builtin,crypto: fix problems detected by -fsanitize=address,undefined and -fsanitize=memory

2021-11-28 20:35:18 +02:00 · 2021-11-28 20:35:18 +02:00 · 31fe02de8c
parent b4c52b72cf
commit 31fe02de8c
5 changed files with 28 additions and 19 deletions
--- a/vlib/builtin/array.v
+++ b/vlib/builtin/array.v
@ -506,7 +506,8 @@ pub fn (a &array) free() {
 	// if a.is_slice {
 	// return
 	// }
-	unsafe { free(&byte(a.data) - a.offset) }
+	mblock_ptr := &byte(u64(a.data) - u64(a.offset))
+	unsafe { free(mblock_ptr) }
 }

 // filter creates a new array with all elements that pass the test implemented by the provided function
--- a/vlib/crypto/bcrypt/bcrypt.v
+++ b/vlib/crypto/bcrypt/bcrypt.v
@ -8,7 +8,7 @@ pub const (
 	min_cost              = 4
 	max_cost              = 31
 	default_cost          = 10
-	solt_length           = 16
+	salt_length           = 16
 	max_crypted_hash_size = 23
 	encoded_salt_size     = 22
 	encoded_hash_size     = 31
@ -32,8 +32,8 @@ const magic_cipher_data = [byte(0x4f), 0x72, 0x70, 0x68, 0x65, 0x61, 0x6e, 0x42,

 pub fn generate_from_password(password []byte, cost int) ?string {
 	mut p := new_from_password(password, cost) or { return error('Error: $err') }
-
-	return string(p.hash_byte())
+	x := p.hash_byte()
+	return x.bytestr()
 }

 pub fn compare_hash_and_password(password []byte, hashed_password []byte) ? {
@ -50,13 +50,13 @@ pub fn compare_hash_and_password(password []byte, hashed_password []byte) ? {
 		minor: p.minor
 	}

-	if string(p.hash_byte()) != string(other_p.hash_byte()) {
+	if p.hash_byte() != other_p.hash_byte() {
 		return error('mismatched hash and password')
 	}
 }

 pub fn generate_salt() string {
-	randbytes := rand.read(bcrypt.solt_length) or { panic(err) }
+	randbytes := rand.read(bcrypt.salt_length) or { panic(err) }
 	return randbytes.bytestr()
 }

@ -65,7 +65,7 @@ fn new_from_password(password []byte, cost int) ?&Hashed {
 	if cost < bcrypt.min_cost {
 		cost_ = bcrypt.default_cost
 	}
-	mut p := Hashed{}
+	mut p := &Hashed{}
 	p.major = bcrypt.major_version
 	p.minor = bcrypt.minor_version

@ -74,10 +74,11 @@ fn new_from_password(password []byte, cost int) ?&Hashed {
 	}
 	p.cost = cost_

-	p.salt = base64.encode(generate_salt().bytes()).bytes()
+	salt := generate_salt().bytes()
+	p.salt = base64.encode(salt).bytes()
 	hash := bcrypt(password, p.cost, p.salt) or { return err }
 	p.hash = hash
-	return &p
+	return p
 }

 fn new_from_hash(hashed_secret []byte) ?&Hashed {
@ -86,17 +87,17 @@ fn new_from_hash(hashed_secret []byte) ?&Hashed {
 		return error('hash to short')
 	}

-	mut p := Hashed{}
+	mut p := &Hashed{}
 	mut n := p.decode_version(tmp) or { return err }
-	tmp = tmp[n..]
+	tmp = tmp[n..].clone()

 	n = p.decode_cost(tmp) or { return err }
-	tmp = tmp[n..]
+	tmp = tmp[n..].clone()

 	p.salt = tmp[..bcrypt.encoded_salt_size].clone()
 	p.hash = tmp[bcrypt.encoded_salt_size..].clone()

-	return &p
+	return p
 }

 fn bcrypt(password []byte, cost int, salt []byte) ?[]byte {
@ -132,7 +133,7 @@ fn expensive_blowfish_setup(key []byte, cost u32, salt []byte) ?&blowfish.Blowfi
 }

 fn (mut h Hashed) hash_byte() []byte {
-	mut arr := []byte{len: 60, init: 0}
+	mut arr := []byte{len: 65, init: 0}
 	arr[0] = `$`
 	arr[1] = h.major[0]
 	mut n := 2
@ -150,7 +151,8 @@ fn (mut h Hashed) hash_byte() []byte {
 	n += bcrypt.encoded_salt_size
 	copy(arr[n..], h.hash)
 	n += bcrypt.encoded_hash_size
-	return arr[..n]
+	res := arr[..n].clone()
+	return res
 }

 fn (mut h Hashed) decode_version(sbytes []byte) ?int {
--- a/vlib/crypto/blowfish/block.v
+++ b/vlib/crypto/blowfish/block.v
@ -119,7 +119,8 @@ fn encrypt_block(l u32, r u32, mut bf Blowfish) []u32 {
 	xl ^= ((bf.s[0][byte(xr >> 24)] + bf.s[1][byte(xr >> 16)]) ^ bf.s[2][byte(xr >> 8)]) +
 		(bf.s[3][byte(xr)] ^ bf.p[16])
 	xr ^= bf.p[17]
-	return [xl, xr]
+	res := [xl, xr]
+	return res
 }

 fn get_next_word(b []byte, pos &int) u32 {
--- a/vlib/crypto/rand/rand_linux.c.v
+++ b/vlib/crypto/rand/rand_linux.c.v
@ -11,7 +11,7 @@ const (

 // read returns an array of `bytes_needed` random bytes read from the OS.
 pub fn read(bytes_needed int) ?[]byte {
-	mut buffer := unsafe { malloc_noscan(bytes_needed) }
+	mut buffer := unsafe { vcalloc_noscan(bytes_needed) }
 	mut bytes_read := 0
 	mut remaining_bytes := bytes_needed
 	// getrandom syscall wont block if requesting <= 256 bytes
--- a/vlib/encoding/base64/base64.c.v
+++ b/vlib/encoding/base64/base64.c.v
@ -210,7 +210,8 @@ pub fn decode_str(data string) string {
 	unsafe {
 		buffer := malloc_noscan(size + 1)
 		buffer[size] = 0
-		return tos(buffer, decode_in_buffer(data, buffer))
+		blen := decode_in_buffer(data, buffer)
+		return tos(buffer, blen)
 	}
 }

@ -230,6 +231,9 @@ pub fn encode_str(data string) string {
 // alloc_and_encode is a private function that allocates and encodes data into a string
 // Used by encode and encode_str
 fn alloc_and_encode(src &byte, len int) string {
+	if len == 0 {
+		return ''
+	}	
 	size := 4 * ((len + 2) / 3)
 	if size <= 0 {
 		return ''
@ -237,6 +241,7 @@ fn alloc_and_encode(src &byte, len int) string {
 	unsafe {
 		buffer := malloc_noscan(size + 1)
 		buffer[size] = 0
-		return tos(buffer, encode_from_buffer(buffer, src, len))
+		blen := encode_from_buffer(buffer, src, len)
+		return tos(buffer, blen)
 	}
 }