Move to a non-zeroing _dl_malloc, a _dl_calloc and _dl_reallocarry and

fix _dl_strdup to return NULL instead of crash; ok deraadt@

14 files changed, 132 insertions, 27 deletions

diff --git a/libexec/ld.so/Makefile b/libexec/ld.so/Makefile
index 6c3a4a053fb..796a5b4feb0 100644
--- a/libexec/ld.so/Makefile
+++ b/libexec/ld.so/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.49 2014/06/05 08:41:09 otto Exp $
+#	$OpenBSD: Makefile,v 1.50 2014/06/21 08:00:22 otto Exp $
 
 SUBDIR=ldconfig ldd
 MAN=	ld.so.1
@@ -15,7 +15,7 @@ VPATH=${.CURDIR}/../../lib/libc/string
 SRCS=	ldasm.S boot.c loader.c resolve.c dlfcn.c dl_printf.c rtld_machine.c
 SRCS+=	path.c util.c sod.c strsep.c strtol.c dir.c library_subr.c dl_prebind.c
 SRCS+=	dl_realpath.c dl_uname.c dl_dirname.c strlcat.c strlen.c trace.c
-SRCS+=	malloc.c
+SRCS+=	malloc.c reallocarray.c
 
 .if (${MACHINE_ARCH} == "i386")
 SRCS+=	library_mquery.c
diff --git a/libexec/ld.so/dir.c b/libexec/ld.so/dir.c
index e08a5bd64e8..942add5d952 100644
--- a/libexec/ld.so/dir.c
+++ b/libexec/ld.so/dir.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: dir.c,v 1.17 2013/08/13 05:52:17 guenther Exp $	*/
+/*	$OpenBSD: dir.c,v 1.18 2014/06/21 08:00:22 otto Exp $	*/
 /*
  * Copyright (c) 1983, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -68,7 +68,7 @@ _dl_opendir(const char *name)
 		return (NULL);
 	}
 	if (_dl_fcntl(fd, F_SETFD, FD_CLOEXEC) < 0 ||
-	    (dirp = _dl_malloc(sizeof(*dirp))) == NULL) {
+	    (dirp = _dl_calloc(1, sizeof(*dirp))) == NULL) {
 		_dl_close(fd);
 		return (NULL);
 	}
diff --git a/libexec/ld.so/dl_prebind.c b/libexec/ld.so/dl_prebind.c
index d35993e4bf7..ccd02c2aa24 100644
--- a/libexec/ld.so/dl_prebind.c
+++ b/libexec/ld.so/dl_prebind.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dl_prebind.c,v 1.13 2013/11/13 05:41:41 deraadt Exp $ */
+/* $OpenBSD: dl_prebind.c,v 1.14 2014/06/21 08:00:22 otto Exp $ */
 /*
  * Copyright (c) 2006 Dale Rahn <drahn@dalerahn.com>
  *
@@ -200,7 +200,8 @@ prebind_symcache(elf_object_t *object, int plt)
 		if (i <= NUM_STATIC_OBJS) {
 			objarray = &objarray_static[0];
 		} else {
-			objarray = _dl_malloc(sizeof(elf_object_t *) * i);
+			objarray = _dl_reallocarray(NULL, i,
+			    sizeof(elf_object_t *));
 		}
 
 		obj = _dl_objects;
diff --git a/libexec/ld.so/ldconfig/prebind_path.c b/libexec/ld.so/ldconfig/prebind_path.c
index c2f7100c96e..f179430640e 100644
--- a/libexec/ld.so/ldconfig/prebind_path.c
+++ b/libexec/ld.so/ldconfig/prebind_path.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: prebind_path.c,v 1.2 2013/11/13 05:41:43 deraadt Exp $	*/
+/*	$OpenBSD: prebind_path.c,v 1.3 2014/06/21 08:00:23 otto Exp $	*/
 
 /*
  * Copyright (c) 2013 Kurt Miller <kurt@intricatesoftware.com>
@@ -21,6 +21,12 @@
 #include <string.h>
 #include "util.h"
 
+void *                                                                         
+_dl_reallocarray(void *ptr, size_t cnt, size_t num)                            
+{                                                                              
+	return reallocarray(ptr, cnt, num);                                     
+} 
+
 void *
 _dl_malloc(size_t need)
 {
diff --git a/libexec/ld.so/library.c b/libexec/ld.so/library.c
index 60c69f370c6..74b5eb2bfd4 100644
--- a/libexec/ld.so/library.c
+++ b/libexec/ld.so/library.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: library.c,v 1.67 2012/08/20 23:25:07 matthew Exp $ */
+/*	$OpenBSD: library.c,v 1.68 2014/06/21 08:00:22 otto Exp $ */
 
 /*
  * Copyright (c) 2002 Dale Rahn
@@ -195,7 +195,7 @@ _dl_tryload_shlib(const char *libname, int type, int flags)
 				    TRUNC_PG(phdp->p_offset));
 			} else
 				res = NULL;	/* silence gcc */
-			next_load = _dl_malloc(sizeof(struct load_list));
+			next_load = _dl_calloc(1, sizeof(struct load_list));
 			next_load->next = load_list;
 			load_list = next_load;
 			next_load->start = start;
diff --git a/libexec/ld.so/library_mquery.c b/libexec/ld.so/library_mquery.c
index abbde2e533d..cfafa75ed35 100644
--- a/libexec/ld.so/library_mquery.c
+++ b/libexec/ld.so/library_mquery.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: library_mquery.c,v 1.44 2012/08/20 23:25:07 matthew Exp $ */
+/*	$OpenBSD: library_mquery.c,v 1.45 2014/06/21 08:00:23 otto Exp $ */
 
 /*
  * Copyright (c) 2002 Dale Rahn
@@ -158,6 +158,7 @@ _dl_tryload_shlib(const char *libname, int type, int flags)
 			size = off + phdp->p_filesz;
 
 			if (size != 0) {
+				/* XXX */
 				ld = _dl_malloc(sizeof(struct load_list));
 				ld->start = NULL;
 				ld->size = size;
@@ -171,7 +172,7 @@ _dl_tryload_shlib(const char *libname, int type, int flags)
 			    ROUND_PG(size) == ROUND_PG(off + phdp->p_memsz))
 				break;
 			/* This phdr has a zfod section */
-			ld = _dl_malloc(sizeof(struct load_list));
+			ld = _dl_calloc(1, sizeof(struct load_list));
 			ld->start = NULL;
 			ld->size = ROUND_PG(off + phdp->p_memsz) -
 			    ROUND_PG(size);
diff --git a/libexec/ld.so/loader.c b/libexec/ld.so/loader.c
index 3e688382a57..db0f559e73d 100644
--- a/libexec/ld.so/loader.c
+++ b/libexec/ld.so/loader.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: loader.c,v 1.147 2014/02/16 01:16:38 martynas Exp $ */
+/*	$OpenBSD: loader.c,v 1.148 2014/06/21 08:00:23 otto Exp $ */
 
 /*
  * Copyright (c) 1998 Per Fogelstrom, Opsycon AB
@@ -280,8 +280,10 @@ _dl_load_dep_libs(elf_object_t *object, int flags, int booting)
 			} *liblist;
 			int *randomlist;
 
-			liblist = _dl_malloc(libcount * sizeof(struct listent));
-			randomlist =  _dl_malloc(libcount * sizeof(int));
+			liblist = _dl_reallocarray(NULL, libcount,
+			    sizeof(struct listent));
+			randomlist =  _dl_reallocarray(NULL, libcount,
+			    sizeof(int));
 
 			if (liblist == NULL)
 				_dl_exit(5);
@@ -458,7 +460,7 @@ _dl_boot(const char **argv, char **envp, const long dyn_loff, long *dl_data)
 			if (phdp->p_vaddr > maxva)
 				maxva = phdp->p_vaddr + phdp->p_memsz;
 
-			next_load = _dl_malloc(sizeof(struct load_list));
+			next_load = _dl_calloc(1, sizeof(struct load_list));
 			next_load->next = load_list;
 			load_list = next_load;
 			next_load->start = (char *)TRUNC_PG(phdp->p_vaddr) + exe_loff;
@@ -560,6 +562,7 @@ _dl_boot(const char **argv, char **envp, const long dyn_loff, long *dl_data)
 			DL_DEB(("failed to mark DTDEBUG\n"));
 	}
 	if (map_link) {
+		/* XXX */
 		debug_map = (struct r_debug *)_dl_malloc(sizeof(*debug_map));
 		debug_map->r_version = 1;
 		debug_map->r_map = (struct link_map *)_dl_objects;
diff --git a/libexec/ld.so/malloc.c b/libexec/ld.so/malloc.c
index 92a378ab4ed..6a67c1e738d 100644
--- a/libexec/ld.so/malloc.c
+++ b/libexec/ld.so/malloc.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: malloc.c,v 1.2 2014/06/15 06:48:30 otto Exp $	*/
+/*	$OpenBSD: malloc.c,v 1.3 2014/06/21 08:00:23 otto Exp $	*/
 /*
  * Copyright (c) 2008, 2010, 2011 Otto Moerbeek <otto@drijf.net>
  * Copyright (c) 2012 Matthew Dempsky <matthew@openbsd.org>
@@ -887,7 +887,7 @@ _dl_malloc(size_t size)
 		malloc_recurse();
 		return NULL;
 	}
-	r = omalloc(size, 1 /* XXX */);
+	r = omalloc(size, 0);
 	malloc_active--;
 	return r;
 }
@@ -1020,3 +1020,49 @@ _dl_calloc(size_t nmemb, size_t size)
 	malloc_active--;
 	return r;
 }
+
+
+static void *
+orealloc(void *p, size_t newsz)
+{
+	struct region_info *r;
+	void *q;
+	size_t oldsz;
+
+	q = omalloc(newsz, 0);
+	if (p == NULL || q == NULL)
+		return q;
+	r = find(g_pool, p);
+	if (r == NULL)
+		wrterror("bogus pointer (double free?)");
+	REALSIZE(oldsz, r);	
+	if (oldsz > MALLOC_MAXCHUNK) {
+		if (oldsz < mopts.malloc_guard)
+			wrterror("guard size");
+		oldsz -= mopts.malloc_guard;
+	}
+	_dl_bcopy(p, q, oldsz < newsz ? oldsz : newsz);
+	_dl_free(p);
+	return q;
+}
+
+
+void *
+_dl_realloc(void *ptr, size_t size)
+{
+	void *r;
+  
+	malloc_func = "realloc():";  
+	if (g_pool == NULL) {
+		if (malloc_init() != 0)
+			return NULL;
+	}
+	if (malloc_active++) {
+		malloc_recurse();
+		return NULL;
+	}
+	r = orealloc(ptr, size);
+	malloc_active--;
+	return r;
+}
+
diff --git a/libexec/ld.so/path.c b/libexec/ld.so/path.c
index 5cc98ae25bc..239b6e86f06 100644
--- a/libexec/ld.so/path.c
+++ b/libexec/ld.so/path.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: path.c,v 1.1 2013/03/20 21:49:59 kurt Exp $	*/
+/*	$OpenBSD: path.c,v 1.2 2014/06/21 08:00:23 otto Exp $	*/
 
 /*
  * Copyright (c) 2013 Kurt Miller <kurt@intricatesoftware.com>
@@ -43,7 +43,7 @@ _dl_split_path(const char *searchpath)
 	/* one more for NULL entry */
 	count++;
 
-	retval = _dl_malloc(count * sizeof(retval));
+	retval = _dl_reallocarray(NULL, count, sizeof(retval));
 
 	if (retval == NULL)
 		return (NULL);
@@ -76,6 +76,7 @@ _dl_split_path(const char *searchpath)
 			pp = NULL;
 	}
 
+	retval[pos] = NULL;
 	return (retval);
 
 badret:
diff --git a/libexec/ld.so/reallocarray.c b/libexec/ld.so/reallocarray.c
new file mode 100644
index 00000000000..09cd7907b2c
--- /dev/null
+++ b/libexec/ld.so/reallocarray.c
@@ -0,0 +1,39 @@
+/*	$OpenBSD: reallocarray.c,v 1.1 2014/06/21 08:00:23 otto Exp $	*/
+/*
+ * Copyright (c) 2008 Otto Moerbeek <otto@drijf.net>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <sys/types.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include "archdep.h"
+
+/*
+ * This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX
+ * if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW
+ */
+#define MUL_NO_OVERFLOW	(1UL << (sizeof(size_t) * 4))
+
+void *
+_dl_reallocarray(void *optr, size_t nmemb, size_t size)
+{
+	if ((nmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) &&
+	    nmemb > 0 && SIZE_MAX / nmemb < size) {
+		_dl_wrstderr("reallocarray overflow\n");
+		_dl_exit(7);
+	}
+	return _dl_realloc(optr, size * nmemb);
+}
diff --git a/libexec/ld.so/resolve.c b/libexec/ld.so/resolve.c
index 1956dc39290..09ec28631b3 100644
--- a/libexec/ld.so/resolve.c
+++ b/libexec/ld.so/resolve.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: resolve.c,v 1.65 2013/11/27 21:25:25 deraadt Exp $ */
+/*	$OpenBSD: resolve.c,v 1.66 2014/06/21 08:00:23 otto Exp $ */
 
 /*
  * Copyright (c) 1998 Per Fogelstrom, Opsycon AB
@@ -245,7 +245,7 @@ _dl_finalize_object(const char *objname, Elf_Dyn *dynp, Elf_Phdr *phdrp,
 	_dl_printf("objname [%s], dynp %p, objtype %x lbase %lx, obase %lx\n",
 	    objname, dynp, objtype, lbase, obase);
 #endif
-	object = _dl_malloc(sizeof(elf_object_t));
+	object = _dl_calloc(1, sizeof(elf_object_t));
 	object->prev = object->next = NULL;
 
 	object->load_dyn = dynp;
@@ -329,6 +329,7 @@ _dl_finalize_object(const char *objname, Elf_Dyn *dynp, Elf_Phdr *phdrp,
 	object->phdrc = phdrc;
 	object->load_base = lbase;
 	object->obj_base = obase;
+	/* XXX */
 	object->load_name = _dl_strdup(objname);
 	object->load_object = _dl_loading_object;
 	if (object->load_object == object)
diff --git a/libexec/ld.so/sod.c b/libexec/ld.so/sod.c
index 2f9ffb73847..4142ce6b5d7 100644
--- a/libexec/ld.so/sod.c
+++ b/libexec/ld.so/sod.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sod.c,v 1.27 2013/12/03 01:47:05 deraadt Exp $	*/
+/*	$OpenBSD: sod.c,v 1.28 2014/06/21 08:00:23 otto Exp $	*/
 
 /*
  * Copyright (c) 1993 Paul Kranenburg
@@ -64,6 +64,7 @@ _dl_build_sod(const char *name, struct sod *sodp)
 	char		*realname, *tok, *etok, *cp;
 
 	/* default is an absolute or relative path */
+	/* XXX */
 	sodp->sod_name = (long)_dl_strdup(name);    /* strtok is destructive */
 	sodp->sod_library = 0;
 	sodp->sod_major = sodp->sod_minor = 0;
@@ -121,6 +122,7 @@ _dl_build_sod(const char *name, struct sod *sodp)
 	if (realname == NULL)
 		goto backout;
 	cp = (char *)sodp->sod_name;
+	/* XXX */
 	sodp->sod_name = (long)_dl_strdup(realname);
 	_dl_free(cp);
 	sodp->sod_library = 1;
@@ -130,6 +132,7 @@ _dl_build_sod(const char *name, struct sod *sodp)
 
 backout:
 	_dl_free((char *)sodp->sod_name);
+	/* XXX */
 	sodp->sod_name = (long)_dl_strdup(name);
 }
 
diff --git a/libexec/ld.so/util.c b/libexec/ld.so/util.c
index 627a5efc2f2..0b2b159cb52 100644
--- a/libexec/ld.so/util.c
+++ b/libexec/ld.so/util.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: util.c,v 1.31 2014/06/14 20:31:17 miod Exp $	*/
+/*	$OpenBSD: util.c,v 1.32 2014/06/21 08:00:23 otto Exp $	*/
 
 /*
  * Copyright (c) 1998 Per Fogelstrom, Opsycon AB
@@ -51,11 +51,12 @@ char *
 _dl_strdup(const char *orig)
 {
 	char *newstr;
-	int len;
+	size_t len;
 
 	len = _dl_strlen(orig)+1;
 	newstr = _dl_malloc(len);
-	_dl_strlcpy(newstr, orig, len);
+	if (newstr != NULL)
+		_dl_strlcpy(newstr, orig, len);
 	return (newstr);
 }
 
diff --git a/libexec/ld.so/util.h b/libexec/ld.so/util.h
index 945e34de57c..584617a793c 100644
--- a/libexec/ld.so/util.h
+++ b/libexec/ld.so/util.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: util.h,v 1.25 2014/01/23 01:07:45 deraadt Exp $	*/
+/*	$OpenBSD: util.h,v 1.26 2014/06/21 08:00:23 otto Exp $	*/
 
 /*
  * Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -34,7 +34,10 @@
 #include <sys/utsname.h>
 #include <stdarg.h>
 
-void *_dl_malloc(const size_t size);
+void *_dl_malloc(size_t size);
+void *_dl_calloc(size_t nmemb, const size_t size);
+void *_dl_realloc(void *, size_t size);
+void *_dl_reallocarray(void *, size_t nmemb, size_t size);
 void _dl_free(void *);
 char *_dl_strdup(const char *);
 size_t _dl_strlen(const char *);