diff options
author | Simon Warta <[email protected]> | 2015-06-24 12:08:01 +0200 |
---|---|---|
committer | Simon Warta <[email protected]> | 2015-06-24 12:08:01 +0200 |
commit | db0dde7107dbe4155a856c20342ca57e09bd329c (patch) | |
tree | e4e031c3f2380b6b2c612388de9fd5f3d9e47dfa /src/lib/tls | |
parent | 0e251f31e4567787e6dff9ab874dcd422ca5fb62 (diff) | |
parent | 28b2beef62d4b465193659545e857f253d59f817 (diff) |
Merge pull request #134 from webmaster128/bounds-check2
Bounds check round 2
Diffstat (limited to 'src/lib/tls')
-rw-r--r-- | src/lib/tls/msg_cert_req.cpp | 2 | ||||
-rw-r--r-- | src/lib/tls/msg_client_hello.cpp | 4 | ||||
-rw-r--r-- | src/lib/tls/msg_session_ticket.cpp | 2 | ||||
-rw-r--r-- | src/lib/tls/sessions_sql/tls_session_manager_sql.cpp | 2 | ||||
-rw-r--r-- | src/lib/tls/tls_blocking.cpp | 8 | ||||
-rw-r--r-- | src/lib/tls/tls_channel.cpp | 18 | ||||
-rw-r--r-- | src/lib/tls/tls_channel.h | 2 | ||||
-rw-r--r-- | src/lib/tls/tls_handshake_io.cpp | 8 | ||||
-rw-r--r-- | src/lib/tls/tls_reader.h | 6 | ||||
-rw-r--r-- | src/lib/tls/tls_record.cpp | 26 | ||||
-rw-r--r-- | src/lib/tls/tls_session.cpp | 8 | ||||
-rw-r--r-- | src/lib/tls/tls_session.h | 2 |
12 files changed, 44 insertions, 44 deletions
diff --git a/src/lib/tls/msg_cert_req.cpp b/src/lib/tls/msg_cert_req.cpp index eacdcacac..aaaf754c8 100644 --- a/src/lib/tls/msg_cert_req.cpp +++ b/src/lib/tls/msg_cert_req.cpp @@ -119,7 +119,7 @@ Certificate_Req::Certificate_Req(const std::vector<byte>& buf, { std::vector<byte> name_bits = reader.get_range_vector<byte>(2, 0, 65535); - BER_Decoder decoder(&name_bits[0], name_bits.size()); + BER_Decoder decoder(name_bits.data(), name_bits.size()); X509_DN name; decoder.decode(name); m_names.push_back(name); diff --git a/src/lib/tls/msg_client_hello.cpp b/src/lib/tls/msg_client_hello.cpp index 8b75e93d6..82ba6f4f6 100644 --- a/src/lib/tls/msg_client_hello.cpp +++ b/src/lib/tls/msg_client_hello.cpp @@ -25,14 +25,14 @@ std::vector<byte> make_hello_random(RandomNumberGenerator& rng, const Policy& policy) { std::vector<byte> buf(32); - rng.randomize(&buf[0], buf.size()); + rng.randomize(buf.data(), buf.size()); if(policy.include_time_in_hello_random()) { const u32bit time32 = static_cast<u32bit>( std::chrono::system_clock::to_time_t(std::chrono::system_clock::now())); - store_be(time32, &buf[0]); + store_be(time32, buf.data()); } return buf; diff --git a/src/lib/tls/msg_session_ticket.cpp b/src/lib/tls/msg_session_ticket.cpp index 26dc250c3..3fe6e64cf 100644 --- a/src/lib/tls/msg_session_ticket.cpp +++ b/src/lib/tls/msg_session_ticket.cpp @@ -45,7 +45,7 @@ New_Session_Ticket::New_Session_Ticket(const std::vector<byte>& buf) std::vector<byte> New_Session_Ticket::serialize() const { std::vector<byte> buf(4); - store_be(m_ticket_lifetime_hint, &buf[0]); + store_be(m_ticket_lifetime_hint, buf.data()); append_tls_length_value(buf, m_ticket, 2); return buf; } diff --git a/src/lib/tls/sessions_sql/tls_session_manager_sql.cpp b/src/lib/tls/sessions_sql/tls_session_manager_sql.cpp index c67dc7997..508f8ff2f 100644 --- a/src/lib/tls/sessions_sql/tls_session_manager_sql.cpp +++ b/src/lib/tls/sessions_sql/tls_session_manager_sql.cpp @@ -102,7 +102,7 @@ Session_Manager_SQL::Session_Manager_SQL(std::shared_ptr<SQL_Database> db, const size_t iterations = 256 * 1024; size_t check_val = 0; - m_session_key = derive_key(passphrase, &salt[0], salt.size(), + m_session_key = derive_key(passphrase, salt.data(), salt.size(), iterations, check_val); auto stmt = m_db->new_statement("insert into tls_sessions_metadata values(?1, ?2, ?3)"); diff --git a/src/lib/tls/tls_blocking.cpp b/src/lib/tls/tls_blocking.cpp index b46961f9d..f88b7896c 100644 --- a/src/lib/tls/tls_blocking.cpp +++ b/src/lib/tls/tls_blocking.cpp @@ -58,8 +58,8 @@ void Blocking_Client::do_handshake() while(!m_channel.is_closed() && !m_channel.is_active()) { - const size_t from_socket = m_read(&readbuf[0], readbuf.size()); - m_channel.received_data(&readbuf[0], from_socket); + const size_t from_socket = m_read(readbuf.data(), readbuf.size()); + m_channel.received_data(readbuf.data(), from_socket); } } @@ -69,8 +69,8 @@ size_t Blocking_Client::read(byte buf[], size_t buf_len) while(m_plaintext.empty() && !m_channel.is_closed()) { - const size_t from_socket = m_read(&readbuf[0], readbuf.size()); - m_channel.received_data(&readbuf[0], from_socket); + const size_t from_socket = m_read(readbuf.data(), readbuf.size()); + m_channel.received_data(readbuf.data(), from_socket); } const size_t returned = std::min(buf_len, m_plaintext.size()); diff --git a/src/lib/tls/tls_channel.cpp b/src/lib/tls/tls_channel.cpp index e784566cd..e2b1aad9d 100644 --- a/src/lib/tls/tls_channel.cpp +++ b/src/lib/tls/tls_channel.cpp @@ -285,7 +285,7 @@ bool Channel::heartbeat_sending_allowed() const size_t Channel::received_data(const std::vector<byte>& buf) { - return this->received_data(&buf[0], buf.size()); + return this->received_data(buf.data(), buf.size()); } size_t Channel::received_data(const byte input[], size_t input_size) @@ -407,14 +407,14 @@ size_t Channel::received_data(const byte input[], size_t input_size) { const std::vector<byte> padding = unlock(rng().random_vec(16)); Heartbeat_Message response(Heartbeat_Message::RESPONSE, - &payload[0], payload.size(), padding); + payload.data(), payload.size(), padding); send_record(HEARTBEAT, response.contents()); } } else { - m_alert_cb(Alert(Alert::HEARTBEAT_PAYLOAD), &payload[0], payload.size()); + m_alert_cb(Alert(Alert::HEARTBEAT_PAYLOAD), payload.data(), payload.size()); } } else if(record_type == APPLICATION_DATA) @@ -428,7 +428,7 @@ size_t Channel::received_data(const byte input[], size_t input_size) * following record. Avoid spurious callbacks. */ if(record.size() > 0) - m_data_cb(&record[0], record.size()); + m_data_cb(record.data(), record.size()); } else if(record_type == ALERT) { @@ -513,7 +513,7 @@ void Channel::write_record(Connection_Cipher_State* cipher_state, u16bit epoch, cipher_state, m_rng); - m_output_fn(&m_writebuf[0], m_writebuf.size()); + m_output_fn(m_writebuf.data(), m_writebuf.size()); } void Channel::send_record_array(u16bit epoch, byte type, const byte input[], size_t length) @@ -537,7 +537,7 @@ void Channel::send_record_array(u16bit epoch, byte type, const byte input[], siz if(type == APPLICATION_DATA && cipher_state->cbc_without_explicit_iv()) { - write_record(cipher_state.get(), epoch, type, &input[0], 1); + write_record(cipher_state.get(), epoch, type, input, 1); input += 1; length -= 1; } @@ -547,7 +547,7 @@ void Channel::send_record_array(u16bit epoch, byte type, const byte input[], siz while(length) { const size_t sending = std::min(length, max_fragment_size); - write_record(cipher_state.get(), epoch, type, &input[0], sending); + write_record(cipher_state.get(), epoch, type, input, sending); input += sending; length -= sending; @@ -557,13 +557,13 @@ void Channel::send_record_array(u16bit epoch, byte type, const byte input[], siz void Channel::send_record(byte record_type, const std::vector<byte>& record) { send_record_array(sequence_numbers().current_write_epoch(), - record_type, &record[0], record.size()); + record_type, record.data(), record.size()); } void Channel::send_record_under_epoch(u16bit epoch, byte record_type, const std::vector<byte>& record) { - send_record_array(epoch, record_type, &record[0], record.size()); + send_record_array(epoch, record_type, record.data(), record.size()); } void Channel::send(const byte buf[], size_t buf_size) diff --git a/src/lib/tls/tls_channel.h b/src/lib/tls/tls_channel.h index 713d4c1b9..4e6874a16 100644 --- a/src/lib/tls/tls_channel.h +++ b/src/lib/tls/tls_channel.h @@ -84,7 +84,7 @@ class BOTAN_DLL Channel template<typename Alloc> void send(const std::vector<unsigned char, Alloc>& val) { - send(&val[0], val.size()); + send(val.data(), val.size()); } /** diff --git a/src/lib/tls/tls_handshake_io.cpp b/src/lib/tls/tls_handshake_io.cpp index ef766679f..d4633becd 100644 --- a/src/lib/tls/tls_handshake_io.cpp +++ b/src/lib/tls/tls_handshake_io.cpp @@ -95,7 +95,7 @@ Stream_Handshake_IO::format(const std::vector<byte>& msg, store_be24(&send_buf[1], buf_size); - copy_mem(&send_buf[4], &msg[0], msg.size()); + copy_mem(&send_buf[4], msg.data(), msg.size()); return send_buf; } @@ -194,7 +194,7 @@ void Datagram_Handshake_IO::add_record(const std::vector<byte>& record, const size_t DTLS_HANDSHAKE_HEADER_LEN = 12; - const byte* record_bits = &record[0]; + const byte* record_bits = record.data(); size_t record_size = record.size(); while(record_size) @@ -350,7 +350,7 @@ Datagram_Handshake_IO::format_fragment(const byte fragment[], store_be24(&send_buf[6], frag_offset); store_be24(&send_buf[9], frag_len); - copy_mem(&send_buf[12], &fragment[0], frag_len); + copy_mem(&send_buf[12], fragment, frag_len); return send_buf; } @@ -360,7 +360,7 @@ Datagram_Handshake_IO::format_w_seq(const std::vector<byte>& msg, Handshake_Type type, u16bit msg_sequence) const { - return format_fragment(&msg[0], msg.size(), 0, msg.size(), type, msg_sequence); + return format_fragment(msg.data(), msg.size(), 0, msg.size(), type, msg_sequence); } std::vector<byte> diff --git a/src/lib/tls/tls_reader.h b/src/lib/tls/tls_reader.h index f24543edb..c2aef3163 100644 --- a/src/lib/tls/tls_reader.h +++ b/src/lib/tls/tls_reader.h @@ -118,7 +118,7 @@ class TLS_Data_Reader std::vector<byte> v = get_range_vector<byte>(len_bytes, min_bytes, max_bytes); - return std::string(reinterpret_cast<char*>(&v[0]), v.size()); + return std::string(reinterpret_cast<char*>(v.data()), v.size()); } template<typename T> @@ -209,7 +209,7 @@ void append_tls_length_value(std::vector<byte, Alloc>& buf, const std::vector<T, Alloc2>& vals, size_t tag_size) { - append_tls_length_value(buf, &vals[0], vals.size(), tag_size); + append_tls_length_value(buf, vals.data(), vals.size(), tag_size); } template<typename Alloc> @@ -218,7 +218,7 @@ void append_tls_length_value(std::vector<byte, Alloc>& buf, size_t tag_size) { append_tls_length_value(buf, - reinterpret_cast<const byte*>(&str[0]), + reinterpret_cast<const byte*>(str.data()), str.size(), tag_size); } diff --git a/src/lib/tls/tls_record.cpp b/src/lib/tls/tls_record.cpp index fb8079bdc..c384611e9 100644 --- a/src/lib/tls/tls_record.cpp +++ b/src/lib/tls/tls_record.cpp @@ -151,7 +151,7 @@ void write_record(secure_vector<byte>& output, output.push_back(get_byte<u16bit>(0, msg_length)); output.push_back(get_byte<u16bit>(1, msg_length)); - output.insert(output.end(), &msg[0], &msg[msg_length]); + output.insert(output.end(), msg, msg + msg_length); return; } @@ -175,7 +175,7 @@ void write_record(secure_vector<byte>& output, BOTAN_ASSERT(aead->start(nonce).empty(), "AEAD doesn't return anything from start"); const size_t offset = output.size(); - output += std::make_pair(&msg[0], msg_length); + output += std::make_pair(msg, msg_length); aead->finish(output, offset); BOTAN_ASSERT(output.size() == offset + ctext_size, "Expected size"); @@ -211,7 +211,7 @@ void write_record(secure_vector<byte>& output, rng.randomize(&output[output.size() - iv_size], iv_size); } - output.insert(output.end(), &msg[0], &msg[msg_length]); + output.insert(output.end(), msg, msg + msg_length); output.resize(output.size() + mac_size); cs->mac()->final(&output[output.size() - mac_size]); @@ -242,8 +242,8 @@ void write_record(secure_vector<byte>& output, const size_t blocks = buf_size / block_size; - xor_buf(&buf[0], &cbc_state[0], block_size); - bc->encrypt(&buf[0]); + xor_buf(buf, cbc_state.data(), block_size); + bc->encrypt(buf); for(size_t i = 1; i < blocks; ++i) { @@ -271,7 +271,7 @@ size_t fill_buffer_to(secure_vector<byte>& readbuf, const size_t taken = std::min(input_size, desired - readbuf.size()); - readbuf.insert(readbuf.end(), &input[0], &input[taken]); + readbuf.insert(readbuf.end(), input, input + taken); input_consumed += taken; input_size -= taken; input += taken; @@ -332,10 +332,10 @@ void cbc_decrypt_record(byte record_contents[], size_t record_len, byte* buf = record_contents; secure_vector<byte> last_ciphertext(block_size); - copy_mem(&last_ciphertext[0], &buf[0], block_size); + copy_mem(last_ciphertext.data(), buf, block_size); - bc.decrypt(&buf[0]); - xor_buf(&buf[0], &cs.cbc_state()[0], block_size); + bc.decrypt(buf); + xor_buf(buf, &cs.cbc_state()[0], block_size); secure_vector<byte> last_ciphertext2; @@ -343,7 +343,7 @@ void cbc_decrypt_record(byte record_contents[], size_t record_len, { last_ciphertext2.assign(&buf[block_size*i], &buf[block_size*(i+1)]); bc.decrypt(&buf[block_size*i]); - xor_buf(&buf[block_size*i], &last_ciphertext[0], block_size); + xor_buf(&buf[block_size*i], last_ciphertext.data(), block_size); std::swap(last_ciphertext, last_ciphertext2); } @@ -372,7 +372,7 @@ void decrypt_record(secure_vector<byte>& output, output += aead->start(nonce); const size_t offset = output.size(); - output += std::make_pair(&msg[0], msg_length); + output += std::make_pair(msg, msg_length); aead->finish(output, offset); BOTAN_ASSERT(output.size() == ptext_size + offset, "Produced expected size"); @@ -415,11 +415,11 @@ void decrypt_record(secure_vector<byte>& output, cs.mac()->update(plaintext_block, plaintext_length); std::vector<byte> mac_buf(mac_size); - cs.mac()->final(&mac_buf[0]); + cs.mac()->final(mac_buf.data()); const size_t mac_offset = record_len - (mac_size + pad_size); - const bool mac_bad = !same_mem(&record_contents[mac_offset], &mac_buf[0], mac_size); + const bool mac_bad = !same_mem(&record_contents[mac_offset], mac_buf.data(), mac_size); if(mac_bad || padding_bad) throw TLS_Exception(Alert::BAD_RECORD_MAC, "Message authentication failure"); diff --git a/src/lib/tls/tls_session.cpp b/src/lib/tls/tls_session.cpp index 28cb8b420..8cb1a2aa7 100644 --- a/src/lib/tls/tls_session.cpp +++ b/src/lib/tls/tls_session.cpp @@ -50,7 +50,7 @@ Session::Session(const std::string& pem) { secure_vector<byte> der = PEM_Code::decode_check_label(pem, "TLS SESSION"); - *this = Session(&der[0], der.size()); + *this = Session(der.data(), der.size()); } Session::Session(const byte ber[], size_t ber_len) @@ -105,7 +105,7 @@ Session::Session(const byte ber[], size_t ber_len) if(!peer_cert_bits.empty()) { - DataSource_Memory certs(&peer_cert_bits[0], peer_cert_bits.size()); + DataSource_Memory certs(peer_cert_bits.data(), peer_cert_bits.size()); while(!certs.end_of_data()) m_peer_certs.push_back(X509_Certificate(certs)); @@ -169,7 +169,7 @@ Session::encrypt(const SymmetricKey& key, RandomNumberGenerator& rng) const secure_vector<byte> buf = nonce; buf += bits; - aead->start(&buf[0], nonce_len); + aead->start(buf.data(), nonce_len); aead->finish(buf, nonce_len); return unlock(buf); } @@ -194,7 +194,7 @@ Session Session::decrypt(const byte in[], size_t in_len, const SymmetricKey& key secure_vector<byte> buf(in + nonce_len, in + in_len); aead->finish(buf, 0); - return Session(&buf[0], buf.size()); + return Session(buf.data(), buf.size()); } catch(std::exception& e) { diff --git a/src/lib/tls/tls_session.h b/src/lib/tls/tls_session.h index d7dcc90cb..81c662507 100644 --- a/src/lib/tls/tls_session.h +++ b/src/lib/tls/tls_session.h @@ -99,7 +99,7 @@ class BOTAN_DLL Session static inline Session decrypt(const std::vector<byte>& ctext, const SymmetricKey& key) { - return Session::decrypt(&ctext[0], ctext.size(), key); + return Session::decrypt(ctext.data(), ctext.size(), key); } /** |