diff options
| author | Hans Jerry Illikainen <hji@dyntopia.com> | 2016-12-11 20:17:49 +0000 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2016-12-23 09:47:09 -0500 |
| commit | a23fd1578612051a3ac804c12a629f6a5cfa296e (patch) | |
| tree | 7b64f7ab79efaf2469efefbe60bbcec46f5aed59 /src/test | |
| parent | f3da62dbdfb2057a7c8d5d46367e9d41bdd5b9ec (diff) | |
| download | tor-a23fd1578612051a3ac804c12a629f6a5cfa296e.tar.gz tor-a23fd1578612051a3ac804c12a629f6a5cfa296e.zip | |
Fix unreachable heap corruption in base64_decode()
Give size_mul_check() external linkage and use it in base64_decode() to
avoid a potential integer wrap.
Closes #19222
Diffstat (limited to 'src/test')
| -rw-r--r-- | src/test/test_util.c | 30 | ||||
| -rw-r--r-- | src/test/test_util_format.c | 3 |
2 files changed, 18 insertions, 15 deletions
diff --git a/src/test/test_util.c b/src/test/test_util.c index 86e3fea91a..fafb84f4fe 100644 --- a/src/test/test_util.c +++ b/src/test/test_util.c @@ -5479,26 +5479,26 @@ test_util_calloc_check(void *arg) { (void) arg; /* Easy cases that are good. */ - tt_assert(size_mul_check__(0,0)); - tt_assert(size_mul_check__(0,100)); - tt_assert(size_mul_check__(100,0)); - tt_assert(size_mul_check__(100,100)); + tt_assert(size_mul_check(0,0)); + tt_assert(size_mul_check(0,100)); + tt_assert(size_mul_check(100,0)); + tt_assert(size_mul_check(100,100)); /* Harder cases that are still good. */ - tt_assert(size_mul_check__(SIZE_MAX, 1)); - tt_assert(size_mul_check__(1, SIZE_MAX)); - tt_assert(size_mul_check__(SIZE_MAX / 10, 9)); - tt_assert(size_mul_check__(11, SIZE_MAX / 12)); + tt_assert(size_mul_check(SIZE_MAX, 1)); + tt_assert(size_mul_check(1, SIZE_MAX)); + tt_assert(size_mul_check(SIZE_MAX / 10, 9)); + tt_assert(size_mul_check(11, SIZE_MAX / 12)); const size_t sqrt_size_max_p1 = ((size_t)1) << (sizeof(size_t) * 4); - tt_assert(size_mul_check__(sqrt_size_max_p1, sqrt_size_max_p1 - 1)); + tt_assert(size_mul_check(sqrt_size_max_p1, sqrt_size_max_p1 - 1)); /* Cases that overflow */ - tt_assert(! size_mul_check__(SIZE_MAX, 2)); - tt_assert(! size_mul_check__(2, SIZE_MAX)); - tt_assert(! size_mul_check__(SIZE_MAX / 10, 11)); - tt_assert(! size_mul_check__(11, SIZE_MAX / 10)); - tt_assert(! size_mul_check__(SIZE_MAX / 8, 9)); - tt_assert(! size_mul_check__(sqrt_size_max_p1, sqrt_size_max_p1)); + tt_assert(! size_mul_check(SIZE_MAX, 2)); + tt_assert(! size_mul_check(2, SIZE_MAX)); + tt_assert(! size_mul_check(SIZE_MAX / 10, 11)); + tt_assert(! size_mul_check(11, SIZE_MAX / 10)); + tt_assert(! size_mul_check(SIZE_MAX / 8, 9)); + tt_assert(! size_mul_check(sqrt_size_max_p1, sqrt_size_max_p1)); done: ; diff --git a/src/test/test_util_format.c b/src/test/test_util_format.c index 1d58ba2bf8..21a6923c6d 100644 --- a/src/test/test_util_format.c +++ b/src/test/test_util_format.c @@ -202,6 +202,9 @@ test_util_format_base64_decode(void *ignored) res = base64_decode(dst, SIZE_T_CEILING+1, src, 10); tt_int_op(res, OP_EQ, -1); + res = base64_decode(dst, 1, real_src, SIZE_MAX/3+1); + tt_int_op(res, OP_EQ, -1); + const char *s = "T3BhIG11bmRv"; res = base64_decode(dst, 9, s, strlen(s)); tt_int_op(res, OP_EQ, 9); |