nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-07-09 07:13:43 -05:00
Code Issues Projects Releases Wiki Activity

Extra-secure versions of sgrowarray and strbuf.

Browse Source 
These versions, distinguished by the _nm suffix on their names, avoid
using realloc to grow the array, in case it moves the block and leaves
a copy of the data in the freed memory at the old address. (The suffix
'nm' stands for 'no moving'.) Instead, the array is grown by making a
new allocation, manually copying the data over, and carefully clearing
the old block before freeing it.

(An alternative would be to give this code base its own custom heap in
which the ordinary realloc takes care about this kind of thing, but I
don't really feel like going to that much effort!)
This commit is contained in:
Simon Tatham
2019-03-01 19:25:47 +00:00
parent e747e9e529
commit a7abc7c867
4 changed files with 51 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
utils.c
View File

@ -386,6 +386,7 @@ char *dupprintf(const char *fmt, ...)
struct strbuf_impl {
size_t size;
struct strbuf visible;
bool nm; /* true if we insist on non-moving buffer resizes */
};
#define STRBUF_SET_UPTR(buf) \
@ -397,7 +398,8 @@ void *strbuf_append(strbuf *buf_o, size_t len)
{
struct strbuf_impl *buf = container_of(buf_o, struct strbuf_impl, visible);
char *toret;
sgrowarrayn(buf->visible.s, buf->size, buf->visible.len + 1, len);
sgrowarray_general(
buf->visible.s, buf->size, buf->visible.len + 1, len, buf->nm);
STRBUF_SET_UPTR(buf);
toret = buf->visible.s + buf->visible.len;
buf->visible.len += len;
@ -412,16 +414,19 @@ static void strbuf_BinarySink_write(
memcpy(strbuf_append(buf_o, len), data, len);
}
strbuf *strbuf_new(void)
static strbuf *strbuf_new_general(bool nm)
{
struct strbuf_impl *buf = snew(struct strbuf_impl);
BinarySink_INIT(&buf->visible, strbuf_BinarySink_write);
buf->visible.len = 0;
buf->size = 512;
buf->nm = nm;
STRBUF_SET_PTR(buf, snewn(buf->size, char));
*buf->visible.s = '\0';
return &buf->visible;
}
strbuf *strbuf_new(void) { return strbuf_new_general(false); }
strbuf *strbuf_new_nm(void) { return strbuf_new_general(true); }
void strbuf_free(strbuf *buf_o)
{
struct strbuf_impl *buf = container_of(buf_o, struct strbuf_impl, visible);