Changeset 4bf4ce2 in mod_gnutls


Ignore:
Timestamp:
Jun 5, 2016, 3:42:32 PM (3 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
debian/master, debian/stretch-backports, master, upstream
Children:
368e581
Parents:
6b4136c
git-author:
Thomas Klute <thomas2.klute@…> (06/05/16 08:50:28)
git-committer:
Thomas Klute <thomas2.klute@…> (06/05/16 15:42:32)
Message:

Use GCC builtins to catch overflows with mixed integer types

Different libraries (here: GnuTLS and APR) use different integer types
for lengths in their internal data structures. When assigning integer
types of different size to each other, overflows are possible,
although extremely unlikely in this context. The GCC arithmetic
overflow checking builtins provide an easy way to catch overflows
before they can cause trouble. Requires GCC 5 or later.

Files:
2 edited

Legend:

Unmodified
Added
Removed
  • README

    r6b4136c r4bf4ce2  
    2424 * GnuTLS          >= 3.1.4 <http://www.gnutls.org/> (3.2.* or newer preferred)
    2525 * Apache HTTPD    >= 2.2 <http://httpd.apache.org/> (2.4.* preferred)
    26  * autotools, GNU make, & gcc
     26 * autotools, GNU make, & gcc (5 or later)
    2727 * libmsv          >= 0.1 (Optional, enable with ./configure --enable-msva)
    2828 * pandoc   (for documentation, optional)
  • src/gnutls_ocsp.c

    r6b4136c r4bf4ce2  
    226226    unsigned char * fp = apr_palloc(p, fplen);
    227227    gnutls_x509_crt_get_fingerprint(cert, GNUTLS_DIG_SHA1, fp, &fplen);
    228     // TODO: Prevent overflow
    229     fingerprint.size = fplen;
    230     fingerprint.data = fp;
     228    /* Safe integer type conversion: The types of fingerprint.size
     229     * (unsigned int) and fplen (size_t) may have different
     230     * lengths. */
     231    if (__builtin_add_overflow(fplen, 0, &fingerprint.size))
     232        fingerprint.size = 0;
     233    else
     234        fingerprint.data = fp;
    231235    return fingerprint;
    232236}
     
    284288    }
    285289    apr_file_close(file);
    286     // TODO: Prevent overflow
    287     resp.size = br;
    288 
     290    /* safe integer type conversion */
     291    if (__builtin_add_overflow(br, 0, &resp.size))
     292    {
     293        apr_pool_destroy(tmp);
     294        return APR_EINVAL;
     295    }
    289296
    290297    /* TODO: make cache lifetime configurable */
Note: See TracChangeset for help on using the changeset viewer.