clones/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2024-09-21 22:57:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Fix #30: AddressSanitizer finding in lookup3.c.

Browse Source 
This sets the hash function to use a slower but better auditable code
that does not read beyond array boundaries.  This makes code better
security checkable, and is better for security.  It is fixed to be
slower, but not read outside of the array.
This commit is contained in:
W.C.A. Wijngaards 2019-05-06 09:44:01 +02:00
parent 9b7843f879
commit f1c23891ab
2 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
doc/Changelog
View File

@ -1,5 +1,10 @@
6 May 2019: Wouter
- Fix #29: Solaris 11.3 and missing symbols be64toh, htobe64.
- Fix #30: AddressSanitizer finding in lookup3.c. This sets the
hash function to use a slower but better auditable code that does
not read beyond array boundaries. This makes code better security
checkable, and is better for security. It is fixed to be slower,
but not read outside of the array.
2 May 2019: Wouter
- contrib/fastrpz.patch updated for code changes, and with git diff.

8
util/storage/lookup3.c
View File

@ -1,4 +1,7 @@
/*
May 2019(Wouter: patch to enable the valgrind clean implementation all the
time. This enabled better security audit and checks, which is better
than the speedup. Git issue #30. Renamed the define ARRAY_CLEAN_ACCESS.
February 2013(Wouter) patch defines for BSD endianness, from Brad Smith.
January 2012(Wouter) added randomised initial value, fallout from 28c3.
March 2007(Wouter) adapted from lookup3.c original, add config.h include.
@ -44,6 +47,7 @@ on 1 byte), but shoehorning those bytes into integers efficiently is messy.
-------------------------------------------------------------------------------
*/
/*#define SELF_TEST 1*/
#define ARRAY_CLEAN_ACCESS 1
#include "config.h"
#include "util/storage/lookup3.h"
@ -336,7 +340,7 @@ uint32_t hashlittle( const void *key, size_t length, uint32_t initval)
u.ptr = key;
if (HASH_LITTLE_ENDIAN && ((u.i & 0x3) == 0)) {
const uint32_t *k = (const uint32_t *)key; /* read 32-bit chunks */
#ifdef VALGRIND
#ifdef ARRAY_CLEAN_ACCESS
const uint8_t *k8;
#endif
@ -361,7 +365,7 @@ uint32_t hashlittle( const void *key, size_t length, uint32_t initval)
* still catch it and complain. The masking trick does make the hash
* noticeably faster for short strings (like English words).
*/
#ifndef VALGRIND
#ifndef ARRAY_CLEAN_ACCESS
switch(length)
{