Merge pull request #3165 from ronald-cron-arm/unmet-dependencies-buffer-overflow-fix-2.7

[backport 2.7] Unmet dependencies buffer overflow fix
This commit is contained in:
Gilles Peskine 2020-04-17 10:08:18 +02:00 committed by GitHub
commit e61988a766
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 62 additions and 13 deletions

View file

@ -72,6 +72,41 @@ typedef UINT32 uint32_t;
mbedtls_exit( 1 ); \ mbedtls_exit( 1 ); \
} }
#if defined(__GNUC__)
/* Test if arg and &(arg)[0] have the same type. This is true if arg is
* an array but not if it's a pointer. */
#define IS_ARRAY_NOT_POINTER( arg ) \
( ! __builtin_types_compatible_p( __typeof__( arg ), \
__typeof__( &( arg )[0] ) ) )
#else
/* On platforms where we don't know how to implement this check,
* omit it. Oh well, a non-portable check is better than nothing. */
#define IS_ARRAY_NOT_POINTER( arg ) 1
#endif
/* A compile-time constant with the value 0. If `const_expr` is not a
* compile-time constant with a nonzero value, cause a compile-time error. */
#define STATIC_ASSERT_EXPR( const_expr ) \
( 0 && sizeof( struct { int STATIC_ASSERT : 1 - 2 * ! ( const_expr ); } ) )
/* Return the scalar value `value` (possibly promoted). This is a compile-time
* constant if `value` is. `condition` must be a compile-time constant.
* If `condition` is false, arrange to cause a compile-time error. */
#define STATIC_ASSERT_THEN_RETURN( condition, value ) \
( STATIC_ASSERT_EXPR( condition ) ? 0 : ( value ) )
#define ARRAY_LENGTH_UNSAFE( array ) \
( sizeof( array ) / sizeof( *( array ) ) )
/** Return the number of elements of a static or stack array.
*
* \param array A value of array (not pointer) type.
*
* \return The number of elements of the array.
*/
#define ARRAY_LENGTH( array ) \
( STATIC_ASSERT_THEN_RETURN( IS_ARRAY_NOT_POINTER( array ), \
ARRAY_LENGTH_UNSAFE( array ) ) )
/* /*
* 32-bit integer manipulation macros (big endian) * 32-bit integer manipulation macros (big endian)
*/ */

View file

@ -262,14 +262,15 @@ int main(int argc, const char *argv[])
const char *default_filename = "TESTCASE_FILENAME"; const char *default_filename = "TESTCASE_FILENAME";
const char *test_filename = NULL; const char *test_filename = NULL;
const char **test_files = NULL; const char **test_files = NULL;
int testfile_count = 0; size_t testfile_count = 0;
int option_verbose = 0; int option_verbose = 0;
/* Other Local variables */ /* Other Local variables */
int arg_index = 1; int arg_index = 1;
const char *next_arg; const char *next_arg;
int testfile_index, ret, i, cnt; size_t testfile_index, i, cnt;
int total_errors = 0, total_tests = 0, total_skipped = 0; int ret;
unsigned total_errors = 0, total_tests = 0, total_skipped = 0;
FILE *file; FILE *file;
char buf[5000]; char buf[5000];
char *params[50]; char *params[50];
@ -347,8 +348,9 @@ int main(int argc, const char *argv[])
testfile_index < testfile_count; testfile_index < testfile_count;
testfile_index++ ) testfile_index++ )
{ {
int unmet_dep_count = 0; size_t unmet_dep_count = 0;
char *unmet_dependencies[20]; /* only filled when verbose != 0 */ char *unmet_dependencies[20]; /* only filled when verbose != 0 */
int missing_unmet_dependencies = 0;
test_filename = test_files[ testfile_index ]; test_filename = test_files[ testfile_index ];
@ -370,6 +372,7 @@ int main(int argc, const char *argv[])
} }
unmet_dep_count = 0; unmet_dep_count = 0;
memset( unmet_dependencies, 0, sizeof( unmet_dependencies ) ); memset( unmet_dependencies, 0, sizeof( unmet_dependencies ) );
missing_unmet_dependencies = 0;
if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 ) if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 )
break; break;
@ -392,18 +395,26 @@ int main(int argc, const char *argv[])
{ {
if( dep_check( params[i] ) != DEPENDENCY_SUPPORTED ) if( dep_check( params[i] ) != DEPENDENCY_SUPPORTED )
{ {
if( 0 != option_verbose ) if( unmet_dep_count <
ARRAY_LENGTH( unmet_dependencies ) )
{ {
unmet_dependencies[unmet_dep_count] = if( 0 != option_verbose )
strdup( params[i] );
if( unmet_dependencies[unmet_dep_count] == NULL )
{ {
mbedtls_fprintf( stderr, unmet_dependencies[unmet_dep_count] =
"FATAL: Out of memory\n" ); strdup( params[i] );
mbedtls_exit( MBEDTLS_EXIT_FAILURE ); if( unmet_dependencies[unmet_dep_count] == NULL )
{
mbedtls_fprintf( stderr,
"FATAL: Out of memory\n" );
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
}
} }
unmet_dep_count++;
}
else
{
missing_unmet_dependencies = 1;
} }
unmet_dep_count++;
} }
} }
@ -463,11 +474,14 @@ int main(int argc, const char *argv[])
unmet_dependencies[i]); unmet_dependencies[i]);
free(unmet_dependencies[i]); free(unmet_dependencies[i]);
} }
if( missing_unmet_dependencies )
mbedtls_fprintf( stdout, "..." );
} }
mbedtls_fprintf( stdout, "\n" ); mbedtls_fprintf( stdout, "\n" );
fflush( stdout ); fflush( stdout );
unmet_dep_count = 0; unmet_dep_count = 0;
missing_unmet_dependencies = 0;
} }
else if( ret == DISPATCH_TEST_SUCCESS ) else if( ret == DISPATCH_TEST_SUCCESS )
{ {
@ -516,7 +530,7 @@ int main(int argc, const char *argv[])
else else
mbedtls_fprintf( stdout, "FAILED" ); mbedtls_fprintf( stdout, "FAILED" );
mbedtls_fprintf( stdout, " (%d / %d tests (%d skipped))\n", mbedtls_fprintf( stdout, " (%u / %u tests (%u skipped))\n",
total_tests - total_errors, total_tests, total_skipped ); total_tests - total_errors, total_tests, total_skipped );
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \ #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \