diff options
| -rw-r--r-- | src/common/compat.c | 2 | ||||
| -rw-r--r-- | src/common/crypto.c | 53 | ||||
| -rw-r--r-- | src/common/crypto.h | 2 | ||||
| -rw-r--r-- | src/common/ht.h | 5 | ||||
| -rw-r--r-- | src/common/mempool.c | 7 | ||||
| -rw-r--r-- | src/common/torgzip.c | 18 | ||||
| -rw-r--r-- | src/common/tortls.c | 10 | ||||
| -rw-r--r-- | src/common/util.c | 22 | ||||
| -rw-r--r-- | src/or/test.c | 4 |
9 files changed, 75 insertions, 48 deletions
diff --git a/src/common/compat.c b/src/common/compat.c index 378ba06232..efe2b01886 100644 --- a/src/common/compat.c +++ b/src/common/compat.c @@ -1112,7 +1112,7 @@ tor_inet_pton(int af, const char *src, void *dst) return 0; if (TOR_ISXDIGIT(*src)) { char *next; - int r = strtol(src, &next, 16); + long r = strtol(src, &next, 16); if (next > 4+src) return 0; if (next == src) diff --git a/src/common/crypto.c b/src/common/crypto.c index 34d19d94ba..35f2beaf88 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -816,8 +816,8 @@ crypto_pk_public_hybrid_encrypt(crypto_pk_env_t *env, size_t fromlen, int padding, int force) { - int overhead, outlen, r, symlen; - size_t pkeylen; + int overhead, outlen, r; + size_t pkeylen, symlen; crypto_cipher_env_t *cipher = NULL; char *buf = NULL; @@ -867,7 +867,8 @@ crypto_pk_public_hybrid_encrypt(crypto_pk_env_t *env, memset(buf, 0, pkeylen); tor_free(buf); crypto_free_cipher_env(cipher); - return outlen + symlen; + tor_assert(outlen+symlen < INT_MAX); + return (int)(outlen + symlen); err: if (buf) { memset(buf, 0, pkeylen); @@ -921,7 +922,8 @@ crypto_pk_private_hybrid_decrypt(crypto_pk_env_t *env, memset(buf,0,pkeylen); tor_free(buf); crypto_free_cipher_env(cipher); - return outlen + (fromlen-pkeylen); + tor_assert(outlen + fromlen < INT_MAX); + return (int)(outlen + (fromlen-pkeylen)); err: memset(buf,0,pkeylen); tor_free(buf); @@ -1211,6 +1213,7 @@ crypto_cipher_encrypt_with_iv(crypto_cipher_env_t *cipher, tor_assert(cipher); tor_assert(from); tor_assert(to); + tor_assert(fromlen < INT_MAX); if (fromlen < 1) return -1; @@ -1221,7 +1224,7 @@ crypto_cipher_encrypt_with_iv(crypto_cipher_env_t *cipher, if (crypto_cipher_set_iv(cipher, to)<0) return -1; crypto_cipher_encrypt(cipher, to+CIPHER_IV_LEN, from, fromlen); - return fromlen + CIPHER_IV_LEN; + return (int)(fromlen + CIPHER_IV_LEN); } /** Decrypt <b>fromlen</b> bytes (at least 1+CIPHER_IV_LEN) from <b>from</b> @@ -1241,6 +1244,7 @@ crypto_cipher_decrypt_with_iv(crypto_cipher_env_t *cipher, tor_assert(cipher); tor_assert(from); tor_assert(to); + tor_assert(fromlen < INT_MAX); if (fromlen <= CIPHER_IV_LEN) return -1; @@ -1250,7 +1254,7 @@ crypto_cipher_decrypt_with_iv(crypto_cipher_env_t *cipher, if (crypto_cipher_set_iv(cipher, from)<0) return -1; crypto_cipher_encrypt(cipher, to, from+CIPHER_IV_LEN, fromlen-CIPHER_IV_LEN); - return fromlen - CIPHER_IV_LEN; + return (int)(fromlen - CIPHER_IV_LEN); } /* SHA-1 */ @@ -1362,7 +1366,9 @@ crypto_hmac_sha1(char *hmac_out, const char *key, size_t key_len, const char *msg, size_t msg_len) { - HMAC(EVP_sha1(), key, key_len, (unsigned char*)msg, msg_len, + tor_assert(key_len < INT_MAX); + tor_assert(msg_len < INT_MAX); + HMAC(EVP_sha1(), key, (int)key_len, (unsigned char*)msg, (int)msg_len, (unsigned char*)hmac_out, NULL); } @@ -1548,7 +1554,7 @@ tor_check_dh_key(BIGNUM *bn) * SHA1( g^xy || "\x00" ) || SHA1( g^xy || "\x01" ) || ... * where || is concatenation.) */ -int +ssize_t crypto_dh_compute_secret(crypto_dh_env_t *dh, const char *pubkey, size_t pubkey_len, char *secret_out, size_t secret_bytes_out) @@ -1559,8 +1565,10 @@ crypto_dh_compute_secret(crypto_dh_env_t *dh, int result=0; tor_assert(dh); tor_assert(secret_bytes_out/DIGEST_LEN <= 255); + tor_assert(pubkey_len < INT_MAX); - if (!(pubkey_bn = BN_bin2bn((const unsigned char*)pubkey, pubkey_len, NULL))) + if (!(pubkey_bn = BN_bin2bn((const unsigned char*)pubkey, + (int)pubkey_len, NULL))) goto error; if (tor_check_dh_key(pubkey_bn)<0) { /* Check for invalid public keys. */ @@ -1721,10 +1729,11 @@ crypto_seed_rng(void) close(fd); if (n != sizeof(buf)) { log_warn(LD_CRYPTO, - "Error reading from entropy source (read only %d bytes).", n); + "Error reading from entropy source (read only %lu bytes).", + (unsigned long)n); return -1; } - RAND_seed(buf, sizeof(buf)); + RAND_seed(buf, (int)sizeof(buf)); memset(buf, 0, sizeof(buf)); return 0; } @@ -1741,8 +1750,9 @@ int crypto_rand(char *to, size_t n) { int r; + tor_assert(n < INT_MAX); tor_assert(to); - r = RAND_bytes((unsigned char*)to, n); + r = RAND_bytes((unsigned char*)to, (int)n); if (r == 0) crypto_log_errors(LOG_WARN, "generating random data"); return (r == 1) ? 0 : -1; @@ -1801,7 +1811,8 @@ crypto_random_hostname(int min_rand_len, int max_rand_len, const char *prefix, const char *suffix) { char *result, *rand_bytes; - int randlen, resultlen, rand_bytes_len, prefixlen; + int randlen, rand_bytes_len; + size_t resultlen, prefixlen; tor_assert(max_rand_len >= min_rand_len); randlen = min_rand_len + crypto_rand_int(max_rand_len - min_rand_len + 1); @@ -1829,8 +1840,7 @@ crypto_random_hostname(int min_rand_len, int max_rand_len, const char *prefix, void * smartlist_choose(const smartlist_t *sl) { - size_t len; - len = smartlist_len(sl); + int len = smartlist_len(sl); if (len) return smartlist_get(sl,crypto_rand_int(len)); return NULL; /* no elements to choose from */ @@ -1863,6 +1873,7 @@ base64_encode(char *dest, size_t destlen, const char *src, size_t srclen) * it ever shows up in the profile. */ EVP_ENCODE_CTX ctx; int len, ret; + tor_assert(srclen < INT_MAX); /* 48 bytes of input -> 64 bytes of output plus newline. Plus one more byte, in case I'm wrong. @@ -1874,7 +1885,7 @@ base64_encode(char *dest, size_t destlen, const char *src, size_t srclen) EVP_EncodeInit(&ctx); EVP_EncodeUpdate(&ctx, (unsigned char*)dest, &len, - (unsigned char*)src, srclen); + (unsigned char*)src, (int)srclen); EVP_EncodeFinal(&ctx, (unsigned char*)(dest+len), &ret); ret += len; return ret; @@ -2004,8 +2015,9 @@ base64_decode(char *dest, size_t destlen, const char *src, size_t srclen) } tor_assert((dest-dest_orig) <= (ssize_t)destlen); + tor_assert((dest-dest_orig) <= INT_MAX); - return dest-dest_orig; + return (int)(dest-dest_orig); #endif } #undef X @@ -2056,8 +2068,8 @@ digest_from_base64(char *digest, const char *d64) void base32_encode(char *dest, size_t destlen, const char *src, size_t srclen) { - unsigned int nbits, i, bit, v, u; - nbits = srclen * 8; + unsigned int i, bit, v, u; + size_t nbits = srclen * 8; tor_assert((nbits%5) == 0); /* We need an even multiple of 5 bits. */ tor_assert((nbits/5)+1 <= destlen); /* We need enough space. */ @@ -2082,7 +2094,8 @@ base32_decode(char *dest, size_t destlen, const char *src, size_t srclen) { /* XXXX we might want to rewrite this along the lines of base64_decode, if * it ever shows up in the profile. */ - unsigned int nbits, i, j, bit; + unsigned int i, j, bit; + size_t nbits; char *tmp; nbits = srclen * 5; diff --git a/src/common/crypto.h b/src/common/crypto.h index bc47813889..f25bc89947 100644 --- a/src/common/crypto.h +++ b/src/common/crypto.h @@ -158,7 +158,7 @@ int crypto_dh_get_bytes(crypto_dh_env_t *dh); int crypto_dh_generate_public(crypto_dh_env_t *dh); int crypto_dh_get_public(crypto_dh_env_t *dh, char *pubkey_out, size_t pubkey_out_len); -int crypto_dh_compute_secret(crypto_dh_env_t *dh, +ssize_t crypto_dh_compute_secret(crypto_dh_env_t *dh, const char *pubkey, size_t pubkey_len, char *secret_out, size_t secret_out_len); void crypto_dh_free(crypto_dh_env_t *dh); diff --git a/src/common/ht.h b/src/common/ht.h index 61792cb8b4..762f836bd3 100644 --- a/src/common/ht.h +++ b/src/common/ht.h @@ -90,7 +90,8 @@ ht_string_hash(const char *s) while (*cp) { h = (1000003*h) ^ *cp++; } - h ^= (cp-(const unsigned char*)s); + /* This conversion truncates the length of the string, but that's ok. */ + h ^= (unsigned)(cp-(const unsigned char*)s); return h; } @@ -287,7 +288,7 @@ ht_string_hash(const char *s) 805306457, 1610612741 \ }; \ static unsigned name##_N_PRIMES = \ - sizeof(name##_PRIMES)/sizeof(name##_PRIMES[0]); \ + (unsigned)(sizeof(name##_PRIMES)/sizeof(name##_PRIMES[0])); \ /* Expand the internal table of 'head' until it is large enough to \ * hold 'size' elements. Return 0 on success, -1 on allocation \ * failure. */ \ diff --git a/src/common/mempool.c b/src/common/mempool.c index 7c8092de71..6a41d220fe 100644 --- a/src/common/mempool.c +++ b/src/common/mempool.c @@ -358,7 +358,7 @@ mp_pool_t * mp_pool_new(size_t item_size, size_t chunk_capacity) { mp_pool_t *pool; - size_t alloc_size; + size_t alloc_size, new_chunk_cap; pool = ALLOC(sizeof(mp_pool_t)); CHECK_ALLOC(pool); @@ -393,7 +393,10 @@ mp_pool_new(size_t item_size, size_t chunk_capacity) if (chunk_capacity < MIN_CHUNK) chunk_capacity = MIN_CHUNK; - pool->new_chunk_capacity = (chunk_capacity-CHUNK_OVERHEAD) / alloc_size; + new_chunk_cap = (chunk_capacity-CHUNK_OVERHEAD) / alloc_size; + tor_assert(new_chunk_cap < INT_MAX); + pool->new_chunk_capacity = (int)new_chunk_cap; + pool->item_alloc_size = alloc_size; log_debug(LD_MM, "Capacity is %lu, item size is %lu, alloc size is %lu", diff --git a/src/common/torgzip.c b/src/common/torgzip.c index 40c01ba682..d1289443e2 100644 --- a/src/common/torgzip.c +++ b/src/common/torgzip.c @@ -77,6 +77,7 @@ tor_gzip_compress(char **out, size_t *out_len, tor_assert(out); tor_assert(out_len); tor_assert(in); + tor_assert(in_len < UINT_MAX); if (method == GZIP_METHOD && !is_gzip_supported()) { /* Old zlib version don't support gzip in deflateInit2 */ @@ -91,7 +92,7 @@ tor_gzip_compress(char **out, size_t *out_len, stream->zfree = Z_NULL; stream->opaque = NULL; stream->next_in = (unsigned char*) in; - stream->avail_in = in_len; + stream->avail_in = (unsigned int)in_len; if (deflateInit2(stream, Z_BEST_COMPRESSION, Z_DEFLATED, method_bits(method), @@ -106,7 +107,7 @@ tor_gzip_compress(char **out, size_t *out_len, if (out_size < 1024) out_size = 1024; *out = tor_malloc(out_size); stream->next_out = (unsigned char*)*out; - stream->avail_out = out_size; + stream->avail_out = (unsigned int)out_size; while (1) { switch (deflate(stream, Z_FINISH)) @@ -190,6 +191,7 @@ tor_gzip_uncompress(char **out, size_t *out_len, tor_assert(out); tor_assert(out_len); tor_assert(in); + tor_assert(in_len < UINT_MAX); if (method == GZIP_METHOD && !is_gzip_supported()) { /* Old zlib version don't support gzip in inflateInit2 */ @@ -204,7 +206,7 @@ tor_gzip_uncompress(char **out, size_t *out_len, stream->zfree = Z_NULL; stream->opaque = NULL; stream->next_in = (unsigned char*) in; - stream->avail_in = in_len; + stream->avail_in = (unsigned int)in_len; if (inflateInit2(stream, method_bits(method)) != Z_OK) { @@ -215,10 +217,12 @@ tor_gzip_uncompress(char **out, size_t *out_len, out_size = in_len * 2; /* guess 50% compression. */ if (out_size < 1024) out_size = 1024; + if (out_size > UINT_MAX) + goto err; *out = tor_malloc(out_size); stream->next_out = (unsigned char*)*out; - stream->avail_out = out_size; + stream->avail_out = (unsigned int)out_size; while (1) { switch (inflate(stream, complete_only ? Z_FINISH : Z_SYNC_FLUSH)) @@ -372,10 +376,12 @@ tor_zlib_process(tor_zlib_state_t *state, int finish) { int err; + tor_assert(*in_len <= UINT_MAX); + tor_assert(*out_len <= UINT_MAX); state->stream.next_in = (unsigned char*) *in; - state->stream.avail_in = *in_len; + state->stream.avail_in = (unsigned int)*in_len; state->stream.next_out = (unsigned char*) *out; - state->stream.avail_out = *out_len; + state->stream.avail_out = (unsigned int)*out_len; if (state->compress) { err = deflate(&state->stream, finish ? Z_FINISH : Z_SYNC_FLUSH); diff --git a/src/common/tortls.c b/src/common/tortls.c index 2918ab288e..8690231e65 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -111,7 +111,7 @@ static INLINE unsigned int tor_tls_entry_hash(const tor_tls_t *a) { #if SIZEOF_INT == SIZEOF_VOID_P - return ((unsigned int)a->ssl); + return ((unsigned int)(uintptr_t)a->ssl); #else return (unsigned int) ((((uint64_t)a->ssl)>>2) & UINT_MAX); #endif @@ -162,7 +162,7 @@ static int tls_library_is_initialized = 0; static void tls_log_errors(tor_tls_t *tls, int severity, const char *doing) { - int err; + unsigned long err; const char *msg, *lib, *func, *addr; addr = tls ? tls->address : NULL; while ((err = ERR_get_error()) != 0) { @@ -841,7 +841,8 @@ tor_tls_read(tor_tls_t *tls, char *cp, size_t len) tor_assert(tls); tor_assert(tls->ssl); tor_assert(tls->state == TOR_TLS_ST_OPEN); - r = SSL_read(tls->ssl, cp, len); + tor_assert(len<INT_MAX); + r = SSL_read(tls->ssl, cp, (int)len); if (r > 0) { #ifdef V2_HANDSHAKE_SERVER if (tls->got_renegotiate) { @@ -878,6 +879,7 @@ tor_tls_write(tor_tls_t *tls, const char *cp, size_t n) tor_assert(tls); tor_assert(tls->ssl); tor_assert(tls->state == TOR_TLS_ST_OPEN); + tor_assert(n < INT_MAX); if (n == 0) return 0; if (tls->wantwrite_n) { @@ -888,7 +890,7 @@ tor_tls_write(tor_tls_t *tls, const char *cp, size_t n) n = tls->wantwrite_n; tls->wantwrite_n = 0; } - r = SSL_write(tls->ssl, cp, n); + r = SSL_write(tls->ssl, cp, (int)n); err = tor_tls_get_error(tls, r, 0, "writing", LOG_INFO); if (err == TOR_TLS_DONE) { return r; diff --git a/src/common/util.c b/src/common/util.c index 3578dd666a..e263908c19 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -1327,7 +1327,7 @@ int write_all(int fd, const char *buf, size_t count, int isSocket) { size_t written = 0; - int result; + ssize_t result; tor_assert(count < INT_MAX); /*XXXX021 make returnval an ssize_t */ while (written != count) { @@ -1350,10 +1350,11 @@ write_all(int fd, const char *buf, size_t count, int isSocket) int read_all(int fd, char *buf, size_t count, int isSocket) { + /*XXXX021 return ssize_t. */ size_t numread = 0; - int result; + ssize_t result; - if (count > SIZE_T_CEILING) + if (count > SIZE_T_CEILING || count > INT_MAX) return -1; while (numread != count) { @@ -1367,7 +1368,7 @@ read_all(int fd, char *buf, size_t count, int isSocket) break; numread += result; } - return numread; + return (int)numread; } /* @@ -2373,7 +2374,7 @@ parse_port_range(const char *port, uint16_t *port_min_out, port_max = 65535; } else { char *endptr = NULL; - port_min = tor_parse_long(port, 10, 0, 65535, &ok, &endptr); + port_min = (int)tor_parse_long(port, 10, 0, 65535, &ok, &endptr); if (!ok) { log_warn(LD_GENERAL, "Malformed port %s on address range; rejecting.", @@ -2382,7 +2383,7 @@ parse_port_range(const char *port, uint16_t *port_min_out, } else if (endptr && *endptr == '-') { port = endptr+1; endptr = NULL; - port_max = tor_parse_long(port, 10, 1, 65536, &ok, &endptr); + port_max = (int)tor_parse_long(port, 10, 1, 65536, &ok, &endptr); if (!ok) { log_warn(LD_GENERAL, "Malformed port %s on address range; rejecting.", @@ -2933,20 +2934,20 @@ get_interface_address6(int severity, sa_family_t family, tor_addr_t *addr) memset(addr, 0, sizeof(tor_addr_t)); memset(&target_addr, 0, sizeof(target_addr)); - my_addr_len = sizeof(my_addr); + my_addr_len = (socklen_t)sizeof(my_addr); ((struct sockaddr_in*)&target_addr)->sin_port = 9; /* DISGARD port */ /* Don't worry: no packets are sent. We just need to use a real address * on the actual internet. */ if (family == AF_INET6) { struct sockaddr_in6 *sin6 = (struct sockaddr_in6*)&target_addr; sock = tor_open_socket(PF_INET6,SOCK_DGRAM,IPPROTO_UDP); - my_addr_len = sizeof(struct sockaddr_in6); + my_addr_len = (socklen_t)sizeof(struct sockaddr_in6); sin6->sin6_family = AF_INET6; S6_ADDR16(sin6->sin6_addr)[0] = htons(0x2002); /* 2002:: */ } else if (family == AF_INET) { struct sockaddr_in *sin = (struct sockaddr_in*)&target_addr; sock = tor_open_socket(PF_INET,SOCK_DGRAM,IPPROTO_UDP); - my_addr_len = sizeof(struct sockaddr_in); + my_addr_len = (socklen_t)sizeof(struct sockaddr_in); sin->sin_family = AF_INET; sin->sin_addr.s_addr = htonl(0x12000001); /* 18.0.0.1 */ } else { @@ -2959,7 +2960,8 @@ get_interface_address6(int severity, sa_family_t family, tor_addr_t *addr) goto err; } - if (connect(sock,(struct sockaddr *)&target_addr,sizeof(target_addr))<0) { + if (connect(sock,(struct sockaddr *)&target_addr, + (socklen_t)sizeof(target_addr))<0) { int e = tor_socket_errno(sock); log_fn(severity, LD_NET, "connect() failed: %s", tor_socket_strerror(e)); goto err; diff --git a/src/or/test.c b/src/or/test.c index c209db55bb..b0dcc26594 100644 --- a/src/or/test.c +++ b/src/or/test.c @@ -770,10 +770,10 @@ test_util(void) /* Test tor_strstrip() */ strlcpy(buf, "Testing 1 2 3", sizeof(buf)); - test_eq(0, tor_strstrip(buf, ",!")); + tor_strstrip(buf, ",!"); test_streq(buf, "Testing 1 2 3"); strlcpy(buf, "!Testing 1 2 3?", sizeof(buf)); - test_eq(5, tor_strstrip(buf, "!? ")); + tor_strstrip(buf, "!? "); test_streq(buf, "Testing123"); /* Test parse_addr_port */ |