BIO range checking.

Add length limits to avoid problems with sprintf, strcpy and strcat. This replaces recently removed code but also guards some previously missing function calls (for DOS & Windows). Reworked the BIO_dump_indent_cb code to reduce temporary storage. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3870)
author: Pauli <paul.dale@oracle.com> 2017-07-06 06:11:27 +0200
committer: Pauli <paul.dale@oracle.com> 2017-07-06 23:18:41 +0200
commit: 59e539e6429d9c3b5c4db07569f09ec6acc5a7e9 (patch)
tree: 9a93e1dded3f25fe2ef28931756357ba0ac1caef /crypto/bio/bio_cb.c
parent: Cleanup RAND_load_file,RAND_write_file (diff)
download: openssl-59e539e6429d9c3b5c4db07569f09ec6acc5a7e9.tar.xz
openssl-59e539e6429d9c3b5c4db07569f09ec6acc5a7e9.zip
1 files changed, 26 insertions, 25 deletions
diff --git a/crypto/bio/bio_cb.c b/crypto/bio/bio_cb.c
index 13368e82ee..1154c233af 100644
--- a/crypto/bio/bio_cb.c
+++ b/crypto/bio/bio_cb.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -21,68 +21,69 @@ long BIO_debug_callback(BIO *bio, int cmd, const char *argp,
     char buf[256];
     char *p;
     long r = 1;
-    int len;
+    int len, left;
 
     if (BIO_CB_RETURN & cmd)
         r = ret;
 
-    len = sprintf(buf, "BIO[%p]: ", (void *)bio);
+    len = BIO_snprintf(buf, sizeof(buf), "BIO[%p]: ", (void *)bio);
 
     /* Ignore errors and continue printing the other information. */
     if (len < 0)
         len = 0;
     p = buf + len;
+    left = sizeof(buf) - len;
 
     switch (cmd) {
     case BIO_CB_FREE:
-        sprintf(p, "Free - %s\n", bio->method->name);
+        BIO_snprintf(p, left, "Free - %s\n", bio->method->name);
         break;
     case BIO_CB_READ:
         if (bio->method->type & BIO_TYPE_DESCRIPTOR)
-            sprintf(p, "read(%d,%lu) - %s fd=%d\n",
-                    bio->num, (unsigned long)argi,
-                    bio->method->name, bio->num);
+            BIO_snprintf(p, left, "read(%d,%lu) - %s fd=%d\n",
+                         bio->num, (unsigned long)argi,
+                         bio->method->name, bio->num);
         else
-            sprintf(p, "read(%d,%lu) - %s\n",
+            BIO_snprintf(p, left, "read(%d,%lu) - %s\n",
                     bio->num, (unsigned long)argi, bio->method->name);
         break;
     case BIO_CB_WRITE:
         if (bio->method->type & BIO_TYPE_DESCRIPTOR)
-            sprintf(p, "write(%d,%lu) - %s fd=%d\n",
-                    bio->num, (unsigned long)argi,
-                    bio->method->name, bio->num);
+            BIO_snprintf(p, left, "write(%d,%lu) - %s fd=%d\n",
+                         bio->num, (unsigned long)argi,
+                         bio->method->name, bio->num);
         else
-            sprintf(p, "write(%d,%lu) - %s\n",
-                    bio->num, (unsigned long)argi, bio->method->name);
+            BIO_snprintf(p, left, "write(%d,%lu) - %s\n",
+                         bio->num, (unsigned long)argi, bio->method->name);
         break;
     case BIO_CB_PUTS:
-        sprintf(p, "puts() - %s\n", bio->method->name);
+        BIO_snprintf(p, left, "puts() - %s\n", bio->method->name);
         break;
     case BIO_CB_GETS:
-        sprintf(p, "gets(%lu) - %s\n", (unsigned long)argi,
-                bio->method->name);
+        BIO_snprintf(p, left, "gets(%lu) - %s\n", (unsigned long)argi,
+                     bio->method->name);
         break;
     case BIO_CB_CTRL:
-        sprintf(p, "ctrl(%lu) - %s\n", (unsigned long)argi,
-                bio->method->name);
+        BIO_snprintf(p, left, "ctrl(%lu) - %s\n", (unsigned long)argi,
+                     bio->method->name);
         break;
     case BIO_CB_RETURN | BIO_CB_READ:
-        sprintf(p, "read return %ld\n", ret);
+        BIO_snprintf(p, left, "read return %ld\n", ret);
         break;
     case BIO_CB_RETURN | BIO_CB_WRITE:
-        sprintf(p, "write return %ld\n", ret);
+        BIO_snprintf(p, left, "write return %ld\n", ret);
         break;
     case BIO_CB_RETURN | BIO_CB_GETS:
-        sprintf(p, "gets return %ld\n", ret);
+        BIO_snprintf(p, left, "gets return %ld\n", ret);
         break;
     case BIO_CB_RETURN | BIO_CB_PUTS:
-        sprintf(p, "puts return %ld\n", ret);
+        BIO_snprintf(p, left, "puts return %ld\n", ret);
         break;
     case BIO_CB_RETURN | BIO_CB_CTRL:
-        sprintf(p, "ctrl return %ld\n", ret);
+        BIO_snprintf(p, left, "ctrl return %ld\n", ret);
         break;
     default:
-        sprintf(p, "bio callback - unknown type (%d)\n", cmd);
+        BIO_snprintf(p, left, "bio callback - unknown type (%d)\n", cmd);
         break;
     }
 
@@ -93,5 +94,5 @@ long BIO_debug_callback(BIO *bio, int cmd, const char *argp,
     else
         fputs(buf, stderr);
 #endif
-    return (r);
+    return r;
 }
author	Pauli <paul.dale@oracle.com>	2017-07-06 06:11:27 +0200
committer	Pauli <paul.dale@oracle.com>	2017-07-06 23:18:41 +0200
commit	59e539e6429d9c3b5c4db07569f09ec6acc5a7e9 (patch)
tree	9a93e1dded3f25fe2ef28931756357ba0ac1caef /crypto/bio/bio_cb.c
parent	Cleanup RAND_load_file,RAND_write_file (diff)
download	openssl-59e539e6429d9c3b5c4db07569f09ec6acc5a7e9.tar.xz openssl-59e539e6429d9c3b5c4db07569f09ec6acc5a7e9.zip