Be more proactive about noticing underflows: size_t values greater than 0x800...00 are likely to be trouble.

svn:r3064

src/common/compat.c

@@ -100,6 +100,8 @@ int tor_vsnprintf(char *str, size_t size, const char *format, va_list args)
   int r;
   if (size == 0)
     return -1; /* no place for the NUL */
+  if (size > SIZE_T_CEILING)
+    return -1;
 #ifdef MS_WINDOWS
   r = _vsnprintf(str, size, format, args);
 #else

src/common/crypto.c

@@ -1520,6 +1520,8 @@ base64_encode(char *dest, size_t destlen, const char *src, size_t srclen)
   */
   if (destlen < ((srclen/48)+1)*66)
     return -1;
+  if (destlen > SIZE_T_CEILING)
+    return -1;
 
   EVP_EncodeInit(&ctx);
   EVP_EncodeUpdate(&ctx, dest, &len, (char*) src, srclen);
@@ -1543,6 +1545,8 @@ base64_decode(char *dest, size_t destlen, const char *src, size_t srclen)
   */
   if (destlen < ((srclen/64)+1)*49)
     return -1;
+  if (destlen > SIZE_T_CEILING)
+    return -1;
 
   EVP_DecodeInit(&ctx);
   EVP_DecodeUpdate(&ctx, dest, &len, (char*) src, srclen);
@@ -1562,6 +1566,7 @@ base32_encode(char *dest, size_t destlen, const char *src, size_t srclen)
 
   tor_assert((nbits%5) == 0); /* We need an even multiple of 5 bits. */
   tor_assert((nbits/5)+1 <= destlen); /* We need enough space. */
+  tor_assert(destlen < SIZE_T_CEILING);
 
   for (i=0,bit=0; bit < nbits; ++i, bit+=5) {
     /* set v to the 16-bit value starting at src[bits/8], 0-padded. */
@@ -1588,6 +1593,7 @@ secret_to_key(char *key_out, size_t key_out_len, const char *secret,
   uint8_t c;
   size_t count;
   char *tmp;
+  tor_assert(key_out_len < SIZE_T_CEILING);
 
 #define EXPBIAS 6
   c = s2k_specifier[8];

src/common/torint.h

@@ -232,5 +232,8 @@ typedef uint32_t uintptr_t;
 #endif
 #endif
 
+/* Any size_t larger than this amount is likely to be an underflow. */
+#define SIZE_T_CEILING (1u<<(sizeof(size_t)*8 - 1))
+
 #endif /* __TORINT_H */
 

src/common/util.c

@@ -18,6 +18,7 @@ const char util_c_id[] = "$Id$";
 #include "util.h"
 #include "log.h"
 #include "crypto.h"
+#include "torint.h"
 
 #ifdef MS_WINDOWS
 #include <io.h>
@@ -218,6 +219,8 @@ int tor_strpartition(char *dest, size_t dest_len,
   tor_assert(s);
   tor_assert(insert);
   tor_assert(n > 0);
+  tor_assert(n < SIZE_T_CEILING);
+  tor_assert(dest_len < SIZE_T_CEILING);
   len_in = strlen(s);
   len_ins = strlen(insert);
   len_out = len_in + (len_in/n)*len_ins;
@@ -444,6 +447,7 @@ void base16_encode(char *dest, size_t destlen, const char *src, size_t srclen)
   char *cp;
 
   tor_assert(destlen >= srclen*2+1);
+  tor_assert(destlen < SIZE_T_CEILING);
 
   cp = dest;
   end = src+srclen;
@@ -477,7 +481,7 @@ int base16_decode(char *dest, size_t destlen, const char *src, size_t srclen)
   int v1,v2;
   if ((srclen % 2) != 0)
     return -1;
-  if (destlen < srclen/2)
+  if (destlen < srclen/2 || destlen > SIZE_T_CEILING)
     return -1;
   end = src+srclen;
   while (src<end) {
@@ -703,6 +707,9 @@ int read_all(int fd, char *buf, size_t count, int isSocket) {
   size_t numread = 0;
   int result;
 
+  if (count > SIZE_T_CEILING)
+    return -1;
+
   while (numread != count) {
     if (isSocket)
       result = recv(fd, buf+numread, count-numread, 0);