ARCHIVE/xahaud
3
0
Fork 0
mirror of https://github.com/Xahau/xahaud.git synced 2025-11-09 21:25:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Eliminate potential undefined behavior (RIPD-1685):

Browse Source 
Under certain conditions, we could call `memcpy` or `memcmp` with a null
source pointer. Even when specifying 0 as the amount of data to copy this
could result in undefined behavior under the C and C++ standards.

Acknowledgements:
Ripple thanks Guido Vranken for responsibly disclosing these issues.

Bug Bounties and Responsible Disclosures:
We welcome reviews of the rippled code and urge researchers to responsibly
disclose any issues that they may find. For more on Ripple's Bug Bounty
program, please visit: https://ripple.com/bug-bounty
This commit is contained in:
Nik Bougalis
2018-11-07 11:55:24 -08:00
parent 753600a2a0
commit c71eb45240
3 changed files with 13 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/ripple/basics/Buffer.h
View File

@@ -221,9 +221,13 @@ public:
inline bool operator==(Buffer const& lhs, Buffer const& rhs) noexcept inline bool operator==(Buffer const& lhs, Buffer const& rhs) noexcept
{ {
if (lhs.size () != rhs.size ()) if (lhs.size() != rhs.size())
return false; return false;
return !std::memcmp (lhs.data (), rhs.data (), lhs.size ());
if (lhs.size() == 0)
return true;
return std::memcmp(lhs.data(), rhs.data(), lhs.size()) == 0;
} }
inline bool operator!=(Buffer const& lhs, Buffer const& rhs) noexcept inline bool operator!=(Buffer const& lhs, Buffer const& rhs) noexcept

32
src/ripple/protocol/STBlob.h
View File

@@ -23,6 +23,7 @@
#include <ripple/basics/Buffer.h> #include <ripple/basics/Buffer.h>
#include <ripple/basics/Slice.h> #include <ripple/basics/Slice.h>
#include <ripple/protocol/STBase.h> #include <ripple/protocol/STBase.h>
#include <cassert>
#include <cstring> #include <cstring>
#include <memory> #include <memory>
@@ -42,18 +43,6 @@ public:
{ {
} }
/** Construct with size and initializer.
Init will be called as:
void(void* data, std::size_t size)
*/
template <class Init>
STBlob (SField const& f, std::size_t size,
Init&& init)
: STBase(f), value_ (size)
{
init(value_.data(), value_.size());
}
STBlob (SField const& f, STBlob (SField const& f,
void const* data, std::size_t size) void const* data, std::size_t size)
: STBase(f), value_ (data, size) : STBase(f), value_ (data, size)
@@ -115,12 +104,6 @@ public:
s.addVL (value_.data (), value_.size ()); s.addVL (value_.data (), value_.size ());
} }
Buffer const&
peekValue () const
{
return value_;
}
STBlob& STBlob&
operator= (Slice const& slice) operator= (Slice const& slice)
{ {
@@ -141,25 +124,12 @@ public:
return *this; return *this;
} }
Buffer&
peekValue ()
{
return value_;
}
void void
setValue (Buffer&& b) setValue (Buffer&& b)
{ {
value_ = std::move (b); value_ = std::move (b);
} }
void
setValue (void const* data, std::size_t size)
{
value_.alloc (size);
std::memcpy(value_.data(), data, size);
}
bool bool
isEquivalent (const STBase& t) const override; isEquivalent (const STBase& t) const override;

12
src/ripple/protocol/Serializer.h
View File

@@ -49,14 +49,14 @@ public:
mData.reserve (n); mData.reserve (n);
} }
Serializer (void const* data, Serializer (void const* data, std::size_t size)
std::size_t size)
{ {
assert(!data == !size);
mData.resize(size); mData.resize(size);
std::memcpy(mData.data(),
reinterpret_cast< if (size)
unsigned char const*>( std::memcpy(mData.data(), data, size);
data), size);
} }
Slice slice() const noexcept Slice slice() const noexcept