~mdw / secnet / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
integer and buffer overflows: introduce safe_malloc_ary
[secnet] / util.c
1 /*
2 * util.c
3 * - output and logging support
4 * - program lifetime support
5 * - IP address and subnet munging routines
6 * - MPI convenience functions
7 */
8 /*
9 * This file is
10 * Copyright (C) 1995--2001 Stephen Early <steve@greenend.org.uk>
11 *
12 * It is part of secnet, which is
13 * Copyright (C) 1995--2001 Stephen Early <steve@greenend.org.uk>
14 * Copyright (C) 1998 Ross Anderson, Eli Biham, Lars Knudsen
15 *
16 * This program is free software; you can redistribute it and/or modify
17 * it under the terms of the GNU General Public License as published by
18 * the Free Software Foundation; either version 2, or (at your option)
19 * any later version.
20 *
21 * This program is distributed in the hope that it will be useful,
22 * but WITHOUT ANY WARRANTY; without even the implied warranty of
23 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 * GNU General Public License for more details.
25 *
26 * You should have received a copy of the GNU General Public License
27 * along with this program; if not, write to the Free Software Foundation,
28 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
29 */
30
31 #include "secnet.h"
32 #include <stdio.h>
33 #include <string.h>
34 #include <errno.h>
35 #include <unistd.h>
36 #include <limits.h>
37 #include <assert.h>
38 #include <sys/wait.h>
39 #include "util.h"
40 #include "unaligned.h"
41
42 #define MIN_BUFFER_SIZE 64
43 #define DEFAULT_BUFFER_SIZE 4096
44 #define MAX_BUFFER_SIZE 131072
45
46 static const char *hexdigits="0123456789abcdef";
47
48 uint32_t current_phase=0;
49
50 struct phase_hook {
51 hook_fn *fn;
52 void *state;
53 struct phase_hook *next;
54 };
55
56 static struct phase_hook *hooks[NR_PHASES]={NULL,};
57
58 char *safe_strdup(const char *s, const char *message)
59 {
60 char *d;
61 d=strdup(s);
62 if (!d) {
63 fatal_perror(message);
64 }
65 return d;
66 }
67
68 void *safe_malloc(size_t size, const char *message)
69 {
70 void *r;
71 r=malloc(size);
72 if (!r) {
73 fatal_perror(message);
74 }
75 return r;
76 }
77 void *safe_malloc_ary(size_t size, size_t count, const char *message) {
78 if (count >= INT_MAX/size) {
79 fatal("array allocation overflow: %s", message);
80 }
81 return safe_malloc(size*count, message);
82 }
83
84 /* Convert a buffer into its MP_INT representation */
85 void read_mpbin(MP_INT *a, uint8_t *bin, int binsize)
86 {
87 char *buff;
88 int i;
89
90 buff=safe_malloc(binsize*2 + 1,"read_mpbin");
91
92 for (i=0; i<binsize; i++) {
93 buff[i*2]=hexdigits[(bin[i] & 0xf0) >> 4];
94 buff[i*2+1]=hexdigits[(bin[i] & 0xf)];
95 }
96 buff[binsize*2]=0;
97
98 mpz_set_str(a, buff, 16);
99 free(buff);
100 }
101
102 /* Convert a MP_INT into a hex string */
103 char *write_mpstring(MP_INT *a)
104 {
105 char *buff;
106
107 buff=safe_malloc(mpz_sizeinbase(a,16)+2,"write_mpstring");
108 mpz_get_str(buff, 16, a);
109 return buff;
110 }
111
112 static uint8_t hexval(uint8_t c)
113 {
114 switch (c) {
115 case '0': return 0;
116 case '1': return 1;
117 case '2': return 2;
118 case '3': return 3;
119 case '4': return 4;
120 case '5': return 5;
121 case '6': return 6;
122 case '7': return 7;
123 case '8': return 8;
124 case '9': return 9;
125 case 'a': return 10;
126 case 'A': return 10;
127 case 'b': return 11;
128 case 'B': return 11;
129 case 'c': return 12;
130 case 'C': return 12;
131 case 'd': return 13;
132 case 'D': return 13;
133 case 'e': return 14;
134 case 'E': return 14;
135 case 'f': return 15;
136 case 'F': return 15;
137 }
138 return -1;
139 }
140
141 /* Convert a MP_INT into a buffer; return length; truncate if necessary */
142 uint32_t write_mpbin(MP_INT *a, uint8_t *buffer, uint32_t buflen)
143 {
144 char *hb;
145 int i,j,l;
146
147 if (buflen==0) return 0;
148 hb=write_mpstring(a);
149
150 l=strlen(hb);
151 i=0; j=0;
152 if (l&1) {
153 /* The number starts with a half-byte */
154 buffer[i++]=hexval(hb[j++]);
155 }
156 for (; hb[j] && i<buflen; i++) {
157 buffer[i]=(hexval(hb[j])<<4)|hexval(hb[j+1]);
158 j+=2;
159 }
160 free(hb);
161 return i;
162 }
163
164 static const char *phases[NR_PHASES]={
165 "PHASE_INIT",
166 "PHASE_GETOPTS",
167 "PHASE_READCONFIG",
168 "PHASE_SETUP",
169 "PHASE_GETRESOURCES",
170 "PHASE_DROPPRIV",
171 "PHASE_RUN",
172 "PHASE_SHUTDOWN"
173 };
174
175 void enter_phase(uint32_t new_phase)
176 {
177 struct phase_hook *i;
178
179 if (hooks[new_phase])
180 Message(M_DEBUG_PHASE,"Running hooks for %s...\n", phases[new_phase]);
181 current_phase=new_phase;
182
183 for (i=hooks[new_phase]; i; i=i->next)
184 i->fn(i->state, new_phase);
185 Message(M_DEBUG_PHASE,"Now in %s\n",phases[new_phase]);
186 }
187
188 bool_t add_hook(uint32_t phase, hook_fn *fn, void *state)
189 {
190 struct phase_hook *h;
191
192 h=safe_malloc(sizeof(*h),"add_hook");
193 h->fn=fn;
194 h->state=state;
195 h->next=hooks[phase];
196 hooks[phase]=h;
197 return True;
198 }
199
200 bool_t remove_hook(uint32_t phase, hook_fn *fn, void *state)
201 {
202 fatal("remove_hook: not implemented");
203
204 return False;
205 }
206
207 void vslilog(struct log_if *lf, int priority, const char *message, va_list ap)
208 {
209 lf->vlog(lf->st,priority,message,ap);
210 }
211
212 void slilog(struct log_if *lf, int priority, const char *message, ...)
213 {
214 va_list ap;
215
216 va_start(ap,message);
217 vslilog(lf,priority,message,ap);
218 va_end(ap);
219 }
220
221 struct buffer {
222 closure_t cl;
223 struct buffer_if ops;
224 };
225
226 void buffer_assert_free(struct buffer_if *buffer, cstring_t file,
227 uint32_t line)
228 {
229 if (!buffer->free) {
230 fatal("BUF_ASSERT_FREE, %s line %d, owned by %s",
231 file,line,buffer->owner);
232 }
233 }
234
235 void buffer_assert_used(struct buffer_if *buffer, cstring_t file,
236 uint32_t line)
237 {
238 if (buffer->free) {
239 fatal("BUF_ASSERT_USED, %s line %d, last owned by %s",
240 file,line,buffer->owner);
241 }
242 }
243
244 void buffer_init(struct buffer_if *buffer, uint32_t max_start_pad)
245 {
246 buffer->start=buffer->base+max_start_pad;
247 buffer->size=0;
248 }
249
250 void *buf_append(struct buffer_if *buf, uint32_t amount) {
251 void *p;
252 assert(buf->size <= buf->len - amount);
253 p=buf->start + buf->size;
254 buf->size+=amount;
255 return p;
256 }
257
258 void *buf_prepend(struct buffer_if *buf, uint32_t amount) {
259 assert(amount <= buf->start - buf->base);
260 buf->size+=amount;
261 return buf->start-=amount;
262 }
263
264 void *buf_unappend(struct buffer_if *buf, uint32_t amount) {
265 if (buf->size < amount) return 0;
266 return buf->start+(buf->size-=amount);
267 }
268
269 void *buf_unprepend(struct buffer_if *buf, uint32_t amount) {
270 void *p;
271 p=buf->start;
272 buf->start+=amount;
273 buf->size-=amount;
274 return p;
275 }
276
277 /* Append a two-byte length and the string to the buffer. Length is in
278 network byte order. */
279 void buf_append_string(struct buffer_if *buf, cstring_t s)
280 {
281 uint16_t len;
282
283 len=strlen(s);
284 /* fixme: if string is longer than 65535, result is a corrupted packet */
285 buf_append_uint16(buf,len);
286 memcpy(buf_append(buf,len),s,len);
287 }
288
289 void buffer_new(struct buffer_if *buf, uint32_t len)
290 {
291 buf->free=True;
292 buf->owner=NULL;
293 buf->flags=0;
294 buf->loc.file=NULL;
295 buf->loc.line=0;
296 buf->size=0;
297 buf->len=len;
298 buf->start=NULL;
299 buf->base=safe_malloc(len,"buffer_new");
300 }
301
302 static list_t *buffer_apply(closure_t *self, struct cloc loc, dict_t *context,
303 list_t *args)
304 {
305 struct buffer *st;
306 item_t *item;
307 dict_t *dict;
308 bool_t lockdown=False;
309 uint32_t len=DEFAULT_BUFFER_SIZE;
310
311 st=safe_malloc(sizeof(*st),"buffer_apply");
312 st->cl.description="buffer";
313 st->cl.type=CL_BUFFER;
314 st->cl.apply=NULL;
315 st->cl.interface=&st->ops;
316
317 /* First argument, if present, is buffer length */
318 item=list_elem(args,0);
319 if (item) {
320 if (item->type!=t_number) {
321 cfgfatal(st->ops.loc,"buffer","first parameter must be a "
322 "number (buffer size)\n");
323 }
324 len=item->data.number;
325 if (len<MIN_BUFFER_SIZE) {
326 cfgfatal(st->ops.loc,"buffer","ludicrously small buffer size\n");
327 }
328 if (len>MAX_BUFFER_SIZE) {
329 cfgfatal(st->ops.loc,"buffer","ludicrously large buffer size\n");
330 }
331 }
332 /* Second argument, if present, is a dictionary */
333 item=list_elem(args,1);
334 if (item) {
335 if (item->type!=t_dict) {
336 cfgfatal(st->ops.loc,"buffer","second parameter must be a "
337 "dictionary\n");
338 }
339 dict=item->data.dict;
340 lockdown=dict_read_bool(dict,"lockdown",False,"buffer",st->ops.loc,
341 False);
342 }
343
344 buffer_new(&st->ops,len);
345 if (lockdown) {
346 /* XXX mlock the buffer if possible */
347 }
348
349 return new_closure(&st->cl);
350 }
351
352 void util_module(dict_t *dict)
353 {
354 add_closure(dict,"sysbuffer",buffer_apply);
355 }
Secnet virtual private network: clone of http://www.chiark.greenend.org.uk/ucgi/~ian/git/secnet.git/