INN commit: trunk/nnrpd (Makefile tls.c)

INN Commit Russ_Allbery at isc.org
Thu May 22 18:44:18 UTC 2008


    Date: Thursday, May 22, 2008 @ 11:44:18
  Author: iulius
Revision: 7840

When an article of a size greater than remaining stack is retrieved via 
SSL, a segmentation fault will occur due to the use of alloca().
The below patch uses heap based realloc() instead of stack based alloca(), 
with a static buffer growing as needed.
It uses realloc() instead of malloc() for performance reasons since this 
function is called frequently.  The caveat is that the memory is never 
free()'ed, so if more correct code is desired, it should be adjusted.

Thanks to Chris for this patch.

Modified:
  trunk/nnrpd/Makefile
  trunk/nnrpd/tls.c

----------+
 Makefile |   15 +++++++--------
 tls.c    |   14 ++++++++++----
 2 files changed, 17 insertions(+), 12 deletions(-)

Modified: Makefile
===================================================================
--- Makefile	2008-05-20 16:48:15 UTC (rev 7839)
+++ Makefile	2008-05-22 18:44:18 UTC (rev 7840)
@@ -223,15 +223,14 @@
   ../include/nntp.h ../include/inn/nntp.h ../include/inn/paths.h \
   ../include/inn/storage.h ../include/inn/vector.h ../include/inn/timer.h
 tls.o: tls.c ../include/config.h ../include/inn/defines.h \
-  ../include/inn/system.h ../include/inn/options.h \
-  ../include/portable/alloca.h ../include/config.h ../include/clibrary.h \
+  ../include/inn/system.h ../include/inn/options.h ../include/clibrary.h \
   ../include/config.h nnrpd.h ../include/portable/socket.h \
-  ../include/portable/getaddrinfo.h ../include/portable/getnameinfo.h \
-  ../include/portable/time.h ../include/inn/qio.h \
-  ../include/inn/defines.h ../include/inn/libinn.h ../include/nntp.h \
-  ../include/inn/nntp.h ../include/inn/paths.h ../include/inn/storage.h \
-  ../include/inn/vector.h ../include/inn/timer.h ../include/inn/innconf.h \
-  tls.h
+  ../include/config.h ../include/portable/getaddrinfo.h \
+  ../include/portable/getnameinfo.h ../include/portable/time.h \
+  ../include/inn/qio.h ../include/inn/defines.h ../include/inn/libinn.h \
+  ../include/nntp.h ../include/inn/nntp.h ../include/inn/paths.h \
+  ../include/inn/storage.h ../include/inn/vector.h ../include/inn/timer.h \
+  ../include/inn/innconf.h tls.h
 track.o: track.c ../include/config.h ../include/inn/defines.h \
   ../include/inn/system.h ../include/inn/options.h ../include/clibrary.h \
   ../include/config.h ../include/inn/innconf.h ../include/inn/defines.h \

Modified: tls.c
===================================================================
--- tls.c	2008-05-20 16:48:15 UTC (rev 7839)
+++ tls.c	2008-05-22 18:44:18 UTC (rev 7840)
@@ -18,7 +18,6 @@
 */
 
 #include "config.h"
-#include "portable/alloca.h"
 #include "clibrary.h"
 #include <syslog.h>
 #include <sys/stat.h>
@@ -667,7 +666,8 @@
 ssize_t
 SSL_writev (SSL *ssl, const struct iovec *vector, int count)
 {
-  char *buffer;
+  static char *buffer = NULL;
+  static size_t allocsize = 0;
   char *bp;
   size_t bytes, to_copy;
   int i;
@@ -675,8 +675,14 @@
   bytes = 0;
   for (i = 0; i < count; ++i)
     bytes += vector[i].iov_len;
-  /* Allocate a temporary buffer to hold the data.  */
-  buffer = alloca(bytes);
+  /* Allocate a buffer to hold the data.  */
+  if (NULL == buffer) {
+    buffer = (char *) xmalloc(bytes);
+    allocsize = bytes;
+  } else if (bytes > allocsize) {
+    buffer = (char *) xrealloc (buffer, bytes);
+    allocsize = bytes;
+  }
   /* Copy the data into BUFFER.  */
   to_copy = bytes;
   bp = buffer;



More information about the inn-committers mailing list