mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-01-26 21:35:35 +00:00
Merge remote-tracking branch 'upstream-public/pr/778' into development-proposed
This commit is contained in:
commit
a31d8206b1
@ -44,6 +44,8 @@ Bugfix
|
||||
Nick Wilson on issue #355
|
||||
* In test_suite_pk, pass valid parameters when testing for hash length
|
||||
overflow. #1179
|
||||
* Fix memory allocation corner cases in memory_buffer_alloc.c module. Found
|
||||
by Guido Vranken. #639
|
||||
|
||||
Changes
|
||||
* Fix tag lengths and value ranges in the documentation of CCM encryption.
|
||||
|
@ -182,9 +182,9 @@ static int verify_header( memory_header *hdr )
|
||||
|
||||
static int verify_chain()
|
||||
{
|
||||
memory_header *prv = heap.first, *cur = heap.first->next;
|
||||
memory_header *prv = heap.first, *cur;
|
||||
|
||||
if( verify_header( heap.first ) != 0 )
|
||||
if( prv == NULL || verify_header( prv ) != 0 )
|
||||
{
|
||||
#if defined(MBEDTLS_MEMORY_DEBUG)
|
||||
mbedtls_fprintf( stderr, "FATAL: verification of first header "
|
||||
@ -202,6 +202,8 @@ static int verify_chain()
|
||||
return( 1 );
|
||||
}
|
||||
|
||||
cur = heap.first->next;
|
||||
|
||||
while( cur != NULL )
|
||||
{
|
||||
if( verify_header( cur ) != 0 )
|
||||
@ -245,7 +247,9 @@ static void *buffer_alloc_calloc( size_t n, size_t size )
|
||||
|
||||
original_len = len = n * size;
|
||||
|
||||
if( n != 0 && len / n != size )
|
||||
if( n == 0 || size == 0 || len / n != size )
|
||||
return( NULL );
|
||||
else if( len > (size_t)-MBEDTLS_MEMORY_ALIGN_MULTIPLE )
|
||||
return( NULL );
|
||||
|
||||
if( len % MBEDTLS_MEMORY_ALIGN_MULTIPLE )
|
||||
@ -386,7 +390,7 @@ static void buffer_alloc_free( void *ptr )
|
||||
if( ptr == NULL || heap.buf == NULL || heap.first == NULL )
|
||||
return;
|
||||
|
||||
if( p < heap.buf || p > heap.buf + heap.len )
|
||||
if( p < heap.buf || p >= heap.buf + heap.len )
|
||||
{
|
||||
#if defined(MBEDTLS_MEMORY_DEBUG)
|
||||
mbedtls_fprintf( stderr, "FATAL: mbedtls_free() outside of managed "
|
||||
@ -570,8 +574,7 @@ static void buffer_alloc_free_mutexed( void *ptr )
|
||||
|
||||
void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len )
|
||||
{
|
||||
memset( &heap, 0, sizeof(buffer_alloc_ctx) );
|
||||
memset( buf, 0, len );
|
||||
memset( &heap, 0, sizeof( buffer_alloc_ctx ) );
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
mbedtls_mutex_init( &heap.mutex );
|
||||
@ -581,20 +584,24 @@ void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len )
|
||||
mbedtls_platform_set_calloc_free( buffer_alloc_calloc, buffer_alloc_free );
|
||||
#endif
|
||||
|
||||
if( (size_t) buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE )
|
||||
if( len < sizeof( memory_header ) + MBEDTLS_MEMORY_ALIGN_MULTIPLE )
|
||||
return;
|
||||
else if( (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE )
|
||||
{
|
||||
/* Adjust len first since buf is used in the computation */
|
||||
len -= MBEDTLS_MEMORY_ALIGN_MULTIPLE
|
||||
- (size_t) buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
|
||||
- (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
|
||||
buf += MBEDTLS_MEMORY_ALIGN_MULTIPLE
|
||||
- (size_t) buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
|
||||
- (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
|
||||
}
|
||||
|
||||
memset( buf, 0, len );
|
||||
|
||||
heap.buf = buf;
|
||||
heap.len = len;
|
||||
|
||||
heap.first = (memory_header *) buf;
|
||||
heap.first->size = len - sizeof(memory_header);
|
||||
heap.first = (memory_header *)buf;
|
||||
heap.first->size = len - sizeof( memory_header );
|
||||
heap.first->magic1 = MAGIC1;
|
||||
heap.first->magic2 = MAGIC2;
|
||||
heap.first_free = heap.first;
|
||||
|
@ -442,7 +442,7 @@ int mbedtls_pem_write_buffer( const char *header, const char *footer,
|
||||
unsigned char *buf, size_t buf_len, size_t *olen )
|
||||
{
|
||||
int ret;
|
||||
unsigned char *encode_buf, *c, *p = buf;
|
||||
unsigned char *encode_buf = NULL, *c, *p = buf;
|
||||
size_t len = 0, use_len, add_len = 0;
|
||||
|
||||
mbedtls_base64_encode( NULL, 0, &use_len, der_data, der_len );
|
||||
@ -454,7 +454,8 @@ int mbedtls_pem_write_buffer( const char *header, const char *footer,
|
||||
return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
|
||||
}
|
||||
|
||||
if( ( encode_buf = mbedtls_calloc( 1, use_len ) ) == NULL )
|
||||
if( use_len != 0 &&
|
||||
( ( encode_buf = mbedtls_calloc( 1, use_len ) ) == NULL ) )
|
||||
return( MBEDTLS_ERR_PEM_ALLOC_FAILED );
|
||||
|
||||
if( ( ret = mbedtls_base64_encode( encode_buf, use_len, &use_len, der_data,
|
||||
|
@ -1277,6 +1277,9 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
|
||||
{
|
||||
unsigned char *key_copy;
|
||||
|
||||
if( keylen == 0 )
|
||||
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
|
||||
|
||||
if( ( key_copy = mbedtls_calloc( 1, keylen ) ) == NULL )
|
||||
return( MBEDTLS_ERR_PK_ALLOC_FAILED );
|
||||
|
||||
|
@ -257,7 +257,7 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
|
||||
{
|
||||
int ret;
|
||||
size_t len;
|
||||
unsigned char *p, *end;
|
||||
unsigned char *p = NULL, *end = NULL;
|
||||
mbedtls_x509_buf sig_params1, sig_params2, sig_oid2;
|
||||
mbedtls_x509_crl *crl = chain;
|
||||
|
||||
@ -294,7 +294,11 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
|
||||
/*
|
||||
* Copy raw DER-encoded CRL
|
||||
*/
|
||||
if( ( p = mbedtls_calloc( 1, buflen ) ) == NULL )
|
||||
if( buflen == 0 )
|
||||
return( MBEDTLS_ERR_X509_INVALID_FORMAT );
|
||||
|
||||
p = mbedtls_calloc( 1, buflen );
|
||||
if( p == NULL )
|
||||
return( MBEDTLS_ERR_X509_ALLOC_FAILED );
|
||||
|
||||
memcpy( p, buf, buflen );
|
||||
|
@ -16,3 +16,8 @@ memory_buffer_alloc_free_alloc:100:64:100:100:0:0:0:1:200:0
|
||||
Memory buffer alloc - Out of Memory test
|
||||
memory_buffer_alloc_oom_test:
|
||||
|
||||
Memory buffer small buffer
|
||||
memory_buffer_small_buffer:
|
||||
|
||||
Memory buffer underalloc
|
||||
memory_buffer_underalloc:
|
||||
|
@ -232,3 +232,31 @@ exit:
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_MEMORY_DEBUG */
|
||||
void memory_buffer_small_buffer( )
|
||||
{
|
||||
unsigned char buf[1];
|
||||
|
||||
mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) );
|
||||
TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() != 0 );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_MEMORY_DEBUG */
|
||||
void memory_buffer_underalloc( )
|
||||
{
|
||||
unsigned char buf[100];
|
||||
size_t i;
|
||||
|
||||
mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) );
|
||||
for( i = 1; i < MBEDTLS_MEMORY_ALIGN_MULTIPLE; i++ )
|
||||
{
|
||||
TEST_ASSERT( mbedtls_calloc( 1,
|
||||
(size_t)-( MBEDTLS_MEMORY_ALIGN_MULTIPLE - i ) ) == NULL );
|
||||
TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 );
|
||||
}
|
||||
|
||||
exit:
|
||||
mbedtls_memory_buffer_alloc_free();
|
||||
}
|
||||
/* END_CASE */
|
||||
|
Loading…
x
Reference in New Issue
Block a user