1818#include "azure_c_shared_utility/threadapi.h"
1919#include "azure_c_shared_utility/shared_util_options.h"
2020#include "azure_c_shared_utility/http_proxy_io.h"
21+ #include "azure_c_shared_utility/safe_math.h"
2122
2223#ifdef _MSC_VER
2324#define snprintf _snprintf
@@ -431,7 +432,18 @@ static void on_bytes_received(void* context, const unsigned char* buffer, size_t
431432 else
432433 {
433434 /* Here we got some bytes so we'll buffer them so the receive functions can consumer it */
434- new_received_bytes = (unsigned char * )realloc (http_instance -> received_bytes , http_instance -> received_bytes_count + size );
435+ size_t malloc_size = http_instance -> received_bytes_count + size ;
436+ if (malloc_size < size )
437+ {
438+ // check for int overflow
439+ new_received_bytes = NULL ;
440+ LogError ("Invalid size parameter" );
441+ }
442+ else
443+ {
444+ new_received_bytes = (unsigned char * )realloc (http_instance -> received_bytes , malloc_size );
445+ }
446+
435447 if (new_received_bytes == NULL )
436448 {
437449 http_instance -> is_io_error = 1 ;
@@ -1301,15 +1313,25 @@ HTTPAPI_RESULT HTTPAPI_SetOption(HTTP_HANDLE handle, const char* optionName, con
13011313 result = HTTPAPI_OK ;
13021314 http_instance -> certificate = (char * )value ;
13031315#else
1304- int len ;
13051316
13061317 if (http_instance -> certificate )
13071318 {
13081319 free (http_instance -> certificate );
13091320 }
13101321
1311- len = (int )strlen ((char * )value );
1312- http_instance -> certificate = (char * )malloc ((len + 1 ) * sizeof (char ));
1322+ size_t len = strlen ((char * )value );
1323+ size_t malloc_size = safe_add_size_t (len , 1 );
1324+ malloc_size = safe_multiply_size_t (malloc_size , sizeof (char ));
1325+ if (malloc_size == SIZE_MAX )
1326+ {
1327+ LogError ("Invalid malloc size" );
1328+ http_instance -> certificate = NULL ;
1329+ }
1330+ else
1331+ {
1332+ http_instance -> certificate = (char * )malloc (malloc_size );
1333+ }
1334+
13131335 if (http_instance -> certificate == NULL )
13141336 {
13151337 /*Codes_SRS_HTTPAPI_COMPACT_21_062: [ If any memory allocation get fail, the HTTPAPI_SetOption shall return HTTPAPI_ALLOC_FAILED. ]*/
@@ -1326,14 +1348,24 @@ HTTPAPI_RESULT HTTPAPI_SetOption(HTTP_HANDLE handle, const char* optionName, con
13261348 }
13271349 else if (strcmp (SU_OPTION_X509_CERT , optionName ) == 0 || strcmp (OPTION_X509_ECC_CERT , optionName ) == 0 )
13281350 {
1329- int len ;
13301351 if (http_instance -> x509ClientCertificate )
13311352 {
13321353 free (http_instance -> x509ClientCertificate );
13331354 }
13341355
1335- len = (int )strlen ((char * )value );
1336- http_instance -> x509ClientCertificate = (char * )malloc ((len + 1 ) * sizeof (char ));
1356+ size_t len = strlen ((char * )value );
1357+ size_t malloc_size = safe_add_size_t (len , 1 );
1358+ malloc_size = safe_multiply_size_t (malloc_size , sizeof (char ));
1359+ if (malloc_size == SIZE_MAX )
1360+ {
1361+ LogError ("Invalid malloc size" );
1362+ http_instance -> x509ClientCertificate = NULL ;
1363+ }
1364+ else
1365+ {
1366+ http_instance -> x509ClientCertificate = (char * )malloc (malloc_size );
1367+ }
1368+
13371369 if (http_instance -> x509ClientCertificate == NULL )
13381370 {
13391371 /*Codes_SRS_HTTPAPI_COMPACT_21_062: [ If any memory allocation get fail, the HTTPAPI_SetOption shall return HTTPAPI_ALLOC_FAILED. ]*/
@@ -1349,14 +1381,24 @@ HTTPAPI_RESULT HTTPAPI_SetOption(HTTP_HANDLE handle, const char* optionName, con
13491381 }
13501382 else if (strcmp (SU_OPTION_X509_PRIVATE_KEY , optionName ) == 0 || strcmp (OPTION_X509_ECC_KEY , optionName ) == 0 )
13511383 {
1352- int len ;
13531384 if (http_instance -> x509ClientPrivateKey )
13541385 {
13551386 free (http_instance -> x509ClientPrivateKey );
13561387 }
13571388
1358- len = (int )strlen ((char * )value );
1359- http_instance -> x509ClientPrivateKey = (char * )malloc ((len + 1 ) * sizeof (char ));
1389+ size_t len = strlen ((char * )value );
1390+ size_t malloc_size = safe_add_size_t (len , 1 );
1391+ malloc_size = safe_multiply_size_t (malloc_size , sizeof (char ));
1392+ if (malloc_size == SIZE_MAX )
1393+ {
1394+ LogError ("Invalid malloc size" );
1395+ http_instance -> x509ClientPrivateKey = NULL ;
1396+ }
1397+ else
1398+ {
1399+ http_instance -> x509ClientPrivateKey = (char * )malloc (malloc_size );
1400+ }
1401+
13601402 if (http_instance -> x509ClientPrivateKey == NULL )
13611403 {
13621404 /*Codes_SRS_HTTPAPI_COMPACT_21_062: [ If any memory allocation get fail, the HTTPAPI_SetOption shall return HTTPAPI_ALLOC_FAILED. ]*/
@@ -1482,7 +1524,17 @@ HTTPAPI_RESULT HTTPAPI_CloneOption(const char* optionName, const void* value, co
14821524 result = HTTPAPI_OK ;
14831525#else
14841526 certLen = strlen ((const char * )value );
1485- tempCert = (char * )malloc ((certLen + 1 ) * sizeof (char ));
1527+ size_t malloc_size = safe_add_size_t (certLen , 1 );
1528+ malloc_size = safe_multiply_size_t (malloc_size , sizeof (char ));
1529+ if (malloc_size == SIZE_MAX )
1530+ {
1531+ tempCert = NULL ;
1532+ }
1533+ else
1534+ {
1535+ tempCert = (char * )malloc (malloc_size );
1536+ }
1537+
14861538 if (tempCert == NULL )
14871539 {
14881540 /*Codes_SRS_HTTPAPI_COMPACT_21_070: [ If any memory allocation get fail, the HTTPAPI_CloneOption shall return HTTPAPI_ALLOC_FAILED. ]*/
@@ -1500,7 +1552,18 @@ HTTPAPI_RESULT HTTPAPI_CloneOption(const char* optionName, const void* value, co
15001552 else if (strcmp (SU_OPTION_X509_CERT , optionName ) == 0 || strcmp (OPTION_X509_ECC_CERT , optionName ) == 0 )
15011553 {
15021554 certLen = strlen ((const char * )value );
1503- tempCert = (char * )malloc ((certLen + 1 ) * sizeof (char ));
1555+ size_t malloc_size = safe_add_size_t (certLen , 1 );
1556+ malloc_size = safe_multiply_size_t (malloc_size , sizeof (char ));
1557+ if (malloc_size == SIZE_MAX )
1558+ {
1559+ LogError ("Invalid malloc size" );
1560+ tempCert = NULL ;
1561+ }
1562+ else
1563+ {
1564+ tempCert = (char * )malloc (malloc_size );
1565+ }
1566+
15041567 if (tempCert == NULL )
15051568 {
15061569 /*Codes_SRS_HTTPAPI_COMPACT_21_070: [ If any memory allocation get fail, the HTTPAPI_CloneOption shall return HTTPAPI_ALLOC_FAILED. ]*/
@@ -1517,7 +1580,18 @@ HTTPAPI_RESULT HTTPAPI_CloneOption(const char* optionName, const void* value, co
15171580 else if (strcmp (SU_OPTION_X509_PRIVATE_KEY , optionName ) == 0 || strcmp (OPTION_X509_ECC_KEY , optionName ) == 0 )
15181581 {
15191582 certLen = strlen ((const char * )value );
1520- tempCert = (char * )malloc ((certLen + 1 ) * sizeof (char ));
1583+ size_t malloc_size = safe_add_size_t (certLen , 1 );
1584+ malloc_size = safe_multiply_size_t (malloc_size , sizeof (char ));
1585+ if (malloc_size == SIZE_MAX )
1586+ {
1587+ LogError ("Invalid malloc size" );
1588+ tempCert = NULL ;
1589+ }
1590+ else
1591+ {
1592+ tempCert = (char * )malloc (malloc_size );
1593+ }
1594+
15211595 if (tempCert == NULL )
15221596 {
15231597 /*Codes_SRS_HTTPAPI_COMPACT_21_070: [ If any memory allocation get fail, the HTTPAPI_CloneOption shall return HTTPAPI_ALLOC_FAILED. ]*/
0 commit comments