buffer: Check for unlikely integer overflow

If we see an integer overflow here something has gone horribly wrong
(or malicious code is present). So treat this as unrecoverable, and
fail if we're going to overflow.

https://bugzilla.redhat.com/show_bug.cgi?id=985019

1 files changed, 6 insertions, 0 deletions

diff --git a/common/buffer.c b/common/buffer.c
index dc46fcb..f2e2cb8 100644
--- a/common/buffer.c
+++ b/common/buffer.c
@@ -39,6 +39,7 @@
 #include "debug.h"
 
 #include <assert.h>
+#include <stdint.h>
 #include <stdlib.h>
 #include <string.h>
 #include <stdarg.h>
@@ -152,11 +153,16 @@ p11_buffer_append (p11_buffer *buffer,
 	return_val_if_fail (p11_buffer_ok (buffer), NULL);
 
 	terminator = (buffer->flags & P11_BUFFER_NULL) ? 1 : 0;
+
+	/* Check for unlikely and unrecoverable integer overflow */
+	return_val_if_fail (SIZE_MAX - (terminator + length) > buffer->len, NULL);
+
 	reserve = terminator + length + buffer->len;
 
 	if (reserve > buffer->size) {
 
 		/* Calculate a new length, minimize number of buffer allocations */
+		return_val_if_fail (buffer->size < SIZE_MAX / 2, NULL);
 		newlen = buffer->size * 2;
 		if (!newlen)
 			newlen = 16;