buffer: Check for unlikely integer overflow

If we see an integer overflow here something has gone horribly wrong
(or malicious code is present). So treat this as unrecoverable, and
fail if we're going to overflow.

https://bugzilla.redhat.com/show_bug.cgi?id=985019

diff --git a/common/buffer.c b/common/buffer.c
index dc46fcbdd67b30b1e88f17bedf2ce9a5dcbe13f7..f2e2cb886cf6f6c23263aaf48fa0e2af40ac960b 100644 (file)
--- a/common/buffer.c
+++ b/common/buffer.c
@@ -39,6 +39,7 @@
 #include "debug.h"
 
 #include <assert.h>
+#include <stdint.h>
 #include <stdlib.h>
 #include <string.h>
 #include <stdarg.h>
@@ -152,11 +153,16 @@ p11_buffer_append (p11_buffer *buffer,
        return_val_if_fail (p11_buffer_ok (buffer), NULL);
 
        terminator = (buffer->flags & P11_BUFFER_NULL) ? 1 : 0;
+
+       /* Check for unlikely and unrecoverable integer overflow */
+       return_val_if_fail (SIZE_MAX - (terminator + length) > buffer->len, NULL);
+
        reserve = terminator + length + buffer->len;
 
        if (reserve > buffer->size) {
 
                /* Calculate a new length, minimize number of buffer allocations */
+               return_val_if_fail (buffer->size < SIZE_MAX / 2, NULL);
                newlen = buffer->size * 2;
                if (!newlen)
                        newlen = 16;