Fix a potential null-pointer dereference, and make the code a bit more
readable while doing so.
The NULL dereference could not be triggered, because the current code
never called format_hex_ex() with maxouput == 0 and separator == NULL.
But it's nicer to not depend on that.
Our use of int vs size_t for lengths needs some attention too, but I'm
not pulling that into this patch. Instead I decided to just make the
(previously existing) assumption that INT_MAX <= SIZE_MAX explicit by
adding a static_assert().
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1480343200-25908-1-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13259.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -438,13 +438,16 @@ format_hex_ex (const uint8_t *data, int size, int maxoutput, |
438 | 438 |
unsigned int space_break_flags, const char* separator, |
439 | 439 |
struct gc_arena *gc) |
440 | 440 |
{ |
441 |
- struct buffer out = alloc_buf_gc (maxoutput ? maxoutput : |
|
442 |
- ((size * 2) + (size / (space_break_flags & FHE_SPACE_BREAK_MASK)) * (int) strlen (separator) + 2), |
|
443 |
- gc); |
|
444 |
- int i; |
|
445 |
- for (i = 0; i < size; ++i) |
|
441 |
+ const size_t bytes_per_hexblock = space_break_flags & FHE_SPACE_BREAK_MASK; |
|
442 |
+ const size_t separator_len = separator ? strlen (separator) : 0; |
|
443 |
+ static_assert (INT_MAX <= SIZE_MAX, "Code assumes INT_MAX <= SIZE_MAX"); |
|
444 |
+ const size_t out_len = maxoutput > 0 ? maxoutput : |
|
445 |
+ ((size * 2) + ((size / bytes_per_hexblock) * separator_len) + 2); |
|
446 |
+ |
|
447 |
+ struct buffer out = alloc_buf_gc (out_len, gc); |
|
448 |
+ for (int i = 0; i < size; ++i) |
|
446 | 449 |
{ |
447 |
- if (separator && i && !(i % (space_break_flags & FHE_SPACE_BREAK_MASK))) |
|
450 |
+ if (separator && i && !(i % bytes_per_hexblock)) |
|
448 | 451 |
buf_printf (&out, "%s", separator); |
449 | 452 |
if (space_break_flags & FHE_CAPS) |
450 | 453 |
buf_printf (&out, "%02X", data[i]); |