diff options
author | Matt Caswell <matt@openssl.org> | 2016-09-21 11:20:18 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-09-22 23:12:38 +0100 |
commit | 4b0fc9fc7a8767f3e6289b2b9f4527db186b3566 (patch) | |
tree | a1f727298be9f459f2900f4a681b3e7eebc31a6c /ssl/packet_locl.h | |
parent | f3b3d7f0033080f86ede5a53e8af2fb313091b5a (diff) |
Add warning about a potential pitfall with WPACKET_allocate_bytes()
If the underlying BUF_MEM gets realloc'd then the pointer returned could
become invalid. Therefore we should always ensure that the allocated
memory is filled in prior to any more WPACKET_* calls.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'ssl/packet_locl.h')
-rw-r--r-- | ssl/packet_locl.h | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/ssl/packet_locl.h b/ssl/packet_locl.h index c51d8922a8..44a8f82c7c 100644 --- a/ssl/packet_locl.h +++ b/ssl/packet_locl.h @@ -671,6 +671,9 @@ int WPACKET_start_sub_packet(WPACKET *pkt); * Allocate bytes in the WPACKET for the output. This reserves the bytes * and counts them as "written", but doesn't actually do the writing. A pointer * to the allocated bytes is stored in |*allocbytes|. + * WARNING: the allocated bytes must be filled in immediately, without further + * WPACKET_* calls. If not then the underlying buffer may be realloc'd and + * change its location. */ int WPACKET_allocate_bytes(WPACKET *pkt, size_t bytes, unsigned char **allocbytes); @@ -715,7 +718,7 @@ int WPACKET_put_bytes__(WPACKET *pkt, unsigned int val, size_t bytes); #define WPACKET_put_bytes_u16(pkt, val) \ WPACKET_put_bytes__((pkt), (val), 2) #define WPACKET_put_bytes_u24(pkt, val) \ - WPACKET_put_bytes__((pkt), (val)), 3) + WPACKET_put_bytes__((pkt), (val), 3) #define WPACKET_put_bytes_u32(pkt, val) \ WPACKET_sub_allocate_bytes__((pkt), (val), 4) |