The Tor Browser: security/nss/lib/util/secport.c@b8a032363ba2 (annotated)

security/nss/lib/util/secport.c@b8a032363ba2 (annotated)

security/nss/lib/util/secport.c

Thu, 22 Jan 2015 13:21:57 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Thu, 22 Jan 2015 13:21:57 +0100
branch: TOR_BUG_9701
changeset 15: b8a032363ba2
permissions: -rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /*
  * secport.c - portability interfaces for security libraries
  *
  * This file abstracts out libc functionality that libsec depends on
  *
  * NOTE - These are not public interfaces
  */
 #include "seccomon.h"
 #include "prmem.h"
 #include "prerror.h"
 #include "plarena.h"
 #include "secerr.h"
 #include "prmon.h"
 #include "nssilock.h"
 #include "secport.h"
 #include "prenv.h"
 #ifdef DEBUG
 #define THREADMARK
 #endif /* DEBUG */
 #ifdef THREADMARK
 #include "prthread.h"
 #endif /* THREADMARK */
 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS)
 #include <stdlib.h>
 #else
 #include "wtypes.h"
 #endif
 #define SET_ERROR_CODE	/* place holder for code to set PR error code. */
 #ifdef THREADMARK
 typedef struct threadmark_mark_str {
   struct threadmark_mark_str *next;
   void *mark;
 } threadmark_mark;
 #endif /* THREADMARK */
 /* The value of this magic must change each time PORTArenaPool changes. */
 #define ARENAPOOL_MAGIC 0xB8AC9BDF
 typedef struct PORTArenaPool_str {
   PLArenaPool arena;
   PRUint32    magic;
   PRLock *    lock;
 #ifdef THREADMARK
   PRThread *marking_thread;
   threadmark_mark *first_mark;
 #endif
 } PORTArenaPool;
 /* count of allocation failures. */
 unsigned long port_allocFailures;
 /* locations for registering Unicode conversion functions.
  * XXX is this the appropriate location?  or should they be
  *     moved to client/server specific locations?
  */
 PORTCharConversionFunc ucs4Utf8ConvertFunc;
 PORTCharConversionFunc ucs2Utf8ConvertFunc;
 PORTCharConversionWSwapFunc  ucs2AsciiConvertFunc;
 /* NSPR memory allocation functions (PR_Malloc, PR_Calloc, and PR_Realloc)
  * use the PRUint32 type for the size parameter. Before we pass a size_t or
  * unsigned long size to these functions, we need to ensure it is <= half of
  * the maximum PRUint32 value to avoid truncation and catch a negative size.
  */
 #define MAX_SIZE (PR_UINT32_MAX >> 1)
 void *
 PORT_Alloc(size_t bytes)
 {
     void *rv = NULL;
     if (bytes <= MAX_SIZE) {
 	/* Always allocate a non-zero amount of bytes */
 	rv = PR_Malloc(bytes ? bytes : 1);
     }
     if (!rv) {
 	++port_allocFailures;
 	PORT_SetError(SEC_ERROR_NO_MEMORY);
     }
     return rv;
 }
 void *
 PORT_Realloc(void *oldptr, size_t bytes)
 {
     void *rv = NULL;
     if (bytes <= MAX_SIZE) {
 	rv = PR_Realloc(oldptr, bytes);
     }
     if (!rv) {
 	++port_allocFailures;
 	PORT_SetError(SEC_ERROR_NO_MEMORY);
     }
     return rv;
 }
 void *
 PORT_ZAlloc(size_t bytes)
 {
     void *rv = NULL;
     if (bytes <= MAX_SIZE) {
 	/* Always allocate a non-zero amount of bytes */
 	rv = PR_Calloc(1, bytes ? bytes : 1);
     }
     if (!rv) {
 	++port_allocFailures;
 	PORT_SetError(SEC_ERROR_NO_MEMORY);
     }
     return rv;
 }
 void
 PORT_Free(void *ptr)
 {
     if (ptr) {
 	PR_Free(ptr);
     }
 }
 void
 PORT_ZFree(void *ptr, size_t len)
 {
     if (ptr) {
 	memset(ptr, 0, len);
 	PR_Free(ptr);
     }
 }
 char *
 PORT_Strdup(const char *str)
 {
     size_t len = PORT_Strlen(str)+1;
     char *newstr;
     newstr = (char *)PORT_Alloc(len);
     if (newstr) {
         PORT_Memcpy(newstr, str, len);
     }
     return newstr;
 }
 void
 PORT_SetError(int value)
 {
 #ifdef DEBUG_jp96085
     PORT_Assert(value != SEC_ERROR_REUSED_ISSUER_AND_SERIAL);
 #endif
     PR_SetError(value, 0);
     return;
 }
 int
 PORT_GetError(void)
 {
     return(PR_GetError());
 }
 /********************* Arena code follows *****************************
  * ArenaPools are like heaps.  The memory in them consists of large blocks,
  * called arenas, which are allocated from the/a system heap.  Inside an
  * ArenaPool, the arenas are organized as if they were in a stack.  Newly
  * allocated arenas are "pushed" on that stack.  When you attempt to
  * allocate memory from an ArenaPool, the code first looks to see if there
  * is enough unused space in the top arena on the stack to satisfy your
  * request, and if so, your request is satisfied from that arena.
  * Otherwise, a new arena is allocated (or taken from NSPR's list of freed
  * arenas) and pushed on to the stack.  The new arena is always big enough
  * to satisfy the request, and is also at least a minimum size that is
  * established at the time that the ArenaPool is created.
  *
  * The ArenaMark function returns the address of a marker in the arena at
  * the top of the arena stack.  It is the address of the place in the arena
  * on the top of the arena stack from which the next block of memory will
  * be allocated.  Each ArenaPool has its own separate stack, and hence
  * marks are only relevant to the ArenaPool from which they are gotten.
  * Marks may be nested.  That is, a thread can get a mark, and then get
  * another mark.
  *
  * It is intended that all the marks in an ArenaPool may only be owned by a
  * single thread.  In DEBUG builds, this is enforced.  In non-DEBUG builds,
  * it is not.  In DEBUG builds, when a thread gets a mark from an
  * ArenaPool, no other thread may acquire a mark in that ArenaPool while
  * that mark exists, that is, until that mark is unmarked or released.
  * Therefore, it is important that every mark be unmarked or released when
  * the creating thread has no further need for exclusive ownership of the
  * right to manage the ArenaPool.
  *
  * The ArenaUnmark function discards the ArenaMark at the address given,
  * and all marks nested inside that mark (that is, acquired from that same
  * ArenaPool while that mark existed).   It is an error for a thread other
  * than the mark's creator to try to unmark it.  When a thread has unmarked
  * all its marks from an ArenaPool, then another thread is able to set
  * marks in that ArenaPool.  ArenaUnmark does not deallocate (or "pop") any
  * memory allocated from the ArenaPool since the mark was created.
  *
  * ArenaRelease "pops" the stack back to the mark, deallocating all the
  * memory allocated from the arenas in the ArenaPool since that mark was
  * created, and removing any arenas from the ArenaPool that have no
  * remaining active allocations when that is done.  It implicitly releases
  * any marks nested inside the mark being explicitly released.  It is the
  * only operation, other than destroying the arenapool, that potentially
  * reduces the number of arenas on the stack.  Otherwise, the stack grows
  * until the arenapool is destroyed, at which point all the arenas are
  * freed or returned to a "free arena list", depending on their sizes.
  */
 PLArenaPool *
 PORT_NewArena(unsigned long chunksize)
 {
     PORTArenaPool *pool;
     if (chunksize > MAX_SIZE) {
 	PORT_SetError(SEC_ERROR_NO_MEMORY);
 	return NULL;
     }
     pool = PORT_ZNew(PORTArenaPool);
     if (!pool) {
 	return NULL;
     }
     pool->magic = ARENAPOOL_MAGIC;
     pool->lock = PZ_NewLock(nssILockArena);
     if (!pool->lock) {
 	++port_allocFailures;
 	PORT_Free(pool);
 	return NULL;
     }
     PL_InitArenaPool(&pool->arena, "security", chunksize, sizeof(double));
     return(&pool->arena);
 }
 void *
 PORT_ArenaAlloc(PLArenaPool *arena, size_t size)
 {
     void *p = NULL;
     PORTArenaPool *pool = (PORTArenaPool *)arena;
     if (size <= 0) {
 	size = 1;
     }
     if (size > MAX_SIZE) {
 	/* you lose. */
     } else
     /* Is it one of ours?  Assume so and check the magic */
     if (ARENAPOOL_MAGIC == pool->magic ) {
 	PZ_Lock(pool->lock);
 #ifdef THREADMARK
         /* Most likely one of ours.  Is there a thread id? */
 	if (pool->marking_thread  &&
 	    pool->marking_thread != PR_GetCurrentThread() ) {
 	    /* Another thread holds a mark in this arena */
 	    PZ_Unlock(pool->lock);
 	    PORT_SetError(SEC_ERROR_NO_MEMORY);
 	    PORT_Assert(0);
 	    return NULL;
 	} /* tid != null */
 #endif /* THREADMARK */
 	PL_ARENA_ALLOCATE(p, arena, size);
 	PZ_Unlock(pool->lock);
     } else {
 	PL_ARENA_ALLOCATE(p, arena, size);
     }
     if (!p) {
 	++port_allocFailures;
 	PORT_SetError(SEC_ERROR_NO_MEMORY);
     }
     return(p);
 }
 void *
 PORT_ArenaZAlloc(PLArenaPool *arena, size_t size)
 {
     void *p;
     if (size <= 0)
         size = 1;
     p = PORT_ArenaAlloc(arena, size);
     if (p) {
 	PORT_Memset(p, 0, size);
     }
     return(p);
 }
 /*
  * If zero is true, zeroize the arena memory before freeing it.
  */
 void
 PORT_FreeArena(PLArenaPool *arena, PRBool zero)
 {
     PORTArenaPool *pool = (PORTArenaPool *)arena;
     PRLock *       lock = (PRLock *)0;
     size_t         len  = sizeof *arena;
     static PRBool  checkedEnv = PR_FALSE;
     static PRBool  doFreeArenaPool = PR_FALSE;
     if (!pool)
     	return;
     if (ARENAPOOL_MAGIC == pool->magic ) {
 	len  = sizeof *pool;
 	lock = pool->lock;
 	PZ_Lock(lock);
     }
     if (!checkedEnv) {
 	/* no need for thread protection here */
 	doFreeArenaPool = (PR_GetEnv("NSS_DISABLE_ARENA_FREE_LIST") == NULL);
 	checkedEnv = PR_TRUE;
     }
     if (zero) {
 	PL_ClearArenaPool(arena, 0);
     }
     if (doFreeArenaPool) {
 	PL_FreeArenaPool(arena);
     } else {
 	PL_FinishArenaPool(arena);
     }
     PORT_ZFree(arena, len);
     if (lock) {
 	PZ_Unlock(lock);
 	PZ_DestroyLock(lock);
     }
 }
 void *
 PORT_ArenaGrow(PLArenaPool *arena, void *ptr, size_t oldsize, size_t newsize)
 {
     PORTArenaPool *pool = (PORTArenaPool *)arena;
     PORT_Assert(newsize >= oldsize);
     if (newsize > MAX_SIZE) {
 	PORT_SetError(SEC_ERROR_NO_MEMORY);
 	return NULL;
     }
     if (ARENAPOOL_MAGIC == pool->magic ) {
 	PZ_Lock(pool->lock);
 	/* Do we do a THREADMARK check here? */
 	PL_ARENA_GROW(ptr, arena, oldsize, ( newsize - oldsize ) );
 	PZ_Unlock(pool->lock);
     } else {
 	PL_ARENA_GROW(ptr, arena, oldsize, ( newsize - oldsize ) );
     }
     return(ptr);
 }
 void *
 PORT_ArenaMark(PLArenaPool *arena)
 {
     void * result;
     PORTArenaPool *pool = (PORTArenaPool *)arena;
     if (ARENAPOOL_MAGIC == pool->magic ) {
 	PZ_Lock(pool->lock);
 #ifdef THREADMARK
 	{
 	  threadmark_mark *tm, **pw;
 	  PRThread * currentThread = PR_GetCurrentThread();
 	    if (! pool->marking_thread ) {
 		/* First mark */
 		pool->marking_thread = currentThread;
 	    } else if (currentThread != pool->marking_thread ) {
 		PZ_Unlock(pool->lock);
 		PORT_SetError(SEC_ERROR_NO_MEMORY);
 		PORT_Assert(0);
 		return NULL;
 	    }
 	    result = PL_ARENA_MARK(arena);
 	    PL_ARENA_ALLOCATE(tm, arena, sizeof(threadmark_mark));
 	    if (!tm) {
 		PZ_Unlock(pool->lock);
 		PORT_SetError(SEC_ERROR_NO_MEMORY);
 		return NULL;
 	    }
 	    tm->mark = result;
 	    tm->next = (threadmark_mark *)NULL;
 	    pw = &pool->first_mark;
 	    while( *pw ) {
 		 pw = &(*pw)->next;
 	    }
 	    *pw = tm;
 	}
 #else /* THREADMARK */
 	result = PL_ARENA_MARK(arena);
 #endif /* THREADMARK */
 	PZ_Unlock(pool->lock);
     } else {
 	/* a "pure" NSPR arena */
 	result = PL_ARENA_MARK(arena);
     }
     return result;
 }
 /*
  * This function accesses the internals of PLArena, which is why it needs
  * to use the NSPR internal macro PL_MAKE_MEM_UNDEFINED before the memset
  * calls.
  *
  * We should move this function to NSPR as PL_ClearArenaAfterMark or add
  * a PL_ARENA_CLEAR_AND_RELEASE macro.
  *
  * TODO: remove the #ifdef PL_MAKE_MEM_UNDEFINED tests when NSPR 4.10+ is
  * widely available.
  */
 static void
 port_ArenaZeroAfterMark(PLArenaPool *arena, void *mark)
 {
     PLArena *a = arena->current;
     if (a->base <= (PRUword)mark && (PRUword)mark <= a->avail) {
 	/* fast path: mark falls in the current arena */
 #ifdef PL_MAKE_MEM_UNDEFINED
 	PL_MAKE_MEM_UNDEFINED(mark, a->avail - (PRUword)mark);
 #endif
 	memset(mark, 0, a->avail - (PRUword)mark);
     } else {
 	/* slow path: need to find the arena that mark falls in */
 	for (a = arena->first.next; a; a = a->next) {
 	    PR_ASSERT(a->base <= a->avail && a->avail <= a->limit);
 	    if (a->base <= (PRUword)mark && (PRUword)mark <= a->avail) {
 #ifdef PL_MAKE_MEM_UNDEFINED
 		PL_MAKE_MEM_UNDEFINED(mark, a->avail - (PRUword)mark);
 #endif
 		memset(mark, 0, a->avail - (PRUword)mark);
 		a = a->next;
 		break;
 	    }
 	}
 	for (; a; a = a->next) {
 	    PR_ASSERT(a->base <= a->avail && a->avail <= a->limit);
 #ifdef PL_MAKE_MEM_UNDEFINED
 	    PL_MAKE_MEM_UNDEFINED((void *)a->base, a->avail - a->base);
 #endif
 	    memset((void *)a->base, 0, a->avail - a->base);
 	}
     }
 }
 static void
 port_ArenaRelease(PLArenaPool *arena, void *mark, PRBool zero)
 {
     PORTArenaPool *pool = (PORTArenaPool *)arena;
     if (ARENAPOOL_MAGIC == pool->magic ) {
 	PZ_Lock(pool->lock);
 #ifdef THREADMARK
 	{
 	    threadmark_mark **pw, *tm;
 	    if (PR_GetCurrentThread() != pool->marking_thread ) {
 		PZ_Unlock(pool->lock);
 		PORT_SetError(SEC_ERROR_NO_MEMORY);
 		PORT_Assert(0);
 		return /* no error indication available */ ;
 	    }
 	    pw = &pool->first_mark;
 	    while( *pw && (mark != (*pw)->mark) ) {
 		pw = &(*pw)->next;
 	    }
 	    if (! *pw ) {
 		/* bad mark */
 		PZ_Unlock(pool->lock);
 		PORT_SetError(SEC_ERROR_NO_MEMORY);
 		PORT_Assert(0);
 		return /* no error indication available */ ;
 	    }
 	    tm = *pw;
 	    *pw = (threadmark_mark *)NULL;
 	    if (zero) {
 		port_ArenaZeroAfterMark(arena, mark);
 	    }
 	    PL_ARENA_RELEASE(arena, mark);
 	    if (! pool->first_mark ) {
 		pool->marking_thread = (PRThread *)NULL;
 	    }
 	}
 #else /* THREADMARK */
 	if (zero) {
 	    port_ArenaZeroAfterMark(arena, mark);
 	}
 	PL_ARENA_RELEASE(arena, mark);
 #endif /* THREADMARK */
 	PZ_Unlock(pool->lock);
     } else {
 	if (zero) {
 	    port_ArenaZeroAfterMark(arena, mark);
 	}
 	PL_ARENA_RELEASE(arena, mark);
     }
 }
 void
 PORT_ArenaRelease(PLArenaPool *arena, void *mark)
 {
     port_ArenaRelease(arena, mark, PR_FALSE);
 }
 /*
  * Zeroize the arena memory before releasing it.
  */
 void
 PORT_ArenaZRelease(PLArenaPool *arena, void *mark)
 {
     port_ArenaRelease(arena, mark, PR_TRUE);
 }
 void
 PORT_ArenaUnmark(PLArenaPool *arena, void *mark)
 {
 #ifdef THREADMARK
     PORTArenaPool *pool = (PORTArenaPool *)arena;
     if (ARENAPOOL_MAGIC == pool->magic ) {
 	threadmark_mark **pw, *tm;
 	PZ_Lock(pool->lock);
 	if (PR_GetCurrentThread() != pool->marking_thread ) {
 	    PZ_Unlock(pool->lock);
 	    PORT_SetError(SEC_ERROR_NO_MEMORY);
 	    PORT_Assert(0);
 	    return /* no error indication available */ ;
 	}
 	pw = &pool->first_mark;
 	while( ((threadmark_mark *)NULL != *pw) && (mark != (*pw)->mark) ) {
 	    pw = &(*pw)->next;
 	}
 	if ((threadmark_mark *)NULL == *pw ) {
 	    /* bad mark */
 	    PZ_Unlock(pool->lock);
 	    PORT_SetError(SEC_ERROR_NO_MEMORY);
 	    PORT_Assert(0);
 	    return /* no error indication available */ ;
 	}
 	tm = *pw;
 	*pw = (threadmark_mark *)NULL;
 	if (! pool->first_mark ) {
 	    pool->marking_thread = (PRThread *)NULL;
 	}
 	PZ_Unlock(pool->lock);
     }
 #endif /* THREADMARK */
 }
 char *
 PORT_ArenaStrdup(PLArenaPool *arena, const char *str) {
     int len = PORT_Strlen(str)+1;
     char *newstr;
     newstr = (char*)PORT_ArenaAlloc(arena,len);
     if (newstr) {
         PORT_Memcpy(newstr,str,len);
     }
     return newstr;
 }
 /********************** end of arena functions ***********************/
 /****************** unicode conversion functions ***********************/
 /*
  * NOTE: These conversion functions all assume that the multibyte
  * characters are going to be in NETWORK BYTE ORDER, not host byte
  * order.  This is because the only time we deal with UCS-2 and UCS-4
  * are when the data was received from or is going to be sent out
  * over the wire (in, e.g. certificates).
  */
 void
 PORT_SetUCS4_UTF8ConversionFunction(PORTCharConversionFunc convFunc)
 {
     ucs4Utf8ConvertFunc = convFunc;
 }
 void
 PORT_SetUCS2_ASCIIConversionFunction(PORTCharConversionWSwapFunc convFunc)
 {
     ucs2AsciiConvertFunc = convFunc;
 }
 void
 PORT_SetUCS2_UTF8ConversionFunction(PORTCharConversionFunc convFunc)
 {
     ucs2Utf8ConvertFunc = convFunc;
 }
 PRBool
 PORT_UCS4_UTF8Conversion(PRBool toUnicode, unsigned char *inBuf,
 			 unsigned int inBufLen, unsigned char *outBuf,
 			 unsigned int maxOutBufLen, unsigned int *outBufLen)
 {
     if(!ucs4Utf8ConvertFunc) {
       return sec_port_ucs4_utf8_conversion_function(toUnicode,
         inBuf, inBufLen, outBuf, maxOutBufLen, outBufLen);
     }
     return (*ucs4Utf8ConvertFunc)(toUnicode, inBuf, inBufLen, outBuf,
 				  maxOutBufLen, outBufLen);
 }
 PRBool
 PORT_UCS2_UTF8Conversion(PRBool toUnicode, unsigned char *inBuf,
 			 unsigned int inBufLen, unsigned char *outBuf,
 			 unsigned int maxOutBufLen, unsigned int *outBufLen)
 {
     if(!ucs2Utf8ConvertFunc) {
       return sec_port_ucs2_utf8_conversion_function(toUnicode,
         inBuf, inBufLen, outBuf, maxOutBufLen, outBufLen);
     }
     return (*ucs2Utf8ConvertFunc)(toUnicode, inBuf, inBufLen, outBuf,
 				  maxOutBufLen, outBufLen);
 }
 PRBool
 PORT_ISO88591_UTF8Conversion(const unsigned char *inBuf,
 			 unsigned int inBufLen, unsigned char *outBuf,
 			 unsigned int maxOutBufLen, unsigned int *outBufLen)
 {
     return sec_port_iso88591_utf8_conversion_function(inBuf, inBufLen,
       outBuf, maxOutBufLen, outBufLen);
 }
 PRBool
 PORT_UCS2_ASCIIConversion(PRBool toUnicode, unsigned char *inBuf,
 			  unsigned int inBufLen, unsigned char *outBuf,
 			  unsigned int maxOutBufLen, unsigned int *outBufLen,
 			  PRBool swapBytes)
 {
     if(!ucs2AsciiConvertFunc) {
 	return PR_FALSE;
     }
     return (*ucs2AsciiConvertFunc)(toUnicode, inBuf, inBufLen, outBuf,
 				  maxOutBufLen, outBufLen, swapBytes);
 }
 /* Portable putenv.  Creates/replaces an environment variable of the form
  *  envVarName=envValue
  */
 int
 NSS_PutEnv(const char * envVarName, const char * envValue)
 {
     SECStatus result = SECSuccess;
     char *    encoded;
     int       putEnvFailed;
 #ifdef _WIN32
     PRBool      setOK;
     setOK = SetEnvironmentVariable(envVarName, envValue);
     if (!setOK) {
         SET_ERROR_CODE
         return SECFailure;
     }
 #endif
     encoded = (char *)PORT_ZAlloc(strlen(envVarName) + 2 + strlen(envValue));
     strcpy(encoded, envVarName);
     strcat(encoded, "=");
     strcat(encoded, envValue);
     putEnvFailed = putenv(encoded); /* adopt. */
     if (putEnvFailed) {
         SET_ERROR_CODE
         result = SECFailure;
         PORT_Free(encoded);
     }
     return result;
 }
 /*
  * Perform a constant-time compare of two memory regions. The return value is
  * 0 if the memory regions are equal and non-zero otherwise.
  */
 int
 NSS_SecureMemcmp(const void *ia, const void *ib, size_t n)
 {
     const unsigned char *a = (const unsigned char*) ia;
     const unsigned char *b = (const unsigned char*) ib;
     size_t i;
     unsigned char r = 0;
     for (i = 0; i < n; ++i) {
         r |= *a++ ^ *b++;
     }
     return r;
 }

The Tor Browser / annotate

security/nss/lib/util/secport.c@b8a032363ba2 (annotated)

security/nss/lib/util/secport.c