Browse code
Reverted some recent buffer.[ch] changes, including r3058 (except for likely() and unlikely() macro additions to syshead.h) and r3061.
I would like to give more thought to the bigger issue of fortifying
buffer.[ch] through the use of additional defensive programming techniques.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3081 e7ae566f-a301-0410-adde-c780ea21d3b5
james authored on 2008/07/19 05:46:06Showing 3 changed files
| ... | ... |
@@ -43,8 +43,6 @@ |
| 43 | 43 |
|
| 44 | 44 |
/* basic buffer class for OpenVPN */ |
| 45 | 45 |
|
| 46 |
-#define BUF_MAX (1<<20) /* maximum allowed size of struct buffer offset and len */ |
|
| 47 |
- |
|
| 48 | 46 |
struct buffer |
| 49 | 47 |
{
|
| 50 | 48 |
int capacity; /* size of buffer allocated by malloc */ |
| ... | ... |
@@ -151,10 +149,7 @@ buf_reset_len (struct buffer *buf) |
| 151 | 151 |
static inline bool |
| 152 | 152 |
buf_init_dowork (struct buffer *buf, int offset) |
| 153 | 153 |
{
|
| 154 |
- if (unlikely (offset < 0) |
|
| 155 |
- || unlikely (offset > buf->capacity) |
|
| 156 |
- || unlikely (offset > BUF_MAX) |
|
| 157 |
- || unlikely (buf->data == NULL)) |
|
| 154 |
+ if (offset < 0 || offset > buf->capacity || buf->data == NULL) |
|
| 158 | 155 |
return false; |
| 159 | 156 |
buf->len = 0; |
| 160 | 157 |
buf->offset = offset; |
| ... | ... |
@@ -181,8 +176,6 @@ buf_set_write (struct buffer *buf, uint8_t *data, int size) |
| 181 | 181 |
static inline void |
| 182 | 182 |
buf_set_read (struct buffer *buf, const uint8_t *data, int size) |
| 183 | 183 |
{
|
| 184 |
- if (unlikely(size > BUF_MAX)) |
|
| 185 |
- size = 0; |
|
| 186 | 184 |
buf->len = buf->capacity = size; |
| 187 | 185 |
buf->offset = 0; |
| 188 | 186 |
buf->data = (uint8_t *)data; |
| ... | ... |
@@ -292,50 +285,32 @@ struct buffer buf_sub (struct buffer *buf, int size, bool prepend); |
| 292 | 292 |
static inline bool |
| 293 | 293 |
buf_safe (const struct buffer *buf, int len) |
| 294 | 294 |
{
|
| 295 |
- if (unlikely(buf->offset > BUF_MAX) || unlikely(buf->len) > BUF_MAX || unlikely(len > BUF_MAX)) |
|
| 296 |
- return false; |
|
| 297 |
- else |
|
| 298 |
- return likely(len >= 0) && likely(buf->offset + buf->len + len <= buf->capacity); |
|
| 295 |
+ return len >= 0 && buf->offset + buf->len + len <= buf->capacity; |
|
| 299 | 296 |
} |
| 300 | 297 |
|
| 301 | 298 |
static inline bool |
| 302 | 299 |
buf_safe_bidir (const struct buffer *buf, int len) |
| 303 | 300 |
{
|
| 304 |
- if (unlikely(buf->offset > BUF_MAX) || unlikely(buf->len) > BUF_MAX || unlikely(len > BUF_MAX)) |
|
| 305 |
- return false; |
|
| 306 |
- else |
|
| 307 |
- {
|
|
| 308 |
- const int newlen = buf->len + len; |
|
| 309 |
- return likely(newlen >= 0) && likely(buf->offset + newlen <= buf->capacity); |
|
| 310 |
- } |
|
| 301 |
+ const int newlen = buf->len + len; |
|
| 302 |
+ return newlen >= 0 && buf->offset + newlen <= buf->capacity; |
|
| 311 | 303 |
} |
| 312 | 304 |
|
| 313 | 305 |
static inline int |
| 314 | 306 |
buf_forward_capacity (const struct buffer *buf) |
| 315 | 307 |
{
|
| 316 |
- if (unlikely(buf->offset > BUF_MAX) || unlikely(buf->len) > BUF_MAX) |
|
| 317 |
- return 0; |
|
| 318 |
- else |
|
| 319 |
- {
|
|
| 320 |
- int ret = buf->capacity - (buf->offset + buf->len); |
|
| 321 |
- if (ret < 0) |
|
| 322 |
- ret = 0; |
|
| 323 |
- return ret; |
|
| 324 |
- } |
|
| 308 |
+ int ret = buf->capacity - (buf->offset + buf->len); |
|
| 309 |
+ if (ret < 0) |
|
| 310 |
+ ret = 0; |
|
| 311 |
+ return ret; |
|
| 325 | 312 |
} |
| 326 | 313 |
|
| 327 | 314 |
static inline int |
| 328 | 315 |
buf_forward_capacity_total (const struct buffer *buf) |
| 329 | 316 |
{
|
| 330 |
- if (unlikely(buf->offset > BUF_MAX)) |
|
| 331 |
- return 0; |
|
| 332 |
- else |
|
| 333 |
- {
|
|
| 334 |
- int ret = buf->capacity - buf->offset; |
|
| 335 |
- if (ret < 0) |
|
| 336 |
- ret = 0; |
|
| 337 |
- return ret; |
|
| 338 |
- } |
|
| 317 |
+ int ret = buf->capacity - buf->offset; |
|
| 318 |
+ if (ret < 0) |
|
| 319 |
+ ret = 0; |
|
| 320 |
+ return ret; |
|
| 339 | 321 |
} |
| 340 | 322 |
|
| 341 | 323 |
static inline int |
| ... | ... |
@@ -347,7 +322,7 @@ buf_reverse_capacity (const struct buffer *buf) |
| 347 | 347 |
static inline bool |
| 348 | 348 |
buf_inc_len (struct buffer *buf, int inc) |
| 349 | 349 |
{
|
| 350 |
- if (unlikely(!buf_safe_bidir (buf, inc))) |
|
| 350 |
+ if (!buf_safe_bidir (buf, inc)) |
|
| 351 | 351 |
return false; |
| 352 | 352 |
buf->len += inc; |
| 353 | 353 |
return true; |
| ... | ... |
@@ -361,11 +336,7 @@ buf_inc_len (struct buffer *buf, int inc) |
| 361 | 361 |
static inline uint8_t * |
| 362 | 362 |
buf_prepend (struct buffer *buf, int size) |
| 363 | 363 |
{
|
| 364 |
- if (unlikely(size < 0) |
|
| 365 |
- || unlikely(size > buf->offset) |
|
| 366 |
- || unlikely(size > BUF_MAX) |
|
| 367 |
- || unlikely(buf->offset > BUF_MAX) |
|
| 368 |
- || unlikely(buf->len > BUF_MAX)) |
|
| 364 |
+ if (size < 0 || size > buf->offset) |
|
| 369 | 365 |
return NULL; |
| 370 | 366 |
buf->offset -= size; |
| 371 | 367 |
buf->len += size; |
| ... | ... |
@@ -375,11 +346,7 @@ buf_prepend (struct buffer *buf, int size) |
| 375 | 375 |
static inline bool |
| 376 | 376 |
buf_advance (struct buffer *buf, int size) |
| 377 | 377 |
{
|
| 378 |
- if (unlikely(size < 0) |
|
| 379 |
- || unlikely(buf->len < size) |
|
| 380 |
- || unlikely(size > BUF_MAX) |
|
| 381 |
- || unlikely(buf->offset > BUF_MAX) |
|
| 382 |
- || unlikely(buf->len > BUF_MAX)) |
|
| 378 |
+ if (size < 0 || buf->len < size) |
|
| 383 | 379 |
return false; |
| 384 | 380 |
buf->offset += size; |
| 385 | 381 |
buf->len -= size; |
| ... | ... |
@@ -483,15 +450,11 @@ buf_copy_range (struct buffer *dest, |
| 483 | 483 |
int src_index, |
| 484 | 484 |
int src_len) |
| 485 | 485 |
{
|
| 486 |
- if (unlikely(src_index < 0) |
|
| 487 |
- || unlikely(src_len < 0) |
|
| 488 |
- || unlikely(src_index > BUF_MAX) |
|
| 489 |
- || unlikely(src_len > BUF_MAX) |
|
| 490 |
- || unlikely(dest->offset > BUF_MAX) |
|
| 491 |
- || unlikely(dest_index > BUF_MAX) |
|
| 492 |
- || unlikely(src_index + src_len > src->len) |
|
| 493 |
- || unlikely(dest_index < 0) |
|
| 494 |
- || unlikely(dest->offset + dest_index + src_len > dest->capacity)) |
|
| 486 |
+ if (src_index < 0 |
|
| 487 |
+ || src_len < 0 |
|
| 488 |
+ || src_index + src_len > src->len |
|
| 489 |
+ || dest_index < 0 |
|
| 490 |
+ || dest->offset + dest_index + src_len > dest->capacity) |
|
| 495 | 491 |
return false; |
| 496 | 492 |
memcpy (dest->data + dest->offset + dest_index, src->data + src->offset + src_index, src_len); |
| 497 | 493 |
if (dest_index + src_len > dest->len) |