diff options
| author | Harin Vadodaria <harin.vadodaria@oracle.com> | 2014-08-23 08:59:03 +0530 |
|---|---|---|
| committer | Harin Vadodaria <harin.vadodaria@oracle.com> | 2014-08-23 08:59:03 +0530 |
| commit | b9f2b1c1354342424f26c276c6e1e9556fa7576a (patch) | |
| tree | 7e692646b16ed1d7255c950ef60f3400cf29cb9a /extra/yassl/src/buffer.cpp | |
| parent | ab727cec049d20a86e1ca8ab2860d73dc476b73a (diff) | |
| download | mariadb-git-b9f2b1c1354342424f26c276c6e1e9556fa7576a.tar.gz | |
Bug#19370676 : YASSL PRE-AUTH BUFFER OVERFLOW WHEN CLIENT
LIES ABOUT SUITE_LEN_
and
Bug#19355577 : YASSL PRE-AUTH BUFFER OVERFLOW WHEN CLIENT
LIES ABOUT COMP_LEN_
Description : Updating yaSSL to version 2.3.4.
Diffstat (limited to 'extra/yassl/src/buffer.cpp')
| -rw-r--r-- | extra/yassl/src/buffer.cpp | 113 |
1 files changed, 87 insertions, 26 deletions
diff --git a/extra/yassl/src/buffer.cpp b/extra/yassl/src/buffer.cpp index 6f356e9fd4f..aa7224bf64e 100644 --- a/extra/yassl/src/buffer.cpp +++ b/extra/yassl/src/buffer.cpp @@ -1,5 +1,5 @@ /* - Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -32,8 +32,19 @@ namespace yaSSL { -void NoCheck::check(uint, uint) +/* return 0 on check success, always true for NoCheck policy */ +int NoCheck::check(uint, uint) { + return 0; +} + +/* return 0 on check success */ +int Check::check(uint i, uint max) +{ + if (i < max) + return 0; + + return -1; } @@ -48,18 +59,20 @@ void NoCheck::check(uint, uint) input_buffer::input_buffer() - : size_(0), current_(0), buffer_(0), end_(0) + : size_(0), current_(0), buffer_(0), end_(0), error_(0), zero_(0) {} input_buffer::input_buffer(uint s) - : size_(0), current_(0), buffer_(NEW_YS byte[s]), end_(buffer_ + s) + : size_(0), current_(0), buffer_(NEW_YS byte[s]), end_(buffer_ + s), + error_(0), zero_(0) {} // with assign input_buffer::input_buffer(uint s, const byte* t, uint len) - : size_(0), current_(0), buffer_(NEW_YS byte[s]), end_(buffer_ + s) + : size_(0), current_(0), buffer_(NEW_YS byte[s]), end_(buffer_ + s), + error_(0), zero_(0) { assign(t, len); } @@ -74,8 +87,10 @@ input_buffer::~input_buffer() // users can pass defualt zero length buffer and then allocate void input_buffer::allocate(uint s) { - buffer_ = NEW_YS byte[s]; - end_ = buffer_ + s; + if (error_ == 0) { + buffer_ = NEW_YS byte[s]; + end_ = buffer_ + s; + } } @@ -90,40 +105,67 @@ byte* input_buffer::get_buffer() const // if you know the size before the write use assign() void input_buffer::add_size(uint i) { - check(size_ + i-1, get_capacity()); - size_ += i; + if (error_ == 0 && check(size_ + i-1, get_capacity()) == 0) + size_ += i; + else + error_ = -1; } uint input_buffer::get_capacity() const { - return (uint) (end_ - buffer_); + if (error_ == 0) + return end_ - buffer_; + + return 0; } uint input_buffer::get_current() const { - return current_; + if (error_ == 0) + return current_; + + return 0; } uint input_buffer::get_size() const { - return size_; + if (error_ == 0) + return size_; + + return 0; } uint input_buffer::get_remaining() const { - return size_ - current_; + if (error_ == 0) + return size_ - current_; + + return 0; +} + + +int input_buffer::get_error() const +{ + return error_; +} + + +void input_buffer::set_error() +{ + error_ = -1; } void input_buffer::set_current(uint i) { - if (i) - check(i - 1, size_); - current_ = i; + if (error_ == 0 && i && check(i - 1, size_) == 0) + current_ = i; + else + error_ = -1; } @@ -131,40 +173,59 @@ void input_buffer::set_current(uint i) // user passes in AUTO index for ease of use const byte& input_buffer::operator[](uint i) { - check(current_, size_); - return buffer_[current_++]; + if (error_ == 0 && check(current_, size_) == 0) + return buffer_[current_++]; + + error_ = -1; + return zero_; } // end of input test bool input_buffer::eof() { + if (error_ != 0) + return true; + return current_ >= size_; } // peek ahead -byte input_buffer::peek() const +byte input_buffer::peek() { - return buffer_[current_]; + if (error_ == 0 && check(current_, size_) == 0) + return buffer_[current_]; + + error_ = -1; + return 0; } // write function, should use at/near construction void input_buffer::assign(const byte* t, uint s) { - check(current_, get_capacity()); - add_size(s); - memcpy(&buffer_[current_], t, s); + if (t && error_ == 0 && check(current_, get_capacity()) == 0) { + add_size(s); + if (error_ == 0) { + memcpy(&buffer_[current_], t, s); + return; // success + } + } + + error_ = -1; } // use read to query input, adjusts current void input_buffer::read(byte* dst, uint length) { - check(current_ + length - 1, size_); - memcpy(dst, &buffer_[current_], length); - current_ += length; + if (dst && error_ == 0 && check(current_ + length - 1, size_) == 0) { + memcpy(dst, &buffer_[current_], length); + current_ += length; + } else { + error_ = -1; + } } |