diff options
author | Simon Warta <[email protected]> | 2015-06-30 10:38:52 +0200 |
---|---|---|
committer | Simon Warta <[email protected]> | 2015-06-30 10:38:52 +0200 |
commit | abe4c5c8d9b88aafa6f8b745f9100d4dbd754e20 (patch) | |
tree | 295eafb79cab7843888133abbad07fb983915520 /src/lib | |
parent | b90187419f64b6d38d19c888985d58f902336677 (diff) | |
parent | 1de5fc1419add86884df97580d7a2e745ad43bff (diff) |
Merge pull request #154 from webmaster128/bounds-fixes
Remainings fixes before Botan runs fine in debug mode
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/alloc/secmem.h | 25 | ||||
-rw-r--r-- | src/lib/asn1/ber_dec.cpp | 4 | ||||
-rw-r--r-- | src/lib/block/serpent/serpent.cpp | 2 | ||||
-rw-r--r-- | src/lib/mac/poly1305/poly1305.cpp | 6 | ||||
-rw-r--r-- | src/lib/math/bigint/bigint.h | 6 | ||||
-rw-r--r-- | src/lib/modes/cfb/cfb.cpp | 10 | ||||
-rw-r--r-- | src/lib/pubkey/mceies/mceies.cpp | 6 | ||||
-rw-r--r-- | src/lib/tls/msg_certificate.cpp | 4 | ||||
-rw-r--r-- | src/lib/tls/tls_handshake_io.cpp | 10 | ||||
-rw-r--r-- | src/lib/tls/tls_record.cpp | 4 |
10 files changed, 56 insertions, 21 deletions
diff --git a/src/lib/alloc/secmem.h b/src/lib/alloc/secmem.h index b583aa812..98707ad4e 100644 --- a/src/lib/alloc/secmem.h +++ b/src/lib/alloc/secmem.h @@ -108,7 +108,10 @@ size_t buffer_insert(std::vector<T, Alloc>& buf, size_t input_length) { const size_t to_copy = std::min(input_length, buf.size() - buf_offset); - copy_mem(&buf[buf_offset], input, to_copy); + if (to_copy > 0) + { + copy_mem(&buf[buf_offset], input, to_copy); + } return to_copy; } @@ -118,7 +121,10 @@ size_t buffer_insert(std::vector<T, Alloc>& buf, const std::vector<T, Alloc2>& input) { const size_t to_copy = std::min(input.size(), buf.size() - buf_offset); - copy_mem(&buf[buf_offset], input.data(), to_copy); + if (to_copy > 0) + { + copy_mem(&buf[buf_offset], input.data(), to_copy); + } return to_copy; } @@ -129,7 +135,10 @@ operator+=(std::vector<T, Alloc>& out, { const size_t copy_offset = out.size(); out.resize(out.size() + in.size()); - copy_mem(&out[copy_offset], in.data(), in.size()); + if (in.size() > 0) + { + copy_mem(&out[copy_offset], in.data(), in.size()); + } return out; } @@ -146,7 +155,10 @@ std::vector<T, Alloc>& operator+=(std::vector<T, Alloc>& out, { const size_t copy_offset = out.size(); out.resize(out.size() + in.second); - copy_mem(&out[copy_offset], in.first, in.second); + if (in.second > 0) + { + copy_mem(&out[copy_offset], in.first, in.second); + } return out; } @@ -156,7 +168,10 @@ std::vector<T, Alloc>& operator+=(std::vector<T, Alloc>& out, { const size_t copy_offset = out.size(); out.resize(out.size() + in.second); - copy_mem(&out[copy_offset], in.first, in.second); + if (in.second > 0) + { + copy_mem(&out[copy_offset], in.first, in.second); + } return out; } diff --git a/src/lib/asn1/ber_dec.cpp b/src/lib/asn1/ber_dec.cpp index e9133d50f..06543d9e7 100644 --- a/src/lib/asn1/ber_dec.cpp +++ b/src/lib/asn1/ber_dec.cpp @@ -220,7 +220,7 @@ BER_Object BER_Decoder::get_next_object() size_t length = decode_length(source); next.value.resize(length); - if(source->read(&next.value[0], length) != length) + if(source->read(next.value.data(), length) != length) throw BER_Decoding_Error("Value truncated"); if(next.type_tag == EOC && next.class_tag == UNIVERSAL) @@ -254,7 +254,7 @@ BER_Decoder BER_Decoder::start_cons(ASN1_Tag type_tag, BER_Object obj = get_next_object(); obj.assert_is_a(type_tag, ASN1_Tag(class_tag | CONSTRUCTED)); - BER_Decoder result(&obj.value[0], obj.value.size()); + BER_Decoder result(obj.value.data(), obj.value.size()); result.parent = this; return result; } diff --git a/src/lib/block/serpent/serpent.cpp b/src/lib/block/serpent/serpent.cpp index 0fd76ce8f..b809e602c 100644 --- a/src/lib/block/serpent/serpent.cpp +++ b/src/lib/block/serpent/serpent.cpp @@ -195,7 +195,7 @@ void Serpent::key_schedule(const byte key[], size_t length) SBoxE6(W[128],W[129],W[130],W[131]); SBoxE5(W[132],W[133],W[134],W[135]); SBoxE4(W[136],W[137],W[138],W[139]); - round_key.assign(&W[8], &W[140]); + round_key.assign(W.begin() + 8, W.end()); } void Serpent::clear() diff --git a/src/lib/mac/poly1305/poly1305.cpp b/src/lib/mac/poly1305/poly1305.cpp index 545a749fa..506150b0f 100644 --- a/src/lib/mac/poly1305/poly1305.cpp +++ b/src/lib/mac/poly1305/poly1305.cpp @@ -190,7 +190,11 @@ void Poly1305::final_result(byte out[]) if(m_buf_pos != 0) { m_buf[m_buf_pos] = 1; - clear_mem(&m_buf[m_buf_pos+1], m_buf.size() - m_buf_pos - 1); + const auto len = m_buf.size() - m_buf_pos - 1; + if (len > 0) + { + clear_mem(&m_buf[m_buf_pos+1], len); + } poly1305_blocks(m_poly, m_buf.data(), 1, true); } diff --git a/src/lib/math/bigint/bigint.h b/src/lib/math/bigint/bigint.h index 3f329c451..fed986882 100644 --- a/src/lib/math/bigint/bigint.h +++ b/src/lib/math/bigint/bigint.h @@ -278,7 +278,11 @@ class BOTAN_DLL BigInt if(top_word < size()) { - clear_mem(&m_reg[top_word+1], size() - (top_word + 1)); + const auto len = size() - (top_word + 1); + if (len > 0) + { + clear_mem(&m_reg[top_word+1], len); + } m_reg[top_word] &= mask; } } diff --git a/src/lib/modes/cfb/cfb.cpp b/src/lib/modes/cfb/cfb.cpp index 7e4048a2b..e98d10cb3 100644 --- a/src/lib/modes/cfb/cfb.cpp +++ b/src/lib/modes/cfb/cfb.cpp @@ -100,7 +100,10 @@ void CFB_Encryption::update(secure_vector<byte>& buffer, size_t offset) xor_buf(buf, &keystream_buf()[0], took); // Assumes feedback-sized block except for last input - copy_mem(state.data(), &state[shift], BS - shift); + if (BS - shift > 0) + { + copy_mem(state.data(), &state[shift], BS - shift); + } copy_mem(&state[BS-shift], buf, took); cipher().encrypt(state, keystream_buf()); @@ -130,7 +133,10 @@ void CFB_Decryption::update(secure_vector<byte>& buffer, size_t offset) const size_t took = std::min(shift, sz); // first update shift register with ciphertext - copy_mem(state.data(), &state[shift], BS - shift); + if (BS - shift > 0) + { + copy_mem(state.data(), &state[shift], BS - shift); + } copy_mem(&state[BS-shift], buf, took); // then decrypt diff --git a/src/lib/pubkey/mceies/mceies.cpp b/src/lib/pubkey/mceies/mceies.cpp index 6b013c250..9e9ae1cb8 100644 --- a/src/lib/pubkey/mceies/mceies.cpp +++ b/src/lib/pubkey/mceies/mceies.cpp @@ -58,8 +58,8 @@ mceies_encrypt(const McEliece_PublicKey& pubkey, secure_vector<byte> msg(mce_ciphertext.size() + nonce.size() + pt.size()); copy_mem(msg.data(), mce_ciphertext.data(), mce_ciphertext.size()); - copy_mem(&msg[mce_ciphertext.size()], nonce.data(), nonce.size()); - copy_mem(&msg[mce_ciphertext.size() + nonce.size()], pt.data(), pt.size()); + copy_mem(msg.data() + mce_ciphertext.size(), nonce.data(), nonce.size()); + copy_mem(msg.data() + mce_ciphertext.size() + nonce.size(), pt.data(), pt.size()); aead->start(nonce); aead->finish(msg, mce_ciphertext.size() + nonce.size()); @@ -91,7 +91,7 @@ mceies_decrypt(const McEliece_PrivateKey& privkey, aead->set_key(aead_key(mce_key, *aead)); aead->set_associated_data(ad, ad_len); - secure_vector<byte> pt(&ct[mce_code_bytes + nonce_len], &ct[ct.size()]); + secure_vector<byte> pt(ct.begin() + mce_code_bytes + nonce_len, ct.end()); aead->start(&ct[mce_code_bytes], nonce_len); aead->finish(pt, 0); diff --git a/src/lib/tls/msg_certificate.cpp b/src/lib/tls/msg_certificate.cpp index 99722c306..f0ccc5328 100644 --- a/src/lib/tls/msg_certificate.cpp +++ b/src/lib/tls/msg_certificate.cpp @@ -41,9 +41,9 @@ Certificate::Certificate(const std::vector<byte>& buf) if(total_size != buf.size() - 3) throw Decoding_Error("Certificate: Message malformed"); - const byte* certs = &buf[3]; + const byte* certs = buf.data() + 3; - while(size_t remaining_bytes = &buf[buf.size()] - certs) + while(size_t remaining_bytes = buf.data() + buf.size() - certs) { if(remaining_bytes < 3) throw Decoding_Error("Certificate: Message malformed"); diff --git a/src/lib/tls/tls_handshake_io.cpp b/src/lib/tls/tls_handshake_io.cpp index d4633becd..6286eab08 100644 --- a/src/lib/tls/tls_handshake_io.cpp +++ b/src/lib/tls/tls_handshake_io.cpp @@ -95,7 +95,10 @@ Stream_Handshake_IO::format(const std::vector<byte>& msg, store_be24(&send_buf[1], buf_size); - copy_mem(&send_buf[4], msg.data(), msg.size()); + if (msg.size() > 0) + { + copy_mem(&send_buf[4], msg.data(), msg.size()); + } return send_buf; } @@ -350,7 +353,10 @@ Datagram_Handshake_IO::format_fragment(const byte fragment[], store_be24(&send_buf[6], frag_offset); store_be24(&send_buf[9], frag_len); - copy_mem(&send_buf[12], fragment, frag_len); + if (frag_len > 0) + { + copy_mem(&send_buf[12], fragment, frag_len); + } return send_buf; } diff --git a/src/lib/tls/tls_record.cpp b/src/lib/tls/tls_record.cpp index c384611e9..3ba02f039 100644 --- a/src/lib/tls/tls_record.cpp +++ b/src/lib/tls/tls_record.cpp @@ -491,7 +491,7 @@ size_t read_tls_record(secure_vector<byte>& readbuf, if(epoch == 0) // Unencrypted initial handshake { - record.assign(&readbuf[TLS_HEADER_SIZE], &readbuf[TLS_HEADER_SIZE + record_len]); + record.assign(readbuf.begin() + TLS_HEADER_SIZE, readbuf.begin() + TLS_HEADER_SIZE + record_len); readbuf.clear(); return 0; // got a full record } @@ -578,7 +578,7 @@ size_t read_dtls_record(secure_vector<byte>& readbuf, if(epoch == 0) // Unencrypted initial handshake { - record.assign(&readbuf[DTLS_HEADER_SIZE], &readbuf[DTLS_HEADER_SIZE + record_len]); + record.assign(readbuf.begin() + DTLS_HEADER_SIZE, readbuf.begin() + DTLS_HEADER_SIZE + record_len); readbuf.clear(); return 0; // got a full record } |