Commit d5787397 authored by Mark Andrews's avatar Mark Andrews

Simplify hash computation to prevent pointer being classed as tainted.

mem.c:add_trace_entry() -> isc_hash_function() -> isc_siphash24()

129        for (; in != end; in += 8) {

	6. byte_swapping: Performing a byte swapping operation on
	in implies that it came from an external source, and is
	therefore tainted.

130                uint64_t m = U8TO64_LE(in);
parent dcb38db6
Pipeline #34438 failed with stages
in 19 minutes and 52 seconds
......@@ -272,7 +272,15 @@ add_trace_entry(isc__mem_t *mctx, const void *ptr, size_t size FLARG) {
return;
}
#ifdef __COVERITY__
/*
* Use simple conversion from pointer to hash to avoid
* tainting 'ptr' due to byte swap in isc_hash_function.
*/
hash = (uintptr_t)ptr >> 3;
#else
hash = isc_hash_function(&ptr, sizeof(ptr), true);
#endif
idx = hash % DEBUG_TABLE_COUNT;
dl = malloc(sizeof(debuglink_t));
......@@ -308,7 +316,15 @@ delete_trace_entry(isc__mem_t *mctx, const void *ptr, size_t size,
return;
}
#ifdef __COVERITY__
/*
* Use simple conversion from pointer to hash to avoid
* tainting 'ptr' due to byte swap in isc_hash_function.
*/
hash = (uintptr_t)ptr >> 3;
#else
hash = isc_hash_function(&ptr, sizeof(ptr), true);
#endif
idx = hash % DEBUG_TABLE_COUNT;
dl = ISC_LIST_HEAD(mctx->debuglist[idx]);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment