[gnutls-devel] GnuTLS | Consolidate ways to enforce bounds check (#1194)

[Read-only notification of GnuTLS library development activities]

Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1194



We currently have bounds check logic in several places where data is read or written.  A typical pattern is using one of the `DECR_LEN` macros:
```c
uint8_t *p = data;
size_t data_size = _data_size;
...
DECR_LEN(data_size, 3);
size = _gnutls_read_uint24(p);
p += 3;
```
While this is better than manual checks like `if (data_size < 3) goto error; data_size -= 3;`, it doesn't provide a way to enforce the check in new code.

I would suggest providing a simpler (internal) API, and discouraging direct access to pointer and the length.  Maybe we could reuse the existing `gnutls_buffer_st`, with a couple of new constructors for statically provided data buffers:
```c
void _gnutls_buffer_static_for_read(gnutls_buffer_st *buffer, const uint8_t *data, size_t size);
void _gnutls_buffer_static_for_write(gnutls_buffer_st *buffer, const uint8_t *data, size_t max_size);
```
then the above example can be rewritten as:
```c
gnutls_buffer_st buf;
...
_gnutls_buffer_static_for_read(&buf, data, _data_size);
...
size_t size;
ret = _gnutls_buffer_pop_prefix24(&buf, &size, 1);
if (ret < 0) {
        goto cleanup;
}
```
Writing is similarly done:
```c
gnutls_buffer_st buf;
...
_gnutls_buffer_static_for_write(&buf, ptr, max_size);
...
ret = _gnutls_buffer_append_prefix(&buf, 3, size);
if (ret < 0) {
        goto cleanup;
}
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1194
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210321/f09e45d2/attachment.html>