Changeset 4bf4ce2 in mod_gnutls for src/gnutls_ocsp.c

Timestamp:

Jun 5, 2016, 3:42:32 PM (4 years ago)

Author:

Thomas Klute <thomas2.klute@…>

Branches:

debian/master, debian/stretch-backports, master, upstream

Children:

368e581

Parents:

6b4136c

git-author:

Thomas Klute <thomas2.klute@…> (06/05/16 08:50:28)

git-committer:

Thomas Klute <thomas2.klute@…> (06/05/16 15:42:32)

Message:

Use GCC builtins to catch overflows with mixed integer types

Different libraries (here: GnuTLS and APR) use different integer types
for lengths in their internal data structures. When assigning integer
types of different size to each other, overflows are possible,
although extremely unlikely in this context. The GCC arithmetic
overflow checking builtins provide an easy way to catch overflows
before they can cause trouble. Requires GCC 5 or later.

File:

• src/gnutls_ocsp.c (modified) (2 diffs)

src/gnutls_ocsp.c

@@ -226 +226 @@
     unsigned char * fp = apr_palloc(p, fplen);
     gnutls_x509_crt_get_fingerprint(cert, GNUTLS_DIG_SHA1, fp, &fplen);
-    // TODO: Prevent overflow
-    fingerprint.size = fplen;
-    fingerprint.data = fp;
+    /* Safe integer type conversion: The types of fingerprint.size
+     * (unsigned int) and fplen (size_t) may have different
+     * lengths. */
+    if (__builtin_add_overflow(fplen, 0, &fingerprint.size))
+        fingerprint.size = 0;
+    else
+        fingerprint.data = fp;
     return fingerprint;
 }
@@ -284 +288 @@
     }
     apr_file_close(file);
-    // TODO: Prevent overflow
-    resp.size = br;
-
+    /* safe integer type conversion */
+    if (__builtin_add_overflow(br, 0, &resp.size))
+    {
+        apr_pool_destroy(tmp);
+        return APR_EINVAL;
+    }
 
     /* TODO: make cache lifetime configurable */