Merge changes I934c73d4,I28cdc9a0,I9e734da9,I3c079d86

* changes: UPSTREAM: depend UPSTREAM: upstream: avoid possible NULL deref; from Pedro Martelletto Revert "upstream: fix compilation with DEBUG_KEXDH; bz#3160 ok dtucker@" Merge upstream-master into master
author: Alistair Delva <adelva@google.com> 2020-08-21 00:00:13 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> 2020-08-21 00:00:13 +0000
commit: ed358b3546c776c1c677fd88eb8f716cf6187510 (patch)
tree: 3c6134bcb2cda4b9dccc57b4a8b997a945aab62d /sshbuf.c
parent: 22246b08952d746a7cc5a292570636cf4277598f (diff)
parent: 44a1065de8a58c51a021243a28bfa01e87822e4f (diff)
1 files changed, 65 insertions, 70 deletions
diff --git a/sshbuf.c b/sshbuf.c
index dbe0c919..368ba798 100644
--- a/sshbuf.c
+++ b/sshbuf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sshbuf.c,v 1.3 2015/01/20 23:14:00 deraadt Exp $	*/
+/*	$OpenBSD: sshbuf.c,v 1.15 2020/02/26 13:40:09 jsg Exp $	*/
 /*
  * Copyright (c) 2011 Damien Miller
  *
@@ -18,7 +18,6 @@
 #define SSHBUF_INTERNAL
 #include "includes.h"
 
-#include <sys/param.h>	/* roundup */
 #include <sys/types.h>
 #include <signal.h>
 #include <stdlib.h>
@@ -27,6 +26,7 @@
 
 #include "ssherr.h"
 #include "sshbuf.h"
+#include "misc.h"
 
 static inline int
 sshbuf_check_sanity(const struct sshbuf *buf)
@@ -36,14 +36,13 @@ sshbuf_check_sanity(const struct sshbuf *buf)
 	    (!buf->readonly && buf->d != buf->cd) ||
 	    buf->refcount < 1 || buf->refcount > SSHBUF_REFS_MAX ||
 	    buf->cd == NULL ||
-	    (buf->dont_free && (buf->readonly || buf->parent != NULL)) ||
 	    buf->max_size > SSHBUF_SIZE_MAX ||
 	    buf->alloc > buf->max_size ||
 	    buf->size > buf->alloc ||
 	    buf->off > buf->size)) {
 		/* Do not try to recover from corrupted buffer internals */
 		SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR"));
-		signal(SIGSEGV, SIG_DFL);
+		ssh_signal(SIGSEGV, SIG_DFL);
 		raise(SIGSEGV);
 		return SSH_ERR_INTERNAL_ERROR;
 	}
@@ -132,23 +131,8 @@ sshbuf_fromb(struct sshbuf *buf)
 }
 
 void
-sshbuf_init(struct sshbuf *ret)
-{
-	bzero(ret, sizeof(*ret));
-	ret->alloc = SSHBUF_SIZE_INIT;
-	ret->max_size = SSHBUF_SIZE_MAX;
-	ret->readonly = 0;
-	ret->dont_free = 1;
-	ret->refcount = 1;
-	if ((ret->cd = ret->d = calloc(1, ret->alloc)) == NULL)
-		ret->alloc = 0;
-}
-
-void
 sshbuf_free(struct sshbuf *buf)
 {
-	int dont_free = 0;
-
 	if (buf == NULL)
 		return;
 	/*
@@ -159,14 +143,7 @@ sshbuf_free(struct sshbuf *buf)
 	 */
 	if (sshbuf_check_sanity(buf) != 0)
 		return;
-	/*
-	 * If we are a child, the free our parent to decrement its reference
-	 * count and possibly free it.
-	 */
-	if (buf->parent != NULL) {
-		sshbuf_free(buf->parent);
-		buf->parent = NULL;
-	}
+
 	/*
 	 * If we are a parent with still-extant children, then don't free just
 	 * yet. The last child's call to sshbuf_free should decrement our
@@ -175,14 +152,19 @@ sshbuf_free(struct sshbuf *buf)
 	buf->refcount--;
 	if (buf->refcount > 0)
 		return;
-	dont_free = buf->dont_free;
+
+	/*
+	 * If we are a child, the free our parent to decrement its reference
+	 * count and possibly free it.
+	 */
+	sshbuf_free(buf->parent);
+	buf->parent = NULL;
+
 	if (!buf->readonly) {
-		bzero(buf->d, buf->alloc);
+		explicit_bzero(buf->d, buf->alloc);
 		free(buf->d);
 	}
-	bzero(buf, sizeof(*buf));
-	if (!dont_free)
-		free(buf);
+	freezero(buf, sizeof(*buf));
 }
 
 void
@@ -195,15 +177,16 @@ sshbuf_reset(struct sshbuf *buf)
 		buf->off = buf->size;
 		return;
 	}
-	if (sshbuf_check_sanity(buf) == 0)
-		bzero(buf->d, buf->alloc);
+	(void) sshbuf_check_sanity(buf);
 	buf->off = buf->size = 0;
 	if (buf->alloc != SSHBUF_SIZE_INIT) {
-		if ((d = realloc(buf->d, SSHBUF_SIZE_INIT)) != NULL) {
+		if ((d = recallocarray(buf->d, buf->alloc, SSHBUF_SIZE_INIT,
+		    1)) != NULL) {
 			buf->cd = buf->d = d;
 			buf->alloc = SSHBUF_SIZE_INIT;
 		}
 	}
+	explicit_bzero(buf->d, SSHBUF_SIZE_INIT);
 }
 
 size_t
@@ -252,12 +235,11 @@ sshbuf_set_max_size(struct sshbuf *buf, size_t max_size)
 		if (buf->size < SSHBUF_SIZE_INIT)
 			rlen = SSHBUF_SIZE_INIT;
 		else
-			rlen = roundup(buf->size, SSHBUF_SIZE_INC);
+			rlen = ROUNDUP(buf->size, SSHBUF_SIZE_INC);
 		if (rlen > max_size)
 			rlen = max_size;
-		bzero(buf->d + buf->size, buf->alloc - buf->size);
 		SSHBUF_DBG(("new alloc = %zu", rlen));
-		if ((dp = realloc(buf->d, rlen)) == NULL)
+		if ((dp = recallocarray(buf->d, buf->alloc, rlen, 1)) == NULL)
 			return SSH_ERR_ALLOC_FAIL;
 		buf->cd = buf->d = dp;
 		buf->alloc = rlen;
@@ -318,16 +300,13 @@ sshbuf_check_reserve(const struct sshbuf *buf, size_t len)
 }
 
 int
-sshbuf_reserve(struct sshbuf *buf, size_t len, u_char **dpp)
+sshbuf_allocate(struct sshbuf *buf, size_t len)
 {
 	size_t rlen, need;
 	u_char *dp;
 	int r;
 
-	if (dpp != NULL)
-		*dpp = NULL;
-
-	SSHBUF_DBG(("reserve buf = %p len = %zu", buf, len));
+	SSHBUF_DBG(("allocate buf = %p len = %zu", buf, len));
 	if ((r = sshbuf_check_reserve(buf, len)) != 0)
 		return r;
 	/*
@@ -335,36 +314,49 @@ sshbuf_reserve(struct sshbuf *buf, size_t len, u_char **dpp)
 	 * then pack the buffer, zeroing buf->off.
 	 */
 	sshbuf_maybe_pack(buf, buf->size + len > buf->max_size);
-	SSHBUF_TELL("reserve");
-	if (len + buf->size > buf->alloc) {
-		/*
-		 * Prefer to alloc in SSHBUF_SIZE_INC units, but
-		 * allocate less if doing so would overflow max_size.
-		 */
-		need = len + buf->size - buf->alloc;
-		rlen = roundup(buf->alloc + need, SSHBUF_SIZE_INC);
-		SSHBUF_DBG(("need %zu initial rlen %zu", need, rlen));
-		if (rlen > buf->max_size)
-			rlen = buf->alloc + need;
-		SSHBUF_DBG(("adjusted rlen %zu", rlen));
-		if ((dp = realloc(buf->d, rlen)) == NULL) {
-			SSHBUF_DBG(("realloc fail"));
-			if (dpp != NULL)
-				*dpp = NULL;
-			return SSH_ERR_ALLOC_FAIL;
-		}
-		buf->alloc = rlen;
-		buf->cd = buf->d = dp;
-		if ((r = sshbuf_check_reserve(buf, len)) < 0) {
-			/* shouldn't fail */
-			if (dpp != NULL)
-				*dpp = NULL;
-			return r;
-		}
+	SSHBUF_TELL("allocate");
+	if (len + buf->size <= buf->alloc)
+		return 0; /* already have it. */
+
+	/*
+	 * Prefer to alloc in SSHBUF_SIZE_INC units, but
+	 * allocate less if doing so would overflow max_size.
+	 */
+	need = len + buf->size - buf->alloc;
+	rlen = ROUNDUP(buf->alloc + need, SSHBUF_SIZE_INC);
+	SSHBUF_DBG(("need %zu initial rlen %zu", need, rlen));
+	if (rlen > buf->max_size)
+		rlen = buf->alloc + need;
+	SSHBUF_DBG(("adjusted rlen %zu", rlen));
+	if ((dp = recallocarray(buf->d, buf->alloc, rlen, 1)) == NULL) {
+		SSHBUF_DBG(("realloc fail"));
+		return SSH_ERR_ALLOC_FAIL;
 	}
+	buf->alloc = rlen;
+	buf->cd = buf->d = dp;
+	if ((r = sshbuf_check_reserve(buf, len)) < 0) {
+		/* shouldn't fail */
+		return r;
+	}
+	SSHBUF_TELL("done");
+	return 0;
+}
+
+int
+sshbuf_reserve(struct sshbuf *buf, size_t len, u_char **dpp)
+{
+	u_char *dp;
+	int r;
+
+	if (dpp != NULL)
+		*dpp = NULL;
+
+	SSHBUF_DBG(("reserve buf = %p len = %zu", buf, len));
+	if ((r = sshbuf_allocate(buf, len)) != 0)
+		return r;
+
 	dp = buf->d + buf->size;
 	buf->size += len;
-	SSHBUF_TELL("done");
 	if (dpp != NULL)
 		*dpp = dp;
 	return 0;
@@ -383,6 +375,9 @@ sshbuf_consume(struct sshbuf *buf, size_t len)
 	if (len > sshbuf_len(buf))
 		return SSH_ERR_MESSAGE_INCOMPLETE;
 	buf->off += len;
+	/* deal with empty buffer */
+	if (buf->off == buf->size)
+		buf->off = buf->size = 0;
 	SSHBUF_TELL("done");
 	return 0;
 }
author	Alistair Delva <adelva@google.com>	2020-08-21 00:00:13 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	2020-08-21 00:00:13 +0000
commit	ed358b3546c776c1c677fd88eb8f716cf6187510 (patch)
tree	3c6134bcb2cda4b9dccc57b4a8b997a945aab62d /sshbuf.c
parent	22246b08952d746a7cc5a292570636cf4277598f (diff)
parent	44a1065de8a58c51a021243a28bfa01e87822e4f (diff)