[svn] GnuPG - r4430 - branches/STABLE-BRANCH-1-4/util

[svn author wk]

Author: wk
Date: 2007-02-12 15:13:37 +0100 (Mon, 12 Feb 2007)
New Revision: 4430

Modified:
   branches/STABLE-BRANCH-1-4/util/ChangeLog
   branches/STABLE-BRANCH-1-4/util/secmem.c
Log:
	* secmem.c (ptr_into_pool_p): New.
        (m_is_secure): Implement in terms of above.  Also check that the
        pool has been initialized.
			 


Modified: branches/STABLE-BRANCH-1-4/util/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-1-4/util/ChangeLog	2007-02-11 03:56:59 UTC (rev 4429)
+++ branches/STABLE-BRANCH-1-4/util/ChangeLog	2007-02-12 14:13:37 UTC (rev 4430)
@@ -1,3 +1,9 @@
+2007-02-12  Werner Koch  <wk at g10code.com>
+
+	* secmem.c (ptr_into_pool_p): New.
+	(m_is_secure): Implement in terms of above.  Also check that the
+	pool has been initialized.
+
 2007-02-10  David Shaw  <dshaw at jabberwocky.com>
 
 	* http.c (do_parse_uri): Remove the hkp port 11371 detection.  We

Modified: branches/STABLE-BRANCH-1-4/util/secmem.c
===================================================================
--- branches/STABLE-BRANCH-1-4/util/secmem.c	2007-02-11 03:56:59 UTC (rev 4429)
+++ branches/STABLE-BRANCH-1-4/util/secmem.c	2007-02-12 14:13:37 UTC (rev 4430)
@@ -449,10 +449,27 @@
     cur_alloced -= size;
 }
 
+
+/* Check whether P points into the pool.  */
+static int
+ptr_into_pool_p (const void *p)
+{
+  /* We need to convert pointers to addresses.  This is required by
+     C-99 6.5.8 to avoid undefined behaviour.  Using size_t is at
+     least only implementation defined.  See also
+     http://lists.gnupg.org/pipermail/gcrypt-devel/2007-February/001102.html
+  */
+  size_t p_addr = (size_t)p;
+  size_t pool_addr = (size_t)pool;
+
+  return p_addr >= pool_addr && p_addr <  pool_addr+poolsize;
+}
+
+
 int
 m_is_secure( const void *p )
 {
-    return p >= pool && p < (void*)((char*)pool+poolsize);
+  return pool_okay && ptr_into_pool_p (p);
 }