From: Kevin Day <thekevinday@gmail.com>
Date: Thu, 18 Jul 2019 01:11:17 +0000 (-0500)
Subject: Security: use signed integers for string lengths and array lenghts by default
X-Git-Tag: 0.4.3~37
X-Git-Url: https://git.kevux.org/?a=commitdiff_plain;h=fdd73abcff7454f66738094f2cd7a2914bd32da0;p=fll

Security: use signed integers for string lengths and array lenghts by default

Standard functions, such as strnlen(), appear to operate on signed integers instead of unsigned.
Not being able to handle unsigned integers provides unknown behavior that could lead to potential security vulnerabilities.
Future versions of this project will likely need to abandon these methods for more flexible alternatives.

Example problem:
  sources/c/console.c:36:23: warning: 'strnlen' specified bound 18446744073709551615 exceeds maximum object size 9223372036854775807 [-Wstringop-overflow=]
     36 |       string_length = strnlen(argv[location], f_console_max_size);

That is 2^63 instead of the expected 2^64.

The array lengths were converted to signed as well.
---

diff --git a/level_0/f_strings/c/strings.h b/level_0/f_strings/c/strings.h
index 00fe666..7c9ee9b 100644
--- a/level_0/f_strings/c/strings.h
+++ b/level_0/f_strings/c/strings.h
@@ -62,16 +62,16 @@ extern "C"{
 #endif // _di_string_format_pointers_
 
 #ifndef _di_f_array_length_printf_
-  #define f_array_length_printf       string_format_unsigned
-  #define f_array_length_short_printf string_format_long_unsigned
-  #define f_array_length_long_printf  string_format_long_long_unsigned
+  #define f_array_length_printf       string_format_integer
+  #define f_array_length_short_printf string_format_short_integer
+  #define f_array_length_long_printf  string_format_long_integer
 #endif // _di_f_array_length_printf_
 
 // define the basic string type
 #ifndef _di_f_have_string_
   typedef f_autochar *f_string;
 
-  #define f_string_max_size   f_unsigned_long_size
+  #define f_string_max_size   f_signed_long_size
   #define f_string_initialize f_eos
 
   #define f_new_string(status, string, length)   status = f_new_array((void **) & string, sizeof(f_string), length)
@@ -88,7 +88,7 @@ extern "C"{
 #ifndef _di_f_string_length_
   typedef f_u_long f_string_length;
 
-  #define f_string_length_printf string_format_long_unsigned
+  #define f_string_length_printf string_format_long_integer
 
   #define f_new_string_length(status, string, length)   status = f_new_array((void **) & string, sizeof(f_string_length), length)
   #define f_delete_string_length(status, string)        status = f_delete((void **) & string)
diff --git a/level_0/f_types/c/types.h b/level_0/f_types/c/types.h
index 8d2ac15..03ba05f 100644
--- a/level_0/f_types/c/types.h
+++ b/level_0/f_types/c/types.h
@@ -151,9 +151,9 @@ extern "C"{
 
 // Defines a variable to be used by arrays.
 #ifndef _di_f_array_length_
-  typedef f_u_long      f_array_length;
-  typedef f_u_int       f_array_length_short;
-  typedef f_u_long_long f_array_length_long;
+  typedef f_s_long      f_array_length;
+  typedef f_s_int       f_array_length_short;
+  typedef f_s_long_long f_array_length_long;
 #endif // _di_f_array_length_
 
 #ifdef __cplusplus