* secmem.c (ptr_into_pool_p): New.

(m_is_secure): Implement in terms of above. Also check that the pool has been initialized.
2024-09-22 15:11:41 +02:00 · 2007-02-12 14:13:37 +00:00 · 2007-02-12 14:13:37 +00:00 · 22be39dfac
commit 22be39dfac
parent 1475939994
2 changed files with 24 additions and 1 deletions
--- a/util/ChangeLog
+++ b/util/ChangeLog
@ -1,3 +1,9 @@
+2007-02-12  Werner Koch  <wk@g10code.com>
+
+	* secmem.c (ptr_into_pool_p): New.
+	(m_is_secure): Implement in terms of above.  Also check that the
+	pool has been initialized.
+
 2007-02-10  David Shaw  <dshaw@jabberwocky.com>

 	* http.c (do_parse_uri): Remove the hkp port 11371 detection.  We
--- a/util/secmem.c
+++ b/util/secmem.c
@ -449,10 +449,27 @@ secmem_free( void *a )
    cur_alloced -= size;
 }

+
+/* Check whether P points into the pool.  */
+static int
+ptr_into_pool_p (const void *p)
+{
+  /* We need to convert pointers to addresses.  This is required by
+     C-99 6.5.8 to avoid undefined behaviour.  Using size_t is at
+     least only implementation defined.  See also
+     http://lists.gnupg.org/pipermail/gcrypt-devel/2007-February/001102.html
+  */
+  size_t p_addr = (size_t)p;
+  size_t pool_addr = (size_t)pool;
+
+  return p_addr >= pool_addr && p_addr <  pool_addr+poolsize;
+}
+
+
 int
 m_is_secure( const void *p )
 {
-    return p >= pool && p < (void*)((char*)pool+poolsize);
+  return pool_okay && ptr_into_pool_p (p);
 }