diff --git a/CHANGES b/CHANGES index e94951809e..736228a091 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,8 @@ +2547. [bug] openssl_link.c:mem_realloc() could reference an + out-of-range area of the source buffer. New public + function isc_mem_reallocate() was introduced to address + this bug. [RT #19313] + 2546. [func] Add --enable-openssl-hash configure flag to use OpenSSL (in place of internal routine) for hash functions (MD5, SHA[12] and HMAC). [RT #18815] diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c index a66be2cbed..41e9e2f512 100644 --- a/lib/dns/openssl_link.c +++ b/lib/dns/openssl_link.c @@ -31,7 +31,7 @@ /* * Principal Author: Brian Wellington - * $Id: openssl_link.c,v 1.24 2009/01/17 23:47:42 tbox Exp $ + * $Id: openssl_link.c,v 1.25 2009/02/11 03:04:18 jinmei Exp $ */ #ifdef OPENSSL @@ -148,18 +148,8 @@ mem_free(void *ptr) { static void * mem_realloc(void *ptr, size_t size) { - void *p; - INSIST(dst__memory_pool != NULL); - p = NULL; - if (size > 0U) { - p = mem_alloc(size); - if (p != NULL && ptr != NULL) - memcpy(p, ptr, size); - } - if (ptr != NULL) - mem_free(ptr); - return (p); + return (isc_mem_reallocate(dst__memory_pool, ptr, size)); } isc_result_t diff --git a/lib/isc/include/isc/mem.h b/lib/isc/include/isc/mem.h index 8af12a1cd4..a114d3eb6a 100644 --- a/lib/isc/include/isc/mem.h +++ b/lib/isc/include/isc/mem.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: mem.h,v 1.80 2009/01/17 23:47:43 tbox Exp $ */ +/* $Id: mem.h,v 1.81 2009/02/11 03:04:18 jinmei Exp $ */ #ifndef ISC_MEM_H #define ISC_MEM_H 1 @@ -154,6 +154,7 @@ LIBISC_EXTERNAL_DATA extern unsigned int isc_mem_debugging; #define isc_mem_get(c, s) isc__mem_get((c), (s) _ISC_MEM_FILELINE) #define isc_mem_allocate(c, s) isc__mem_allocate((c), (s) _ISC_MEM_FILELINE) +#define isc_mem_reallocate(c, p, s) isc__mem_reallocate((c), (p), (s) _ISC_MEM_FILELINE) #define isc_mem_strdup(c, p) isc__mem_strdup((c), (p) _ISC_MEM_FILELINE) #define isc_mempool_get(c) isc__mempool_get((c) _ISC_MEM_FILELINE) @@ -612,6 +613,8 @@ void isc__mem_put(isc_mem_t *, void *, size_t _ISC_MEM_FLARG); void * isc__mem_allocate(isc_mem_t *, size_t _ISC_MEM_FLARG); +void * +isc__mem_reallocate(isc_mem_t *, void *, size_t _ISC_MEM_FLARG); void isc__mem_free(isc_mem_t *, void * _ISC_MEM_FLARG); char * diff --git a/lib/isc/mem.c b/lib/isc/mem.c index a427099876..318bc7f8a2 100644 --- a/lib/isc/mem.c +++ b/lib/isc/mem.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: mem.c,v 1.147 2009/01/22 23:47:54 tbox Exp $ */ +/* $Id: mem.c,v 1.148 2009/02/11 03:04:18 jinmei Exp $ */ /*! \file */ @@ -1365,6 +1365,40 @@ isc__mem_allocate(isc_mem_t *ctx, size_t size FLARG) { return (si); } +void * +isc__mem_reallocate(isc_mem_t *ctx, void *ptr, size_t size FLARG) { + void *new_ptr = NULL; + size_t oldsize, copysize; + + REQUIRE(VALID_CONTEXT(ctx)); + + /* + * This function emulates the realloc(3) standard library function: + * - if size > 0, allocate new memory; and if ptr is non NULL, copy + * as much of the old contents to the new buffer and free the old one. + * Note that when allocation fails the original pointer is intact; + * the caller must free it. + * - if size is 0 and ptr is non NULL, simply free the given ptr. + * - this function returns: + * pointer to the newly allocated memory, or + * NULL if allocation fails or doesn't happen. + */ + if (size > 0U) { + new_ptr = isc__mem_allocate(ctx, size FLARG_PASS); + if (new_ptr != NULL && ptr != NULL) { + oldsize = (((size_info *)ptr)[-1]).u.size; + INSIST(oldsize >= ALIGNMENT_SIZE); + oldsize -= ALIGNMENT_SIZE; + copysize = oldsize > size ? size : oldsize; + memcpy(new_ptr, ptr, copysize); + isc__mem_free(ctx, ptr FLARG_PASS); + } + } else if (ptr != NULL) + isc__mem_free(ctx, ptr FLARG_PASS); + + return (new_ptr); +} + void isc__mem_free(isc_mem_t *ctx, void *ptr FLARG) { size_info *si;