Avoid arithmetic operator for void pointer #4
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Thank you for the fixes! |
Closed
huitema
added a commit
that referenced
this pull request
Feb 26, 2018
Get last fixes from h2o/picotls
deweerdt
added a commit
to deweerdt/picotls
that referenced
this pull request
Dec 20, 2018
ASAN finding:
```
=================================================================
==24799==ERROR: AddressSanitizer: global-buffer-overflow on address 0x55841ae13761 at pc 0x55841aced3ec bp 0x7ffca51cae30 sp 0x7ffca51ca5e0
READ of size 48 at 0x55841ae13761 thread T0
#0 0x55841aced3eb in __asan_memcpy (/home/def/p/floss/picotls/test-openssl.t+0x1603eb)
h2o#1 0x55841ad882db in ptls_hmac_create /home/def/p/floss/picotls/t/../lib/picotls.c:4680:5
h2o#2 0x55841ad899e3 in ptls_hkdf_expand /home/def/p/floss/picotls/t/../lib/picotls.c:4709:25
h2o#3 0x55841ad87dcd in hkdf_expand_label /home/def/p/floss/picotls/t/../lib/picotls.c:4751:11
h2o#4 0x55841ad8a500 in ptls_hkdf_expand_label /home/def/p/floss/picotls/t/../lib/picotls.c:4764:12
h2o#5 0x55841ad8a500 in get_traffic_key /home/def/p/floss/picotls/t/../lib/picotls.c:1090
h2o#6 0x55841ad8a500 in new_aead /home/def/p/floss/picotls/t/../lib/picotls.c:4798
h2o#7 0x55841add8597 in ptls_aead_new /home/def/p/floss/picotls/t/../lib/picotls.c:4818:12
h2o#8 0x55841add8597 in test_ciphersuite /home/def/p/floss/picotls/t/picotls.c:122
h2o#9 0x55841ad9a4ed in test_aes256gcm /home/def/p/floss/picotls/t/picotls.c:241:9
h2o#10 0x55841ad69d3f in subtest /home/def/p/floss/picotls/deps/picotest/picotest.c:96:5
h2o#11 0x55841ad99615 in test_picotls /home/def/p/floss/picotls/t/picotls.c:1161:5
h2o#12 0x55841ad69d3f in subtest /home/def/p/floss/picotls/deps/picotest/picotest.c:96:5
h2o#13 0x55841ade8e5b in main /home/def/p/floss/picotls/t/openssl.c:277:5
h2o#14 0x7faf59057222 in __libc_start_main (/usr/lib/libc.so.6+0x24222)
h2o#15 0x55841ac1b7cd in _start (/home/def/p/floss/picotls/test-openssl.t+0x8e7cd)
0x55841ae13761 is located 63 bytes to the left of global variable '<string literal>' defined in '/home/def/p/floss/picotls/t/picotls.c:116:78' (0x55841ae137a0) of size 12
'<string literal>' is ascii string 'hello world'
0x55841ae13761 is located 0 bytes to the right of global variable '<string literal>' defined in '/home/def/p/floss/picotls/t/picotls.c:116:34' (0x55841ae13740) of size 33
'<string literal>' is ascii string '01234567890123456789012345678901'
SUMMARY: AddressSanitizer: global-buffer-overflow (/home/def/p/floss/picotls/test-openssl.t+0x1603eb) in __asan_memcpy
Shadow bytes around the buggy address:
0x0ab1035ba690: f9 f9 f9 f9 00 06 f9 f9 f9 f9 f9 f9 00 00 05 f9
```
kazuho
added a commit
that referenced
this pull request
Nov 9, 2022
* it works * import / export API (tls12 only atm) * transplant other properties retained by picotls * send alerts correctly * add support for chachapoly * fix alert type * to avoid nonce reuse, start from what OpenSSL used * record if session was reused * update cifra, bcrypt backends * fix MSVC compile error * add `ptls_get_protocol_version` * promote to public value * ci: use Ubuntu 22.04 to test picotls with OpenSSL 3.0 * concept * add ptlslog_set_fd(int) to set the fd the cli support -j=file and PTLSLOG=file to use ptlslog_set_fd() * revert the switch to writev(2) discussion: #406 (comment) * let PTLSLOG_CONN respect ptls_skip_tracing() * ptlslog: add "module" field to provide who emits the event * do not emit secret in PTLSLOG * add PTLS_HEXDUMP macro as an easy-to-use handle for ptls_hexdump() * introduce PTLSLOG_ELEMENT_UNSAFESTR() * ptlslog: put JSON's null if a string value is NULL * Revert "ptlslog: put JSON's null if a string value is NULL" This reverts commit a163989. * inline function must be declared as static * do not use PTLS_HEXDUMP; it is not available for VC++ * avoid errors in VC++ * disable wrarnings in VC++ for write(2) * VC++ does not support VLAs * invalidate ptlslog_fd when write(2) fails * fix unsafe string handling in ptlslog * remove debugging code * add PTLSLOG_ELEMENT_HEXDUMP instead of PTLS_ELEMENT that depends on a GCC extesions * allow ptlslog to set multiple fds (up to 8) * remove a redundant ptlslog interface fromn cli.c * reorder options * close fd before invalidating it * fix the return value of ptlslog_add_fd * ptlslog: records num of lost events * Fix compile warnings about unchecked returns in t/cli * Fix Visual Studio warnings when using OpenSSL 3.0 * symbols defined in util.h do not have `ptls_` prefix * first argument is an expression * fix the image to use ubuntu 22.04 * Add ticket functions which use OpenSSL v3 EVP_MAC_CTX This change adds the following new ticket functions which use OpenSSL v3 EVP_MAC_CTX. HMAC APIs are deprecated in OpenSSL v3. EVP_MAC_CTX is its replacement. - ptls_openssl_encrypt_ticket_evp - ptls_openssl_decrypt_ticket_evp * add failing test * copy correct amount of data _and_ generate new vectors * msvc requires an element * clear GHASH vectors before calling `free` * clang-format * ptlslog: remove the limitation of PTLSLOG_MAXCONN * do not use magic numbers * ptlslog: check ptlslog is active or not at the beginning of PTLSLOG_CONN * inlinize ptlslog_is_active() * No need to call free() because realloc(ptr, 0) frees ptr and returns 0 * move the condition out of PTLSLOG_CONN * add missing `inline` keyword * revert using a label & goto because the label name must not be duplicated in a function * comment * rewrite escape_json_unsafe_string based on picojson.h https://github.com/kazuho/picojson/blob/master/picojson.h#L531 * include pthread.h for Windows * format * ptlslog: introduce bool, and some internal funcs for optimizations * fix comments * use INT32_MIN value * let ptlslog optional (enabled by default on Linux and macOS) * suppress errors for Windows * merge ptlslog.h into picotls.h (like those in pembase64.c), determine availability rather than let it be configurable (like `PTLS_OPENSSL_HAVE_*`) * [xcode] add log.c * do not expose the internals * symbols use `ptls_` as prefix * picotls checks allocation failure; returns PTLS_ERROR_* * partial write is loss * rename before refactor * realloc(0) may return non-NULL, fd_index should not be incremented when removing fd * let's use constant expressions * rather than exposing an internal API used for building strings, promote JSON escape function to a public API * revert changes to wincompat.h as they should be unnecessary now that logging is disabled on windows * this is also unnecessary * eaisest way to maintain compatibility is to not have new files; log.c is small anyways * no need to define as a block (the macro cannot be used as an ordinary statement anyways) * concede to using `snprintf` to support compilers that complain without having the wisdom to check the correctness * [github actions] increase timeout * use the result returned rather than recalculate * better use `PTLS_LOG` assuming that we'd have `QUICLY_LOG` and `H2O_LOG` rather than `QUICLYLOG`, `H2OLOG` * oops * add tls12 cipher awareness * add tls12 ciphers to supported cipher suites instead of using mapping table * leave minicrypto alone * remove new accessors * rename tls12 ciphers but remove them from tls13 list * iana_id is not needed * export `find_cipher_suite` externally as `ptls_find_cipher_suite` in addition export supported tls12 ciphers from openssl backend * make PTLS_OPENSSL_HAVE_CHACHA20_POLY1305 checks consistent Co-authored-by: Kazuho Oku <kazuhooku@gmail.com> * ptls_find_cipher_suite should accept cipher list instead of context * provide separate knob for including / excluding sensitive data * revert unecessary change around alloca() * s/ptlslog_/ptls_log_/ for (semi-)public functions * check `ptls_log.is_active` first, but only once * move `tls12_cipher_suites` to the end to improve source compatibility with existing code that uses positional initialization of a struct * clang-format * declare IANA IDs in the header file, fixes incorrect IANA ID (0x009d) used for `ptls_openssl_tls12_dhe_rsa_aes128gcmsha256` which results in incorrect cipher suite being returned due the value being added to `ptls_openssl_tls12_cipher_suites` prior to `ptls_openssl_tls12_rsa_aes256gcmsha384` * and `.name`s also * fix cipher name (amends #429) * remove ones that are not going to be meaningful as performance optimization * add callback for loading raw public keys (at the moment X25519-only) * implement HPKE (basic mode, x25519-only) * raw private key cannot be loaded in OpenSSL 1.x * some deployments do not have x25519 * `load` should be available on both sides * remove redundant code * [xcode] add files * update bcrypt backend following API changes * MSVC does not like `{}` * add missing include * maybe these are the right names * add casts to suppress unneeded compiler warnings from MSVC Co-authored-by: Kazuho Oku <kazuhooku@gmail.com> Co-authored-by: Goro Fuji <goro@fastly.com> Co-authored-by: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> Co-authored-by: Joe Calderon <jcalderon@fastly.com> Co-authored-by: Joe Calderon <sleepybishop@users.noreply.github.com>
huitema
added a commit
that referenced
this pull request
Dec 2, 2022
* it works * import / export API (tls12 only atm) * transplant other properties retained by picotls * send alerts correctly * add support for chachapoly * fix alert type * to avoid nonce reuse, start from what OpenSSL used * record if session was reused * update cifra, bcrypt backends * fix MSVC compile error * add `ptls_get_protocol_version` * promote to public value * ci: use Ubuntu 22.04 to test picotls with OpenSSL 3.0 * concept * add ptlslog_set_fd(int) to set the fd the cli support -j=file and PTLSLOG=file to use ptlslog_set_fd() * revert the switch to writev(2) discussion: #406 (comment) * let PTLSLOG_CONN respect ptls_skip_tracing() * ptlslog: add "module" field to provide who emits the event * do not emit secret in PTLSLOG * add PTLS_HEXDUMP macro as an easy-to-use handle for ptls_hexdump() * introduce PTLSLOG_ELEMENT_UNSAFESTR() * ptlslog: put JSON's null if a string value is NULL * Revert "ptlslog: put JSON's null if a string value is NULL" This reverts commit a163989. * inline function must be declared as static * do not use PTLS_HEXDUMP; it is not available for VC++ * avoid errors in VC++ * disable wrarnings in VC++ for write(2) * VC++ does not support VLAs * invalidate ptlslog_fd when write(2) fails * fix unsafe string handling in ptlslog * remove debugging code * add PTLSLOG_ELEMENT_HEXDUMP instead of PTLS_ELEMENT that depends on a GCC extesions * allow ptlslog to set multiple fds (up to 8) * remove a redundant ptlslog interface fromn cli.c * reorder options * close fd before invalidating it * fix the return value of ptlslog_add_fd * ptlslog: records num of lost events * Fix compile warnings about unchecked returns in t/cli * Fix Visual Studio warnings when using OpenSSL 3.0 * symbols defined in util.h do not have `ptls_` prefix * first argument is an expression * fix the image to use ubuntu 22.04 * Add ticket functions which use OpenSSL v3 EVP_MAC_CTX This change adds the following new ticket functions which use OpenSSL v3 EVP_MAC_CTX. HMAC APIs are deprecated in OpenSSL v3. EVP_MAC_CTX is its replacement. - ptls_openssl_encrypt_ticket_evp - ptls_openssl_decrypt_ticket_evp * add failing test * copy correct amount of data _and_ generate new vectors * msvc requires an element * clear GHASH vectors before calling `free` * clang-format * ptlslog: remove the limitation of PTLSLOG_MAXCONN * do not use magic numbers * ptlslog: check ptlslog is active or not at the beginning of PTLSLOG_CONN * inlinize ptlslog_is_active() * No need to call free() because realloc(ptr, 0) frees ptr and returns 0 * move the condition out of PTLSLOG_CONN * add missing `inline` keyword * revert using a label & goto because the label name must not be duplicated in a function * comment * rewrite escape_json_unsafe_string based on picojson.h https://github.com/kazuho/picojson/blob/master/picojson.h#L531 * include pthread.h for Windows * format * ptlslog: introduce bool, and some internal funcs for optimizations * fix comments * use INT32_MIN value * let ptlslog optional (enabled by default on Linux and macOS) * suppress errors for Windows * merge ptlslog.h into picotls.h (like those in pembase64.c), determine availability rather than let it be configurable (like `PTLS_OPENSSL_HAVE_*`) * [xcode] add log.c * do not expose the internals * symbols use `ptls_` as prefix * picotls checks allocation failure; returns PTLS_ERROR_* * partial write is loss * rename before refactor * realloc(0) may return non-NULL, fd_index should not be incremented when removing fd * let's use constant expressions * rather than exposing an internal API used for building strings, promote JSON escape function to a public API * revert changes to wincompat.h as they should be unnecessary now that logging is disabled on windows * this is also unnecessary * eaisest way to maintain compatibility is to not have new files; log.c is small anyways * no need to define as a block (the macro cannot be used as an ordinary statement anyways) * concede to using `snprintf` to support compilers that complain without having the wisdom to check the correctness * [github actions] increase timeout * use the result returned rather than recalculate * better use `PTLS_LOG` assuming that we'd have `QUICLY_LOG` and `H2O_LOG` rather than `QUICLYLOG`, `H2OLOG` * oops * add tls12 cipher awareness * add tls12 ciphers to supported cipher suites instead of using mapping table * leave minicrypto alone * remove new accessors * rename tls12 ciphers but remove them from tls13 list * iana_id is not needed * export `find_cipher_suite` externally as `ptls_find_cipher_suite` in addition export supported tls12 ciphers from openssl backend * make PTLS_OPENSSL_HAVE_CHACHA20_POLY1305 checks consistent Co-authored-by: Kazuho Oku <kazuhooku@gmail.com> * ptls_find_cipher_suite should accept cipher list instead of context * provide separate knob for including / excluding sensitive data * revert unecessary change around alloca() * s/ptlslog_/ptls_log_/ for (semi-)public functions * check `ptls_log.is_active` first, but only once * move `tls12_cipher_suites` to the end to improve source compatibility with existing code that uses positional initialization of a struct * clang-format * declare IANA IDs in the header file, fixes incorrect IANA ID (0x009d) used for `ptls_openssl_tls12_dhe_rsa_aes128gcmsha256` which results in incorrect cipher suite being returned due the value being added to `ptls_openssl_tls12_cipher_suites` prior to `ptls_openssl_tls12_rsa_aes256gcmsha384` * and `.name`s also * fix cipher name (amends #429) * remove ones that are not going to be meaningful as performance optimization * add callback for loading raw public keys (at the moment X25519-only) * implement HPKE (basic mode, x25519-only) * raw private key cannot be loaded in OpenSSL 1.x * some deployments do not have x25519 * `load` should be available on both sides * remove redundant code * [xcode] add files * update bcrypt backend following API changes * MSVC does not like `{}` * add missing include * maybe these are the right names * add casts to suppress unneeded compiler warnings from MSVC * Kazuho/hpke as of 2022/11/08 (#4) * it works * import / export API (tls12 only atm) * transplant other properties retained by picotls * send alerts correctly * add support for chachapoly * fix alert type * to avoid nonce reuse, start from what OpenSSL used * record if session was reused * update cifra, bcrypt backends * fix MSVC compile error * add `ptls_get_protocol_version` * promote to public value * ci: use Ubuntu 22.04 to test picotls with OpenSSL 3.0 * concept * add ptlslog_set_fd(int) to set the fd the cli support -j=file and PTLSLOG=file to use ptlslog_set_fd() * revert the switch to writev(2) discussion: #406 (comment) * let PTLSLOG_CONN respect ptls_skip_tracing() * ptlslog: add "module" field to provide who emits the event * do not emit secret in PTLSLOG * add PTLS_HEXDUMP macro as an easy-to-use handle for ptls_hexdump() * introduce PTLSLOG_ELEMENT_UNSAFESTR() * ptlslog: put JSON's null if a string value is NULL * Revert "ptlslog: put JSON's null if a string value is NULL" This reverts commit a163989. * inline function must be declared as static * do not use PTLS_HEXDUMP; it is not available for VC++ * avoid errors in VC++ * disable wrarnings in VC++ for write(2) * VC++ does not support VLAs * invalidate ptlslog_fd when write(2) fails * fix unsafe string handling in ptlslog * remove debugging code * add PTLSLOG_ELEMENT_HEXDUMP instead of PTLS_ELEMENT that depends on a GCC extesions * allow ptlslog to set multiple fds (up to 8) * remove a redundant ptlslog interface fromn cli.c * reorder options * close fd before invalidating it * fix the return value of ptlslog_add_fd * ptlslog: records num of lost events * Fix compile warnings about unchecked returns in t/cli * Fix Visual Studio warnings when using OpenSSL 3.0 * symbols defined in util.h do not have `ptls_` prefix * first argument is an expression * fix the image to use ubuntu 22.04 * Add ticket functions which use OpenSSL v3 EVP_MAC_CTX This change adds the following new ticket functions which use OpenSSL v3 EVP_MAC_CTX. HMAC APIs are deprecated in OpenSSL v3. EVP_MAC_CTX is its replacement. - ptls_openssl_encrypt_ticket_evp - ptls_openssl_decrypt_ticket_evp * add failing test * copy correct amount of data _and_ generate new vectors * msvc requires an element * clear GHASH vectors before calling `free` * clang-format * ptlslog: remove the limitation of PTLSLOG_MAXCONN * do not use magic numbers * ptlslog: check ptlslog is active or not at the beginning of PTLSLOG_CONN * inlinize ptlslog_is_active() * No need to call free() because realloc(ptr, 0) frees ptr and returns 0 * move the condition out of PTLSLOG_CONN * add missing `inline` keyword * revert using a label & goto because the label name must not be duplicated in a function * comment * rewrite escape_json_unsafe_string based on picojson.h https://github.com/kazuho/picojson/blob/master/picojson.h#L531 * include pthread.h for Windows * format * ptlslog: introduce bool, and some internal funcs for optimizations * fix comments * use INT32_MIN value * let ptlslog optional (enabled by default on Linux and macOS) * suppress errors for Windows * merge ptlslog.h into picotls.h (like those in pembase64.c), determine availability rather than let it be configurable (like `PTLS_OPENSSL_HAVE_*`) * [xcode] add log.c * do not expose the internals * symbols use `ptls_` as prefix * picotls checks allocation failure; returns PTLS_ERROR_* * partial write is loss * rename before refactor * realloc(0) may return non-NULL, fd_index should not be incremented when removing fd * let's use constant expressions * rather than exposing an internal API used for building strings, promote JSON escape function to a public API * revert changes to wincompat.h as they should be unnecessary now that logging is disabled on windows * this is also unnecessary * eaisest way to maintain compatibility is to not have new files; log.c is small anyways * no need to define as a block (the macro cannot be used as an ordinary statement anyways) * concede to using `snprintf` to support compilers that complain without having the wisdom to check the correctness * [github actions] increase timeout * use the result returned rather than recalculate * better use `PTLS_LOG` assuming that we'd have `QUICLY_LOG` and `H2O_LOG` rather than `QUICLYLOG`, `H2OLOG` * oops * add tls12 cipher awareness * add tls12 ciphers to supported cipher suites instead of using mapping table * leave minicrypto alone * remove new accessors * rename tls12 ciphers but remove them from tls13 list * iana_id is not needed * export `find_cipher_suite` externally as `ptls_find_cipher_suite` in addition export supported tls12 ciphers from openssl backend * make PTLS_OPENSSL_HAVE_CHACHA20_POLY1305 checks consistent Co-authored-by: Kazuho Oku <kazuhooku@gmail.com> * ptls_find_cipher_suite should accept cipher list instead of context * provide separate knob for including / excluding sensitive data * revert unecessary change around alloca() * s/ptlslog_/ptls_log_/ for (semi-)public functions * check `ptls_log.is_active` first, but only once * move `tls12_cipher_suites` to the end to improve source compatibility with existing code that uses positional initialization of a struct * clang-format * declare IANA IDs in the header file, fixes incorrect IANA ID (0x009d) used for `ptls_openssl_tls12_dhe_rsa_aes128gcmsha256` which results in incorrect cipher suite being returned due the value being added to `ptls_openssl_tls12_cipher_suites` prior to `ptls_openssl_tls12_rsa_aes256gcmsha384` * and `.name`s also * fix cipher name (amends #429) * remove ones that are not going to be meaningful as performance optimization * add callback for loading raw public keys (at the moment X25519-only) * implement HPKE (basic mode, x25519-only) * raw private key cannot be loaded in OpenSSL 1.x * some deployments do not have x25519 * `load` should be available on both sides * remove redundant code * [xcode] add files * update bcrypt backend following API changes * MSVC does not like `{}` * add missing include * maybe these are the right names * add casts to suppress unneeded compiler warnings from MSVC Co-authored-by: Kazuho Oku <kazuhooku@gmail.com> Co-authored-by: Goro Fuji <goro@fastly.com> Co-authored-by: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> Co-authored-by: Joe Calderon <jcalderon@fastly.com> Co-authored-by: Joe Calderon <sleepybishop@users.noreply.github.com> * Compile with visual studio * use #define and sizeof consistency * hpke definitions cannot depend on picotls.h, because ECH which is part of ptls_context_t has to depend on hpke * add sha512 implementation * add tests * oops * HKDF used for DH and AEAD can be different * now that we have cipher-suite type for HPKE, revert changes to hash and aead * let's not change the API just for testing; we can load key from PEM files * add test vectors of p256, sha512 * typo * let backends provide list, hpke test known combinations * RFC 9180 uses the same encoding for NIST curves as RFC 8446 does (i.e., uncompressed form) * dedicated type for ID, omit `h` as that is internal * id itself does not have to be const * it works for NIST curves too * size of shared secret is `kem->hash->digest_size` (RFC 9180 section 4) * do not clear sender pubkey when succeeding * clang-format * go back to the old way hard-coding the prefix * ci: add CIFuzz Github action Signed-off-by: David Korczynski <david@adalogics.com> * add test vectors for multi-shot AEAD * [xcode] suppress build warning * `ptls_decode8` for consistency * here also * switch to a table * split SH and HRR of the table, so as to align with that of RFC 8446 * we support one more extension * suppress warning on Xcode Signed-off-by: David Korczynski <david@adalogics.com> Co-authored-by: Kazuho Oku <kazuhooku@gmail.com> Co-authored-by: Goro Fuji <goro@fastly.com> Co-authored-by: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> Co-authored-by: Joe Calderon <jcalderon@fastly.com> Co-authored-by: Joe Calderon <sleepybishop@users.noreply.github.com> Co-authored-by: David Korczynski <david@adalogics.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Some compile(ex Visual Studio C++ compiler) does not allow it.