Add warning about a potential pitfall with WPACKET_allocate_bytes() If the underlying BUF_MEM gets realloc'd then the pointer returned could become invalid. Therefore we should always ensure that the allocated memory is filled in prior to any more WPACKET_* calls. Reviewed-by: Rich Salz <rsalz@openssl.org>
diff --git a/ssl/packet.c b/ssl/packet.c index 6199469..0e8e876 100644 --- a/ssl/packet.c +++ b/ssl/packet.c
@@ -224,6 +224,7 @@ if (!WPACKET_allocate_bytes(pkt, lenbytes, &lenchars)) return 0; + /* Convert to an offset in case the underlying BUF_MEM gets realloc'd */ sub->packet_len = lenchars - (unsigned char *)pkt->buf->data; return 1;
diff --git a/ssl/packet_locl.h b/ssl/packet_locl.h index c51d892..44a8f82 100644 --- a/ssl/packet_locl.h +++ b/ssl/packet_locl.h
@@ -671,6 +671,9 @@ * Allocate bytes in the WPACKET for the output. This reserves the bytes * and counts them as "written", but doesn't actually do the writing. A pointer * to the allocated bytes is stored in |*allocbytes|. + * WARNING: the allocated bytes must be filled in immediately, without further + * WPACKET_* calls. If not then the underlying buffer may be realloc'd and + * change its location. */ int WPACKET_allocate_bytes(WPACKET *pkt, size_t bytes, unsigned char **allocbytes); @@ -715,7 +718,7 @@ #define WPACKET_put_bytes_u16(pkt, val) \ WPACKET_put_bytes__((pkt), (val), 2) #define WPACKET_put_bytes_u24(pkt, val) \ - WPACKET_put_bytes__((pkt), (val)), 3) + WPACKET_put_bytes__((pkt), (val), 3) #define WPACKET_put_bytes_u32(pkt, val) \ WPACKET_sub_allocate_bytes__((pkt), (val), 4)