Attention is currently required from: plaisthos.
Hello plaisthos,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/1132?usp=email
to review the following change.
Change subject: buffer: Add BLENZ macro that returns size_t and use it where
required
......................................................................
buffer: Add BLENZ macro that returns size_t and use it where required
The big int-vs-size_t length confusion in buffer and its
users can't be solved easily or quickly. So as a first step
document which users of BLEN actually already want a size_t
return. This is better than adding manual size_t casts since
it should be easier to change the API later.
Still reduces the -Wconversion noice considerably.
Change-Id: I4e75ba1dbc6d9a0f75298bc900f713b67e60d096
Signed-off-by: Frank Lichtenheld <fr...@lichtenheld.com>
---
M src/openvpn/buffer.c
M src/openvpn/buffer.h
M src/openvpn/comp-lz4.c
M src/openvpn/crypto.c
M src/openvpn/dhcp.c
M src/openvpn/lzo.c
M src/openvpn/manage.c
M src/openvpn/misc.c
M src/openvpn/mroute.c
M src/openvpn/mss.c
M src/openvpn/pkcs11.c
M src/openvpn/proto.c
M src/openvpn/ps.c
M src/openvpn/push.c
M src/openvpn/socket.c
M src/openvpn/socket.h
M src/openvpn/ssl.c
M src/openvpn/ssl_openssl.c
M src/openvpn/ssl_pkt.c
M src/openvpn/ssl_verify.c
M src/openvpn/tls_crypt.c
M src/openvpn/vlan.c
M tests/unit_tests/openvpn/test_buffer.c
M tests/unit_tests/openvpn/test_crypto.c
M tests/unit_tests/openvpn/test_pkt.c
M tests/unit_tests/openvpn/test_ssl.c
M tests/unit_tests/openvpn/test_tls_crypt.c
27 files changed, 81 insertions(+), 80 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/32/1132/1
diff --git a/src/openvpn/buffer.c b/src/openvpn/buffer.c
index b6d6669..3dd8b31 100644
--- a/src/openvpn/buffer.c
+++ b/src/openvpn/buffer.c
@@ -126,7 +126,7 @@
ret.data = (uint8_t *)malloc(buf->capacity);
#endif
check_malloc_return(ret.data);
- memcpy(BPTR(&ret), BPTR(buf), BLEN(buf));
+ memcpy(BPTR(&ret), BPTR(buf), BLENZ(buf));
return ret;
}
@@ -177,7 +177,7 @@
{
return false;
}
- return buf_write(dest, BPTR(src), BLEN(src));
+ return buf_write(dest, BPTR(src), BLENZ(src));
}
void
@@ -308,7 +308,7 @@
return false;
}
- const ssize_t size = write(fd, BPTR(buf), BLEN(buf));
+ const ssize_t size = write(fd, BPTR(buf), BLENZ(buf));
if (size != BLEN(buf))
{
msg(M_ERRNO, "Write error on file '%s'", filename);
@@ -1246,9 +1246,9 @@
struct buffer_entry *more = bl->head;
size_t size = 0;
int count = 0;
- for (count = 0; more; ++count)
+ for (; more; ++count)
{
- size_t extra_len = BLEN(&more->buf) + sep_len;
+ size_t extra_len = BLENZ(&more->buf) + sep_len;
if (size + extra_len > max_len)
{
break;
diff --git a/src/openvpn/buffer.h b/src/openvpn/buffer.h
index ae783c6..8d6bb64 100644
--- a/src/openvpn/buffer.h
+++ b/src/openvpn/buffer.h
@@ -124,6 +124,7 @@
#define BEND(buf) (buf_bend(buf))
#define BLAST(buf) (buf_blast(buf))
#define BLEN(buf) (buf_len(buf))
+#define BLENZ(buf) ((size_t)buf_len(buf))
#define BDEF(buf) (buf_defined(buf))
#define BSTR(buf) (buf_str(buf))
#define BCAP(buf) (buf_forward_capacity(buf))
@@ -709,7 +710,7 @@
static inline bool
buf_copy(struct buffer *dest, const struct buffer *src)
{
- return buf_write(dest, BPTR(src), BLEN(src));
+ return buf_write(dest, BPTR(src), BLENZ(src));
}
static inline bool
@@ -826,7 +827,7 @@
static inline bool
buf_equal(const struct buffer *a, const struct buffer *b)
{
- return BLEN(a) == BLEN(b) && 0 == memcmp(BPTR(a), BPTR(b), BLEN(a));
+ return BLEN(a) == BLEN(b) && 0 == memcmp(BPTR(a), BPTR(b), BLENZ(a));
}
/**
diff --git a/src/openvpn/comp-lz4.c b/src/openvpn/comp-lz4.c
index 6736469..366cc1a 100644
--- a/src/openvpn/comp-lz4.c
+++ b/src/openvpn/comp-lz4.c
@@ -94,7 +94,7 @@
{
int uncomp_len;
ASSERT(buf_safe(work, zlen_max));
- uncomp_len = LZ4_decompress_safe((const char *)BPTR(buf), (char
*)BPTR(work), (size_t)BLEN(buf),
+ uncomp_len = LZ4_decompress_safe((const char *)BPTR(buf), (char
*)BPTR(work), BLENZ(buf),
zlen_max);
if (uncomp_len <= 0)
{
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index 6882ec3..1fa08fd 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -112,7 +112,7 @@
}
}
/* Write packet id part of IV to work buffer */
- ASSERT(buf_write(&work, iv, buf_len(&iv_buffer)));
+ ASSERT(buf_write(&work, iv, BLENZ(&iv_buffer)));
/* This generates the IV by XORing the implicit part of the IV
* with the packet id already written to the iv buffer */
@@ -1237,9 +1237,9 @@
/* copy source to input buf */
buf = work;
- buf_p = buf_write_alloc(&buf, BLEN(&src));
+ buf_p = buf_write_alloc(&buf, BLENZ(&src));
ASSERT(buf_p);
- memcpy(buf_p, BPTR(&src), BLEN(&src));
+ memcpy(buf_p, BPTR(&src), BLENZ(&src));
/* initialize work buffer with buf.headroom bytes of prepend capacity
*/
ASSERT(buf_init(&encrypt_workspace, frame->buf.headroom));
diff --git a/src/openvpn/dhcp.c b/src/openvpn/dhcp.c
index 0a7689f..f0e0d73f 100644
--- a/src/openvpn/dhcp.c
+++ b/src/openvpn/dhcp.c
@@ -150,7 +150,7 @@
struct dhcp_full *df = (struct dhcp_full *)BPTR(ipbuf);
const int optlen =
BLEN(ipbuf)
- - (sizeof(struct openvpn_iphdr) + sizeof(struct openvpn_udphdr) +
sizeof(struct dhcp));
+ - (int)(sizeof(struct openvpn_iphdr) + sizeof(struct openvpn_udphdr) +
sizeof(struct dhcp));
if (optlen >= 0 && df->ip.protocol == OPENVPN_IPPROTO_UDP
&& df->udp.source == htons(BOOTPS_PORT) && df->udp.dest ==
htons(BOOTPC_PORT)
diff --git a/src/openvpn/lzo.c b/src/openvpn/lzo.c
index 3a73d5f..a86d7a5 100644
--- a/src/openvpn/lzo.c
+++ b/src/openvpn/lzo.c
@@ -77,7 +77,6 @@
const struct frame *frame)
{
lzo_uint zlen = frame->buf.payload_size;
- int err;
uint8_t c; /* flag indicating whether or not our peer compressed */
if (buf->len <= 0)
@@ -93,7 +92,7 @@
if (c == LZO_COMPRESS_BYTE) /* packet was compressed */
{
ASSERT(buf_safe(&work, zlen));
- err = LZO_DECOMPRESS(BPTR(buf), BLEN(buf), BPTR(&work), &zlen,
compctx->wu.lzo.wmem);
+ int err = LZO_DECOMPRESS(BPTR(buf), BLENZ(buf), BPTR(&work), &zlen,
compctx->wu.lzo.wmem);
if (err != LZO_E_OK)
{
dmsg(D_COMP_ERRORS, "LZO decompression error: %d", err);
diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
index aed04f5..16b1b73 100644
--- a/src/openvpn/manage.c
+++ b/src/openvpn/manage.c
@@ -3634,9 +3634,9 @@
buf = buffer_list_peek(*input);
if (buf && BLEN(buf) > 0)
{
- result = (char *)malloc(BLEN(buf) + 1);
+ result = (char *)malloc(BLENZ(buf) + 1);
check_malloc_return(result);
- memcpy(result, buf->data, BLEN(buf));
+ memcpy(result, buf->data, BLENZ(buf));
result[BLEN(buf)] = '\0';
}
}
@@ -3663,9 +3663,9 @@
buf = buffer_list_peek(*input);
if (buf && BLEN(buf) > 0)
{
- result = (char *)malloc(BLEN(buf) + 1);
+ result = (char *)malloc(BLENZ(buf) + 1);
check_malloc_return(result);
- memcpy(result, buf->data, BLEN(buf));
+ memcpy(result, buf->data, BLENZ(buf));
result[BLEN(buf)] = '\0';
}
}
diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
index 17f7706..6fb16f0 100644
--- a/src/openvpn/misc.c
+++ b/src/openvpn/misc.c
@@ -251,7 +251,7 @@
struct buffer user_prompt = alloc_buf_gc(128, &gc);
buf_printf(&user_prompt, "NEED-OK|%s|%s:", prefix,
up->username);
- if (!query_user_SINGLE(BSTR(&user_prompt), BLEN(&user_prompt),
up->password,
+ if (!query_user_SINGLE(BSTR(&user_prompt),
BLENZ(&user_prompt), up->password,
USER_PASS_LEN, false))
{
msg(M_FATAL, "ERROR: could not read %s ok-confirmation
from stdin", prefix);
@@ -374,7 +374,7 @@
buf_printf(&challenge, "CHALLENGE: %s",
ac->challenge_text);
buf_set_write(&packed_resp, (uint8_t *)up->password,
USER_PASS_LEN);
- if (!query_user_SINGLE(BSTR(&challenge), BLEN(&challenge),
response,
+ if (!query_user_SINGLE(BSTR(&challenge),
BLENZ(&challenge), response,
USER_PASS_LEN, BOOL_CAST(ac->flags
& CR_ECHO)))
{
msg(M_FATAL, "ERROR: could not read challenge response
from stdin");
@@ -399,13 +399,13 @@
if (username_from_stdin && !(flags &
GET_USER_PASS_PASSWORD_ONLY))
{
- query_user_add(BSTR(&user_prompt), BLEN(&user_prompt),
up->username,
+ query_user_add(BSTR(&user_prompt), BLENZ(&user_prompt),
up->username,
USER_PASS_LEN, true);
}
if (password_from_stdin)
{
- query_user_add(BSTR(&pass_prompt), BLEN(&pass_prompt),
up->password,
+ query_user_add(BSTR(&pass_prompt), BLENZ(&pass_prompt),
up->password,
USER_PASS_LEN, false);
}
@@ -433,7 +433,7 @@
challenge = alloc_buf_gc(14 + strlen(auth_challenge), &gc);
buf_printf(&challenge, "CHALLENGE: %s", auth_challenge);
- if (!query_user_SINGLE(BSTR(&challenge), BLEN(&challenge),
response,
+ if (!query_user_SINGLE(BSTR(&challenge),
BLENZ(&challenge), response,
USER_PASS_LEN,
BOOL_CAST(flags &
GET_USER_PASS_STATIC_CHALLENGE_ECHO)))
{
diff --git a/src/openvpn/mroute.c b/src/openvpn/mroute.c
index a598037..62335c4 100644
--- a/src/openvpn/mroute.c
+++ b/src/openvpn/mroute.c
@@ -152,7 +152,7 @@
switch (OPENVPN_IPH_GET_VER(*BPTR(buf)))
{
case 4:
- if (BLEN(buf) >= (int)sizeof(struct openvpn_iphdr))
+ if (BLENZ(buf) >= sizeof(struct openvpn_iphdr))
{
const struct openvpn_iphdr *ip = (const struct
openvpn_iphdr *)BPTR(buf);
@@ -176,7 +176,7 @@
break;
case 6:
- if (BLEN(buf) >= (int)sizeof(struct openvpn_ipv6hdr))
+ if (BLENZ(buf) >= sizeof(struct openvpn_ipv6hdr))
{
const struct openvpn_ipv6hdr *ipv6 = (const struct
openvpn_ipv6hdr *)BPTR(buf);
#if 0 /* very basic debug */
diff --git a/src/openvpn/mss.c b/src/openvpn/mss.c
index 32cd3f8..bf18202 100644
--- a/src/openvpn/mss.c
+++ b/src/openvpn/mss.c
@@ -48,7 +48,7 @@
const struct openvpn_iphdr *pip;
int hlen;
- if (BLEN(buf) < (int)sizeof(struct openvpn_iphdr))
+ if (BLENZ(buf) < sizeof(struct openvpn_iphdr))
{
return;
}
@@ -85,7 +85,7 @@
const struct openvpn_ipv6hdr *pip6;
struct buffer newbuf;
- if (BLEN(buf) < (int)sizeof(struct openvpn_ipv6hdr))
+ if (BLENZ(buf) < sizeof(struct openvpn_ipv6hdr))
{
return;
}
@@ -96,7 +96,7 @@
/* do we have the full IPv6 packet?
* "payload_len" does not include IPv6 header (+40 bytes)
*/
- if (BLEN(buf) != (int)ntohs(pip6->payload_len) + 40)
+ if (BLENZ(buf) != ntohs(pip6->payload_len) + 40)
{
return;
}
@@ -120,7 +120,7 @@
* verify remainder is large enough to contain a full TCP header
*/
newbuf = *buf;
- if (buf_advance(&newbuf, 40) && BLEN(&newbuf) >= (int)sizeof(struct
openvpn_tcphdr))
+ if (buf_advance(&newbuf, 40) && BLENZ(&newbuf) >= sizeof(struct
openvpn_tcphdr))
{
struct openvpn_tcphdr *tc = (struct openvpn_tcphdr *)BPTR(&newbuf);
if (tc->flags & OPENVPN_TCPH_SYN_MASK)
@@ -144,7 +144,7 @@
int accumulate;
struct openvpn_tcphdr *tc;
- if (BLEN(buf) < (int)sizeof(struct openvpn_tcphdr))
+ if (BLENZ(buf) < sizeof(struct openvpn_tcphdr))
{
return;
}
diff --git a/src/openvpn/pkcs11.c b/src/openvpn/pkcs11.c
index dfc87f6..d9429f9 100644
--- a/src/openvpn/pkcs11.c
+++ b/src/openvpn/pkcs11.c
@@ -662,7 +662,7 @@
ASSERT(token != NULL);
buf_printf(&pass_prompt, "Please enter '%s' token PIN or 'cancel': ",
token->display);
- if (!query_user_SINGLE(BSTR(&pass_prompt), BLEN(&pass_prompt), pin,
pin_max, false))
+ if (!query_user_SINGLE(BSTR(&pass_prompt), BLENZ(&pass_prompt), pin,
pin_max, false))
{
msg(M_FATAL, "Could not retrieve the PIN");
}
diff --git a/src/openvpn/proto.c b/src/openvpn/proto.c
index 34b3378..9adc623 100644
--- a/src/openvpn/proto.c
+++ b/src/openvpn/proto.c
@@ -45,7 +45,7 @@
verify_align_4(buf);
if (tunnel_type == DEV_TYPE_TUN)
{
- if (BLEN(buf) < sizeof(struct openvpn_iphdr))
+ if (BLENZ(buf) < sizeof(struct openvpn_iphdr))
{
return false;
}
@@ -54,7 +54,7 @@
else if (tunnel_type == DEV_TYPE_TAP)
{
const struct openvpn_ethhdr *eh;
- if (BLEN(buf) < (sizeof(struct openvpn_ethhdr) + sizeof(struct
openvpn_iphdr)))
+ if (BLENZ(buf) < (sizeof(struct openvpn_ethhdr) + sizeof(struct
openvpn_iphdr)))
{
return false;
}
@@ -70,7 +70,7 @@
if (proto == htons(OPENVPN_ETH_P_8021Q))
{
const struct openvpn_8021qhdr *evh;
- if (BLEN(buf) < (sizeof(struct openvpn_ethhdr) + sizeof(struct
openvpn_iphdr)))
+ if (BLENZ(buf) < (sizeof(struct openvpn_ethhdr) + sizeof(struct
openvpn_iphdr)))
{
return false;
}
@@ -185,7 +185,7 @@
const char *msgstr = "PACKET SIZE INFO";
unsigned int msglevel = D_PACKET_TRUNC_DEBUG;
- if (BLEN(&buf) < (int)sizeof(struct openvpn_iphdr))
+ if (BLENZ(&buf) < sizeof(struct openvpn_iphdr))
{
return;
}
diff --git a/src/openvpn/ps.c b/src/openvpn/ps.c
index b4199c3..a04398e 100644
--- a/src/openvpn/ps.c
+++ b/src/openvpn/ps.c
@@ -209,7 +209,7 @@
if (head)
{
iov[1].iov_base = BPTR(head);
- iov[1].iov_len = BLEN(head);
+ iov[1].iov_len = BLENZ(head);
mesg.msg_iovlen = 2;
}
@@ -586,7 +586,7 @@
proxy_connection_io_send(struct proxy_connection *pc, int *bytes_sent)
{
const socket_descriptor_t sd = pc->counterpart->sd;
- const int status = send(sd, BPTR(&pc->buf), BLEN(&pc->buf), MSG_NOSIGNAL);
+ const int status = send(sd, BPTR(&pc->buf), BLENZ(&pc->buf), MSG_NOSIGNAL);
if (status < 0)
{
diff --git a/src/openvpn/push.c b/src/openvpn/push.c
index b0be70d..750204e 100644
--- a/src/openvpn/push.c
+++ b/src/openvpn/push.c
@@ -817,7 +817,7 @@
buf_printf(&buf, ",push-continuation 1");
}
- if (BLEN(&buf) > sizeof(push_reply_cmd) - 1)
+ if (BLENZ(&buf) > sizeof(push_reply_cmd) - 1)
{
const bool status = send_control_channel_string(c, BSTR(&buf), D_PUSH);
if (!status)
diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c
index 4019c1e..0558db7 100644
--- a/src/openvpn/socket.c
+++ b/src/openvpn/socket.c
@@ -3174,7 +3174,7 @@
#else
struct buffer frag;
stream_buf_get_next(&sock->stream_buf, &frag);
- len = recv(sock->sd, BPTR(&frag), BLEN(&frag), MSG_NOSIGNAL);
+ len = recv(sock->sd, BPTR(&frag), BLENZ(&frag), MSG_NOSIGNAL);
#endif
if (!len)
@@ -3320,8 +3320,8 @@
ssize_t
link_socket_write_tcp(struct link_socket *sock, struct buffer *buf, struct
link_socket_actual *to)
{
- packet_size_type len = BLEN(buf);
- dmsg(D_STREAM_DEBUG, "STREAM: WRITE %d offset=%d", (int)len, buf->offset);
+ packet_size_type len = (packet_size_type)BLENZ(buf);
+ dmsg(D_STREAM_DEBUG, "STREAM: WRITE %u offset=%d", len, buf->offset);
ASSERT(len <= sock->stream_buf.maxlen);
len = htonps(len);
ASSERT(buf_write_prepend(buf, &len, sizeof(len)));
@@ -3344,7 +3344,7 @@
uint8_t pktinfo_buf[PKTINFO_BUF_SIZE];
iov.iov_base = BPTR(buf);
- iov.iov_len = BLEN(buf);
+ iov.iov_len = BLENZ(buf);
mesg.msg_iov = &iov;
mesg.msg_iovlen = 1;
switch (to->dest.addr.sa.sa_family)
diff --git a/src/openvpn/socket.h b/src/openvpn/socket.h
index 3b82dac..51d6813 100644
--- a/src/openvpn/socket.h
+++ b/src/openvpn/socket.h
@@ -1111,14 +1111,14 @@
}
else
#endif
- return sendto(sock->sd, BPTR(buf), BLEN(buf), 0, (struct sockaddr
*)&to->dest.addr.sa,
+ return sendto(sock->sd, BPTR(buf), BLENZ(buf), 0, (struct sockaddr
*)&to->dest.addr.sa,
(socklen_t)af_addr_size(to->dest.addr.sa.sa_family));
}
static inline ssize_t
link_socket_write_tcp_posix(struct link_socket *sock, struct buffer *buf)
{
- return send(sock->sd, BPTR(buf), BLEN(buf), MSG_NOSIGNAL);
+ return send(sock->sd, BPTR(buf), BLENZ(buf), MSG_NOSIGNAL);
}
#endif /* ifdef _WIN32 */
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index b7db1e7..84ef4fb 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -1318,7 +1318,7 @@
}
/* compute PRF */
- bool ret = ssl_tls1_PRF(BPTR(&seed), BLEN(&seed), secret, secret_len,
output, output_len);
+ bool ret = ssl_tls1_PRF(BPTR(&seed), BLENZ(&seed), secret, secret_len,
output, output_len);
buf_clear(&seed);
free_buf(&seed);
diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index aa1ac11..b2fa972 100644
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -2083,9 +2083,10 @@
static void
bio_write_post(const int status, struct buffer *buf)
{
- if (status == 1) /* success status return from
bio_write? */
+ /* success status return from bio_write? */
+ if (status == 1)
{
- memset(BPTR(buf), 0, BLEN(buf)); /* erase data just written */
+ memset(BPTR(buf), 0, BLENZ(buf)); /* erase data just written */
buf->len = 0;
}
}
diff --git a/src/openvpn/ssl_pkt.c b/src/openvpn/ssl_pkt.c
index b901f87..d34036f 100644
--- a/src/openvpn/ssl_pkt.c
+++ b/src/openvpn/ssl_pkt.c
@@ -531,7 +531,7 @@
{
/* commands on the control channel are seperated by 0x00 bytes.
* cmdlen does not include the 0 byte of the string */
- int cmdlen = (int)strnlen(BSTR(buf), BLEN(buf));
+ int cmdlen = (int)strnlen(BSTR(buf), BLENZ(buf));
if (cmdlen >= BLEN(buf))
{
diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c
index 6f85dca..5179d33 100644
--- a/src/openvpn/ssl_verify.c
+++ b/src/openvpn/ssl_verify.c
@@ -692,7 +692,7 @@
while (current_hash)
{
- if (memcmp_constant_time(BPTR(&cert_fp), current_hash->hash,
BLEN(&cert_fp)) == 0)
+ if (memcmp_constant_time(BPTR(&cert_fp), current_hash->hash,
BLENZ(&cert_fp)) == 0)
{
break;
}
diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c
index 2892199..f579c61 100644
--- a/src/openvpn/tls_crypt.c
+++ b/src/openvpn/tls_crypt.c
@@ -158,7 +158,7 @@
dmsg(D_PACKET_CONTENT, "TLS-CRYPT WRAP AD: %s", format_hex(BPTR(dst),
BLEN(dst), 0, &gc));
/* Buffer overflow check */
- if (!buf_safe(dst, BLEN(src) + TLS_CRYPT_BLOCK_SIZE + TLS_CRYPT_TAG_SIZE))
+ if (!buf_safe(dst, BLENZ(src) + TLS_CRYPT_BLOCK_SIZE + TLS_CRYPT_TAG_SIZE))
{
msg(D_CRYPT_ERRORS,
"TLS-CRYPT WRAP: buffer size error, "
@@ -231,7 +231,7 @@
int outlen = 0;
/* Buffer overflow check (should never fail) */
- if (!buf_safe(dst, BLEN(src) - TLS_CRYPT_OFF_CT +
TLS_CRYPT_BLOCK_SIZE))
+ if (!buf_safe(dst, BLENZ(src) - TLS_CRYPT_OFF_CT +
TLS_CRYPT_BLOCK_SIZE))
{
CRYPT_ERROR("potential buffer overflow");
}
@@ -241,7 +241,7 @@
CRYPT_ERROR("cipher reset failed");
}
if (!cipher_ctx_update(ctx->cipher, BPTR(dst), &outlen, BPTR(src) +
TLS_CRYPT_OFF_CT,
- BLEN(src) - TLS_CRYPT_OFF_CT))
+ (int)(BLENZ(src) - TLS_CRYPT_OFF_CT)))
{
CRYPT_ERROR("cipher update failed");
}
@@ -376,8 +376,8 @@
msg(M_WARN, "ERROR: could not write tag");
return false;
}
- uint16_t net_len = htons(sizeof(src_key->keys) + BLEN(src_metadata) +
TLS_CRYPT_V2_TAG_SIZE
- + sizeof(uint16_t));
+ uint16_t net_len = htons((uint16_t)(sizeof(src_key->keys) +
BLENZ(src_metadata)
+ + TLS_CRYPT_V2_TAG_SIZE +
sizeof(uint16_t)));
hmac_ctx_t *hmac_ctx = server_key->hmac;
hmac_ctx_reset(hmac_ctx);
hmac_ctx_update(hmac_ctx, (void *)&net_len, sizeof(net_len));
@@ -391,7 +391,7 @@
ASSERT(cipher_ctx_reset(cipher_ctx, tag));
/* Overflow check (OpenSSL requires an extra block in the dst buffer) */
- if (buf_forward_capacity(&work) < (sizeof(src_key->keys) +
BLEN(src_metadata) + sizeof(net_len)
+ if (buf_forward_capacity(&work) < (sizeof(src_key->keys) +
BLENZ(src_metadata) + sizeof(net_len)
+ cipher_ctx_block_size(cipher_ctx)))
{
msg(M_WARN, "ERROR: could not crypt: insufficient space in dst");
@@ -439,7 +439,7 @@
uint16_t net_len = 0;
const uint8_t *tag = BPTR(&wrapped_client_key);
- if (BLEN(&wrapped_client_key) < sizeof(net_len))
+ if (BLENZ(&wrapped_client_key) < sizeof(net_len))
{
CRYPT_ERROR("failed to read length");
}
@@ -589,7 +589,7 @@
struct buffer wrapped_client_key = *buf;
uint16_t net_len = 0;
- if (BLEN(&wrapped_client_key) < sizeof(net_len))
+ if (BLENZ(&wrapped_client_key) < sizeof(net_len))
{
msg(D_TLS_ERRORS, "Can not read tls-crypt-v2 client key length");
return false;
diff --git a/src/openvpn/vlan.c b/src/openvpn/vlan.c
index a6a6e93..d8f49c6 100644
--- a/src/openvpn/vlan.c
+++ b/src/openvpn/vlan.c
@@ -85,7 +85,7 @@
uint16_t vid;
/* assume untagged frame */
- if (BLEN(buf) < sizeof(*ethhdr))
+ if (BLENZ(buf) < sizeof(*ethhdr))
{
goto drop;
}
@@ -109,7 +109,7 @@
}
/* tagged frame */
- if (BLEN(buf) < sizeof(*vlanhdr))
+ if (BLENZ(buf) < sizeof(*vlanhdr))
{
goto drop;
}
@@ -184,7 +184,7 @@
const struct openvpn_ethhdr *ethhdr;
struct openvpn_8021qhdr *vlanhdr;
- if (BLEN(buf) < sizeof(*ethhdr))
+ if (BLENZ(buf) < sizeof(*ethhdr))
{
goto drop;
}
@@ -197,7 +197,7 @@
*/
/* Frame too small for header type? */
- if (BLEN(buf) < sizeof(*vlanhdr))
+ if (BLENZ(buf) < sizeof(*vlanhdr))
{
goto drop;
}
@@ -263,7 +263,7 @@
const struct openvpn_8021qhdr *vlanhdr;
uint16_t vid;
- if (BLEN(buf) < sizeof(struct openvpn_8021qhdr))
+ if (BLENZ(buf) < sizeof(struct openvpn_8021qhdr))
{
/* frame too small to be VLAN-tagged */
return false;
diff --git a/tests/unit_tests/openvpn/test_buffer.c
b/tests/unit_tests/openvpn/test_buffer.c
index 0cfb918..ab53131 100644
--- a/tests/unit_tests/openvpn/test_buffer.c
+++ b/tests/unit_tests/openvpn/test_buffer.c
@@ -49,9 +49,9 @@
#define teststr2 "two"
#define teststr3 "three"
-#define assert_buf_equals_str(buf, str) \
- assert_int_equal(BLEN(buf), strlen(str)); \
- assert_memory_equal(BPTR(buf), str, BLEN(buf));
+#define assert_buf_equals_str(buf, str) \
+ assert_int_equal(BLENZ(buf), strlen(str)); \
+ assert_memory_equal(BPTR(buf), str, BLENZ(buf));
static void
test_buffer_printf_catrunc(void **state)
diff --git a/tests/unit_tests/openvpn/test_crypto.c
b/tests/unit_tests/openvpn/test_crypto.c
index 12ddaba..de8f9fe 100644
--- a/tests/unit_tests/openvpn/test_crypto.c
+++ b/tests/unit_tests/openvpn/test_crypto.c
@@ -70,7 +70,7 @@
assert_true(crypto_pem_decode("TESTKEYNAME", &dec_buf, &pem_buf));
assert_int_equal(BLEN(&src_buf), BLEN(&dec_buf));
- assert_memory_equal(BPTR(&src_buf), BPTR(&dec_buf), BLEN(&src_buf));
+ assert_memory_equal(BPTR(&src_buf), BPTR(&dec_buf), BLENZ(&src_buf));
gc_free(&gc);
}
diff --git a/tests/unit_tests/openvpn/test_pkt.c
b/tests/unit_tests/openvpn/test_pkt.c
index b08e4c2..5bf1562 100644
--- a/tests/unit_tests/openvpn/test_pkt.c
+++ b/tests/unit_tests/openvpn/test_pkt.c
@@ -549,7 +549,7 @@
struct buffer buf2 =
tls_reset_standalone(&tas.tls_wrap, &tas, &client_id, &server_id,
header, false);
assert_int_equal(BLEN(&buf), BLEN(&buf2));
- assert_memory_equal(BPTR(&buf), BPTR(&buf2), BLEN(&buf));
+ assert_memory_equal(BPTR(&buf), BPTR(&buf2), BLENZ(&buf));
free_tls_pre_decrypt_state(&state);
free_buf(&tas.workbuf);
@@ -586,7 +586,7 @@
struct buffer buf2 = tls_reset_standalone(&tas_client.tls_wrap,
&tas_client, &client_id,
&server_id, header, false);
assert_int_equal(BLEN(&buf), BLEN(&buf2));
- assert_memory_equal(BPTR(&buf), BPTR(&buf2), BLEN(&buf));
+ assert_memory_equal(BPTR(&buf), BPTR(&buf2), BLENZ(&buf));
free_tls_pre_decrypt_state(&state);
diff --git a/tests/unit_tests/openvpn/test_ssl.c
b/tests/unit_tests/openvpn/test_ssl.c
index 7bf5396..cfa30a8 100644
--- a/tests/unit_tests/openvpn/test_ssl.c
+++ b/tests/unit_tests/openvpn/test_ssl.c
@@ -344,9 +344,9 @@
/* copy source to input buf */
buf = work;
- buf_p = buf_write_alloc(&buf, BLEN(&src));
+ buf_p = buf_write_alloc(&buf, BLENZ(&src));
ASSERT(buf_p);
- memcpy(buf_p, BPTR(&src), BLEN(&src));
+ memcpy(buf_p, BPTR(&src), BLENZ(&src));
/* initialize work buffer with buf.headroom bytes of prepend capacity
*/
ASSERT(buf_init(&encrypt_workspace, frame.buf.headroom));
@@ -390,9 +390,9 @@
/* copy source to input buf */
buf = work;
- buf_p = buf_write_alloc(&buf, BLEN(&src));
+ buf_p = buf_write_alloc(&buf, BLENZ(&src));
ASSERT(buf_p);
- memcpy(buf_p, BPTR(&src), BLEN(&src));
+ memcpy(buf_p, BPTR(&src), BLENZ(&src));
ASSERT(buf_init(&encrypt_workspace, frame.buf.headroom));
openvpn_encrypt(&buf, encrypt_workspace, co);
@@ -688,9 +688,9 @@
/* copy source to input buf */
buf = work;
- buf_p = buf_write_alloc(&buf, BLEN(&src));
+ buf_p = buf_write_alloc(&buf, BLENZ(&src));
ASSERT(buf_p);
- memcpy(buf_p, BPTR(&src), BLEN(&src));
+ memcpy(buf_p, BPTR(&src), BLENZ(&src));
/* initialize work buffer with buf.headroom bytes of prepend capacity */
ASSERT(buf_init(&encrypt_workspace, frame.buf.headroom));
diff --git a/tests/unit_tests/openvpn/test_tls_crypt.c
b/tests/unit_tests/openvpn/test_tls_crypt.c
index e2b2e38..596f0e0 100644
--- a/tests/unit_tests/openvpn/test_tls_crypt.c
+++ b/tests/unit_tests/openvpn/test_tls_crypt.c
@@ -225,7 +225,7 @@
assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
assert_true(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
assert_int_equal(BLEN(&ctx->source), BLEN(&ctx->unwrapped));
- assert_memory_equal(BPTR(&ctx->source), BPTR(&ctx->unwrapped),
BLEN(&ctx->source));
+ assert_memory_equal(BPTR(&ctx->source), BPTR(&ctx->unwrapped),
BLENZ(&ctx->source));
}
@@ -259,7 +259,7 @@
0x33, 0x7b, 0x9c, 0xfb, 0x56, 0xe1,
0xf1, 0x3a, 0x87, 0x0e,
0x66, 0x47, 0xdf, 0xa1, 0x95, 0xc9,
0x2c, 0x17, 0xa0, 0x15,
0xba, 0x49, 0x67, 0xa1, 0x1d, 0x55,
0xea, 0x1a, 0x06, 0xa7 };
- assert_memory_equal(BPTR(&rctx->work), expected_ciphertext,
buf_len(&rctx->work));
+ assert_memory_equal(BPTR(&rctx->work), expected_ciphertext,
BLENZ(&rctx->work));
tls_wrap_free(&session.tls_wrap_reneg);
/* Use previous tls-crypt key as 0x00, with xor we should have the same key
@@ -273,7 +273,7 @@
tls_crypt_wrap(&ctx->source, &rctx->work, &rctx->opt);
assert_int_equal(buf_len(&ctx->source) + 40, buf_len(&rctx->work));
- assert_memory_equal(BPTR(&rctx->work), expected_ciphertext,
buf_len(&rctx->work));
+ assert_memory_equal(BPTR(&rctx->work), expected_ciphertext,
BLENZ(&rctx->work));
tls_wrap_free(&session.tls_wrap_reneg);
/* XOR should not force a different key */
@@ -289,7 +289,7 @@
/* Skip packet id */
buf_advance(&rctx->work, 8);
- assert_memory_not_equal(BPTR(&rctx->work), expected_ciphertext,
buf_len(&rctx->work));
+ assert_memory_not_equal(BPTR(&rctx->work), expected_ciphertext,
BLENZ(&rctx->work));
tls_wrap_free(&session.tls_wrap_reneg);
@@ -312,7 +312,7 @@
assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
assert_true(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
assert_int_equal(BLEN(&ctx->source), BLEN(&ctx->unwrapped));
- assert_memory_equal(BPTR(&ctx->source), BPTR(&ctx->unwrapped),
BLEN(&ctx->source));
+ assert_memory_equal(BPTR(&ctx->source), BPTR(&ctx->unwrapped),
BLENZ(&ctx->source));
}
/**
@@ -333,7 +333,7 @@
assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
assert_true(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
assert_int_equal(BLEN(&ctx->source), BLEN(&ctx->unwrapped));
- assert_memory_equal(BPTR(&ctx->source), BPTR(&ctx->unwrapped),
BLEN(&ctx->source));
+ assert_memory_equal(BPTR(&ctx->source), BPTR(&ctx->unwrapped),
BLENZ(&ctx->source));
}
/**
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1132?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I4e75ba1dbc6d9a0f75298bc900f713b67e60d096
Gerrit-Change-Number: 1132
Gerrit-PatchSet: 1
Gerrit-Owner: flichtenheld <fr...@lichtenheld.com>
Gerrit-Reviewer: plaisthos <arne-open...@rfc2549.org>
Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net>
Gerrit-Attention: plaisthos <arne-open...@rfc2549.org>
Gerrit-MessageType: newchange
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
