1 files changed, 120 insertions, 39 deletions
diff --git a/util/libreboot-utils/lib/string.c b/util/libreboot-utils/lib/string.c
index c6e09752..76141c58 100644
--- a/util/libreboot-utils/lib/string.c
+++ b/util/libreboot-utils/lib/string.c
@@ -19,6 +19,51 @@
 
 #include "../include/common.h"
 
+/* safe(ish) malloc.
+
+   use this and free_and_set_null()
+   in your program, to reduce the
+   chance of use after frees!
+
+   if you use these functions in the
+   intended way, you will greatly reduce
+   the number of bugs in your code
+ */
+char *
+smalloc(char **buf, size_t size)
+{
+	return (char *)vmalloc((void **)buf, size);
+}
+void *
+vmalloc(void **buf, size_t size)
+{
+	void *rval = NULL;
+
+	if (size >= SIZE_MAX - 1)
+		err_exit(EOVERFLOW, "integer overflow in vmalloc");
+	if (buf == NULL)
+		err_exit(EFAULT, "Bad pointer passed to vmalloc");
+
+	/* lots of programs will
+	 * re-initialise a buffer
+	 * that was allocated, without
+	 * freeing or NULLing it. this
+	 * is here intentionally, to
+	 * force the programmer to behave
+	 */
+	if (*buf != NULL)
+		err_exit(EFAULT, "Non-null pointer given to vmalloc");
+
+	if (!size)
+		err_exit(EFAULT,
+		   "Tried to vmalloc(0) and that is very bad. Fix it now");
+
+	if ((rval = malloc(size)) == NULL)
+		err_exit(errno, "malloc fail in vmalloc");
+
+	return *buf = rval;
+}
+
 /* strict strcmp */
 int
 scmp(const char *a,
@@ -98,19 +143,16 @@ sdup(const char *s,
     size_t n, char **dest)
 {
 	size_t size;
-	char *rval;
+	char *rval = NULL;
 
 	if (dest == NULL ||
-	    slen(s, n, &size) < 0 ||
-	    if_err(size == SIZE_MAX, EOVERFLOW) ||
-	    (rval = malloc(size + 1)) == NULL) {
-
+	    slen(s, n, &size) < 0) {
 		if (dest != NULL)
 			*dest = NULL;
 		return -1;
 	}
 
-	memcpy(rval, s, size);
+	memcpy(smalloc(&rval, size + 1), s, size);
 	*(rval + size) = '\0';
 
 	*dest = rval;
@@ -133,10 +175,11 @@ scatn(ssize_t sc, const char **sv,
 
 	if (if_err(sc <= 0, EINVAL) ||
 	    if_err(sc > SIZE_MAX / sizeof(size_t), EOVERFLOW) ||
-	    if_err(sv == NULL, EINVAL) ||
-	    if_err((size = malloc(sizeof(size_t) * sc)) == NULL, ENOMEM))
+	    if_err(sv == NULL, EINVAL))
 		goto err;
 
+	vmalloc((void **)&size, sizeof(size_t) * sc);
+
 	for (i = 0; i < sc; i++, ts += size[i])
 		if (if_err(sv[i] == NULL, EINVAL) ||
 		    slen(sv[i], max, &size[i]) < 0 ||
@@ -145,10 +188,10 @@ scatn(ssize_t sc, const char **sv,
 			goto err;
 
 	if (if_err(ts > SIZE_MAX - 1, EOVERFLOW) ||
-	    if_err(ts > max - 1, EOVERFLOW) ||
-	    if_err((ct = malloc(ts + 1)) == NULL, ENOMEM))
+	    if_err(ts > max - 1, EOVERFLOW))
 		goto err;
 
+	smalloc(&ct, ts + 1);
 	for (ts = i = 0; i < sc; i++, ts += size[i])
 		memcpy(ct + ts, sv[i], size[i]);
 
@@ -158,14 +201,10 @@ scatn(ssize_t sc, const char **sv,
 	errno = saved_errno;
 	return 0;
 err:
-	if (ct != NULL)
-		free(ct);
-	if (size != NULL)
-		free(size);
-	if (errno == saved_errno)
-		errno = EFAULT;
+	free_and_set_null(&ct);
+	free_and_set_null((char **)&size);
 
-	return -1;
+	return set_errno(saved_errno, EFAULT);
 }
 
 /* strict strcat */
@@ -175,20 +214,20 @@ scat(const char *s1, const char *s2,
 {
 	size_t size1;
 	size_t size2;
-	char *rval;
+	char *rval = NULL;
 
 	if (dest == NULL ||
 	    slen(s1, n, &size1) < 0 ||
 	    slen(s2, n, &size2) < 0 ||
-	    if_err(size1 > SIZE_MAX - size2 - 1, EOVERFLOW) ||
-	    (rval = malloc(size1 + size2 + 1)) == NULL) {
+	    if_err(size1 > SIZE_MAX - size2 - 1, EOVERFLOW)) {
 
 		if (dest != NULL)
 			*dest = NULL;
 		return -1;
 	}
 
-	memcpy(rval, s1, size1);
+	memcpy(smalloc(&rval, size1 + size2 + 1),
+	    s1, size1);
 	memcpy(rval + size1, s2, size2);
 	*(rval + size1 + size2) = '\0';
 
@@ -210,17 +249,17 @@ dcat(const char *s, size_t n,
 	if (dest1 == NULL || dest2 == NULL ||
 	    slen(s, n, &size) < 0 ||
 	    if_err(size == SIZE_MAX, EOVERFLOW) ||
-	    if_err(off >= size, EOVERFLOW) ||
-	    (rval1 = malloc(off + 1)) == NULL ||
-	    (rval2 = malloc(size - off + 1)) == NULL) {
+	    if_err(off >= size, EOVERFLOW)) {
 
 		goto err;
 	}
 
-	memcpy(rval1, s, off);
+	memcpy(smalloc(&rval1, off + 1),
+	    s, off);
 	*(rval1 + off) = '\0';
 
-	memcpy(rval2, s + off, size - off);
+	memcpy(smalloc(&rval2, size - off +1),
+	    s + off, size - off);
 	*(rval2 + size - off) = '\0';
 
 	*dest1 = rval1;
@@ -242,21 +281,32 @@ err:
 	return -1;
 }
 
+/* on functions that return with errno,
+ * i sometimes have a default fallback,
+ * which is set if errno wasn't changed,
+ * under error condition.
+ */
+int
+set_errno(int saved_errno, int fallback)
+{
+	if (errno == saved_errno)
+		errno = fallback;
+	return -1;
+}
+
 /* the one for nvmutil state is in state.c */
 /* this one just exits */
 void
-err_no_cleanup(int stfu, int nvm_errval, const char *msg, ...)
+err_exit(int nvm_errval, const char *msg, ...)
 {
 	va_list args;
 	int saved_errno = errno;
 	const char *p;
 
-#if defined(__OpenBSD__) && defined(OpenBSD)
-#if (OpenBSD) >= 509
-	if (pledge("stdio", NULL) == -1)
-		fprintf(stderr, "pledge failure during exit");
-#endif
-#endif
+	func_t err_cleanup = errhook(NULL);
+	err_cleanup();
+	errno = saved_errno;
+
 	if (!errno)
 		saved_errno = errno = ECANCELED;
 
@@ -275,6 +325,37 @@ err_no_cleanup(int stfu, int nvm_errval, const char *msg, ...)
 	exit(EXIT_FAILURE);
 }
 
+/* the err function will
+ * call this upon exit, and
+ * cleanup will be performed
+ * e.g. you might want to
+ * close some files, depending
+ * on your program.
+ * see: err_exit()
+ */
+func_t errhook(func_t ptr)
+{
+	static int set = 0;
+	static func_t hook = NULL;
+
+	if (!set) {
+		set = 1;
+
+		if (ptr == NULL)
+			hook = no_op;
+		else
+			hook = ptr;
+	}
+
+	return hook;
+}
+
+void
+no_op(void)
+{
+	return;
+}
+
 const char *
 getnvmprogname(void)
 {
@@ -310,17 +391,18 @@ lbgetprogname(char *argv0)
 
 	if (!setname) {
 		if (if_err(argv0 == NULL || *argv0 == '\0', EFAULT) ||
-		    slen(argv0, 4096, &len) < 0 ||
-		    (progname = malloc(len + 1)) == NULL)
+		    slen(argv0, 4096, &len) < 0)
 			return NULL;
 
-		memcpy(progname, argv0, len + 1);
+		memcpy(smalloc(&progname, len + 1), argv0, len + 1);
 		setname = 1;
 	}
 
 	return progname;
 }
 
+/* https://man.openbsd.org/pledge.2
+   https://man.openbsd.org/unveil.2     */
 int
 xpledgex(const char *promises, const char *execpromises)
 {
@@ -328,12 +410,11 @@ xpledgex(const char *promises, const char *execpromises)
 	(void) promises, (void) execpromises, (void) saved_errno;
 #ifdef __OpenBSD__
 	if (pledge(promises, execpromises) == -1)
-		err_no_cleanup(0, errno, "pledge");
+		err_exit(errno, "pledge");
 #endif
 	errno = saved_errno;
 	return 0;
 }
-
 int
 xunveilx(const char *path, const char *permissions)
 {
@@ -341,7 +422,7 @@ xunveilx(const char *path, const char *permissions)
 	(void) path, (void) permissions, (void) saved_errno;
 #ifdef __OpenBSD__
 	if (pledge(promises, execpromises) == -1)
-		err_no_cleanup(0, errno, "pledge");
+		err_exit(errno, "pledge");
 #endif
 	errno = saved_errno;
 	return 0;