From f8442f0217de90347444ece0c9c79e5d6646ed79 Mon Sep 17 00:00:00 2001 From: Kevin Day Date: Wed, 17 Jul 2019 20:11:17 -0500 Subject: [PATCH] Security: use signed integers for string lengths and array lenghts by default Standard functions, such as strnlen(), appear to operate on signed integers instead of unsigned. Not being able to handle unsigned integers provides unknown behavior that could lead to potential security vulnerabilities. Future versions of this project will likely need to abandon these methods for more flexible alternatives. Example problem: sources/c/console.c:36:23: warning: 'strnlen' specified bound 18446744073709551615 exceeds maximum object size 9223372036854775807 [-Wstringop-overflow=] 36 | string_length = strnlen(argv[location], f_console_max_size); That is 2^63 instead of the expected 2^64. The array lengths were converted to signed as well. --- level_0/f_strings/c/strings.h | 10 +++++----- level_0/f_types/c/types.h | 6 +++--- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/level_0/f_strings/c/strings.h b/level_0/f_strings/c/strings.h index 8c75076..341b7d2 100644 --- a/level_0/f_strings/c/strings.h +++ b/level_0/f_strings/c/strings.h @@ -62,16 +62,16 @@ extern "C" { #endif // _di_string_format_pointers_ #ifndef _di_f_array_length_printf_ - #define f_array_length_printf string_format_unsigned - #define f_array_length_short_printf string_format_long_unsigned - #define f_array_length_long_printf string_format_long_long_unsigned + #define f_array_length_printf string_format_integer + #define f_array_length_short_printf string_format_short_integer + #define f_array_length_long_printf string_format_long_integer #endif // _di_f_array_length_printf_ // define the basic string type #ifndef _di_f_have_string_ typedef f_autochar *f_string; - #define f_string_max_size f_unsigned_long_size + #define f_string_max_size f_signed_long_size #define f_string_initialize f_eos #define f_new_string(status, string, length) status = f_new_array((f_void_p *) & string, sizeof(f_string), length) @@ -88,7 +88,7 @@ extern "C" { #ifndef _di_f_string_length_ typedef f_u_long f_string_length; - #define f_string_length_printf string_format_long_unsigned + #define f_string_length_printf string_format_long_integer #define f_new_string_length(status, string, length) status = f_new_array((f_void_p *) & string, sizeof(f_string_length), length) #define f_delete_string_length(status, string) status = f_delete((f_void_p *) & string) diff --git a/level_0/f_types/c/types.h b/level_0/f_types/c/types.h index b6ea66e..baf44aa 100644 --- a/level_0/f_types/c/types.h +++ b/level_0/f_types/c/types.h @@ -158,9 +158,9 @@ extern "C" { // Defines a variable to be used by arrays. #ifndef _di_f_array_length_ - typedef f_u_long f_t_array_length; - typedef f_u_int f_t_array_length_short; - typedef f_u_long_long f_t_array_length_long; + typedef f_s_long f_array_length; + typedef f_s_int f_array_length_short; + typedef f_s_long_long f_array_length_long; #endif // _di_f_array_length_ #ifndef _di_f_gcc_specific_ -- 1.8.3.1