mirror of
https://github.com/NLnetLabs/unbound.git
synced 2024-09-21 14:47:09 +00:00
- Fix for out of bounds integers, thanks to OSTIF audit. It is in
allocation debug code. git-svn-id: file:///svn/unbound/trunk@5143 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
parent
59570b0413
commit
e338143639
@ -1,6 +1,8 @@
|
||||
2 April 2019: Wouter
|
||||
- Fix auth-zone NSEC3 response for empty nonterminals with exact
|
||||
match nsec3 records.
|
||||
- Fix for out of bounds integers, thanks to OSTIF audit. It is in
|
||||
allocation debug code.
|
||||
|
||||
25 March 2019: Wouter
|
||||
- Fix that tls-session-ticket-keys: "" on its own in unbound.conf
|
||||
|
@ -376,6 +376,7 @@ void *unbound_stat_malloc(size_t size)
|
||||
{
|
||||
void* res;
|
||||
if(size == 0) size = 1;
|
||||
log_assert(size <= SIZE_MAX-16);
|
||||
res = malloc(size+16);
|
||||
if(!res) return NULL;
|
||||
unbound_mem_alloc += size;
|
||||
@ -398,6 +399,7 @@ void *unbound_stat_calloc(size_t nmemb, size_t size)
|
||||
if(nmemb != 0 && INT_MAX/nmemb < size)
|
||||
return NULL; /* integer overflow check */
|
||||
s = (nmemb*size==0)?(size_t)1:nmemb*size;
|
||||
log_assert(s <= SIZE_MAX-16);
|
||||
res = calloc(1, s+16);
|
||||
if(!res) return NULL;
|
||||
log_info("stat %p=calloc(%u, %u)", res+16, (unsigned)nmemb, (unsigned)size);
|
||||
@ -447,6 +449,7 @@ void *unbound_stat_realloc(void *ptr, size_t size)
|
||||
/* nothing changes */
|
||||
return ptr;
|
||||
}
|
||||
log_assert(size <= SIZE_MAX-16);
|
||||
res = malloc(size+16);
|
||||
if(!res) return NULL;
|
||||
unbound_mem_alloc += size;
|
||||
@ -521,7 +524,9 @@ void *unbound_stat_malloc_lite(size_t size, const char* file, int line,
|
||||
const char* func)
|
||||
{
|
||||
/* [prefix .. len .. actual data .. suffix] */
|
||||
void* res = malloc(size+lite_pad*2+sizeof(size_t));
|
||||
void* res;
|
||||
log_assert(size <= SIZE_MAX-(lite_pad*2+sizeof(size_t)));
|
||||
res = malloc(size+lite_pad*2+sizeof(size_t));
|
||||
if(!res) return NULL;
|
||||
memmove(res, lite_pre, lite_pad);
|
||||
memmove(res+lite_pad, &size, sizeof(size_t));
|
||||
@ -538,6 +543,7 @@ void *unbound_stat_calloc_lite(size_t nmemb, size_t size, const char* file,
|
||||
if(nmemb != 0 && INT_MAX/nmemb < size)
|
||||
return NULL; /* integer overflow check */
|
||||
req = nmemb * size;
|
||||
log_assert(req <= SIZE_MAX-(lite_pad*2+sizeof(size_t)));
|
||||
res = malloc(req+lite_pad*2+sizeof(size_t));
|
||||
if(!res) return NULL;
|
||||
memmove(res, lite_pre, lite_pad);
|
||||
|
Loading…
Reference in New Issue
Block a user