Guard against DoS in name constraints handling.

[openssl.git] / crypto / mem.c

diff --git a/crypto/mem.c b/crypto/mem.c
index 2e8a00cf93e8a207ad74099c3fc6fe4ac69bcfbf..c171ae486c20953832e77d35ec7b041c23ae1952 100644 (file)
--- a/crypto/mem.c
+++ b/crypto/mem.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,12 +7,13 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include "e_os.h"
+#include "internal/cryptlib.h"
+#include "internal/cryptlib_int.h"
 #include <stdio.h>
 #include <stdlib.h>
 #include <limits.h>
 #include <openssl/crypto.h>
-#include "internal/cryptlib.h"
-#include "internal/cryptlib_int.h"
 #ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
 # include <execinfo.h>
 #endif
@@ -32,7 +33,7 @@ static void (*free_impl)(void *, const char *, int)
 #ifndef OPENSSL_NO_CRYPTO_MDEBUG
 static char *md_failstring;
 static long md_count;
-static int md_percent = 100;
+static int md_fail_percent = 0;
 static int md_tracefd = -1;
 static int call_malloc_debug = 1;
 
@@ -89,7 +90,8 @@ void CRYPTO_get_mem_functions(
  * Parse a "malloc failure spec" string.  This likes like a set of fields
  * separated by semicolons.  Each field has a count and an optional failure
  * percentage.  For example:
- *          100;100@25;@100
+ *          100@0;100@25;0@0
+ *    or    100;100@25;0
  * This means 100 mallocs succeed, then next 100 fail 25% of the time, and
  * all remaining (count is zero) succeed.
  */
@@ -104,28 +106,39 @@ static void parseit(void)
     /* Get the count (atol will stop at the @ if there), and percentage */
     md_count = atol(md_failstring);
     atsign = strchr(md_failstring, '@');
-    md_percent = atsign == NULL ? 100 : atoi(atsign + 1);
+    md_fail_percent = atsign == NULL ? 0 : atoi(atsign + 1);
 
     if (semi != NULL)
         md_failstring = semi;
 }
 
+/*
+ * Windows doesn't have random(), but it has rand()
+ * Some rand() implementations aren't good, but we're not
+ * dealing with secure randomness here.
+ */
+#ifdef _WIN32
+# define random() rand()
+#endif
 /*
  * See if the current malloc should fail.
  */
 static int shouldfail(void)
 {
     int roll = (int)(random() % 100);
-    int shouldfail = roll > md_percent;
+    int shoulditfail = roll < md_fail_percent;
+    int len;
     char buff[80];
 
     if (md_tracefd > 0) {
         BIO_snprintf(buff, sizeof(buff),
                      "%c C%ld %%%d R%d\n",
-                     shouldfail ? '-' : '+', md_count, md_percent, roll);
-        write(md_tracefd, buff, strlen(buff));
+                     shoulditfail ? '-' : '+', md_count, md_fail_percent, roll);
+        len = strlen(buff);
+        if (write(md_tracefd, buff, len) != len)
+            perror("shouldfail write failed");
 #ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
-        if (shouldfail) {
+        if (shoulditfail) {
             void *addrs[30];
             int num = backtrace(addrs, OSSL_NELEM(addrs));
 
@@ -140,7 +153,7 @@ static int shouldfail(void)
             parseit();
     }
 
-    return shouldfail;
+    return shoulditfail;
 }
 
 void ossl_malloc_setup_failures(void)
@@ -161,7 +174,7 @@ void *CRYPTO_malloc(size_t num, const char *file, int line)
     if (malloc_impl != NULL && malloc_impl != CRYPTO_malloc)
         return malloc_impl(num, file, line);
 
-    if (num <= 0)
+    if (num == 0)
         return NULL;
 
     FAILTEST();
@@ -175,7 +188,7 @@ void *CRYPTO_malloc(size_t num, const char *file, int line)
         ret = malloc(num);
     }
 #else
-    osslargused(file); osslargused(line);
+    (void)(file); (void)(line);
     ret = malloc(num);
 #endif
 
@@ -216,7 +229,7 @@ void *CRYPTO_realloc(void *str, size_t num, const char *file, int line)
         return ret;
     }
 #else
-    osslargused(file); osslargused(line);
+    (void)(file); (void)(line);
 #endif
     return realloc(str, num);