Hardening integer overflow guards in escape helper functions for atta…#671
Hardening integer overflow guards in escape helper functions for atta…#671SABITHSAHEB wants to merge 6 commits into
Conversation
…cker-controlled input
…ub.com/SABITHSAHEB/httpd into server-util-integer-overflow-hardening
|
Using |
Keep ap_assert for these size checks instead of adding new error-return paths, and restore the asserts that were removed. Drop the unrelated mod_core atoi changes and the cookie reverse-map sizing churn so this stays focused on the escape helpers.
|
Makes sense, reverted to ap_assert across the board: restored the ones I'd removed and used it for the new checks too instead of the error-return paths. I also pulled the unrelated mod_core atoi changes and the cookie reverse-map sizing churn so this stays focused on the escape helpers. Pushed. |
|
any update? |
this doesn't compile in C90 in various places. Build with |
|
Fixed and pushed. The offenders were escape_backref in mod_rewrite.c and ftp_escape_globbingchars in mod_proxy_ftp.c, where the new declarations ended up after statements; moved them up into the declaration blocks. Rebuilt with --enable-maintainer-mode and the touched files compile clean now under -Wdeclaration-after-statement. The only failure left in my tree was the pre-existing SSL_get_handshake_rtt apr_uint64_t vs uint64_t mismatch on macOS with homebrew apr, unrelated to this patch. |
server/util: Harden escape helpers against allocation size overflows
Summary
This patch adds integer overflow validation to several escape helper functions in
server/util.cbefore calculating allocation sizes.These functions derive buffer sizes from input lengths using expressions such as
3 * len + 1and10 * len. Without validation, extremely large values could cause arithmetic wraparound, resulting in an undersized allocation and potential memory corruption during subsequent writes.Changes
size_t.Security Impact
This change hardens memory allocation logic against integer-overflow conditions that could otherwise lead to heap buffer overflows when processing unusually large inputs.
Testing
Notes