Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Additonal safeguard for the ʟᴘ64 memory model : prefer size_t over int when appropriate+check all malloc() calls+other fixes #45

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions doc/doc-docbook/spec.xfpt
Original file line number Diff line number Diff line change
Expand Up @@ -32489,15 +32489,15 @@ match the specification, the function does nothing.


.vitem "&*BOOL&~header_testname(header_line&~*hdr,&~uschar&~*name,&~&&&
int&~length,&~BOOL&~notdel)*&"
size_t&~length,&~BOOL&~notdel)*&"
This function tests whether the given header has the given name. It is not just
a string comparison, because white space is permitted between the name and the
colon. If the &%notdel%& argument is true, a false return is forced for all
&"deleted"& headers; otherwise they are not treated specially. For example:
.code
if (header_testname(h, US"X-Spam", 6, TRUE)) ...
.endd
.vitem &*uschar&~*lss_b64encode(uschar&~*cleartext,&~int&~length)*&
.vitem &*uschar&~*lss_b64encode(uschar&~*cleartext,&~size_t&~length)*&
.cindex "base64 encoding" "functions for &[local_scan()]& use"
This function base64-encodes a string, which is passed by address and length.
The text may contain bytes of any value, including zero. The result is passed
Expand Down Expand Up @@ -32587,7 +32587,7 @@ address.
.cindex "RFC 2047"
.vlist
.vitem "&*uschar&~rfc2047_decode(uschar&~*string,&~BOOL&~lencheck,&&&
&~uschar&~*target,&~int&~zeroval,&~int&~*lenptr, &~&~uschar&~**error)*&"
&~uschar&~*target,&~int&~zeroval,&~size_t&~*lenptr, &~&~uschar&~**error)*&"
This function decodes strings that are encoded according to RFC 2047. Typically
these are the contents of header lines. First, each &"encoded word"& is decoded
from the Q or B encoding into a byte-string. Then, if provided with the name of
Expand Down
20 changes: 20 additions & 0 deletions doc/doc-txt/ChangeLog
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,26 @@ JH/09 Bug 1804: Avoid writing msglog files when in -bh or -bhc mode.
JH/10 Support ${sha256:} applied to a string (as well as the previous
certificate).

LC/01 Prefer the use of size_t for variables representing sizes. Even if most
strings in Exim are limited to 2¹⁵, This acts as a suplemental protection
against overflows.
Especially for 16 bits x86 where INT_MAX is already 2¹⁵ and pointers used
in Unix programs are FAR (20 bits wide).
In the meantime, this doesn’t impact any cases where negative length could
have been used, as an error value.

LC/02 Some values representing maximum path size were hard coded.
They are now replaced with the PATH_MAX macro.

LC/03 As everybody knows, malloc() can fails by returning 0. The return values
weren’t checked everywhere.
The values are checked manually in order handle the situation in way that
let the program continue running. Otherwise, replace direct calls to
malloc() with store_malloc() from the project standard memory management
facilities in order to stop the program.
Except if it isn’t possible to call store_malloc() or that some ressources
cleanup need to done.


Exim version 4.87
-----------------
Expand Down
8 changes: 4 additions & 4 deletions src/OS/Makefile-Base
Original file line number Diff line number Diff line change
Expand Up @@ -408,9 +408,9 @@ exim_tidydb: $(OBJ_TIDYDB)

# The utility for building dbm files

exim_dbmbuild: exim_dbmbuild.o
exim_dbmbuild: util-store.o exim_dbmbuild.o
@echo "$(LNCC) -o exim_dbmbuild"
$(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_dbmbuild $(LFLAGS) exim_dbmbuild.o \
$(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_dbmbuild $(LFLAGS) exim_dbmbuild.o util-store.o \
$(LIBS) $(EXTRALIBS) $(DBMLIB)
@if [ x"$(STRIP_COMMAND)" != x"" ]; then \
echo $(STRIP_COMMAND) exim_dbmbuild; \
Expand All @@ -421,11 +421,11 @@ exim_dbmbuild: exim_dbmbuild.o

# The utility for locking a mailbox while messing around with it

exim_lock: exim_lock.c os.h
exim_lock: util-store.o exim_lock.c os.h
@echo "$(CC) exim_lock.c"
$(FE)$(CC) -c $(CFLAGS) $(INCLUDE) exim_lock.c
@echo "$(LNCC) -o exim_lock"
$(FE)$(LNCC) -o exim_lock $(LFLAGS) exim_lock.o \
$(FE)$(LNCC) -o exim_lock $(LFLAGS) exim_lock.o util-store.o \
$(LIBS) $(EXTRALIBS)
@if [ x"$(STRIP_COMMAND)" != x"" ]; then \
echo $(STRIP_COMMAND) exim_lock; \
Expand Down
2 changes: 1 addition & 1 deletion src/exim_monitor/em_TextPop.c
Original file line number Diff line number Diff line change
Expand Up @@ -468,7 +468,7 @@ struct SearchAndReplace * search;
text.firstPos = 0;
text.format = FMT8BIT;

dir = (XawTextScanDirection)(int) ((caddr_t)XawToggleGetCurrent(search->left_toggle) -
dir = (XawTextScanDirection)(size_t) ((caddr_t)XawToggleGetCurrent(search->left_toggle) -
R_OFFSET);

pos = XawTextSearch( tw, dir, &text);
Expand Down
2 changes: 1 addition & 1 deletion src/exim_monitor/em_globals.c
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ BOOL log_datestamping = FALSE;
int log_depth = 150;
uschar *log_display_buffer;
uschar *log_file = NULL;
uschar log_file_open[256];
uschar log_file_open[PATH_MAX];
uschar *log_font = NULL;
ino_t log_inode;
long int log_position;
Expand Down
5 changes: 3 additions & 2 deletions src/exim_monitor/em_hdr.h
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ purposes! */
/* ANSI C includes */

#include <ctype.h>
#include <limits.h>
#include <setjmp.h>
#include <signal.h>
#include <stdarg.h>
Expand Down Expand Up @@ -186,7 +187,7 @@ typedef struct queue_item {
struct dest_item *destinations;
int input_time;
int update_time;
int size;
size_t size;
uschar *sender;
uschar name[17];
uschar seen;
Expand Down Expand Up @@ -253,7 +254,7 @@ extern BOOL log_datestamping; /* TRUE if logs are datestamped */
extern int log_depth; /* depth of log tail window */
extern uschar *log_display_buffer; /* to hold display text */
extern uschar *log_file; /* supplied name of exim log file */
extern uschar log_file_open[256]; /* actual open file */
extern uschar log_file_open[PATH_MAX]; /* actual open file */
extern uschar *log_font; /* font for log display */
extern ino_t log_inode; /* the inode of the log file */
extern long int log_position; /* position in log file */
Expand Down
2 changes: 1 addition & 1 deletion src/exim_monitor/em_log.c
Original file line number Diff line number Diff line change
Expand Up @@ -367,7 +367,7 @@ link count of zero on the currently open file. */

if (log_datestamping)
{
uschar log_file_wanted[256];
uschar log_file_wanted[PATH_MAX];
/* Do *not* use "%s" here, we need the %D datestamp in the log_file to
* be expanded! */
string_format(log_file_wanted, sizeof(log_file_wanted), CS log_file);
Expand Down
2 changes: 1 addition & 1 deletion src/exim_monitor/em_queue.c
Original file line number Diff line number Diff line change
Expand Up @@ -762,7 +762,7 @@ while (p != NULL)

for (skp = &queue_skip; ; skp = &(sk->next))
{
int len_skip;
size_t len_skip;

sk = *skp;
while (sk != NULL && now >= sk->reveal)
Expand Down
2 changes: 1 addition & 1 deletion src/exim_monitor/em_strip.c
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ static void stripchartAction(Widget w, XtPointer client_data, XtPointer value)
double *ptr = (double *)value;
static int thresholds[] =
{10, 20, 50, 100, 200, 500, 1000, 2000, 5000, 10000, 0};
int num = (int)client_data;
size_t num = (size_t)client_data;
int oldmax = 0;
int newmax = 0;
int newvalue = 0;
Expand Down
3 changes: 2 additions & 1 deletion src/exim_monitor/em_version.c
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@

#include "mytypes.h"
#include "macros.h"
#include "store.h"
#include <string.h>
#include <stdlib.h>

Expand All @@ -25,7 +26,7 @@ Ustrcpy(today, __DATE__);
if (today[4] == ' ') i = 1;
today[3] = today[6] = '-';

version_date = (uschar *)malloc(32);
version_date = (uschar *)store_malloc(32);
version_date[0] = 0;
Ustrncat(version_date, today+4+i, 3-i);
Ustrncat(version_date, today, 4);
Expand Down
4 changes: 2 additions & 2 deletions src/exim_monitor/em_xs.c
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ void xs_SetValues(Widget w, Cardinal num_args, ...)
{
int i;
va_list ap;
Arg *aa = (num_args > 15)? (Arg *)malloc(num_args*sizeof(Arg)) : xs_temparg;
Arg *aa = (num_args > 15)? (Arg *)store_malloc(num_args*sizeof(Arg)) : xs_temparg;
va_start(ap, num_args);
for (i = 0; i < num_args; i++)
{
Expand All @@ -39,7 +39,7 @@ for (i = 0; i < num_args; i++)
}
va_end(ap);
XtSetValues(w, aa, num_args);
if (num_args > 15) free(aa);
if (num_args > 15) store_free(aa);
}

/* End of em_xs.c */
12 changes: 6 additions & 6 deletions src/src/acl.c
Original file line number Diff line number Diff line change
Expand Up @@ -1060,7 +1060,7 @@ static void
setup_header(const uschar *hstring)
{
const uschar *p, *q;
int hlen = Ustrlen(hstring);
size_t hlen = Ustrlen(hstring);

/* Ignore any leading newlines */
while (*hstring == '\n') hstring++, hlen--;
Expand Down Expand Up @@ -1171,8 +1171,8 @@ uschar *
fn_hdrs_added(void)
{
uschar * ret = NULL;
int size = 0;
int ptr = 0;
size_t size = 0;
size_t ptr = 0;
header_line * h = acl_added_headers;
uschar * s;
uschar * cp;
Expand Down Expand Up @@ -1271,7 +1271,7 @@ if (log_message != NULL && log_message != user_message)

if (logged == NULL)
{
int length = Ustrlen(text) + 1;
size_t length = Ustrlen(text) + 1;
log_write(0, LOG_MAIN, "%s", text);
logged = store_malloc(sizeof(string_item) + length);
logged->text = (uschar *)logged + sizeof(string_item);
Expand Down Expand Up @@ -1663,7 +1663,7 @@ typedef struct {
int value;
unsigned where_allowed; /* bitmap */
BOOL no_options; /* Never has /option(s) following */
unsigned alt_opt_sep; /* >0 Non-/ option separator (custom parser) */
size_t alt_opt_sep; /* >0 Non-/ option separator (custom parser) */
} verify_type_t;
static verify_type_t verify_type_list[] = {
{ US"reverse_host_lookup", VERIFY_REV_HOST_LKUP, ~0, FALSE, 0 },
Expand Down Expand Up @@ -2352,7 +2352,7 @@ int mode = RATE_PER_WHAT;
int old_pool, rc;
tree_node **anchor, *t;
open_db dbblock, *dbm;
int dbdb_size;
size_t dbdb_size;
dbdata_ratelimit *dbd;
dbdata_ratelimit_unique *dbdb;
struct timeval tv;
Expand Down
11 changes: 6 additions & 5 deletions src/src/auths/auth-spa.c
Original file line number Diff line number Diff line change
Expand Up @@ -159,6 +159,7 @@ extern int DEBUGLEVEL;

#include <sys/types.h> /* For size_t */
#include "auth-spa.h"
#include "../store.h"
#include <assert.h>
#include <ctype.h>
#include <stdio.h>
Expand Down Expand Up @@ -1401,7 +1402,7 @@ spa_build_auth_request (SPAAuthRequest * request, char *user, char *domain)
SIVAL (&request->flags, 0, 0x0000b207); /* have to figure out what these mean */
spa_string_add (request, user, u);
spa_string_add (request, domain, domain);
free (u);
store_free (u);
}


Expand Down Expand Up @@ -1483,8 +1484,8 @@ spa_build_auth_response (SPAAuthChallenge * challenge,

response->flags = challenge->flags;

free (d);
free (u);
store_free (d);
store_free (u);
}
#endif

Expand Down Expand Up @@ -1537,6 +1538,6 @@ spa_build_auth_response (SPAAuthChallenge * challenge,
spa_string_add (response, sessionKey, NULL);
response->flags = challenge->flags;

if (d != NULL) free (d);
free (u);
if (d != NULL) store_free (d);
store_free (u);
}
2 changes: 1 addition & 1 deletion src/src/auths/call_pam.c
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ for (i = 0; i < num_msg; i++)
break;

default: /* Must be an error of some sort... */
free (reply);
store_free (reply);
pam_conv_had_error = TRUE;
return PAM_CONV_ERR;
}
Expand Down
2 changes: 1 addition & 1 deletion src/src/auths/check_serv_cond.c
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ HDEBUG(D_auth)
debug_printf(" $auth%d = %s\n", i + 1, auth_vars[i]);
}
for (i = 1; i <= expand_nmax; i++)
debug_printf(" $%d = %.*s\n", i, expand_nlength[i], expand_nstring[i]);
debug_printf(" $%u = %.*s\n", i, (unsigned int)expand_nlength[i], expand_nstring[i]);
debug_print_string(ablock->server_debug_string); /* customized debug */
}

Expand Down
4 changes: 2 additions & 2 deletions src/src/auths/cram_md5.c
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ compute_cram_md5(uschar *secret, uschar *challenge, uschar *digestptr)
{
md5 base;
int i;
int len = Ustrlen(secret);
size_t len = Ustrlen(secret);
uschar isecret[64];
uschar osecret[64];
uschar md5secret[16];
Expand Down Expand Up @@ -250,7 +250,7 @@ auth_cram_md5_client(
smtp_outblock *outblock, /* output connection */
int timeout, /* command timeout */
uschar *buffer, /* for reading response */
int buffsize) /* size of buffer */
size_t buffsize) /* size of buffer */
{
auth_cram_md5_options_block *ob =
(auth_cram_md5_options_block *)(ablock->options_block);
Expand Down
2 changes: 1 addition & 1 deletion src/src/auths/cram_md5.h
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,6 @@ extern auth_cram_md5_options_block auth_cram_md5_option_defaults;
extern void auth_cram_md5_init(auth_instance *);
extern int auth_cram_md5_server(auth_instance *, uschar *);
extern int auth_cram_md5_client(auth_instance *, smtp_inblock *,
smtp_outblock *, int, uschar *, int);
smtp_outblock *, int, uschar *, size_t);

/* End of cram_md5.h */
2 changes: 1 addition & 1 deletion src/src/auths/gsasl_exim.c
Original file line number Diff line number Diff line change
Expand Up @@ -358,7 +358,7 @@ auth_gsasl_server(auth_instance *ablock, uschar *initial_data)
auth_get_no64_data((uschar **)&received, (uschar *)to_send);

if (to_send) {
free(to_send);
store_free(to_send);
to_send = NULL;
}

Expand Down
6 changes: 3 additions & 3 deletions src/src/auths/heimdal_gssapi.c
Original file line number Diff line number Diff line change
Expand Up @@ -160,8 +160,8 @@ auth_heimdal_gssapi_init(auth_instance *ablock)
principal ? principal : "??",
entry.vno,
enctype_s ? enctype_s : "??");
free(principal);
free(enctype_s);
store_free(principal);
store_free(enctype_s);
krb5_kt_free_entry(context, &entry);
}
krc = krb5_kt_end_seq_get(context, keytab, &cursor);
Expand Down Expand Up @@ -467,7 +467,7 @@ auth_heimdal_gssapi_server(auth_instance *ablock, uschar *initial_data)

expand_nlength[1] = gbufdesc_out.length;
auth_vars[0] = expand_nstring[1] =
string_copyn(gbufdesc_out.value, gbufdesc_out.length);
string_copyn(gbufdesc_out.value, (size_t)gbufdesc_out.length);

if (expand_nmax == 0) { /* should be: authzid was empty */
expand_nmax = 2;
Expand Down
6 changes: 4 additions & 2 deletions src/src/auths/plaintext.c
Original file line number Diff line number Diff line change
Expand Up @@ -159,7 +159,7 @@ auth_plaintext_client(
smtp_outblock *outblock, /* connection outblock */
int timeout, /* command timeout */
uschar *buffer, /* buffer for reading response */
int buffsize) /* size of buffer */
size_t buffsize) /* size of buffer */
{
auth_plaintext_options_block *ob =
(auth_plaintext_options_block *)(ablock->options_block);
Expand All @@ -175,7 +175,9 @@ sent in response to subsequent prompts. Each is expanded before being sent. */

while ((s = string_nextinlist(&text, &sep, big_buffer, big_buffer_size)) != NULL)
{
int i, len, clear_len;
int i;
ssize_t clear_len;
size_t len;
uschar *ss = expand_string(s);
uschar *clear;

Expand Down
2 changes: 1 addition & 1 deletion src/src/auths/plaintext.h
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,6 @@ extern auth_plaintext_options_block auth_plaintext_option_defaults;
extern void auth_plaintext_init(auth_instance *);
extern int auth_plaintext_server(auth_instance *, uschar *);
extern int auth_plaintext_client(auth_instance *, smtp_inblock *,
smtp_outblock *, int, uschar *, int);
smtp_outblock *, int, uschar *, size_t);

/* End of plaintext.h */
2 changes: 1 addition & 1 deletion src/src/auths/spa.c
Original file line number Diff line number Diff line change
Expand Up @@ -259,7 +259,7 @@ auth_spa_client(
smtp_outblock *outblock, /* connection outblock */
int timeout, /* command timeout */
uschar *buffer, /* buffer for reading response */
int buffsize) /* size of buffer */
size_t buffsize) /* size of buffer */
{
auth_spa_options_block *ob =
(auth_spa_options_block *)(ablock->options_block);
Expand Down
2 changes: 1 addition & 1 deletion src/src/auths/spa.h
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,6 @@ extern auth_spa_options_block auth_spa_option_defaults;
extern void auth_spa_init(auth_instance *);
extern int auth_spa_server(auth_instance *, uschar *);
extern int auth_spa_client(auth_instance *, smtp_inblock *,
smtp_outblock *, int, uschar *, int);
smtp_outblock *, int, uschar *, size_t);

/* End of spa.h */
2 changes: 1 addition & 1 deletion src/src/auths/xtextencode.c
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ uschar *code;
uschar *p = (uschar *)clear;
uschar *pp;
int c = len;
int count = 1;
size_t count = 1;
register int x;

/* We have to do a prepass to find out how many specials there are,
Expand Down
Loading