cron2 has uploaded a new patch set (#2) to the change originally created by flichtenheld. ( http://gerrit.openvpn.net/c/openvpn/+/1436?usp=email )
The following approvals got outdated and were removed: Code-Review+2 by cron2 Change subject: buffer: Change limits for array_mult_safe ...................................................................... buffer: Change limits for array_mult_safe - Lower the limit to 1GB on 32bit systems. The limit of 4GB-1 makes no sense on systems that usually don't allow a single process to allocate anything near to this limit. - Increate the limit from 4GB-1 to 4GB on other systems. It makes no difference in protection but makes it much easier to use the limit in other contexts, e.g. if dividing it. Change-Id: I4f95edd7ce2098180aa620a231727217f333a12d Signed-off-by: Frank Lichtenheld <[email protected]> Acked-by: Gert Doering <[email protected]> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1436 Message-Id: <[email protected]> URL: https://www.mail-archive.com/[email protected]/msg35044.html Signed-off-by: Gert Doering <[email protected]> --- M src/openvpn/buffer.c M src/openvpn/buffer.h 2 files changed, 13 insertions(+), 1 deletion(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/36/1436/2 diff --git a/src/openvpn/buffer.c b/src/openvpn/buffer.c index 293622f..40baca6 100644 --- a/src/openvpn/buffer.c +++ b/src/openvpn/buffer.c @@ -39,7 +39,7 @@ size_t array_mult_safe(const size_t m1, const size_t m2, const size_t extra) { - const size_t limit = 0xFFFFFFFF; + const size_t limit = ALLOC_SIZE_MAX; unsigned long long res = (unsigned long long)m1 * (unsigned long long)m2 + (unsigned long long)extra; if (unlikely(m1 > limit) || unlikely(m2 > limit) || unlikely(extra > limit) diff --git a/src/openvpn/buffer.h b/src/openvpn/buffer.h index ab2a29d..1dbe0b2 100644 --- a/src/openvpn/buffer.h +++ b/src/openvpn/buffer.h @@ -1044,6 +1044,18 @@ * Allocate memory to hold a structure */ +/* When allocating arrays make sure we do not use a excessive amount + * of memory. + */ +#if UINTPTR_MAX <= UINT32_MAX +/* 1 GB on 32bit systems, they usually can only allocate 2 GB for the + * whole process. + */ +#define ALLOC_SIZE_MAX (1u << 30) +#else +#define ALLOC_SIZE_MAX ((size_t)1 << 32) /* 4 GB */ +#endif + #define ALLOC_OBJ(dptr, type) \ { \ check_malloc_return((dptr) = (type *)malloc(sizeof(type))); \ -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1436?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: newpatchset Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I4f95edd7ce2098180aa620a231727217f333a12d Gerrit-Change-Number: 1436 Gerrit-PatchSet: 2 Gerrit-Owner: flichtenheld <[email protected]> Gerrit-Reviewer: cron2 <[email protected]> Gerrit-Reviewer: plaisthos <[email protected]> Gerrit-CC: openvpn-devel <[email protected]>
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
