Prevent OOB in SRP base64 code.

[openssl.git] / ssl / packet_locl.h

diff --git a/ssl/packet_locl.h b/ssl/packet_locl.h
index 94933c1a079ad6874331b8bf0ce3145162f6f9fb..67b49994f7d27c911a6adfd72c0b74a5e9b37c43 100644 (file)
--- a/ssl/packet_locl.h
+++ b/ssl/packet_locl.h
@@ -625,6 +625,9 @@ struct wpacket_st {
     /* The buffer where we store the output data */
     BUF_MEM *buf;
 
+    /* Fixed sized buffer which can be used as an alternative to buf */
+    unsigned char *staticbuf;
+
     /*
      * Offset into the buffer where we are currently writing. We use an offset
      * in case the buffer grows and gets reallocated.
@@ -670,6 +673,13 @@ int WPACKET_init_len(WPACKET *pkt, BUF_MEM *buf, size_t lenbytes);
  */
 int WPACKET_init(WPACKET *pkt, BUF_MEM *buf);
 
+/*
+ * Same as WPACKET_init_len except we do not use a growable BUF_MEM structure.
+ * A fixed buffer of memory |buf| of size |len| is used instead. A failure will
+ * occur if you attempt to write beyond the end of the buffer
+ */
+int WPACKET_init_static_len(WPACKET *pkt, unsigned char *buf, size_t len,
+                            size_t lenbytes);
 /*
  * Set the flags to be applied to the current sub-packet
  */
@@ -689,6 +699,15 @@ int WPACKET_close(WPACKET *pkt);
  */
 int WPACKET_finish(WPACKET *pkt);
 
+/*
+ * Iterate through all the sub-packets and write out their lengths as if they
+ * were being closed. The lengths will be overwritten with the final lengths
+ * when the sub-packets are eventually closed (which may be different if more
+ * data is added to the WPACKET). This function fails if a sub-packet is of 0
+ * length and WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH is set.
+ */
+int WPACKET_fill_lengths(WPACKET *pkt);
+
 /*
  * Initialise a new sub-packet. Additionally |lenbytes| of data is preallocated
  * at the start of the sub-packet to store its length once we know it. Don't
@@ -718,7 +737,7 @@ int WPACKET_start_sub_packet(WPACKET *pkt);
 /*
  * Allocate bytes in the WPACKET for the output. This reserves the bytes
  * and counts them as "written", but doesn't actually do the writing. A pointer
- * to the allocated bytes is stored in |*allocbytes|.
+ * to the allocated bytes is stored in |*allocbytes|. |allocbytes| may be NULL.
  * WARNING: the allocated bytes must be filled in immediately, without further
  * WPACKET_* calls. If not then the underlying buffer may be realloc'd and
  * change its location.
@@ -844,6 +863,12 @@ int WPACKET_get_total_written(WPACKET *pkt, size_t *written);
  */
 int WPACKET_get_length(WPACKET *pkt, size_t *len);
 
+/*
+ * Returns a pointer to the current write location, but does not allocate any
+ * bytes.
+ */
+unsigned char *WPACKET_get_curr(WPACKET *pkt);
+
 /* Release resources in a WPACKET if a failure has occurred. */
 void WPACKET_cleanup(WPACKET *pkt);