aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormoneromooo-monero <moneromooo-monero@users.noreply.github.com>2019-04-29 08:17:32 +0000
committermoneromooo-monero <moneromooo-monero@users.noreply.github.com>2019-06-14 08:48:25 +0000
commit434e617a1d7f2f6f6b4507ada00f9ab69d0bd27e (patch)
tree471e985df7ab9db97a0ce3fd8420d78133c2b71b
parentabstract_tcp_server2: improve DoS resistance (diff)
downloadmonero-434e617a1d7f2f6f6b4507ada00f9ab69d0bd27e.tar.xz
ensure no NULL is passed to memcpy
NULL is valid when size is 0, but memcpy uses nonnull attributes, so let's not poke the bear
-rw-r--r--contrib/epee/src/buffer.cpp3
-rw-r--r--contrib/epee/src/wipeable_string.cpp17
-rw-r--r--src/blockchain_db/lmdb/db_lmdb.cpp4
-rw-r--r--src/crypto/keccak.c3
4 files changed, 18 insertions, 9 deletions
diff --git a/contrib/epee/src/buffer.cpp b/contrib/epee/src/buffer.cpp
index d637b905e..10ea6de56 100644
--- a/contrib/epee/src/buffer.cpp
+++ b/contrib/epee/src/buffer.cpp
@@ -64,7 +64,8 @@ void buffer::append(const void *data, size_t sz)
size_t reserve = (((size() + sz) * 3 / 2) + 4095) & ~4095;
new_storage.reserve(reserve);
new_storage.resize(size());
- memcpy(new_storage.data(), storage.data() + offset, storage.size() - offset);
+ if (size() > 0)
+ memcpy(new_storage.data(), storage.data() + offset, storage.size() - offset);
offset = 0;
std::swap(storage, new_storage);
}
diff --git a/contrib/epee/src/wipeable_string.cpp b/contrib/epee/src/wipeable_string.cpp
index 3a6ee5dac..4209b71bf 100644
--- a/contrib/epee/src/wipeable_string.cpp
+++ b/contrib/epee/src/wipeable_string.cpp
@@ -62,13 +62,15 @@ wipeable_string::wipeable_string(wipeable_string &&other)
wipeable_string::wipeable_string(const std::string &other)
{
grow(other.size());
- memcpy(buffer.data(), other.c_str(), size());
+ if (size() > 0)
+ memcpy(buffer.data(), other.c_str(), size());
}
wipeable_string::wipeable_string(std::string &&other)
{
grow(other.size());
- memcpy(buffer.data(), other.c_str(), size());
+ if (size() > 0)
+ memcpy(buffer.data(), other.c_str(), size());
if (!other.empty())
{
memwipe(&other[0], other.size()); // we're kinda left with this again aren't we
@@ -79,7 +81,8 @@ wipeable_string::wipeable_string(std::string &&other)
wipeable_string::wipeable_string(const char *s)
{
grow(strlen(s));
- memcpy(buffer.data(), s, size());
+ if (size() > 0)
+ memcpy(buffer.data(), s, size());
}
wipeable_string::wipeable_string(const char *s, size_t len)
@@ -112,14 +115,18 @@ void wipeable_string::grow(size_t sz, size_t reserved)
}
size_t old_sz = buffer.size();
std::unique_ptr<char[]> tmp{new char[old_sz]};
- memcpy(tmp.get(), buffer.data(), old_sz * sizeof(char));
if (old_sz > 0)
+ {
+ memcpy(tmp.get(), buffer.data(), old_sz * sizeof(char));
memwipe(buffer.data(), old_sz * sizeof(char));
+ }
buffer.reserve(reserved);
buffer.resize(sz);
- memcpy(buffer.data(), tmp.get(), old_sz * sizeof(char));
if (old_sz > 0)
+ {
+ memcpy(buffer.data(), tmp.get(), old_sz * sizeof(char));
memwipe(tmp.get(), old_sz * sizeof(char));
+ }
}
void wipeable_string::push_back(char c)
diff --git a/src/blockchain_db/lmdb/db_lmdb.cpp b/src/blockchain_db/lmdb/db_lmdb.cpp
index a03a0989b..f05eb0f30 100644
--- a/src/blockchain_db/lmdb/db_lmdb.cpp
+++ b/src/blockchain_db/lmdb/db_lmdb.cpp
@@ -1077,11 +1077,11 @@ void BlockchainLMDB::add_tx_amount_output_indices(const uint64_t tx_id,
int result = 0;
- int num_outputs = amount_output_indices.size();
+ size_t num_outputs = amount_output_indices.size();
MDB_val_set(k_tx_id, tx_id);
MDB_val v;
- v.mv_data = (void *)amount_output_indices.data();
+ v.mv_data = num_outputs ? (void *)amount_output_indices.data() : (void*)"";
v.mv_size = sizeof(uint64_t) * num_outputs;
// LOG_PRINT_L1("tx_outputs[tx_hash] size: " << v.mv_size);
diff --git a/src/crypto/keccak.c b/src/crypto/keccak.c
index 170911262..18ed3152f 100644
--- a/src/crypto/keccak.c
+++ b/src/crypto/keccak.c
@@ -116,7 +116,8 @@ void keccak(const uint8_t *in, size_t inlen, uint8_t *md, int mdlen)
local_abort("Bad keccak use");
}
- memcpy(temp, in, inlen);
+ if (inlen > 0)
+ memcpy(temp, in, inlen);
temp[inlen++] = 1;
memset(temp + inlen, 0, rsiz - inlen);
temp[rsiz - 1] |= 0x80;