security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-05-19 09:02:22 +02:00
Code Activity

common/iobuf.c: Add some sanity checks to catch programmer bugs.

Browse Source 
* common/iobuf.c (iobuf_alloc): Check that BUFSIZE is not 0.
(iobuf_readbyte): Check that A is an input filter.  Check that the
amount of read data is at most the amount of buffered data.
(iobuf_read): Check that A is an input filter.
(iobuf_writebyte): Check that A is not an input filter.
(iobuf_writestr): Check that A is not an input filter.
(iobuf_flush_temp): Check that A is not an input filter.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
This commit is contained in:
Neal H. Walfield 2015-08-17 12:52:20 +02:00
parent e291b631c3
commit c5da750cf3
1 changed files with 42 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
common/iobuf.c
View File

@ -1100,6 +1100,11 @@ iobuf_alloc (int use, size_t bufsize)
static int number = 0; static int number = 0;
assert (use == IOBUF_INPUT || use == IOBUF_OUTPUT || use == IOBUF_TEMP); assert (use == IOBUF_INPUT || use == IOBUF_OUTPUT || use == IOBUF_TEMP);
if (bufsize == 0)
{
log_bug ("iobuf_alloc() passed a bufsize of 0!\n");
bufsize = IOBUF_BUFFER_SIZE;
}
a = xcalloc (1, sizeof *a); a = xcalloc (1, sizeof *a);
a->use = use; a->use = use;
@ -1935,6 +1940,14 @@ iobuf_readbyte (iobuf_t a)
{ {
int c; int c;
if (a->use != IOBUF_INPUT)
{
log_bug ("iobuf_readbyte called on a non-INPUT pipeline!\n");
return -1;
}
assert (a->d.start <= a->d.len);
if (a->nlimit && a->nbytes >= a->nlimit) if (a->nlimit && a->nbytes >= a->nlimit)
return -1; /* forced EOF */ return -1; /* forced EOF */
@ -1945,6 +1958,8 @@ iobuf_readbyte (iobuf_t a)
else if ((c = underflow (a, 1)) == -1) else if ((c = underflow (a, 1)) == -1)
return -1; /* EOF */ return -1; /* EOF */
assert (a->d.start <= a->d.len);
/* Note: if underflow doesn't return EOF, then it returns the first /* Note: if underflow doesn't return EOF, then it returns the first
byte that was read and advances a->d.start appropriately. */ byte that was read and advances a->d.start appropriately. */
@ -1959,6 +1974,13 @@ iobuf_read (iobuf_t a, void *buffer, unsigned int buflen)
unsigned char *buf = (unsigned char *)buffer; unsigned char *buf = (unsigned char *)buffer;
int c, n; int c, n;
if (a->use != IOBUF_INPUT)
{
log_bug ("iobuf_read called on a non-INPUT pipeline!\n");
return -1;
}
assert (a->use == IOBUF_INPUT);
if (a->nlimit) if (a->nlimit)
{ {
/* Handle special cases. */ /* Handle special cases. */
@ -2065,6 +2087,12 @@ iobuf_writebyte (iobuf_t a, unsigned int c)
{ {
int rc; int rc;
if (a->use == IOBUF_INPUT)
{
log_bug ("iobuf_writebyte called on an input pipeline!\n");
return -1;
}
if (a->d.len == a->d.size) if (a->d.len == a->d.size)
if ((rc=filter_flush (a))) if ((rc=filter_flush (a)))
return rc; return rc;
@ -2081,6 +2109,12 @@ iobuf_write (iobuf_t a, const void *buffer, unsigned int buflen)
const unsigned char *buf = (const unsigned char *)buffer; const unsigned char *buf = (const unsigned char *)buffer;
int rc; int rc;
if (a->use == IOBUF_INPUT)
{
log_bug ("iobuf_write called on an input pipeline!\n");
return -1;
}
do do
{ {
if (buflen && a->d.len < a->d.size) if (buflen && a->d.len < a->d.size)
@ -2108,6 +2142,12 @@ iobuf_write (iobuf_t a, const void *buffer, unsigned int buflen)
int int
iobuf_writestr (iobuf_t a, const char *buf) iobuf_writestr (iobuf_t a, const char *buf)
{ {
if (a->use == IOBUF_INPUT)
{
log_bug ("iobuf_writestr called on an input pipeline!\n");
return -1;
}
return iobuf_write (a, buf, strlen (buf)); return iobuf_write (a, buf, strlen (buf));
} }
@ -2150,6 +2190,8 @@ iobuf_temp_to_buffer (iobuf_t a, byte * buffer, size_t buflen)
void void
iobuf_flush_temp (iobuf_t temp) iobuf_flush_temp (iobuf_t temp)
{ {
if (temp->use == IOBUF_INPUT)
log_bug ("iobuf_writestr called on an input pipeline!\n");
while (temp->chain) while (temp->chain)
pop_filter (temp, temp->filter, NULL); pop_filter (temp, temp->filter, NULL);
} }