[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnunet] 01/06: check return values from GNSRECORD_record_s
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [gnunet] 01/06: check return values from GNSRECORD_record_serialize/size always |
|
Date: |
Sun, 20 May 2018 23:59:05 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository gnunet.
commit d080cb1ed80a0e528b2b755ee48ca18cb670175e
Author: Christian Grothoff <address@hidden>
AuthorDate: Sun May 20 23:40:20 2018 +0200
check return values from GNSRECORD_record_serialize/size always
---
src/gns/gnunet-service-gns.c | 27 +++-
src/gns/gnunet-service-gns_resolver.c | 21 ++-
src/gnsrecord/gnsrecord_crypto.c | 83 ++++++-----
src/gnsrecord/gnsrecord_serialization.c | 34 ++++-
src/include/gnunet_gnsrecord_lib.h | 4 +-
src/namestore/gnunet-service-namestore.c | 230 ++++++++++++++++++++----------
src/namestore/namestore_api.c | 20 ++-
src/namestore/namestore_api_monitor.c | 7 +-
src/namestore/plugin_namestore_flat.c | 16 ++-
src/namestore/plugin_namestore_postgres.c | 11 +-
src/namestore/plugin_namestore_sqlite.c | 9 +-
11 files changed, 318 insertions(+), 144 deletions(-)
diff --git a/src/gns/gnunet-service-gns.c b/src/gns/gnunet-service-gns.c
index cffae824d..aaa4aeb0e 100644
--- a/src/gns/gnunet-service-gns.c
+++ b/src/gns/gnunet-service-gns.c
@@ -334,30 +334,43 @@ client_connect_cb (void *cls,
* @param rd the record data
*/
static void
-send_lookup_response (void* cls,
+send_lookup_response (void *cls,
uint32_t rd_count,
const struct GNUNET_GNSRECORD_Data *rd)
{
struct ClientLookupHandle *clh = cls;
struct GnsClient *gc = clh->gc;
- struct GNUNET_MQ_Envelope *env;
+ struct GNUNET_MQ_Envelope *env;
struct LookupResultMessage *rmsg;
- size_t len;
+ ssize_t len;
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Sending LOOKUP_RESULT message with %u results\n",
(unsigned int) rd_count);
len = GNUNET_GNSRECORD_records_get_size (rd_count,
rd);
+ if (len < 0)
+ {
+ GNUNET_break (0);
+ GNUNET_SERVICE_client_drop (gc->client);
+ return;
+ }
+ if (len > UINT16_MAX - sizeof (*rmsg))
+ {
+ GNUNET_break (0);
+ GNUNET_SERVICE_client_drop (gc->client);
+ return;
+ }
env = GNUNET_MQ_msg_extra (rmsg,
len,
GNUNET_MESSAGE_TYPE_GNS_LOOKUP_RESULT);
rmsg->id = clh->request_id;
rmsg->rd_count = htonl (rd_count);
- GNUNET_GNSRECORD_records_serialize (rd_count,
- rd,
- len,
- (char*) &rmsg[1]);
+ GNUNET_assert (len ==
+ GNUNET_GNSRECORD_records_serialize (rd_count,
+ rd,
+ len,
+ (char*) &rmsg[1]));
GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq (gc->client),
env);
GNUNET_CONTAINER_DLL_remove (gc->clh_head,
diff --git a/src/gns/gnunet-service-gns_resolver.c
b/src/gns/gnunet-service-gns_resolver.c
index b66516363..8593e281e 100644
--- a/src/gns/gnunet-service-gns_resolver.c
+++ b/src/gns/gnunet-service-gns_resolver.c
@@ -280,7 +280,7 @@ struct VpnContext
/**
* Number of bytes in @e rd_data.
*/
- size_t rd_data_size;
+ ssize_t rd_data_size;
};
@@ -1319,7 +1319,7 @@ vpn_allocation_cb (void *cls,
vpn_ctx->vpn_request = NULL;
rh->vpn_ctx = NULL;
GNUNET_assert (GNUNET_OK ==
- GNUNET_GNSRECORD_records_deserialize (vpn_ctx->rd_data_size,
+ GNUNET_GNSRECORD_records_deserialize ((size_t)
vpn_ctx->rd_data_size,
vpn_ctx->rd_data,
vpn_ctx->rd_count,
rd));
@@ -1901,13 +1901,20 @@ handle_gns_resolution_result (void *cls,
vpn_ctx->rh = rh;
vpn_ctx->rd_data_size = GNUNET_GNSRECORD_records_get_size (rd_count,
rd);
- vpn_ctx->rd_data = GNUNET_malloc (vpn_ctx->rd_data_size);
+ if (vpn_ctx->rd_data_size < 0)
+ {
+ GNUNET_break_op (0);
+ GNUNET_free (vpn_ctx);
+ fail_resolution (rh);
+ return;
+ }
+ vpn_ctx->rd_data = GNUNET_malloc ((size_t) vpn_ctx->rd_data_size);
vpn_ctx->rd_count = rd_count;
GNUNET_assert (vpn_ctx->rd_data_size ==
- (size_t) GNUNET_GNSRECORD_records_serialize
(rd_count,
- rd,
-
vpn_ctx->rd_data_size,
-
vpn_ctx->rd_data));
+ GNUNET_GNSRECORD_records_serialize (rd_count,
+ rd,
+ (size_t)
vpn_ctx->rd_data_size,
+
vpn_ctx->rd_data));
vpn_ctx->vpn_request = GNUNET_VPN_redirect_to_peer (vpn_handle,
af,
ntohs
(vpn->proto),
diff --git a/src/gnsrecord/gnsrecord_crypto.c b/src/gnsrecord/gnsrecord_crypto.c
index 6d59a545a..6d3887392 100644
--- a/src/gnsrecord/gnsrecord_crypto.c
+++ b/src/gnsrecord/gnsrecord_crypto.c
@@ -87,9 +87,8 @@ block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
const struct GNUNET_GNSRECORD_Data *rd,
unsigned int rd_count)
{
- size_t payload_len = GNUNET_GNSRECORD_records_get_size (rd_count,
- rd);
- char payload[sizeof (uint32_t) + payload_len];
+ ssize_t payload_len = GNUNET_GNSRECORD_records_get_size (rd_count,
+ rd);
struct GNUNET_GNSRECORD_Block *block;
struct GNUNET_CRYPTO_EcdsaPrivateKey *dkey;
struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
@@ -98,8 +97,16 @@ block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey
*key,
uint32_t rd_count_nbo;
struct GNUNET_TIME_Absolute now;
+ if (payload_len < 0)
+ {
+ GNUNET_break (0);
+ return NULL;
+ }
if (payload_len > GNUNET_GNSRECORD_MAX_BLOCK_SIZE)
+ {
+ GNUNET_break (0);
return NULL;
+ }
/* convert relative to absolute times */
now = GNUNET_TIME_absolute_get ();
for (unsigned int i=0;i<rd_count;i++)
@@ -117,39 +124,43 @@ block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey
*key,
}
/* serialize */
rd_count_nbo = htonl (rd_count);
- GNUNET_memcpy (payload,
- &rd_count_nbo,
- sizeof (uint32_t));
- GNUNET_assert (payload_len ==
- GNUNET_GNSRECORD_records_serialize (rd_count,
- rdc,
- payload_len,
- &payload[sizeof
(uint32_t)]));
- block = GNUNET_malloc (sizeof (struct GNUNET_GNSRECORD_Block) +
- sizeof (uint32_t) +
- payload_len);
- block->purpose.size = htonl (sizeof (uint32_t) +
- payload_len +
- sizeof (struct
GNUNET_CRYPTO_EccSignaturePurpose) +
- sizeof (struct GNUNET_TIME_AbsoluteNBO));
- block->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN);
- block->expiration_time = GNUNET_TIME_absolute_hton (expire);
- /* encrypt and sign */
- dkey = GNUNET_CRYPTO_ecdsa_private_key_derive (key,
- label,
- "gns");
- GNUNET_CRYPTO_ecdsa_key_get_public (dkey,
- &block->derived_key);
- derive_block_aes_key (&iv,
- &skey,
- label,
- pkey);
- GNUNET_break (payload_len + sizeof (uint32_t) ==
- GNUNET_CRYPTO_symmetric_encrypt (payload,
- payload_len + sizeof
(uint32_t),
- &skey,
- &iv,
- &block[1]));
+ {
+ char payload[sizeof (uint32_t) + payload_len];
+
+ GNUNET_memcpy (payload,
+ &rd_count_nbo,
+ sizeof (uint32_t));
+ GNUNET_assert (payload_len ==
+ GNUNET_GNSRECORD_records_serialize (rd_count,
+ rdc,
+ payload_len,
+ &payload[sizeof
(uint32_t)]));
+ block = GNUNET_malloc (sizeof (struct GNUNET_GNSRECORD_Block) +
+ sizeof (uint32_t) +
+ payload_len);
+ block->purpose.size = htonl (sizeof (uint32_t) +
+ payload_len +
+ sizeof (struct
GNUNET_CRYPTO_EccSignaturePurpose) +
+ sizeof (struct GNUNET_TIME_AbsoluteNBO));
+ block->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN);
+ block->expiration_time = GNUNET_TIME_absolute_hton (expire);
+ /* encrypt and sign */
+ dkey = GNUNET_CRYPTO_ecdsa_private_key_derive (key,
+ label,
+ "gns");
+ GNUNET_CRYPTO_ecdsa_key_get_public (dkey,
+ &block->derived_key);
+ derive_block_aes_key (&iv,
+ &skey,
+ label,
+ pkey);
+ GNUNET_break (payload_len + sizeof (uint32_t) ==
+ GNUNET_CRYPTO_symmetric_encrypt (payload,
+ payload_len + sizeof
(uint32_t),
+ &skey,
+ &iv,
+ &block[1]));
+ }
if (GNUNET_OK !=
GNUNET_CRYPTO_ecdsa_sign (dkey,
&block->purpose,
diff --git a/src/gnsrecord/gnsrecord_serialization.c
b/src/gnsrecord/gnsrecord_serialization.c
index 6164fa3db..5a862f82f 100644
--- a/src/gnsrecord/gnsrecord_serialization.c
+++ b/src/gnsrecord/gnsrecord_serialization.c
@@ -78,9 +78,9 @@ GNUNET_NETWORK_STRUCT_END
*
* @param rd_count number of records in the rd array
* @param rd array of #GNUNET_GNSRECORD_Data with @a rd_count elements
- * @return the required size to serialize
+ * @return the required size to serialize, -1 on error
*/
-size_t
+ssize_t
GNUNET_GNSRECORD_records_get_size (unsigned int rd_count,
const struct GNUNET_GNSRECORD_Data *rd)
{
@@ -89,10 +89,34 @@ GNUNET_GNSRECORD_records_get_size (unsigned int rd_count,
ret = sizeof (struct NetworkRecord) * rd_count;
for (unsigned int i=0;i<rd_count;i++)
{
- GNUNET_assert ((ret + rd[i].data_size) >= ret);
+ if ((ret + rd[i].data_size) < ret)
+ {
+ GNUNET_break (0);
+ return -1;
+ }
ret += rd[i].data_size;
+#if GNUNET_EXTRA_LOGGING
+ {
+ char *str;
+
+ str = GNUNET_GNSRECORD_value_to_string (rd[i].record_type,
+ rd[i].data,
+ rd[i].data_size);
+ if (NULL == str)
+ {
+ GNUNET_break_op (0);
+ return -1;
+ }
+ GNUNET_free (str);
+ }
+#endif
}
- return ret;
+ if (ret > SSIZE_MAX)
+ {
+ GNUNET_break (0);
+ return -1;
+ }
+ return (ssize_t) ret;
}
@@ -156,7 +180,7 @@ GNUNET_GNSRECORD_records_serialize (unsigned int rd_count,
if (NULL == str)
{
GNUNET_break_op (0);
- return GNUNET_SYSERR;
+ return -1;
}
GNUNET_free (str);
}
diff --git a/src/include/gnunet_gnsrecord_lib.h
b/src/include/gnunet_gnsrecord_lib.h
index 38346ada3..56dadef3a 100644
--- a/src/include/gnunet_gnsrecord_lib.h
+++ b/src/include/gnunet_gnsrecord_lib.h
@@ -411,9 +411,9 @@ GNUNET_GNSRECORD_number_to_typename (uint32_t type);
*
* @param rd_count number of records in the @a rd array
* @param rd array of #GNUNET_GNSRECORD_Data with @a rd_count elements
- * @return the required size to serialize
+ * @return the required size to serialize, -1 on error
*/
-size_t
+ssize_t
GNUNET_GNSRECORD_records_get_size (unsigned int rd_count,
const struct GNUNET_GNSRECORD_Data *rd);
diff --git a/src/namestore/gnunet-service-namestore.c
b/src/namestore/gnunet-service-namestore.c
index 8e88558de..1c73e2408 100644
--- a/src/namestore/gnunet-service-namestore.c
+++ b/src/namestore/gnunet-service-namestore.c
@@ -551,6 +551,7 @@ merge_with_nick_records (const struct GNUNET_GNSRECORD_Data
*nick_rd,
size_t req;
char *data;
size_t data_offset;
+ struct GNUNET_GNSRECORD_Data *target;
(*rdc_res) = 1 + rd2_length;
if (0 == 1 + rd2_length)
@@ -560,38 +561,52 @@ merge_with_nick_records (const struct
GNUNET_GNSRECORD_Data *nick_rd,
return;
}
req = sizeof (struct GNUNET_GNSRECORD_Data) + nick_rd->data_size;
- for (unsigned int c=0; c< rd2_length; c++)
- req += sizeof (struct GNUNET_GNSRECORD_Data) + rd2[c].data_size;
- (*rd_res) = GNUNET_malloc (req);
- data = (char *) &(*rd_res)[1 + rd2_length];
+ for (unsigned int i=0; i<rd2_length; i++)
+ {
+ const struct GNUNET_GNSRECORD_Data *orig = &rd2[i];
+
+ if (req + sizeof (struct GNUNET_GNSRECORD_Data) + orig->data_size < req)
+ {
+ GNUNET_break (0);
+ (*rd_res) = NULL;
+ return;
+ }
+ req += sizeof (struct GNUNET_GNSRECORD_Data) + orig->data_size;
+ }
+ target = GNUNET_malloc (req);
+ (*rd_res) = target;
+ data = (char *) &target[1 + rd2_length];
data_offset = 0;
latest_expiration = 0;
- for (unsigned int c=0; c< rd2_length; c++)
+ for (unsigned int i=0;i<rd2_length;i++)
{
- if (0 != (rd2[c].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION))
+ const struct GNUNET_GNSRECORD_Data *orig = &rd2[i];
+
+ if (0 != (orig->flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION))
{
- if ((GNUNET_TIME_absolute_get().abs_value_us + rd2[c].expiration_time) >
- latest_expiration)
- latest_expiration = rd2[c].expiration_time;
+ if ((GNUNET_TIME_absolute_get().abs_value_us + orig->expiration_time) >
+ latest_expiration)
+ latest_expiration = orig->expiration_time;
}
- else if (rd2[c].expiration_time > latest_expiration)
- latest_expiration = rd2[c].expiration_time;
- (*rd_res)[c] = rd2[c];
- (*rd_res)[c].data = (void *) &data[data_offset];
+ else if (orig->expiration_time > latest_expiration)
+ latest_expiration = orig->expiration_time;
+ target[i] = *orig;
+ target[i].data = (void *) &data[data_offset];
GNUNET_memcpy (&data[data_offset],
- rd2[c].data,
- rd2[c].data_size);
- data_offset += (*rd_res)[c].data_size;
+ orig->data,
+ orig->data_size);
+ data_offset += orig->data_size;
}
/* append nick */
- (*rd_res)[rd2_length] = *nick_rd;
- (*rd_res)[rd2_length].expiration_time = latest_expiration;
- (*rd_res)[rd2_length].data = (void *) &data[data_offset];
- GNUNET_memcpy ((void *) (*rd_res)[rd2_length].data,
+ target[rd2_length] = *nick_rd;
+ target[rd2_length].expiration_time = latest_expiration;
+ target[rd2_length].data = (void *) &data[data_offset];
+ GNUNET_memcpy (&data[data_offset],
nick_rd->data,
nick_rd->data_size);
- data_offset += (*rd_res)[rd2_length].data_size;
- GNUNET_assert (req == (sizeof (struct GNUNET_GNSRECORD_Data)) * (*rdc_res) +
data_offset);
+ data_offset += nick_rd->data_size;
+ GNUNET_assert (req ==
+ (sizeof (struct GNUNET_GNSRECORD_Data)) * (*rdc_res) +
data_offset);
}
@@ -620,11 +635,16 @@ send_lookup_response (struct NamestoreClient *nc,
struct GNUNET_GNSRECORD_Data *res;
unsigned int res_count;
size_t name_len;
- size_t rd_ser_len;
+ ssize_t rd_ser_len;
char *name_tmp;
char *rd_ser;
nick = get_nick_record (zone_key);
+
+ GNUNET_assert (-1 !=
+ GNUNET_GNSRECORD_records_get_size (rd_count,
+ rd));
+
if ( (NULL != nick) &&
(0 != strcmp (name,
GNUNET_GNS_EMPTY_LABEL_AT)))
@@ -643,26 +663,44 @@ send_lookup_response (struct NamestoreClient *nc,
res = (struct GNUNET_GNSRECORD_Data *) rd;
}
+ GNUNET_assert (-1 !=
+ GNUNET_GNSRECORD_records_get_size (res_count,
+ res));
+
+
name_len = strlen (name) + 1;
rd_ser_len = GNUNET_GNSRECORD_records_get_size (res_count,
res);
+ if (rd_ser_len < 0)
+ {
+ GNUNET_break (0);
+ GNUNET_SERVICE_client_drop (nc->client);
+ return;
+ }
+ if (rd_ser_len >= UINT16_MAX - name_len - sizeof (*zir_msg))
+ {
+ GNUNET_break (0);
+ GNUNET_SERVICE_client_drop (nc->client);
+ return;
+ }
env = GNUNET_MQ_msg_extra (zir_msg,
name_len + rd_ser_len,
GNUNET_MESSAGE_TYPE_NAMESTORE_RECORD_RESULT);
zir_msg->gns_header.r_id = htonl (request_id);
zir_msg->name_len = htons (name_len);
zir_msg->rd_count = htons (res_count);
- zir_msg->rd_len = htons (rd_ser_len);
+ zir_msg->rd_len = htons ((uint16_t) rd_ser_len);
zir_msg->private_key = *zone_key;
name_tmp = (char *) &zir_msg[1];
GNUNET_memcpy (name_tmp,
name,
name_len);
rd_ser = &name_tmp[name_len];
- GNUNET_GNSRECORD_records_serialize (res_count,
- res,
- rd_ser_len,
- rd_ser);
+ GNUNET_assert (rd_ser_len ==
+ GNUNET_GNSRECORD_records_serialize (res_count,
+ res,
+ rd_ser_len,
+ rd_ser));
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Sending RECORD_RESULT message with %u records\n",
res_count);
@@ -1073,12 +1111,13 @@ struct RecordLookupContext
/**
* FIXME.
*/
- size_t rd_ser_len;
+ ssize_t rd_ser_len;
};
/**
* FIXME.
+ *
* @param seq sequence number of the record
*/
static void
@@ -1090,60 +1129,93 @@ lookup_it (void *cls,
const struct GNUNET_GNSRECORD_Data *rd)
{
struct RecordLookupContext *rlc = cls;
- struct GNUNET_GNSRECORD_Data *rd_res;
- unsigned int rdc_res;
(void) private_key;
(void) seq;
- if (0 == strcmp (label,
+ if (0 != strcmp (label,
rlc->label))
+ return;
+ rlc->found = GNUNET_YES;
+ if (0 == rd_count)
{
- rlc->found = GNUNET_YES;
- if (0 != rd_count)
+ rlc->rd_ser_len = 0;
+ rlc->res_rd_count = 0;
+ rlc->res_rd = NULL;
+ return;
+ }
+ if ( (NULL != rlc->nick) &&
+ (0 != strcmp (label,
+ GNUNET_GNS_EMPTY_LABEL_AT)) )
+ {
+ /* Merge */
+ struct GNUNET_GNSRECORD_Data *rd_res;
+ unsigned int rdc_res;
+
+ rd_res = NULL;
+ rdc_res = 0;
+ rlc->nick->flags = (rlc->nick->flags | GNUNET_GNSRECORD_RF_PRIVATE) ^
GNUNET_GNSRECORD_RF_PRIVATE;
+ merge_with_nick_records (rlc->nick,
+ rd_count,
+ rd,
+ &rdc_res,
+ &rd_res);
+ rlc->rd_ser_len = GNUNET_GNSRECORD_records_get_size (rdc_res,
+ rd_res);
+ if (rlc->rd_ser_len < 0)
{
- if ( (NULL != rlc->nick) &&
- (0 != strcmp (label,
- GNUNET_GNS_EMPTY_LABEL_AT)) )
- {
- /* Merge */
- rd_res = NULL;
- rdc_res = 0;
- rlc->nick->flags = (rlc->nick->flags | GNUNET_GNSRECORD_RF_PRIVATE) ^
GNUNET_GNSRECORD_RF_PRIVATE;
- merge_with_nick_records (rlc->nick,
- rd_count,
- rd,
- &rdc_res,
- &rd_res);
- rlc->rd_ser_len = GNUNET_GNSRECORD_records_get_size (rdc_res,
- rd_res);
- rlc->res_rd_count = rdc_res;
- rlc->res_rd = GNUNET_malloc (rlc->rd_ser_len);
+ GNUNET_break (0);
+ GNUNET_free (rd_res);
+ rlc->found = GNUNET_NO;
+ rlc->rd_ser_len = 0;
+ return;
+ }
+ rlc->res_rd_count = rdc_res;
+ rlc->res_rd = GNUNET_malloc (rlc->rd_ser_len);
+ if (rlc->rd_ser_len !=
GNUNET_GNSRECORD_records_serialize (rdc_res,
rd_res,
rlc->rd_ser_len,
- rlc->res_rd);
-
- GNUNET_free (rd_res);
- GNUNET_free (rlc->nick);
- rlc->nick = NULL;
- }
- else
- {
- rlc->rd_ser_len = GNUNET_GNSRECORD_records_get_size (rd_count,
- rd);
- rlc->res_rd_count = rd_count;
- rlc->res_rd = GNUNET_malloc (rlc->rd_ser_len);
+ rlc->res_rd))
+ {
+ GNUNET_break (0);
+ GNUNET_free (rlc->res_rd);
+ rlc->res_rd = NULL;
+ rlc->res_rd_count = 0;
+ rlc->rd_ser_len = 0;
+ GNUNET_free (rd_res);
+ rlc->found = GNUNET_NO;
+ return;
+ }
+ GNUNET_free (rd_res);
+ GNUNET_free (rlc->nick);
+ rlc->nick = NULL;
+ }
+ else
+ {
+ rlc->rd_ser_len = GNUNET_GNSRECORD_records_get_size (rd_count,
+ rd);
+ if (rlc->rd_ser_len < 0)
+ {
+ GNUNET_break (0);
+ rlc->found = GNUNET_NO;
+ rlc->rd_ser_len = 0;
+ return;
+ }
+ rlc->res_rd_count = rd_count;
+ rlc->res_rd = GNUNET_malloc (rlc->rd_ser_len);
+ if (rlc->rd_ser_len !=
GNUNET_GNSRECORD_records_serialize (rd_count,
rd,
rlc->rd_ser_len,
- rlc->res_rd);
- }
- }
- else
+ rlc->res_rd))
{
- rlc->rd_ser_len = 0;
- rlc->res_rd_count = 0;
+ GNUNET_break (0);
+ GNUNET_free (rlc->res_rd);
rlc->res_rd = NULL;
+ rlc->res_rd_count = 0;
+ rlc->rd_ser_len = 0;
+ rlc->found = GNUNET_NO;
+ return;
}
}
}
@@ -1479,7 +1551,7 @@ handle_zone_to_name_it (void *cls,
struct ZoneToNameResponseMessage *ztnr_msg;
int16_t res;
size_t name_len;
- size_t rd_ser_len;
+ ssize_t rd_ser_len;
size_t msg_size;
char *name_tmp;
char *rd_tmp;
@@ -1490,7 +1562,14 @@ handle_zone_to_name_it (void *cls,
name);
res = GNUNET_YES;
name_len = (NULL == name) ? 0 : strlen (name) + 1;
- rd_ser_len = GNUNET_GNSRECORD_records_get_size (rd_count, rd);
+ rd_ser_len = GNUNET_GNSRECORD_records_get_size (rd_count,
+ rd);
+ if (rd_ser_len < 0)
+ {
+ GNUNET_break (0);
+ ztn_ctx->success = GNUNET_SYSERR;
+ return;
+ }
msg_size = sizeof (struct ZoneToNameResponseMessage) + name_len + rd_ser_len;
if (msg_size >= GNUNET_MAX_MESSAGE_SIZE)
{
@@ -1513,10 +1592,11 @@ handle_zone_to_name_it (void *cls,
name,
name_len);
rd_tmp = &name_tmp[name_len];
- GNUNET_GNSRECORD_records_serialize (rd_count,
- rd,
- rd_ser_len,
- rd_tmp);
+ GNUNET_assert (rd_ser_len ==
+ GNUNET_GNSRECORD_records_serialize (rd_count,
+ rd,
+ rd_ser_len,
+ rd_tmp));
ztn_ctx->success = GNUNET_OK;
GNUNET_MQ_send (ztn_ctx->nc->mq,
env);
diff --git a/src/namestore/namestore_api.c b/src/namestore/namestore_api.c
index 57bf8f81b..f2aaa43c8 100644
--- a/src/namestore/namestore_api.c
+++ b/src/namestore/namestore_api.c
@@ -1033,7 +1033,7 @@ GNUNET_NAMESTORE_records_store (struct
GNUNET_NAMESTORE_Handle *h,
struct GNUNET_MQ_Envelope *env;
char *name_tmp;
char *rd_ser;
- size_t rd_ser_len;
+ ssize_t rd_ser_len;
size_t name_len;
uint32_t rid;
struct RecordStoreMessage *msg;
@@ -1045,6 +1045,18 @@ GNUNET_NAMESTORE_records_store (struct
GNUNET_NAMESTORE_Handle *h,
GNUNET_break (0);
return NULL;
}
+ rd_ser_len = GNUNET_GNSRECORD_records_get_size (rd_count,
+ rd);
+ if (rd_ser_len < 0)
+ {
+ GNUNET_break (0);
+ return NULL;
+ }
+ if (rd_ser_len > UINT16_MAX)
+ {
+ GNUNET_break (0);
+ return NULL;
+ }
rid = get_op_id (h);
qe = GNUNET_new (struct GNUNET_NAMESTORE_QueueEntry);
qe->h = h;
@@ -1056,8 +1068,6 @@ GNUNET_NAMESTORE_records_store (struct
GNUNET_NAMESTORE_Handle *h,
qe);
/* setup msg */
- rd_ser_len = GNUNET_GNSRECORD_records_get_size (rd_count,
- rd);
env = GNUNET_MQ_msg_extra (msg,
name_len + rd_ser_len,
GNUNET_MESSAGE_TYPE_NAMESTORE_RECORD_STORE);
@@ -1077,8 +1087,10 @@ GNUNET_NAMESTORE_records_store (struct
GNUNET_NAMESTORE_Handle *h,
rd,
rd_ser_len,
rd_ser);
- if (0 > sret)
+ if ( (0 > sret) ||
+ (sret != rd_ser_len) )
{
+ GNUNET_break (0);
GNUNET_free (env);
return NULL;
}
diff --git a/src/namestore/namestore_api_monitor.c
b/src/namestore/namestore_api_monitor.c
index 9ba90833b..16780ad0c 100644
--- a/src/namestore/namestore_api_monitor.c
+++ b/src/namestore/namestore_api_monitor.c
@@ -144,6 +144,11 @@ check_result (void *cls,
rd_len = ntohs (lrm->rd_len);
rd_count = ntohs (lrm->rd_count);
name_len = ntohs (lrm->name_len);
+ if (name_len > MAX_NAME_LEN)
+ {
+ GNUNET_break (0);
+ return GNUNET_SYSERR;
+ }
exp_lrm_len = sizeof (struct RecordResultMessage) + name_len + rd_len;
if (lrm_len != exp_lrm_len)
{
@@ -156,7 +161,7 @@ check_result (void *cls,
return GNUNET_SYSERR;
}
name_tmp = (const char *) &lrm[1];
- if ((name_tmp[name_len -1] != '\0') || (name_len > MAX_NAME_LEN))
+ if (name_tmp[name_len -1] != '\0')
{
GNUNET_break (0);
return GNUNET_SYSERR;
diff --git a/src/namestore/plugin_namestore_flat.c
b/src/namestore/plugin_namestore_flat.c
index 35d8424b4..95edb9d87 100644
--- a/src/namestore/plugin_namestore_flat.c
+++ b/src/namestore/plugin_namestore_flat.c
@@ -301,7 +301,7 @@ store_and_free_entries (void *cls,
char *line;
char *zone_private_key;
char *record_data_b64;
- size_t data_size;
+ ssize_t data_size;
(void) key;
GNUNET_STRINGS_base64_encode ((char*)entry->private_key,
@@ -309,6 +309,18 @@ store_and_free_entries (void *cls,
&zone_private_key);
data_size = GNUNET_GNSRECORD_records_get_size (entry->record_count,
entry->record_data);
+ if (data_size < 0)
+ {
+ GNUNET_break (0);
+ GNUNET_free (zone_private_key);
+ return GNUNET_SYSERR;
+ }
+ if (data_size >= UINT16_MAX)
+ {
+ GNUNET_break (0);
+ GNUNET_free (zone_private_key);
+ return GNUNET_SYSERR;
+ }
{
char data[data_size];
ssize_t ret;
@@ -318,7 +330,7 @@ store_and_free_entries (void *cls,
data_size,
data);
if ( (ret < 0) ||
- (data_size != (size_t) ret) )
+ (data_size != ret) )
{
GNUNET_break (0);
GNUNET_free (zone_private_key);
diff --git a/src/namestore/plugin_namestore_postgres.c
b/src/namestore/plugin_namestore_postgres.c
index d7907b1a6..09fdd760f 100644
--- a/src/namestore/plugin_namestore_postgres.c
+++ b/src/namestore/plugin_namestore_postgres.c
@@ -220,7 +220,7 @@ namestore_postgres_store_records (void *cls,
struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
uint64_t rvalue;
uint32_t rd_count32 = (uint32_t) rd_count;
- size_t data_size;
+ ssize_t data_size;
memset (&pkey,
0,
@@ -238,7 +238,12 @@ namestore_postgres_store_records (void *cls,
UINT64_MAX);
data_size = GNUNET_GNSRECORD_records_get_size (rd_count,
rd);
- if (data_size > 64 * 65536)
+ if (data_size < 0)
+ {
+ GNUNET_break (0);
+ return GNUNET_SYSERR;
+ }
+ if (data_size >= UINT16_MAX)
{
GNUNET_break (0);
return GNUNET_SYSERR;
@@ -287,7 +292,7 @@ namestore_postgres_store_records (void *cls,
data_size,
data);
if ( (ret < 0) ||
- (data_size != (size_t) ret) )
+ (data_size != ret) )
{
GNUNET_break (0);
return GNUNET_SYSERR;
diff --git a/src/namestore/plugin_namestore_sqlite.c
b/src/namestore/plugin_namestore_sqlite.c
index 34e548613..81391ce8a 100644
--- a/src/namestore/plugin_namestore_sqlite.c
+++ b/src/namestore/plugin_namestore_sqlite.c
@@ -313,7 +313,7 @@ namestore_sqlite_store_records (void *cls,
int n;
struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
uint64_t rvalue;
- size_t data_size;
+ ssize_t data_size;
memset (&pkey,
0,
@@ -332,6 +332,11 @@ namestore_sqlite_store_records (void *cls,
UINT64_MAX);
data_size = GNUNET_GNSRECORD_records_get_size (rd_count,
rd);
+ if (data_size < 0)
+ {
+ GNUNET_break (0);
+ return GNUNET_SYSERR;
+ }
if (data_size > 64 * 65536)
{
GNUNET_break (0);
@@ -352,7 +357,7 @@ namestore_sqlite_store_records (void *cls,
data_size,
data);
if ( (ret < 0) ||
- (data_size != (size_t) ret) )
+ (data_size != ret) )
{
GNUNET_break (0);
return GNUNET_SYSERR;
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnunet] branch master updated (0a8c135ee -> 882a4ce1b), gnunet, 2018/05/20
- [GNUnet-SVN] [gnunet] 01/06: check return values from GNSRECORD_record_serialize/size always,
gnunet <=
- [GNUnet-SVN] [gnunet] 04/06: update ignore, gnunet, 2018/05/20
- [GNUnet-SVN] [gnunet] 06/06: disable debug logic, gnunet, 2018/05/20
- [GNUnet-SVN] [gnunet] 02/06: fix serialization/deserialization error in namestore deferred monitor logic, gnunet, 2018/05/20
- [GNUnet-SVN] [gnunet] 03/06: update ignore, gnunet, 2018/05/20
- [GNUnet-SVN] [gnunet] 05/06: update ignore, gnunet, 2018/05/20