[gnutls-devel] GnuTLS | Consolidate ways to enforce bounds check (#1194)

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[gnutls-devel] GnuTLS | Consolidate ways to enforce bounds check (#1194)

Read-only notification of GnuTLS library development activities
GitLab

Daiki Ueno created an issue #1194:

We currently have bounds check logic in several places where data is read or written. A typical pattern is using one of the DECR_LEN macros:

uint8_t *p = data;
size_t data_size = _data_size;
...
DECR_LEN(data_size, 3);
size = _gnutls_read_uint24(p);
p += 3;

While this is better than manual checks like if (data_size < 3) goto error; data_size -= 3;, it doesn't provide a way to enforce the check in new code.

I would suggest providing a simpler (internal) API, and discouraging direct access to pointer and the length. Maybe we could reuse the existing gnutls_buffer_st, with a couple of new constructors for statically provided data buffers:

void _gnutls_buffer_static_for_read(gnutls_buffer_st *buffer, const uint8_t *data, size_t size);
void _gnutls_buffer_static_for_write(gnutls_buffer_st *buffer, const uint8_t *data, size_t max_size);

then the above example can be rewritten as:

gnutls_buffer_st buf;
...
_gnutls_buffer_static_for_read(&buf, data, _data_size);
...
size_t size;
ret = _gnutls_buffer_pop_prefix24(&buf, &size, 1);
if (ret < 0) {
        goto cleanup;
}

Writing is similarly done:

gnutls_buffer_st buf;
...
_gnutls_buffer_static_for_write(&buf, ptr, max_size);
...
ret = _gnutls_buffer_append_prefix(&buf, 3, size);
if (ret < 0) {
        goto cleanup;
}

_______________________________________________
Gnutls-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnutls-devel