Warmcat homepage andy@warmcat.com
libwebsockets
{"schema":"libjg2-1", "vpath":"/git/", "avatar":"/git/avatar/", "alang":"", "gen_ut":1752657312, "reponame":"openssl", "desc":"OpenSSL", "owner": { "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" },"url":"https://warmcat.com/repo/openssl", "f":3, "items": [ {"schema":"libjg2-1", "cid":"d48263be57b7d03a26c77fa438ff8dbe", "commit": {"type":"commit", "time": 1499375921, "time_ofs": 600, "oid_tree": { "oid": "9a93e1dded3f25fe2ef28931756357ba0ac1caef", "alias": []}, "oid":{ "oid": "59e539e6429d9c3b5c4db07569f09ec6acc5a7e9", "alias": []}, "msg": "BIO range checking.", "sig_commit": { "git_time": { "time": 1499375921, "offset": 600 }, "name": "Pauli", "email": "paul.dale@oracle.com", "md5": "4616f8cb80bd6ce4dab75d05e07cd125" }, "sig_author": { "git_time": { "time": 1499314287, "offset": 600 }, "name": "Pauli", "email": "paul.dale@oracle.com", "md5": "4616f8cb80bd6ce4dab75d05e07cd125" }}, "body": "BIO range checking.\n\nAdd length limits to avoid problems with sprintf, strcpy and strcat. This replaces recently removed code but also guards some previously missing function calls (for DOS \u0026 Windows).\n\nReworked the BIO_dump_indent_cb code to reduce temporary storage.\n\nReviewed-by: Richard Levitte \u003clevitte@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/3870)\n" , "diff": "diff --git a/crypto/bio/b_dump.c b/crypto/bio/b_dump.c\nindex 491b973..f539140 100644\n--- a/crypto/bio/b_dump.c\n+++ b/crypto/bio/b_dump.c\n@@ -1,5 +1,5 @@\n /*\n- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.\n+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.\n *\n * Licensed under the OpenSSL license (the \u0022License\u0022). You may not use\n * this file except in compliance with the License. You can obtain a copy\n@@ -16,7 +16,9 @@\n \n #define TRUNCATE\n #define DUMP_WIDTH 16\n-#define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH-((i-(i\u003e6?6:i)+3)/4))\n+#define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH - ((i - (i \u003e 6 ? 6 : i) + 3) / 4))\n+\n+#define SPACE(buf, pos, n) (sizeof(buf) - (pos) \u003e (n))\n \n int BIO_dump_cb(int (*cb) (const void *data, size_t len, void *u),\n void *u, const char *s, int len)\n@@ -28,8 +30,8 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u),\n void *u, const char *s, int len, int indent)\n {\n int ret \u003d 0;\n- char buf[288 + 1], tmp[20], str[128 + 1];\n- int i, j, rows, trc;\n+ char buf[288 + 1];\n+ int i, j, rows, trc, n;\n unsigned char ch;\n int dump_width;\n \n@@ -42,59 +44,65 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u),\n \n if (indent \u003c 0)\n indent \u003d 0;\n- if (indent) {\n- if (indent \u003e 128)\n- indent \u003d 128;\n- memset(str, ' ', indent);\n- }\n- str[indent] \u003d '\u005c0';\n+ else if (indent \u003e 128)\n+ indent \u003d 128;\n \n dump_width \u003d DUMP_WIDTH_LESS_INDENT(indent);\n- rows \u003d (len / dump_width);\n+ rows \u003d len / dump_width;\n if ((rows * dump_width) \u003c len)\n rows++;\n for (i \u003d 0; i \u003c rows; i++) {\n- strcpy(buf, str);\n- sprintf(tmp, \u0022%04x - \u0022, i * dump_width);\n- strcat(buf, tmp);\n+ n \u003d BIO_snprintf(buf, sizeof(buf), \u0022%*s%04x - \u0022, indent, \u0022\u0022,\n+ i * dump_width);\n for (j \u003d 0; j \u003c dump_width; j++) {\n- if (((i * dump_width) + j) \u003e\u003d len) {\n- strcat(buf, \u0022 \u0022);\n- } else {\n- ch \u003d ((unsigned char)*(s + i * dump_width + j)) \u0026 0xff;\n- sprintf(tmp, \u0022%02x%c\u0022, ch, j \u003d\u003d 7 ? '-' : ' ');\n- strcat(buf, tmp);\n+ if (SPACE(buf, n, 3)) {\n+ if (((i * dump_width) + j) \u003e\u003d len) {\n+ strcpy(buf + n, \u0022 \u0022);\n+ } else {\n+ ch \u003d ((unsigned char)*(s + i * dump_width + j)) \u0026 0xff;\n+ BIO_snprintf(buf + n, 4, \u0022%02x%c\u0022, ch,\n+ j \u003d\u003d 7 ? '-' : ' ');\n+ }\n+ n +\u003d 3;\n }\n }\n- strcat(buf, \u0022 \u0022);\n+ if (SPACE(buf, n, 2)) {\n+ strcpy(buf + n, \u0022 \u0022);\n+ n +\u003d 2;\n+ }\n for (j \u003d 0; j \u003c dump_width; j++) {\n if (((i * dump_width) + j) \u003e\u003d len)\n break;\n- ch \u003d ((unsigned char)*(s + i * dump_width + j)) \u0026 0xff;\n+ if (SPACE(buf, n, 1)) {\n+ ch \u003d ((unsigned char)*(s + i * dump_width + j)) \u0026 0xff;\n #ifndef CHARSET_EBCDIC\n- sprintf(tmp, \u0022%c\u0022, ((ch \u003e\u003d ' ') \u0026\u0026 (ch \u003c\u003d '~')) ? ch : '.');\n+ buf[n++] \u003d ((ch \u003e\u003d ' ') \u0026\u0026 (ch \u003c\u003d '~')) ? ch : '.';\n #else\n- sprintf(tmp, \u0022%c\u0022,\n- ((ch \u003e\u003d os_toascii[' ']) \u0026\u0026 (ch \u003c\u003d os_toascii['~']))\n- ? os_toebcdic[ch]\n- : '.');\n+ buf[n++] \u003d ((ch \u003e\u003d os_toascii[' ']) \u0026\u0026 (ch \u003c\u003d os_toascii['~']))\n+ ? os_toebcdic[ch]\n+ : '.';\n #endif\n- strcat(buf, tmp);\n+ buf[n] \u003d '\u005c0';\n+ }\n+ }\n+ if (SPACE(buf, n, 1)) {\n+ buf[n++] \u003d '\u005cn';\n+ buf[n] \u003d '\u005c0';\n }\n- strcat(buf, \u0022\u005cn\u0022);\n /*\n * if this is the last call then update the ddt_dump thing so that we\n * will move the selection point in the debug window\n */\n- ret +\u003d cb((void *)buf, strlen(buf), u);\n+ ret +\u003d cb((void *)buf, n, u);\n }\n #ifdef TRUNCATE\n if (trc \u003e 0) {\n- sprintf(buf, \u0022%s%04x - \u003cSPACES/NULS\u003e\u005cn\u0022, str, len + trc);\n- ret +\u003d cb((void *)buf, strlen(buf), u);\n+ n \u003d BIO_snprintf(buf, sizeof(buf), \u0022%*s%04x - \u003cSPACES/NULS\u003e\u005cn\u0022,\n+ indent, \u0022\u0022, len + trc);\n+ ret +\u003d cb((void *)buf, n, u);\n }\n #endif\n- return (ret);\n+ return ret;\n }\n \n #ifndef OPENSSL_NO_STDIO\ndiff --git a/crypto/bio/bio_cb.c b/crypto/bio/bio_cb.c\nindex 13368e8..1154c23 100644\n--- a/crypto/bio/bio_cb.c\n+++ b/crypto/bio/bio_cb.c\n@@ -1,5 +1,5 @@\n /*\n- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.\n+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.\n *\n * Licensed under the OpenSSL license (the \u0022License\u0022). You may not use\n * this file except in compliance with the License. You can obtain a copy\n@@ -21,68 +21,69 @@ long BIO_debug_callback(BIO *bio, int cmd, const char *argp,\n char buf[256];\n char *p;\n long r \u003d 1;\n- int len;\n+ int len, left;\n \n if (BIO_CB_RETURN \u0026 cmd)\n r \u003d ret;\n \n- len \u003d sprintf(buf, \u0022BIO[%p]: \u0022, (void *)bio);\n+ len \u003d BIO_snprintf(buf, sizeof(buf), \u0022BIO[%p]: \u0022, (void *)bio);\n \n /* Ignore errors and continue printing the other information. */\n if (len \u003c 0)\n len \u003d 0;\n p \u003d buf + len;\n+ left \u003d sizeof(buf) - len;\n \n switch (cmd) {\n case BIO_CB_FREE:\n- sprintf(p, \u0022Free - %s\u005cn\u0022, bio-\u003emethod-\u003ename);\n+ BIO_snprintf(p, left, \u0022Free - %s\u005cn\u0022, bio-\u003emethod-\u003ename);\n break;\n case BIO_CB_READ:\n if (bio-\u003emethod-\u003etype \u0026 BIO_TYPE_DESCRIPTOR)\n- sprintf(p, \u0022read(%d,%lu) - %s fd\u003d%d\u005cn\u0022,\n- bio-\u003enum, (unsigned long)argi,\n- bio-\u003emethod-\u003ename, bio-\u003enum);\n+ BIO_snprintf(p, left, \u0022read(%d,%lu) - %s fd\u003d%d\u005cn\u0022,\n+ bio-\u003enum, (unsigned long)argi,\n+ bio-\u003emethod-\u003ename, bio-\u003enum);\n else\n- sprintf(p, \u0022read(%d,%lu) - %s\u005cn\u0022,\n+ BIO_snprintf(p, left, \u0022read(%d,%lu) - %s\u005cn\u0022,\n bio-\u003enum, (unsigned long)argi, bio-\u003emethod-\u003ename);\n break;\n case BIO_CB_WRITE:\n if (bio-\u003emethod-\u003etype \u0026 BIO_TYPE_DESCRIPTOR)\n- sprintf(p, \u0022write(%d,%lu) - %s fd\u003d%d\u005cn\u0022,\n- bio-\u003enum, (unsigned long)argi,\n- bio-\u003emethod-\u003ename, bio-\u003enum);\n+ BIO_snprintf(p, left, \u0022write(%d,%lu) - %s fd\u003d%d\u005cn\u0022,\n+ bio-\u003enum, (unsigned long)argi,\n+ bio-\u003emethod-\u003ename, bio-\u003enum);\n else\n- sprintf(p, \u0022write(%d,%lu) - %s\u005cn\u0022,\n- bio-\u003enum, (unsigned long)argi, bio-\u003emethod-\u003ename);\n+ BIO_snprintf(p, left, \u0022write(%d,%lu) - %s\u005cn\u0022,\n+ bio-\u003enum, (unsigned long)argi, bio-\u003emethod-\u003ename);\n break;\n case BIO_CB_PUTS:\n- sprintf(p, \u0022puts() - %s\u005cn\u0022, bio-\u003emethod-\u003ename);\n+ BIO_snprintf(p, left, \u0022puts() - %s\u005cn\u0022, bio-\u003emethod-\u003ename);\n break;\n case BIO_CB_GETS:\n- sprintf(p, \u0022gets(%lu) - %s\u005cn\u0022, (unsigned long)argi,\n- bio-\u003emethod-\u003ename);\n+ BIO_snprintf(p, left, \u0022gets(%lu) - %s\u005cn\u0022, (unsigned long)argi,\n+ bio-\u003emethod-\u003ename);\n break;\n case BIO_CB_CTRL:\n- sprintf(p, \u0022ctrl(%lu) - %s\u005cn\u0022, (unsigned long)argi,\n- bio-\u003emethod-\u003ename);\n+ BIO_snprintf(p, left, \u0022ctrl(%lu) - %s\u005cn\u0022, (unsigned long)argi,\n+ bio-\u003emethod-\u003ename);\n break;\n case BIO_CB_RETURN | BIO_CB_READ:\n- sprintf(p, \u0022read return %ld\u005cn\u0022, ret);\n+ BIO_snprintf(p, left, \u0022read return %ld\u005cn\u0022, ret);\n break;\n case BIO_CB_RETURN | BIO_CB_WRITE:\n- sprintf(p, \u0022write return %ld\u005cn\u0022, ret);\n+ BIO_snprintf(p, left, \u0022write return %ld\u005cn\u0022, ret);\n break;\n case BIO_CB_RETURN | BIO_CB_GETS:\n- sprintf(p, \u0022gets return %ld\u005cn\u0022, ret);\n+ BIO_snprintf(p, left, \u0022gets return %ld\u005cn\u0022, ret);\n break;\n case BIO_CB_RETURN | BIO_CB_PUTS:\n- sprintf(p, \u0022puts return %ld\u005cn\u0022, ret);\n+ BIO_snprintf(p, left, \u0022puts return %ld\u005cn\u0022, ret);\n break;\n case BIO_CB_RETURN | BIO_CB_CTRL:\n- sprintf(p, \u0022ctrl return %ld\u005cn\u0022, ret);\n+ BIO_snprintf(p, left, \u0022ctrl return %ld\u005cn\u0022, ret);\n break;\n default:\n- sprintf(p, \u0022bio callback - unknown type (%d)\u005cn\u0022, cmd);\n+ BIO_snprintf(p, left, \u0022bio callback - unknown type (%d)\u005cn\u0022, cmd);\n break;\n }\n \n@@ -93,5 +94,5 @@ long BIO_debug_callback(BIO *bio, int cmd, const char *argp,\n else\n fputs(buf, stderr);\n #endif\n- return (r);\n+ return r;\n }\ndiff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c\nindex 49d8f09..e7bbc31 100644\n--- a/crypto/bio/bss_file.c\n+++ b/crypto/bio/bss_file.c\n@@ -1,5 +1,5 @@\n /*\n- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.\n+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.\n *\n * Licensed under the OpenSSL license (the \u0022License\u0022). You may not use\n * this file except in compliance with the License. You can obtain a copy\n@@ -85,17 +85,17 @@ BIO *BIO_new_file(const char *filename, const char *mode)\n BIOerr(BIO_F_BIO_NEW_FILE, BIO_R_NO_SUCH_FILE);\n else\n BIOerr(BIO_F_BIO_NEW_FILE, ERR_R_SYS_LIB);\n- return (NULL);\n+ return NULL;\n }\n if ((ret \u003d BIO_new(BIO_s_file())) \u003d\u003d NULL) {\n fclose(file);\n- return (NULL);\n+ return NULL;\n }\n \n BIO_clear_flags(ret, BIO_FLAGS_UPLINK); /* we did fopen -\u003e we disengage\n * UPLINK */\n BIO_set_fp(ret, file, fp_flags);\n- return (ret);\n+ return ret;\n }\n \n BIO *BIO_new_fp(FILE *stream, int close_flag)\n@@ -103,17 +103,17 @@ BIO *BIO_new_fp(FILE *stream, int close_flag)\n BIO *ret;\n \n if ((ret \u003d BIO_new(BIO_s_file())) \u003d\u003d NULL)\n- return (NULL);\n+ return NULL;\n \n /* redundant flag, left for documentation purposes */\n BIO_set_flags(ret, BIO_FLAGS_UPLINK);\n BIO_set_fp(ret, stream, close_flag);\n- return (ret);\n+ return ret;\n }\n \n const BIO_METHOD *BIO_s_file(void)\n {\n- return (\u0026methods_filep);\n+ return \u0026methods_filep;\n }\n \n static int file_new(BIO *bi)\n@@ -122,13 +122,13 @@ static int file_new(BIO *bi)\n bi-\u003enum \u003d 0;\n bi-\u003eptr \u003d NULL;\n bi-\u003eflags \u003d BIO_FLAGS_UPLINK; /* default to UPLINK */\n- return (1);\n+ return 1;\n }\n \n static int file_free(BIO *a)\n {\n if (a \u003d\u003d NULL)\n- return (0);\n+ return 0;\n if (a-\u003eshutdown) {\n if ((a-\u003einit) \u0026\u0026 (a-\u003eptr !\u003d NULL)) {\n if (a-\u003eflags \u0026 BIO_FLAGS_UPLINK)\n@@ -140,7 +140,7 @@ static int file_free(BIO *a)\n }\n a-\u003einit \u003d 0;\n }\n- return (1);\n+ return 1;\n }\n \n static int file_read(BIO *b, char *out, int outl)\n@@ -160,7 +160,7 @@ static int file_read(BIO *b, char *out, int outl)\n ret \u003d -1;\n }\n }\n- return (ret);\n+ return ret;\n }\n \n static int file_write(BIO *b, const char *in, int inl)\n@@ -181,7 +181,7 @@ static int file_write(BIO *b, const char *in, int inl)\n * implementations (VMS)\n */\n }\n- return (ret);\n+ return ret;\n }\n \n static long file_ctrl(BIO *b, int cmd, long num, void *ptr)\n@@ -271,15 +271,15 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr)\n b-\u003eshutdown \u003d (int)num \u0026 BIO_CLOSE;\n if (num \u0026 BIO_FP_APPEND) {\n if (num \u0026 BIO_FP_READ)\n- strcpy(p, \u0022a+\u0022);\n+ OPENSSL_strlcpy(p, \u0022a+\u0022, sizeof(p));\n else\n- strcpy(p, \u0022a\u0022);\n+ OPENSSL_strlcpy(p, \u0022a\u0022, sizeof(p));\n } else if ((num \u0026 BIO_FP_READ) \u0026\u0026 (num \u0026 BIO_FP_WRITE))\n- strcpy(p, \u0022r+\u0022);\n+ OPENSSL_strlcpy(p, \u0022r+\u0022, sizeof(p));\n else if (num \u0026 BIO_FP_WRITE)\n- strcpy(p, \u0022w\u0022);\n+ OPENSSL_strlcpy(p, \u0022w\u0022, sizeof(p));\n else if (num \u0026 BIO_FP_READ)\n- strcpy(p, \u0022r\u0022);\n+ OPENSSL_strlcpy(p, \u0022r\u0022, sizeof(p));\n else {\n BIOerr(BIO_F_FILE_CTRL, BIO_R_BAD_FOPEN_MODE);\n ret \u003d 0;\n@@ -287,9 +287,9 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr)\n }\n # if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32_CYGWIN)\n if (!(num \u0026 BIO_FP_TEXT))\n- strcat(p, \u0022b\u0022);\n+ OPENSSL_strlcat(p, \u0022b\u0022, sizeof(p));\n else\n- strcat(p, \u0022t\u0022);\n+ OPENSSL_strlcat(p, \u0022t\u0022, sizeof(p));\n # endif\n fp \u003d openssl_fopen(ptr, p);\n if (fp \u003d\u003d NULL) {\n@@ -339,7 +339,7 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr)\n ret \u003d 0;\n break;\n }\n- return (ret);\n+ return ret;\n }\n \n static int file_gets(BIO *bp, char *buf, int size)\n@@ -357,7 +357,7 @@ static int file_gets(BIO *bp, char *buf, int size)\n if (buf[0] !\u003d '\u005c0')\n ret \u003d strlen(buf);\n err:\n- return (ret);\n+ return ret;\n }\n \n static int file_puts(BIO *bp, const char *str)\n@@ -366,7 +366,7 @@ static int file_puts(BIO *bp, const char *str)\n \n n \u003d strlen(str);\n ret \u003d file_write(bp, str, n);\n- return (ret);\n+ return ret;\n }\n \n #else\n@@ -419,7 +419,7 @@ static const BIO_METHOD methods_filep \u003d {\n \n const BIO_METHOD *BIO_s_file(void)\n {\n- return (\u0026methods_filep);\n+ return \u0026methods_filep;\n }\n \n BIO *BIO_new_file(const char *filename, const char *mode)\n","s":{"c":1752657312,"u": 69729}} ],"g": 71702,"chitpc": 0,"ehitpc": 0,"indexed":0 , "ab": 0, "si": 0, "db":0, "di":0, "sat":0, "lfc": "0000"}