I would like to give more thought to the bigger issue of fortifying
buffer.[ch] through the use of additional defensive programming techniques.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3081 e7ae566f-a301-0410-adde-c780ea21d3b5
... | ... |
@@ -43,8 +43,6 @@ |
43 | 43 |
|
44 | 44 |
/* basic buffer class for OpenVPN */ |
45 | 45 |
|
46 |
-#define BUF_MAX (1<<20) /* maximum allowed size of struct buffer offset and len */ |
|
47 |
- |
|
48 | 46 |
struct buffer |
49 | 47 |
{ |
50 | 48 |
int capacity; /* size of buffer allocated by malloc */ |
... | ... |
@@ -151,10 +149,7 @@ buf_reset_len (struct buffer *buf) |
151 | 151 |
static inline bool |
152 | 152 |
buf_init_dowork (struct buffer *buf, int offset) |
153 | 153 |
{ |
154 |
- if (unlikely (offset < 0) |
|
155 |
- || unlikely (offset > buf->capacity) |
|
156 |
- || unlikely (offset > BUF_MAX) |
|
157 |
- || unlikely (buf->data == NULL)) |
|
154 |
+ if (offset < 0 || offset > buf->capacity || buf->data == NULL) |
|
158 | 155 |
return false; |
159 | 156 |
buf->len = 0; |
160 | 157 |
buf->offset = offset; |
... | ... |
@@ -181,8 +176,6 @@ buf_set_write (struct buffer *buf, uint8_t *data, int size) |
181 | 181 |
static inline void |
182 | 182 |
buf_set_read (struct buffer *buf, const uint8_t *data, int size) |
183 | 183 |
{ |
184 |
- if (unlikely(size > BUF_MAX)) |
|
185 |
- size = 0; |
|
186 | 184 |
buf->len = buf->capacity = size; |
187 | 185 |
buf->offset = 0; |
188 | 186 |
buf->data = (uint8_t *)data; |
... | ... |
@@ -292,50 +285,32 @@ struct buffer buf_sub (struct buffer *buf, int size, bool prepend); |
292 | 292 |
static inline bool |
293 | 293 |
buf_safe (const struct buffer *buf, int len) |
294 | 294 |
{ |
295 |
- if (unlikely(buf->offset > BUF_MAX) || unlikely(buf->len) > BUF_MAX || unlikely(len > BUF_MAX)) |
|
296 |
- return false; |
|
297 |
- else |
|
298 |
- return likely(len >= 0) && likely(buf->offset + buf->len + len <= buf->capacity); |
|
295 |
+ return len >= 0 && buf->offset + buf->len + len <= buf->capacity; |
|
299 | 296 |
} |
300 | 297 |
|
301 | 298 |
static inline bool |
302 | 299 |
buf_safe_bidir (const struct buffer *buf, int len) |
303 | 300 |
{ |
304 |
- if (unlikely(buf->offset > BUF_MAX) || unlikely(buf->len) > BUF_MAX || unlikely(len > BUF_MAX)) |
|
305 |
- return false; |
|
306 |
- else |
|
307 |
- { |
|
308 |
- const int newlen = buf->len + len; |
|
309 |
- return likely(newlen >= 0) && likely(buf->offset + newlen <= buf->capacity); |
|
310 |
- } |
|
301 |
+ const int newlen = buf->len + len; |
|
302 |
+ return newlen >= 0 && buf->offset + newlen <= buf->capacity; |
|
311 | 303 |
} |
312 | 304 |
|
313 | 305 |
static inline int |
314 | 306 |
buf_forward_capacity (const struct buffer *buf) |
315 | 307 |
{ |
316 |
- if (unlikely(buf->offset > BUF_MAX) || unlikely(buf->len) > BUF_MAX) |
|
317 |
- return 0; |
|
318 |
- else |
|
319 |
- { |
|
320 |
- int ret = buf->capacity - (buf->offset + buf->len); |
|
321 |
- if (ret < 0) |
|
322 |
- ret = 0; |
|
323 |
- return ret; |
|
324 |
- } |
|
308 |
+ int ret = buf->capacity - (buf->offset + buf->len); |
|
309 |
+ if (ret < 0) |
|
310 |
+ ret = 0; |
|
311 |
+ return ret; |
|
325 | 312 |
} |
326 | 313 |
|
327 | 314 |
static inline int |
328 | 315 |
buf_forward_capacity_total (const struct buffer *buf) |
329 | 316 |
{ |
330 |
- if (unlikely(buf->offset > BUF_MAX)) |
|
331 |
- return 0; |
|
332 |
- else |
|
333 |
- { |
|
334 |
- int ret = buf->capacity - buf->offset; |
|
335 |
- if (ret < 0) |
|
336 |
- ret = 0; |
|
337 |
- return ret; |
|
338 |
- } |
|
317 |
+ int ret = buf->capacity - buf->offset; |
|
318 |
+ if (ret < 0) |
|
319 |
+ ret = 0; |
|
320 |
+ return ret; |
|
339 | 321 |
} |
340 | 322 |
|
341 | 323 |
static inline int |
... | ... |
@@ -347,7 +322,7 @@ buf_reverse_capacity (const struct buffer *buf) |
347 | 347 |
static inline bool |
348 | 348 |
buf_inc_len (struct buffer *buf, int inc) |
349 | 349 |
{ |
350 |
- if (unlikely(!buf_safe_bidir (buf, inc))) |
|
350 |
+ if (!buf_safe_bidir (buf, inc)) |
|
351 | 351 |
return false; |
352 | 352 |
buf->len += inc; |
353 | 353 |
return true; |
... | ... |
@@ -361,11 +336,7 @@ buf_inc_len (struct buffer *buf, int inc) |
361 | 361 |
static inline uint8_t * |
362 | 362 |
buf_prepend (struct buffer *buf, int size) |
363 | 363 |
{ |
364 |
- if (unlikely(size < 0) |
|
365 |
- || unlikely(size > buf->offset) |
|
366 |
- || unlikely(size > BUF_MAX) |
|
367 |
- || unlikely(buf->offset > BUF_MAX) |
|
368 |
- || unlikely(buf->len > BUF_MAX)) |
|
364 |
+ if (size < 0 || size > buf->offset) |
|
369 | 365 |
return NULL; |
370 | 366 |
buf->offset -= size; |
371 | 367 |
buf->len += size; |
... | ... |
@@ -375,11 +346,7 @@ buf_prepend (struct buffer *buf, int size) |
375 | 375 |
static inline bool |
376 | 376 |
buf_advance (struct buffer *buf, int size) |
377 | 377 |
{ |
378 |
- if (unlikely(size < 0) |
|
379 |
- || unlikely(buf->len < size) |
|
380 |
- || unlikely(size > BUF_MAX) |
|
381 |
- || unlikely(buf->offset > BUF_MAX) |
|
382 |
- || unlikely(buf->len > BUF_MAX)) |
|
378 |
+ if (size < 0 || buf->len < size) |
|
383 | 379 |
return false; |
384 | 380 |
buf->offset += size; |
385 | 381 |
buf->len -= size; |
... | ... |
@@ -483,15 +450,11 @@ buf_copy_range (struct buffer *dest, |
483 | 483 |
int src_index, |
484 | 484 |
int src_len) |
485 | 485 |
{ |
486 |
- if (unlikely(src_index < 0) |
|
487 |
- || unlikely(src_len < 0) |
|
488 |
- || unlikely(src_index > BUF_MAX) |
|
489 |
- || unlikely(src_len > BUF_MAX) |
|
490 |
- || unlikely(dest->offset > BUF_MAX) |
|
491 |
- || unlikely(dest_index > BUF_MAX) |
|
492 |
- || unlikely(src_index + src_len > src->len) |
|
493 |
- || unlikely(dest_index < 0) |
|
494 |
- || unlikely(dest->offset + dest_index + src_len > dest->capacity)) |
|
486 |
+ if (src_index < 0 |
|
487 |
+ || src_len < 0 |
|
488 |
+ || src_index + src_len > src->len |
|
489 |
+ || dest_index < 0 |
|
490 |
+ || dest->offset + dest_index + src_len > dest->capacity) |
|
495 | 491 |
return false; |
496 | 492 |
memcpy (dest->data + dest->offset + dest_index, src->data + src->offset + src_index, src_len); |
497 | 493 |
if (dest_index + src_len > dest->len) |