Check for potentially exploitable overflows in asn1_d2i_read_bio

[openssl.git] / crypto / mem.c

diff --git a/crypto/mem.c b/crypto/mem.c
index 6635167228da1c9eb4ee6be3b4a147a1c3bc2af4..b40a94ce1c6b99596d215c124a04c0d21dd4e422 100644 (file)
--- a/crypto/mem.c
+++ b/crypto/mem.c
@@ -101,7 +101,7 @@ static void (*free_locked_func)(void *)     = free;
 
 /* may be changed as long as 'allow_customize_debug' is set */
 /* XXX use correct function pointer types */
-#ifdef CRYPTO_MDEBUG
+#if defined(CRYPTO_MDEBUG)
 /* use default functions from mem_dbg.c */
 static void (*malloc_debug_func)(void *,int,const char *,int,int)
        = CRYPTO_dbg_malloc;
@@ -121,10 +121,13 @@ static void (*set_debug_options_func)(long) = NULL;
 static long (*get_debug_options_func)(void) = NULL;
 #endif
 
+extern void OPENSSL_init(void);
 
 int CRYPTO_set_mem_functions(void *(*m)(size_t), void *(*r)(void *, size_t),
        void (*f)(void *))
        {
+       /* Dummy call just to ensure OPENSSL_init() gets linked in */
+       OPENSSL_init();
        if (!allow_customize)
                return 0;
        if ((m == 0) || (r == 0) || (f == 0))
@@ -250,7 +253,6 @@ void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int),
 void *CRYPTO_malloc_locked(int num, const char *file, int line)
        {
        void *ret = NULL;
-       extern unsigned char cleanse_ctr;
 
        if (num <= 0) return NULL;
 
@@ -267,11 +269,15 @@ void *CRYPTO_malloc_locked(int num, const char *file, int line)
        if (malloc_debug_func != NULL)
                malloc_debug_func(ret, num, file, line, 1);
 
+#ifndef OPENSSL_CPUID_OBJ
         /* Create a dependency on the value of 'cleanse_ctr' so our memory
          * sanitisation function can't be optimised out. NB: We only do
          * this for >2Kb so the overhead doesn't bother us. */
         if(ret && (num > 2048))
+       {       extern unsigned char cleanse_ctr;
                ((unsigned char *)ret)[0] = cleanse_ctr;
+       }
+#endif
 
        return ret;
        }
@@ -291,7 +297,6 @@ void CRYPTO_free_locked(void *str)
 void *CRYPTO_malloc(int num, const char *file, int line)
        {
        void *ret = NULL;
-       extern unsigned char cleanse_ctr;
 
        if (num <= 0) return NULL;
 
@@ -308,14 +313,25 @@ void *CRYPTO_malloc(int num, const char *file, int line)
        if (malloc_debug_func != NULL)
                malloc_debug_func(ret, num, file, line, 1);
 
+#ifndef OPENSSL_CPUID_OBJ
         /* Create a dependency on the value of 'cleanse_ctr' so our memory
          * sanitisation function can't be optimised out. NB: We only do
          * this for >2Kb so the overhead doesn't bother us. */
         if(ret && (num > 2048))
+       {       extern unsigned char cleanse_ctr;
                 ((unsigned char *)ret)[0] = cleanse_ctr;
+       }
+#endif
 
        return ret;
        }
+char *CRYPTO_strdup(const char *str, const char *file, int line)
+       {
+       char *ret = CRYPTO_malloc(strlen(str)+1, file, line);
+
+       strcpy(ret, str);
+       return ret;
+       }
 
 void *CRYPTO_realloc(void *str, int num, const char *file, int line)
        {
@@ -348,6 +364,10 @@ void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file,
 
        if (num <= 0) return NULL;
 
+       /* We don't support shrinking the buffer. Note the memcpy that copies
+        * |old_len| bytes to the new buffer, below. */
+       if (num < old_len) return NULL;
+
        if (realloc_debug_func != NULL)
                realloc_debug_func(str, NULL, num, file, line, 0);
        ret=malloc_ex_func(num,file,line);