From db89b4b1527103455e1bd85839a88d614a402354 Mon Sep 17 00:00:00 2001 From: cypherpunks Date: Fri, 21 Sep 2018 04:57:26 +0000 Subject: rust/protover: fix null deref in protover_all_supported() Fortunately with the current callers it couldn't happen in practice. Fix on d1820c1516a31a149fc51a9e5126bf899e4c4e08. --- changes/bug27804 | 3 +++ src/rust/protover/ffi.rs | 3 +++ src/test/test_protover.c | 1 + 3 files changed, 7 insertions(+) create mode 100644 changes/bug27804 diff --git a/changes/bug27804 b/changes/bug27804 new file mode 100644 index 0000000000..fa7fec0bc5 --- /dev/null +++ b/changes/bug27804 @@ -0,0 +1,3 @@ + o Minor bugfixes (rust): + - Fix a potential null dereference in protover_all_supported(). + Add a test for it. Fixes bug 27804; bugfix on 0.3.3.1-alpha. diff --git a/src/rust/protover/ffi.rs b/src/rust/protover/ffi.rs index 9656e8c318..ca9a504fe1 100644 --- a/src/rust/protover/ffi.rs +++ b/src/rust/protover/ffi.rs @@ -68,6 +68,9 @@ pub extern "C" fn protover_all_supported( if maybe_unsupported.is_some() { let unsupported: UnvalidatedProtoEntry = maybe_unsupported.unwrap(); + if missing_out.is_null() { + return 0; + } let c_unsupported: CString = match CString::new(unsupported.to_string()) { Ok(n) => n, Err(_) => return 1, diff --git a/src/test/test_protover.c b/src/test/test_protover.c index fb374c728b..d1fc7752dd 100644 --- a/src/test/test_protover.c +++ b/src/test/test_protover.c @@ -259,6 +259,7 @@ test_protover_all_supported(void *arg) tt_ptr_op(msg, OP_EQ, NULL); // Some things we don't support + tt_assert(! protover_all_supported("Wombat=9", NULL)); tt_assert(! protover_all_supported("Wombat=9", &msg)); tt_str_op(msg, OP_EQ, "Wombat=9"); tor_free(msg); -- cgit v1.2.3-54-g00ecf From 42558df7c8affeec33e66d987ccf4d632a9d5466 Mon Sep 17 00:00:00 2001 From: cypherpunks Date: Fri, 21 Sep 2018 05:16:22 +0000 Subject: rust/protover: return C-allocated string in protover_all_supported() The result of CString::into_raw() is not safe to free with free() except under finicky and fragile circumstances that we definitely don't meet right now. This was missed in be583a34a3815c2c10e86094ab0610e4b7f9c869. --- changes/bug27740 | 4 ++++ src/rust/protover/ffi.rs | 7 +------ 2 files changed, 5 insertions(+), 6 deletions(-) create mode 100644 changes/bug27740 diff --git a/changes/bug27740 b/changes/bug27740 new file mode 100644 index 0000000000..76a17b7dda --- /dev/null +++ b/changes/bug27740 @@ -0,0 +1,4 @@ + o Minor bugfixes (rust): + - Return a string that can be safely freed by C code, not one created by + the rust allocator, in protover_all_supported(). Fixes bug 27740; bugfix + on 0.3.3.1-alpha. diff --git a/src/rust/protover/ffi.rs b/src/rust/protover/ffi.rs index ca9a504fe1..8ab11842d1 100644 --- a/src/rust/protover/ffi.rs +++ b/src/rust/protover/ffi.rs @@ -71,12 +71,7 @@ pub extern "C" fn protover_all_supported( if missing_out.is_null() { return 0; } - let c_unsupported: CString = match CString::new(unsupported.to_string()) { - Ok(n) => n, - Err(_) => return 1, - }; - - let ptr = c_unsupported.into_raw(); + let ptr = allocate_and_copy_string(&unsupported.to_string()); unsafe { *missing_out = ptr }; return 0; -- cgit v1.2.3-54-g00ecf