2547. [bug] openssl_link.c:mem_realloc() could reference an

			out-of-range area of the source buffer.  New public
			function isc_mem_reallocate() was introduced to address
			this bug. [RT #19313]
parent d7a7065f
2547. [bug] openssl_link.c:mem_realloc() could reference an
out-of-range area of the source buffer. New public
function isc_mem_reallocate() was introduced to address
this bug. [RT #19313]
2546. [func] Add --enable-openssl-hash configure flag to use
OpenSSL (in place of internal routine) for hash
functions (MD5, SHA[12] and HMAC). [RT #18815]
......
......@@ -31,7 +31,7 @@
/*
* Principal Author: Brian Wellington
* $Id: openssl_link.c,v 1.24 2009/01/17 23:47:42 tbox Exp $
* $Id: openssl_link.c,v 1.25 2009/02/11 03:04:18 jinmei Exp $
*/
#ifdef OPENSSL
......@@ -148,18 +148,8 @@ mem_free(void *ptr) {
static void *
mem_realloc(void *ptr, size_t size) {
void *p;
INSIST(dst__memory_pool != NULL);
p = NULL;
if (size > 0U) {
p = mem_alloc(size);
if (p != NULL && ptr != NULL)
memcpy(p, ptr, size);
}
if (ptr != NULL)
mem_free(ptr);
return (p);
return (isc_mem_reallocate(dst__memory_pool, ptr, size));
}
isc_result_t
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: mem.h,v 1.80 2009/01/17 23:47:43 tbox Exp $ */
/* $Id: mem.h,v 1.81 2009/02/11 03:04:18 jinmei Exp $ */
#ifndef ISC_MEM_H
#define ISC_MEM_H 1
......@@ -154,6 +154,7 @@ LIBISC_EXTERNAL_DATA extern unsigned int isc_mem_debugging;
#define isc_mem_get(c, s) isc__mem_get((c), (s) _ISC_MEM_FILELINE)
#define isc_mem_allocate(c, s) isc__mem_allocate((c), (s) _ISC_MEM_FILELINE)
#define isc_mem_reallocate(c, p, s) isc__mem_reallocate((c), (p), (s) _ISC_MEM_FILELINE)
#define isc_mem_strdup(c, p) isc__mem_strdup((c), (p) _ISC_MEM_FILELINE)
#define isc_mempool_get(c) isc__mempool_get((c) _ISC_MEM_FILELINE)
......@@ -612,6 +613,8 @@ void
isc__mem_put(isc_mem_t *, void *, size_t _ISC_MEM_FLARG);
void *
isc__mem_allocate(isc_mem_t *, size_t _ISC_MEM_FLARG);
void *
isc__mem_reallocate(isc_mem_t *, void *, size_t _ISC_MEM_FLARG);
void
isc__mem_free(isc_mem_t *, void * _ISC_MEM_FLARG);
char *
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: mem.c,v 1.147 2009/01/22 23:47:54 tbox Exp $ */
/* $Id: mem.c,v 1.148 2009/02/11 03:04:18 jinmei Exp $ */
/*! \file */
......@@ -1365,6 +1365,40 @@ isc__mem_allocate(isc_mem_t *ctx, size_t size FLARG) {
return (si);
}
void *
isc__mem_reallocate(isc_mem_t *ctx, void *ptr, size_t size FLARG) {
void *new_ptr = NULL;
size_t oldsize, copysize;
REQUIRE(VALID_CONTEXT(ctx));
/*
* This function emulates the realloc(3) standard library function:
* - if size > 0, allocate new memory; and if ptr is non NULL, copy
* as much of the old contents to the new buffer and free the old one.
* Note that when allocation fails the original pointer is intact;
* the caller must free it.
* - if size is 0 and ptr is non NULL, simply free the given ptr.
* - this function returns:
* pointer to the newly allocated memory, or
* NULL if allocation fails or doesn't happen.
*/
if (size > 0U) {
new_ptr = isc__mem_allocate(ctx, size FLARG_PASS);
if (new_ptr != NULL && ptr != NULL) {
oldsize = (((size_info *)ptr)[-1]).u.size;
INSIST(oldsize >= ALIGNMENT_SIZE);
oldsize -= ALIGNMENT_SIZE;
copysize = oldsize > size ? size : oldsize;
memcpy(new_ptr, ptr, copysize);
isc__mem_free(ctx, ptr FLARG_PASS);
}
} else if (ptr != NULL)
isc__mem_free(ctx, ptr FLARG_PASS);
return (new_ptr);
}
void
isc__mem_free(isc_mem_t *ctx, void *ptr FLARG) {
size_info *si;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment