2547. [bug] openssl_link.c:mem_realloc() could reference an

out-of-range area of the source buffer. New public function isc_mem_reallocate() was introduced to address this bug. [RT #19313]
2025-08-31 06:25:31 +00:00 · 2009-02-11 03:04:18 +00:00
parent d7a7065fd5
commit 77d90dc2b5
4 changed files with 46 additions and 14 deletions
--- a/lib/isc/mem.c
+++ b/lib/isc/mem.c
@@ -15,7 +15,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: mem.c,v 1.147 2009/01/22 23:47:54 tbox Exp $ */
+/* $Id: mem.c,v 1.148 2009/02/11 03:04:18 jinmei Exp $ */

 /*! \file */

@@ -1365,6 +1365,40 @@ isc__mem_allocate(isc_mem_t *ctx, size_t size FLARG) {
 	return (si);
 }

+void *
+isc__mem_reallocate(isc_mem_t *ctx, void *ptr, size_t size FLARG) {
+	void *new_ptr = NULL;
+	size_t oldsize, copysize;
+
+	REQUIRE(VALID_CONTEXT(ctx));
+
+	/*
+	 * This function emulates the realloc(3) standard library function:
+	 * - if size > 0, allocate new memory; and if ptr is non NULL, copy
+	 *   as much of the old contents to the new buffer and free the old one.
+	 *   Note that when allocation fails the original pointer is intact;
+	 *   the caller must free it.
+	 * - if size is 0 and ptr is non NULL, simply free the given ptr.
+	 * - this function returns:
+	 *     pointer to the newly allocated memory, or
+	 *     NULL if allocation fails or doesn't happen.
+	 */
+	if (size > 0U) {
+		new_ptr = isc__mem_allocate(ctx, size FLARG_PASS);
+		if (new_ptr != NULL && ptr != NULL) {
+			oldsize = (((size_info *)ptr)[-1]).u.size;
+			INSIST(oldsize >= ALIGNMENT_SIZE);
+			oldsize -= ALIGNMENT_SIZE;
+			copysize = oldsize > size ? size : oldsize;
+			memcpy(new_ptr, ptr, copysize);
+			isc__mem_free(ctx, ptr FLARG_PASS);
+		}
+	} else if (ptr != NULL)
+		isc__mem_free(ctx, ptr FLARG_PASS);
+
+	return (new_ptr);
+}
+
 void
 isc__mem_free(isc_mem_t *ctx, void *ptr FLARG) {
 	size_info *si;