check return values from GNSRECORD_record_serialize/size always

author: Christian Grothoff <christian@grothoff.org> 2018-05-20 23:40:20 +0200
committer: Christian Grothoff <christian@grothoff.org> 2018-05-20 23:40:20 +0200
commit: d080cb1ed80a0e528b2b755ee48ca18cb670175e (patch)
tree: d8c0edab6035e4d38138b303566e972fbf8b8c5f /src/gnsrecord
parent: 0a8c135eedab5213b31c21b3d4b800e5f0f6041f (diff)
download: gnunet-d080cb1ed80a0e528b2b755ee48ca18cb670175e.tar.gz
gnunet-d080cb1ed80a0e528b2b755ee48ca18cb670175e.zip
2 files changed, 76 insertions, 41 deletions
diff --git a/src/gnsrecord/gnsrecord_crypto.c b/src/gnsrecord/gnsrecord_crypto.c
index 6d59a545a..6d3887392 100644
--- a/src/gnsrecord/gnsrecord_crypto.c
+++ b/src/gnsrecord/gnsrecord_crypto.c
@@ -87,9 +87,8 @@ block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
              const struct GNUNET_GNSRECORD_Data *rd,
              unsigned int rd_count)
 {
-  size_t payload_len = GNUNET_GNSRECORD_records_get_size (rd_count,
+  ssize_t payload_len = GNUNET_GNSRECORD_records_get_size (rd_count,
-                                                          rd);
+                                                           rd);
-  char payload[sizeof (uint32_t) + payload_len];
  struct GNUNET_GNSRECORD_Block *block;
  struct GNUNET_CRYPTO_EcdsaPrivateKey *dkey;
  struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
@@ -98,8 +97,16 @@ block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
  uint32_t rd_count_nbo;
  struct GNUNET_TIME_Absolute now;
+  if (payload_len < 0)
+  {
+    GNUNET_break (0);
+    return NULL;
+  }
  if (payload_len > GNUNET_GNSRECORD_MAX_BLOCK_SIZE)
+  {
+    GNUNET_break (0);
    return NULL;
+  }
  /* convert relative to absolute times */
  now = GNUNET_TIME_absolute_get ();
  for (unsigned int i=0;i<rd_count;i++)
@@ -117,39 +124,43 @@ block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
  }
  /* serialize */
  rd_count_nbo = htonl (rd_count);
-  GNUNET_memcpy (payload,
+  {
-                 &rd_count_nbo,
+    char payload[sizeof (uint32_t) + payload_len];
-                 sizeof (uint32_t));
-  GNUNET_assert (payload_len ==
+    GNUNET_memcpy (payload,
-                 GNUNET_GNSRECORD_records_serialize (rd_count,
+                   &rd_count_nbo,
-                                                     rdc,
+                   sizeof (uint32_t));
-                                                     payload_len,
+    GNUNET_assert (payload_len ==
-                                                     &payload[sizeof (uint32_t)]));
+                   GNUNET_GNSRECORD_records_serialize (rd_count,
-  block = GNUNET_malloc (sizeof (struct GNUNET_GNSRECORD_Block) +
+                                                       rdc,
-                         sizeof (uint32_t) +
+                                                       payload_len,
-                         payload_len);
+                                                       &payload[sizeof (uint32_t)]));
-  block->purpose.size = htonl (sizeof (uint32_t) +
+    block = GNUNET_malloc (sizeof (struct GNUNET_GNSRECORD_Block) +
-                               payload_len +
+                           sizeof (uint32_t) +
-                               sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
+                           payload_len);
-                               sizeof (struct GNUNET_TIME_AbsoluteNBO));
+    block->purpose.size = htonl (sizeof (uint32_t) +
-  block->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN);
+                                 payload_len +
-  block->expiration_time = GNUNET_TIME_absolute_hton (expire);
+                                 sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
-  /* encrypt and sign */
+                                 sizeof (struct GNUNET_TIME_AbsoluteNBO));
-  dkey = GNUNET_CRYPTO_ecdsa_private_key_derive (key,
+    block->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN);
-                                                 label,
+    block->expiration_time = GNUNET_TIME_absolute_hton (expire);
-                                                 "gns");
+    /* encrypt and sign */
-  GNUNET_CRYPTO_ecdsa_key_get_public (dkey,
+    dkey = GNUNET_CRYPTO_ecdsa_private_key_derive (key,
-                                      &block->derived_key);
+                                                   label,
-  derive_block_aes_key (&iv,
+                                                   "gns");
-                        &skey,
+    GNUNET_CRYPTO_ecdsa_key_get_public (dkey,
-                        label,
+                                        &block->derived_key);
-                        pkey);
+    derive_block_aes_key (&iv,
-  GNUNET_break (payload_len + sizeof (uint32_t) ==
+                          &skey,
-                GNUNET_CRYPTO_symmetric_encrypt (payload,
+                          label,
-                                                 payload_len + sizeof (uint32_t),
+                          pkey);
-                                                 &skey,
+    GNUNET_break (payload_len + sizeof (uint32_t) ==
-                                                 &iv,
+                  GNUNET_CRYPTO_symmetric_encrypt (payload,
-                                                 &block[1]));
+                                                   payload_len + sizeof (uint32_t),
+                                                   &skey,
+                                                   &iv,
+                                                   &block[1]));
+  }
  if (GNUNET_OK !=
      GNUNET_CRYPTO_ecdsa_sign (dkey,
                                &block->purpose,
diff --git a/src/gnsrecord/gnsrecord_serialization.c b/src/gnsrecord/gnsrecord_serialization.c
index 6164fa3db..5a862f82f 100644
--- a/src/gnsrecord/gnsrecord_serialization.c
+++ b/src/gnsrecord/gnsrecord_serialization.c
@@ -78,9 +78,9 @@ GNUNET_NETWORK_STRUCT_END
 *
 * @param rd_count number of records in the rd array
 * @param rd array of #GNUNET_GNSRECORD_Data with @a rd_count elements
- * @return the required size to serialize
+ * @return the required size to serialize, -1 on error
 */
-size_t
+ssize_t
 GNUNET_GNSRECORD_records_get_size (unsigned int rd_count,
                                   const struct GNUNET_GNSRECORD_Data *rd)
 {
@@ -89,10 +89,34 @@ GNUNET_GNSRECORD_records_get_size (unsigned int rd_count,
  ret = sizeof (struct NetworkRecord) * rd_count;
  for (unsigned int i=0;i<rd_count;i++)
  {
-    GNUNET_assert ((ret + rd[i].data_size) >= ret);
+    if ((ret + rd[i].data_size) < ret)
+    {
+      GNUNET_break (0);
+      return -1;
+    }
    ret += rd[i].data_size;
+#if GNUNET_EXTRA_LOGGING
+    {
+      char *str;
+      str = GNUNET_GNSRECORD_value_to_string (rd[i].record_type,
+                                              rd[i].data,
+                                              rd[i].data_size);
+      if (NULL == str)
+      {
+        GNUNET_break_op (0);
+        return -1;
+      }
+      GNUNET_free (str);
+    }
+#endif
  }
-  return ret;
+  if (ret > SSIZE_MAX)
+  {
+    GNUNET_break (0);
+    return -1;
+  }
+  return (ssize_t) ret;
 }
@@ -156,7 +180,7 @@ GNUNET_GNSRECORD_records_serialize (unsigned int rd_count,
      if (NULL == str)
      {
        GNUNET_break_op (0);
-        return GNUNET_SYSERR;
+        return -1;
      }
      GNUNET_free (str);
    }
author	Christian Grothoff <christian@grothoff.org>	2018-05-20 23:40:20 +0200
committer	Christian Grothoff <christian@grothoff.org>	2018-05-20 23:40:20 +0200
commit	d080cb1ed80a0e528b2b755ee48ca18cb670175e (patch)
tree	d8c0edab6035e4d38138b303566e972fbf8b8c5f /src/gnsrecord
parent	0a8c135eedab5213b31c21b3d4b800e5f0f6041f (diff)
download	gnunet-d080cb1ed80a0e528b2b755ee48ca18cb670175e.tar.gz gnunet-d080cb1ed80a0e528b2b755ee48ca18cb670175e.zip

diff --git a/src/gnsrecord/gnsrecord_crypto.c b/src/gnsrecord/gnsrecord_crypto.c index 6d59a545a..6d3887392 100644 --- a/src/gnsrecord/gnsrecord_crypto.c +++ b/src/gnsrecord/gnsrecord_crypto.c
@@ -87,9 +87,8 @@ block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
87	const struct GNUNET_GNSRECORD_Data *rd,	87	const struct GNUNET_GNSRECORD_Data *rd,
88	unsigned int rd_count)	88	unsigned int rd_count)
89	{	89	{
90	size_t payload_len = GNUNET_GNSRECORD_records_get_size (rd_count,	90	ssize_t payload_len = GNUNET_GNSRECORD_records_get_size (rd_count,
91	rd);	91	rd);
92	char payload[sizeof (uint32_t) + payload_len];
93	struct GNUNET_GNSRECORD_Block *block;	92	struct GNUNET_GNSRECORD_Block *block;
94	struct GNUNET_CRYPTO_EcdsaPrivateKey *dkey;	93	struct GNUNET_CRYPTO_EcdsaPrivateKey *dkey;
95	struct GNUNET_CRYPTO_SymmetricInitializationVector iv;	94	struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
@@ -98,8 +97,16 @@ block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
98	uint32_t rd_count_nbo;	97	uint32_t rd_count_nbo;
99	struct GNUNET_TIME_Absolute now;	98	struct GNUNET_TIME_Absolute now;
100		99
		100	if (payload_len < 0)
		101	{
		102	GNUNET_break (0);
		103	return NULL;
		104	}
101	if (payload_len > GNUNET_GNSRECORD_MAX_BLOCK_SIZE)	105	if (payload_len > GNUNET_GNSRECORD_MAX_BLOCK_SIZE)
		106	{
		107	GNUNET_break (0);
102	return NULL;	108	return NULL;
		109	}
103	/* convert relative to absolute times */	110	/* convert relative to absolute times */
104	now = GNUNET_TIME_absolute_get ();	111	now = GNUNET_TIME_absolute_get ();
105	for (unsigned int i=0;i<rd_count;i++)	112	for (unsigned int i=0;i<rd_count;i++)
@@ -117,39 +124,43 @@ block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
117	}	124	}
118	/* serialize */	125	/* serialize */
119	rd_count_nbo = htonl (rd_count);	126	rd_count_nbo = htonl (rd_count);
120	GNUNET_memcpy (payload,	127	{
121	&rd_count_nbo,	128	char payload[sizeof (uint32_t) + payload_len];
122	sizeof (uint32_t));	129
123	GNUNET_assert (payload_len ==	130	GNUNET_memcpy (payload,
124	GNUNET_GNSRECORD_records_serialize (rd_count,	131	&rd_count_nbo,
125	rdc,	132	sizeof (uint32_t));
126	payload_len,	133	GNUNET_assert (payload_len ==
127	&payload[sizeof (uint32_t)]));	134	GNUNET_GNSRECORD_records_serialize (rd_count,
128	block = GNUNET_malloc (sizeof (struct GNUNET_GNSRECORD_Block) +	135	rdc,
129	sizeof (uint32_t) +	136	payload_len,
130	payload_len);	137	&payload[sizeof (uint32_t)]));
131	block->purpose.size = htonl (sizeof (uint32_t) +	138	block = GNUNET_malloc (sizeof (struct GNUNET_GNSRECORD_Block) +
132	payload_len +	139	sizeof (uint32_t) +
133	sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +	140	payload_len);
134	sizeof (struct GNUNET_TIME_AbsoluteNBO));	141	block->purpose.size = htonl (sizeof (uint32_t) +
135	block->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN);	142	payload_len +
136	block->expiration_time = GNUNET_TIME_absolute_hton (expire);	143	sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
137	/* encrypt and sign */	144	sizeof (struct GNUNET_TIME_AbsoluteNBO));
138	dkey = GNUNET_CRYPTO_ecdsa_private_key_derive (key,	145	block->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN);
139	label,	146	block->expiration_time = GNUNET_TIME_absolute_hton (expire);
140	"gns");	147	/* encrypt and sign */
141	GNUNET_CRYPTO_ecdsa_key_get_public (dkey,	148	dkey = GNUNET_CRYPTO_ecdsa_private_key_derive (key,
142	&block->derived_key);	149	label,
143	derive_block_aes_key (&iv,	150	"gns");
144	&skey,	151	GNUNET_CRYPTO_ecdsa_key_get_public (dkey,
145	label,	152	&block->derived_key);
146	pkey);	153	derive_block_aes_key (&iv,
147	GNUNET_break (payload_len + sizeof (uint32_t) ==	154	&skey,
148	GNUNET_CRYPTO_symmetric_encrypt (payload,	155	label,
149	payload_len + sizeof (uint32_t),	156	pkey);
150	&skey,	157	GNUNET_break (payload_len + sizeof (uint32_t) ==
151	&iv,	158	GNUNET_CRYPTO_symmetric_encrypt (payload,
152	&block[1]));	159	payload_len + sizeof (uint32_t),
		160	&skey,
		161	&iv,
		162	&block[1]));
		163	}
153	if (GNUNET_OK !=	164	if (GNUNET_OK !=
154	GNUNET_CRYPTO_ecdsa_sign (dkey,	165	GNUNET_CRYPTO_ecdsa_sign (dkey,
155	&block->purpose,	166	&block->purpose,


diff --git a/src/gnsrecord/gnsrecord_serialization.c b/src/gnsrecord/gnsrecord_serialization.c index 6164fa3db..5a862f82f 100644 --- a/src/gnsrecord/gnsrecord_serialization.c +++ b/src/gnsrecord/gnsrecord_serialization.c
@@ -78,9 +78,9 @@ GNUNET_NETWORK_STRUCT_END
78	*	78	*
79	* @param rd_count number of records in the rd array	79	* @param rd_count number of records in the rd array
80	* @param rd array of #GNUNET_GNSRECORD_Data with @a rd_count elements	80	* @param rd array of #GNUNET_GNSRECORD_Data with @a rd_count elements
81	* @return the required size to serialize	81	* @return the required size to serialize, -1 on error
82	*/	82	*/
83	size_t	83	ssize_t
84	GNUNET_GNSRECORD_records_get_size (unsigned int rd_count,	84	GNUNET_GNSRECORD_records_get_size (unsigned int rd_count,
85	const struct GNUNET_GNSRECORD_Data *rd)	85	const struct GNUNET_GNSRECORD_Data *rd)
86	{	86	{
@@ -89,10 +89,34 @@ GNUNET_GNSRECORD_records_get_size (unsigned int rd_count,
89	ret = sizeof (struct NetworkRecord) * rd_count;	89	ret = sizeof (struct NetworkRecord) * rd_count;
90	for (unsigned int i=0;i<rd_count;i++)	90	for (unsigned int i=0;i<rd_count;i++)
91	{	91	{
92	GNUNET_assert ((ret + rd[i].data_size) >= ret);	92	if ((ret + rd[i].data_size) < ret)
		93	{
		94	GNUNET_break (0);
		95	return -1;
		96	}
93	ret += rd[i].data_size;	97	ret += rd[i].data_size;
		98	#if GNUNET_EXTRA_LOGGING
		99	{
		100	char *str;
		101
		102	str = GNUNET_GNSRECORD_value_to_string (rd[i].record_type,
		103	rd[i].data,
		104	rd[i].data_size);
		105	if (NULL == str)
		106	{
		107	GNUNET_break_op (0);
		108	return -1;
		109	}
		110	GNUNET_free (str);
		111	}
		112	#endif
94	}	113	}
95	return ret;	114	if (ret > SSIZE_MAX)
		115	{
		116	GNUNET_break (0);
		117	return -1;
		118	}
		119	return (ssize_t) ret;
96	}	120	}
97		121
98		122
@@ -156,7 +180,7 @@ GNUNET_GNSRECORD_records_serialize (unsigned int rd_count,
156	if (NULL == str)	180	if (NULL == str)
157	{	181	{
158	GNUNET_break_op (0);	182	GNUNET_break_op (0);
159	return GNUNET_SYSERR;	183	return -1;
160	}	184	}
161	GNUNET_free (str);	185	GNUNET_free (str);
162	}	186	}