From 6c3ccf5fd030e4c48c103e9175a13752bc64cb01 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 29 Jun 2015 14:57:45 +0200 Subject: [PATCH] Fix thread-safety issue in debug.c Closes #203 --- ChangeLog | 5 +++++ include/polarssl/debug.h | 5 ++++- library/debug.c | 25 ++++++++++++++++++++----- tests/suites/test_suite_debug.function | 4 ++-- 4 files changed, 31 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index c67b35885..a20669021 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 1.3.12 released 2015-07-?? + +Bugfix + * Fix thread-safety issue in SSL debug module (found by Edwin van Vliet). + = mbed TLS 1.3.11 released 2015-06-04 Security diff --git a/include/polarssl/debug.h b/include/polarssl/debug.h index fcf149083..2dd89a227 100644 --- a/include/polarssl/debug.h +++ b/include/polarssl/debug.h @@ -57,7 +57,7 @@ #define SSL_DEBUG_MSG( level, args ) \ - debug_print_msg( ssl, level, __FILE__, __LINE__, debug_fmt args ); + debug_print_msg_free( ssl, level, __FILE__, __LINE__, debug_fmt args ); #define SSL_DEBUG_RET( level, text, ret ) \ debug_print_ret( ssl, level, __FILE__, __LINE__, text, ret ); @@ -115,6 +115,9 @@ void debug_set_threshold( int threshold ); char *debug_fmt( const char *format, ... ); +void debug_print_msg_free( const ssl_context *ssl, int level, + const char *file, int line, char *text ); + void debug_print_msg( const ssl_context *ssl, int level, const char *file, int line, const char *text ); diff --git a/library/debug.c b/library/debug.c index 825cc9480..753fc0faa 100644 --- a/library/debug.c +++ b/library/debug.c @@ -47,9 +47,13 @@ #if defined(POLARSSL_PLATFORM_C) #include "polarssl/platform.h" #else -#define polarssl_snprintf snprintf +#define polarssl_snprintf snprintf +#define polarssl_malloc malloc +#define polarssl_free free #endif +#define DEBUG_BUF_SIZE 512 + static int debug_log_mode = POLARSSL_DEBUG_DFL_MODE; static int debug_threshold = 0; @@ -66,17 +70,28 @@ void debug_set_threshold( int threshold ) char *debug_fmt( const char *format, ... ) { va_list argp; - static char str[512]; - int maxlen = sizeof( str ) - 1; + char *str = polarssl_malloc( DEBUG_BUF_SIZE ); + + if( str == NULL ) + return; va_start( argp, format ); - vsnprintf( str, maxlen, format, argp ); + vsnprintf( str, DEBUG_BUF_SIZE - 1, format, argp ); va_end( argp ); - str[maxlen] = '\0'; + str[DEBUG_BUF_SIZE - 1] = '\0'; return( str ); } +void debug_print_msg_free( const ssl_context *ssl, int level, + const char *file, int line, char *text ) +{ + if( text != NULL ) + debug_print_msg( ssl, level, file, line, text ); + + polarssl_free( text ); +} + void debug_print_msg( const ssl_context *ssl, int level, const char *file, int line, const char *text ) { diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index 7db04e5d3..df3401086 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -44,8 +44,8 @@ void debug_print_msg_threshold( int threshold, int level, char *file, int line, debug_set_threshold( threshold ); ssl_set_dbg(&ssl, string_debug, &buffer); - debug_print_msg( &ssl, level, file, line, - debug_fmt("Text message, 2 == %d", 2 ) ); + debug_print_msg_free( &ssl, level, file, line, + debug_fmt("Text message, 2 == %d", 2 ) ); TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 ); }