/** * Try to realloc <b>ptr</b> so that it takes up sz1 * sz2 bytes. Check for * overflow. Unlike other allocation functions, return NULL on overflow. */ void * tor_reallocarray_(void *ptr, size_t sz1, size_t sz2) { /* XXXX we can make this return 0, but we would need to check all the * reallocarray users. */ raw_assert(size_mul_check(sz1, sz2)); return tor_realloc(ptr, (sz1 * sz2)); }
/** Make sure that <b>sl</b> can hold at least <b>size</b> entries. */ static INLINE void smartlist_ensure_capacity(smartlist_t *sl, int size) { if (size > sl->capacity) { int higher = sl->capacity * 2; while (size > higher) higher *= 2; tor_assert(higher > 0); /* detect overflow */ sl->capacity = higher; sl->list = tor_realloc(sl->list, sizeof(void*)*sl->capacity); } }
/** Expand <b>chunk</b> until it can hold <b>sz</b> bytes, and return a * new pointer to <b>chunk</b>. Old pointers are no longer valid. */ static inline chunk_t * chunk_grow(chunk_t *chunk, size_t sz) { off_t offset; const size_t memlen_orig = chunk->memlen; const size_t orig_alloc = CHUNK_ALLOC_SIZE(memlen_orig); const size_t new_alloc = CHUNK_ALLOC_SIZE(sz); tor_assert(sz > chunk->memlen); offset = chunk->data - chunk->mem; chunk = tor_realloc(chunk, new_alloc); chunk->memlen = sz; chunk->data = chunk->mem + offset; #ifdef DEBUG_CHUNK_ALLOC tor_assert(chunk->DBG_alloc == orig_alloc); chunk->DBG_alloc = new_alloc; #endif total_bytes_allocated_in_chunks += new_alloc - orig_alloc; CHUNK_SET_SENTINEL(chunk, new_alloc); return chunk; }
/** Make sure that <b>sl</b> can hold at least <b>size</b> entries. */ static INLINE void smartlist_ensure_capacity(smartlist_t *sl, int size) { #if SIZEOF_SIZE_T > SIZEOF_INT #define MAX_CAPACITY (INT_MAX) #else #define MAX_CAPACITY (int)((SIZE_MAX / (sizeof(void*)))) #endif if (size > sl->capacity) { int higher = sl->capacity; if (PREDICT_UNLIKELY(size > MAX_CAPACITY/2)) { tor_assert(size <= MAX_CAPACITY); higher = MAX_CAPACITY; } else { while (size > higher) higher *= 2; } sl->capacity = higher; sl->list = tor_realloc(sl->list, sizeof(void*)*((size_t)sl->capacity)); } }
/** Launch threads until we have <b>n</b>. */ static int threadpool_start_threads(threadpool_t *pool, int n) { tor_mutex_acquire(&pool->lock); if (pool->n_threads < n) pool->threads = tor_realloc(pool->threads, sizeof(workerthread_t*)*n); while (pool->n_threads < n) { void *state = pool->new_thread_state_fn(pool->new_thread_state_arg); workerthread_t *thr = workerthread_new(state, pool, pool->reply_queue); thr->index = pool->n_threads; if (!thr) { tor_mutex_release(&pool->lock); return -1; } pool->threads[pool->n_threads++] = thr; } tor_mutex_release(&pool->lock); return 0; }
/** Given zero or more zlib-compressed or gzip-compressed strings of * total length * <b>in_len</b> bytes at <b>in</b>, uncompress them into a newly allocated * buffer, using the method described in <b>method</b>. Store the uncompressed * string in *<b>out</b>, and its length in *<b>out_len</b>. Return 0 on * success, -1 on failure. * * If <b>complete_only</b> is true, we consider a truncated input as a * failure; otherwise we decompress as much as we can. Warn about truncated * or corrupt inputs at <b>protocol_warn_level</b>. */ int tor_gzip_uncompress(char **out, size_t *out_len, const char *in, size_t in_len, compress_method_t method, int complete_only, int protocol_warn_level) { struct z_stream_s *stream = NULL; size_t out_size, old_size; off_t offset; int r; tor_assert(out); tor_assert(out_len); tor_assert(in); tor_assert(in_len < UINT_MAX); if (method == GZIP_METHOD && !is_gzip_supported()) { /* Old zlib version don't support gzip in inflateInit2 */ log_warn(LD_BUG, "Gzip not supported with zlib %s", ZLIB_VERSION); return -1; } *out = NULL; stream = tor_malloc_zero(sizeof(struct z_stream_s)); stream->zalloc = Z_NULL; stream->zfree = Z_NULL; stream->opaque = NULL; stream->next_in = (unsigned char*) in; stream->avail_in = (unsigned int)in_len; if (inflateInit2(stream, method_bits(method, HIGH_COMPRESSION)) != Z_OK) { log_warn(LD_GENERAL, "Error from inflateInit2: %s", stream->msg?stream->msg:"<no message>"); goto err; } out_size = in_len * 2; /* guess 50% compression. */ if (out_size < 1024) out_size = 1024; if (out_size >= SIZE_T_CEILING || out_size > UINT_MAX) goto err; *out = tor_malloc(out_size); stream->next_out = (unsigned char*)*out; stream->avail_out = (unsigned int)out_size; while (1) { switch (inflate(stream, complete_only ? Z_FINISH : Z_SYNC_FLUSH)) { case Z_STREAM_END: if (stream->avail_in == 0) goto done; /* There may be more compressed data here. */ if ((r = inflateEnd(stream)) != Z_OK) { log_warn(LD_BUG, "Error freeing gzip structures"); goto err; } if (inflateInit2(stream, method_bits(method,HIGH_COMPRESSION)) != Z_OK) { log_warn(LD_GENERAL, "Error from second inflateInit2: %s", stream->msg?stream->msg:"<no message>"); goto err; } break; case Z_OK: if (!complete_only && stream->avail_in == 0) goto done; /* In case zlib doesn't work as I think.... */ if (stream->avail_out >= stream->avail_in+16) break; case Z_BUF_ERROR: if (stream->avail_out > 0) { log_fn(protocol_warn_level, LD_PROTOCOL, "possible truncated or corrupt zlib data"); goto err; } offset = stream->next_out - (unsigned char*)*out; old_size = out_size; out_size *= 2; if (out_size < old_size) { log_warn(LD_GENERAL, "Size overflow in uncompression."); goto err; } if (is_compression_bomb(in_len, out_size)) { log_warn(LD_GENERAL, "Input looks like a possible zlib bomb; " "not proceeding."); goto err; } if (out_size >= SIZE_T_CEILING) { log_warn(LD_BUG, "Hit SIZE_T_CEILING limit while uncompressing."); goto err; } *out = tor_realloc(*out, out_size); stream->next_out = (unsigned char*)(*out + offset); if (out_size - offset > UINT_MAX) { log_warn(LD_BUG, "Ran over unsigned int limit of zlib while " "uncompressing."); goto err; } stream->avail_out = (unsigned int)(out_size - offset); break; default: log_warn(LD_GENERAL, "Gzip decompression returned an error: %s", stream->msg ? stream->msg : "<no message>"); goto err; } } done: *out_len = stream->next_out - (unsigned char*)*out; r = inflateEnd(stream); tor_free(stream); if (r != Z_OK) { log_warn(LD_BUG, "Error freeing gzip structures"); goto err; } /* NUL-terminate output. */ if (out_size == *out_len) *out = tor_realloc(*out, out_size + 1); (*out)[*out_len] = '\0'; return 0; err: if (stream) { inflateEnd(stream); tor_free(stream); } if (*out) { tor_free(*out); } return -1; }
/** Given <b>in_len</b> bytes at <b>in</b>, compress them into a newly * allocated buffer, using the method described in <b>method</b>. Store the * compressed string in *<b>out</b>, and its length in *<b>out_len</b>. * Return 0 on success, -1 on failure. */ int tor_gzip_compress(char **out, size_t *out_len, const char *in, size_t in_len, compress_method_t method) { struct z_stream_s *stream = NULL; size_t out_size, old_size; off_t offset; tor_assert(out); tor_assert(out_len); tor_assert(in); tor_assert(in_len < UINT_MAX); *out = NULL; if (method == GZIP_METHOD && !is_gzip_supported()) { /* Old zlib version don't support gzip in deflateInit2 */ log_warn(LD_BUG, "Gzip not supported with zlib %s", ZLIB_VERSION); goto err; } stream = tor_malloc_zero(sizeof(struct z_stream_s)); stream->zalloc = Z_NULL; stream->zfree = Z_NULL; stream->opaque = NULL; stream->next_in = (unsigned char*) in; stream->avail_in = (unsigned int)in_len; if (deflateInit2(stream, Z_BEST_COMPRESSION, Z_DEFLATED, method_bits(method, HIGH_COMPRESSION), get_memlevel(HIGH_COMPRESSION), Z_DEFAULT_STRATEGY) != Z_OK) { log_warn(LD_GENERAL, "Error from deflateInit2: %s", stream->msg?stream->msg:"<no message>"); goto err; } /* Guess 50% compression. */ out_size = in_len / 2; if (out_size < 1024) out_size = 1024; *out = tor_malloc(out_size); stream->next_out = (unsigned char*)*out; stream->avail_out = (unsigned int)out_size; while (1) { switch (deflate(stream, Z_FINISH)) { case Z_STREAM_END: goto done; case Z_OK: /* In case zlib doesn't work as I think .... */ if (stream->avail_out >= stream->avail_in+16) break; case Z_BUF_ERROR: offset = stream->next_out - ((unsigned char*)*out); old_size = out_size; out_size *= 2; if (out_size < old_size) { log_warn(LD_GENERAL, "Size overflow in compression."); goto err; } *out = tor_realloc(*out, out_size); stream->next_out = (unsigned char*)(*out + offset); if (out_size - offset > UINT_MAX) { log_warn(LD_BUG, "Ran over unsigned int limit of zlib while " "uncompressing."); goto err; } stream->avail_out = (unsigned int)(out_size - offset); break; default: log_warn(LD_GENERAL, "Gzip compression didn't finish: %s", stream->msg ? stream->msg : "<no message>"); goto err; } } done: *out_len = stream->total_out; #ifdef OPENBSD /* "Hey Rocky! Watch me change an unsigned field to a signed field in a * third-party API!" * "Oh, that trick will just make people do unsafe casts to the unsigned * type in their cross-platform code!" * "Don't be foolish. I'm _sure_ they'll have the good sense to make sure * the newly unsigned field isn't negative." */ tor_assert(stream->total_out >= 0); #endif if (((size_t)stream->total_out) > out_size + 4097) { /* If we're wasting more than 4k, don't. */ *out = tor_realloc(*out, stream->total_out + 1); } if (deflateEnd(stream)!=Z_OK) { log_warn(LD_BUG, "Error freeing gzip structures"); goto err; } tor_free(stream); if (is_compression_bomb(*out_len, in_len)) { log_warn(LD_BUG, "We compressed something and got an insanely high " "compression factor; other Tors would think this was a zlib bomb."); goto err; } return 0; err: if (stream) { deflateEnd(stream); tor_free(stream); } tor_free(*out); return -1; }
static void test_address_ifreq_to_smartlist(void *arg) { smartlist_t *results = NULL; const tor_addr_t *tor_addr = NULL; struct sockaddr_in *sockaddr = NULL; struct sockaddr_in *sockaddr_eth1 = NULL; struct sockaddr_in *sockaddr_to_check = NULL; struct ifconf *ifc; struct ifreq *ifr; struct ifreq *ifr_next; socklen_t addr_len; (void)arg; sockaddr_to_check = tor_malloc(sizeof(struct sockaddr_in)); ifr = tor_malloc(sizeof(struct ifreq)); memset(ifr,0,sizeof(struct ifreq)); strlcpy(ifr->ifr_name,"lo",3); sockaddr = (struct sockaddr_in *) &(ifr->ifr_ifru.ifru_addr); sockaddr_in_from_string("127.0.0.1",sockaddr); ifc = tor_malloc(sizeof(struct ifconf)); memset(ifc,0,sizeof(struct ifconf)); ifc->ifc_len = sizeof(struct ifreq); ifc->ifc_ifcu.ifcu_req = ifr; results = ifreq_to_smartlist(ifc->ifc_buf,ifc->ifc_len); tt_int_op(smartlist_len(results),OP_EQ,1); tor_addr = smartlist_get(results, 0); addr_len = tor_addr_to_sockaddr(tor_addr,0,(struct sockaddr *)sockaddr_to_check, sizeof(struct sockaddr_in)); tt_int_op(addr_len,OP_EQ,sizeof(struct sockaddr_in)); tt_assert(sockaddr_in_are_equal(sockaddr,sockaddr_to_check)); ifr = tor_realloc(ifr,2*sizeof(struct ifreq)); ifr_next = ifr+1; strlcpy(ifr_next->ifr_name,"eth1",5); ifc->ifc_len = 2*sizeof(struct ifreq); ifc->ifc_ifcu.ifcu_req = ifr; sockaddr = (struct sockaddr_in *) &(ifr->ifr_ifru.ifru_addr); sockaddr_eth1 = (struct sockaddr_in *) &(ifr_next->ifr_ifru.ifru_addr); sockaddr_in_from_string("192.168.10.55",sockaddr_eth1); SMARTLIST_FOREACH(results, tor_addr_t *, t, tor_free(t)); smartlist_free(results); results = ifreq_to_smartlist(ifc->ifc_buf,ifc->ifc_len); tt_int_op(smartlist_len(results),OP_EQ,2); tor_addr = smartlist_get(results, 0); addr_len = tor_addr_to_sockaddr(tor_addr,0,(struct sockaddr *)sockaddr_to_check, sizeof(struct sockaddr_in)); tt_int_op(addr_len,OP_EQ,sizeof(struct sockaddr_in)); tt_assert(sockaddr_in_are_equal(sockaddr,sockaddr_to_check)); tor_addr = smartlist_get(results, 1); addr_len = tor_addr_to_sockaddr(tor_addr,0,(struct sockaddr *)sockaddr_to_check, sizeof(struct sockaddr_in)); tt_int_op(addr_len,OP_EQ,sizeof(struct sockaddr_in)); tt_assert(sockaddr_in_are_equal(sockaddr_eth1,sockaddr_to_check)); done: tor_free(sockaddr_to_check); SMARTLIST_FOREACH(results, tor_addr_t *, t, tor_free(t)); smartlist_free(results); tor_free(ifc); tor_free(ifr); return; }