarea.c
+++ b/src/common/memarea.c
@@ -73,6 +73,7 @@ static memarea_chunk_t *freelist = NULL;
static memarea_chunk_t *
alloc_chunk(size_t sz, int freelist_ok)
{
+ tor_assert(sz < SIZE_T_CEILING);
if (freelist && freelist_ok) {
memarea_chunk_t *res = freelist;
freelist = res->next_chunk;
@@ -182,6 +183,7 @@ memarea_alloc(memarea_t *area, size_t sz)
memarea_chunk_t *chunk = area->first;
char *result;
tor_assert(chunk);
+ tor_assert(sz < SIZE_T_CEILING);
if (sz == 0)
sz = 1;
if (chunk->next_mem+sz > chunk->u.mem+chunk->mem_size) {
@@ -240,6 +242,7 @@ memarea_strndup(memarea_t *area, const char *s, size_t n)
size_t ln;
char *result;
const char *cp, *end = s+n;
+ tor_assert(n < SIZE_T_CEILING);
for (cp = s; cp < end && *cp; ++cp)
;
/* cp now points to s+n, or to the 0 in the string. */
diff --git a/src/common/mempool.c b/src/common/mempool.c
index 256388a9f..1f79221b4 100644
--- a/src/common/mempool.c
+++ b/src/common/mempool.c
@@ -357,6 +357,10 @@ mp_pool_new(size_t item_size, size_t chunk_capacity)
mp_pool_t *pool;
size_t alloc_size, new_chunk_cap;
+ tor_assert(item_size < SIZE_T_CEILING);
+ tor_assert(chunk_capacity < SIZE_T_CEILING);
+ tor_assert(SIZE_T_CEILING / item_size > chunk_capacity);
+
pool = ALLOC(sizeof(mp_pool_t));
CHECK_ALLOC(pool);
memset(pool, 0, sizeof(mp_pool_t));
diff --git a/src/common/torint.h b/src/common/torint.h
index d9722868d..665b0b4c7 100644
--- a/src/common/torint.h
+++ b/src/common/torint.h
@@ -331,7 +331,7 @@ typedef uint32_t uintptr_t;
#endif
/* Any size_t larger than this amount is likely to be an underflow. */
-#define SIZE_T_CEILING (sizeof(char)<<(sizeof(size_t)*8 - 1))
+#define SIZE_T_CEILING (SSIZE_T_MAX-16)
#endif /* __TORINT_H */
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 25f21a989..4d11d6d7f 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -17,6 +17,17 @@
#include "orconfig.h"
#include <assert.h>
+#ifdef MS_WINDOWS /*wrkard for dtls1.h >= 0.9.8m of "#include <winsock.h>"*/
+ #define WIN32_WINNT 0x400
+ #define _WIN32_WINNT 0x400
+ #define WIN32_LEAN_AND_MEAN
+ #if defined(_MSC_VER) && (_MSC_VER < 1300)
+ #include <winsock.h>
+ #else
+ #include <winsock2.h>
+ #include <ws2tcpip.h>
+ #endif
+#endif
#include <openssl/ssl.h>
#include <openssl/ssl3.h>
#include <openssl/err.h>
@@ -898,7 +909,7 @@ tor_tls_new(int sock, int isServer)
#ifdef SSL_set_tlsext_host_name
/* Browsers use the TLS hostname extension, so we should too. */
- {
+ if (!isServer) {
char *fake_hostname = crypto_random_hostname(4,25, "www.",".com");
SSL_set_tlsext_host_name(result->ssl, fake_hostname);
tor_free(fake_hostname);
diff --git a/src/common/util.c b/src/common/util.c
index 34bb9cc37..0571a532c 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -115,6 +115,8 @@ _tor_malloc(size_t size DMALLOC_PARAMS)
{
void *result;
+ tor_assert(size < SIZE_T_CEILING);
+
#ifndef MALLOC_ZERO_WORKS
/* Some libc mallocs don't work when size==0. Override them. */
if (size==0) {
@@ -211,6 +213,7 @@ _tor_strndup(const char *s, size_t n DMALLOC_PARAMS)
{
char *dup;
tor_assert(s);
+ tor_assert(n < SIZE_T_CEILING);
dup = _tor_malloc((n+1) DMALLOC_FN_ARGS);
/* Performance note: Ordinarily we prefer strlcpy to strncpy. But
* this function gets called a whole lot, and platform strncpy is
@@ -227,6 +230,7 @@ void *
_tor_memdup(const void *mem, size_t len DMALLOC_PARAMS)
{
char *dup;
+ tor_assert(len < SIZE_T_CEILING);
tor_assert(mem);
dup = _tor_malloc(len DMALLOC_FN_ARGS);
memcpy(dup, mem, len);
@@ -256,12 +260,15 @@ void *
_tor_malloc_roundup(size_t *sizep DMALLOC_PARAMS)
{
#ifdef HAVE_MALLOC_GOOD_SIZE
+ tor_assert(*sizep < SIZE_T_CEILING);
*sizep = malloc_good_size(*sizep);
return _tor_malloc(*sizep DMALLOC_FN_ARGS);
#elif 0 && defined(HAVE_MALLOC_USABLE_SIZE) && !defined(USE_DMALLOC)
/* Never use malloc_usable_size(); it makes valgrind really unhappy,
* and doesn't win much in terms of usable space where it exists. */
- void *result = _tor_malloc(*sizep DMALLOC_FN_ARGS);
+ void *result;
+ tor_assert(*sizep < SIZE_T_CEILING);
+ result = _tor_malloc(*sizep DMALLOC_FN_ARGS);
*sizep = malloc_usable_size(result);
return result;
#else
@@ -1927,7 +1934,7 @@ read_file_to_str(const char *filename, int flags, struct stat *stat_out)
return NULL;
}
- if ((uint64_t)(statbuf.st_size)+1 > SIZE_T_MAX)
+ if ((uint64_t)(statbuf.st_size)+1 > SIZE_T_CEILING)
return NULL;
string = tor_malloc((size_t)(statbuf.st_size+1));
generated by cgit v1.2.3 (git 2.25.4) at 2024-10-01 11:55:23 +0000