Security Scol plugin
|
Secure memory block with allocator and cleanup. More...
#include <secblock.h>
Public Types | |
typedef A::value_type | value_type |
typedef A::pointer | iterator |
typedef A::const_pointer | const_iterator |
typedef A::size_type | size_type |
Public Member Functions | |
SecBlock (size_type size=0) | |
Construct a SecBlock with space for size elements. | |
SecBlock (const SecBlock< T, A > &t) | |
Copy construct a SecBlock from another SecBlock. | |
SecBlock (const T *ptr, size_type len) | |
Construct a SecBlock from an array of elements. | |
operator const void * () const | |
Cast operator. | |
operator void * () | |
Cast operator. | |
operator const T * () const | |
Cast operator. | |
operator T* () | |
Cast operator. | |
iterator | begin () |
Provides an iterator pointing to the first element in the memory block. | |
const_iterator | begin () const |
Provides a constant iterator pointing to the first element in the memory block. | |
iterator | end () |
Provides an iterator pointing beyond the last element in the memory block. | |
const_iterator | end () const |
Provides a constant iterator pointing beyond the last element in the memory block. | |
A::pointer | data () |
Provides a pointer to the first element in the memory block. | |
A::const_pointer | data () const |
Provides a pointer to the first element in the memory block. | |
size_type | size () const |
Provides the count of elements in the SecBlock. | |
bool | empty () const |
Determines if the SecBlock is empty. | |
byte * | BytePtr () |
Provides a byte pointer to the first element in the memory block. | |
const byte * | BytePtr () const |
Return a byte pointer to the first element in the memory block. | |
size_type | SizeInBytes () const |
Provides the number of bytes in the SecBlock. | |
void | Assign (const T *ptr, size_type len) |
Set contents and size from an array. | |
void | Assign (size_type count, T value) |
Set contents from a value. | |
void | Assign (const SecBlock< T, A > &t) |
Copy contents from another SecBlock. | |
void | Append (const T *ptr, size_type len) |
Append contents from an array. | |
void | Append (const SecBlock< T, A > &t) |
Append contents from another SecBlock. | |
void | Append (size_type count, T value) |
Append contents from a value. | |
void | SetMark (size_t count) |
Sets the number of elements to zeroize. | |
SecBlock< T, A > & | operator= (const SecBlock< T, A > &t) |
Assign contents from another SecBlock. | |
SecBlock< T, A > & | operator+= (const SecBlock< T, A > &t) |
Append contents from another SecBlock. | |
SecBlock< T, A > | operator+ (const SecBlock< T, A > &t) |
Construct a SecBlock from this and another SecBlock. | |
bool | operator== (const SecBlock< T, A > &t) const |
Bitwise compare two SecBlocks. | |
bool | operator!= (const SecBlock< T, A > &t) const |
Bitwise compare two SecBlocks. | |
void | New (size_type newSize) |
Change size without preserving contents. | |
void | CleanNew (size_type newSize) |
Change size without preserving contents. | |
void | Grow (size_type newSize) |
Change size and preserve contents. | |
void | CleanGrow (size_type newSize) |
Change size and preserve contents. | |
void | resize (size_type newSize) |
Change size and preserve contents. | |
void | swap (SecBlock< T, A > &b) |
Swap contents with another SecBlock. | |
Static Public Attributes | |
static const size_type | ELEMS_MAX = SIZE_MAX/sizeof(T) |
Returns the maximum number of elements the block can hold. | |
Protected Attributes | |
A | m_alloc |
size_type | m_mark |
size_type | m_size |
T * | m_ptr |
Secure memory block with allocator and cleanup.
T | a class or type |
A | AllocatorWithCleanup derived class for allocation and cleanup |
Definition at line 730 of file secblock.h.
typedef A::const_pointer SecBlock< T, A >::const_iterator |
Definition at line 735 of file secblock.h.
typedef A::pointer SecBlock< T, A >::iterator |
Definition at line 734 of file secblock.h.
typedef A::size_type SecBlock< T, A >::size_type |
Definition at line 736 of file secblock.h.
typedef A::value_type SecBlock< T, A >::value_type |
Definition at line 733 of file secblock.h.
|
inlineexplicit |
Construct a SecBlock with space for size elements.
size | the size of the allocation, in elements |
std::bad_alloc |
The elements are not initialized.
Definition at line 766 of file secblock.h.
|
inline |
Copy construct a SecBlock from another SecBlock.
t | the other SecBlock |
std::bad_alloc |
Definition at line 773 of file secblock.h.
|
inline |
Construct a SecBlock from an array of elements.
ptr | a pointer to an array of T |
len | the number of elements in the memory block |
std::bad_alloc |
If ptr!=NULL
and len!=0
, then the block is initialized from the pointer ptr
. If ptr==NULL
and len!=0
, then the block is initialized to 0. Otherwise, the block is empty and not initialized.
Definition at line 789 of file secblock.h.
Definition at line 798 of file secblock.h.
|
inline |
Append contents from another SecBlock.
t | the other SecBlock |
InvalidArgument | if resulting size would overflow |
Internally, this SecBlock calls Grow() and then appends t.
Append() may be less efficient than a ByteQueue because Append() must Grow() the internal array and then copy elements. The ByteQueue can copy elements without growing.
Definition at line 973 of file secblock.h.
|
inline |
Append contents from an array.
ptr | a pointer to an array of T |
len | the number of elements in the memory block |
InvalidArgument | if resulting size would overflow |
The array pointed to by ptr
must be distinct from this SecBlock because Append() calls Grow() and then memcpy(). The call to Grow() will invalidate all pointers and iterators, like the pointer returned from data().
Append() may be less efficient than a ByteQueue because Append() must Grow() the internal array and then copy elements. The ByteQueue can copy elements without growing.
Definition at line 952 of file secblock.h.
|
inline |
Append contents from a value.
count | the number of values to copy |
value | the value, repeated count times |
InvalidArgument | if resulting size would overflow |
Internally, this SecBlock calls Grow() and then appends value.
Append() may be less efficient than a ByteQueue because Append() must Grow() the internal array and then copy elements. The ByteQueue can copy elements without growing.
Definition at line 1004 of file secblock.h.
|
inline |
Copy contents from another SecBlock.
t | the other SecBlock |
Assign checks for self assignment.
If the memory block is reduced in size, then the reclaimed memory is set to 0. If an assignment occurs, then Assign() resets the element count after the previous block is zeroized.
Definition at line 928 of file secblock.h.
|
inline |
Set contents and size from an array.
ptr | a pointer to an array of T |
len | the number of elements in the memory block |
The array pointed to by ptr
must be distinct from this SecBlock because Assign() calls New() and then memcpy(). The call to New() will invalidate all pointers and iterators, like the pointer returned from data().
If the memory block is reduced in size, then the reclaimed memory is set to 0. If an assignment occurs, then Assign() resets the element count after the previous block is zeroized.
Definition at line 898 of file secblock.h.
|
inline |
Set contents from a value.
count | the number of values to copy |
value | the value, repeated count times |
If the memory block is reduced in size, then the reclaimed memory is set to 0. If an assignment occurs, then Assign() resets the element count after the previous block is zeroized.
Definition at line 913 of file secblock.h.
|
inline |
Provides an iterator pointing to the first element in the memory block.
Definition at line 836 of file secblock.h.
|
inline |
Provides a constant iterator pointing to the first element in the memory block.
Definition at line 841 of file secblock.h.
Provides a byte pointer to the first element in the memory block.
Definition at line 876 of file secblock.h.
|
inline |
Return a byte pointer to the first element in the memory block.
Definition at line 880 of file secblock.h.
|
inline |
Change size and preserve contents.
newSize | the new size of the memory block |
Old content is preserved. New content is initialized to 0.
Internally, this SecBlock calls reallocate() when size must increase. If the size does not increase, then CleanGrow() does not take action. If the size must change, then use resize(). CleanGrow() resets the element count after the previous block is zeroized.
Definition at line 1179 of file secblock.h.
|
inline |
Change size without preserving contents.
newSize | the new size of the memory block |
Old content is not preserved. If the memory block is reduced in size, then the reclaimed content is set to 0. If the memory block grows in size, then the new memory is initialized to 0. CleanNew() resets the element count after the previous block is zeroized.
Internally, this SecBlock calls New().
Definition at line 1143 of file secblock.h.
|
inline |
Provides a pointer to the first element in the memory block.
Definition at line 857 of file secblock.h.
|
inline |
Provides a pointer to the first element in the memory block.
Definition at line 861 of file secblock.h.
|
inline |
Determines if the SecBlock is empty.
Definition at line 871 of file secblock.h.
|
inline |
Provides an iterator pointing beyond the last element in the memory block.
Definition at line 846 of file secblock.h.
|
inline |
Provides a constant iterator pointing beyond the last element in the memory block.
Definition at line 851 of file secblock.h.
|
inline |
Change size and preserve contents.
newSize | the new size of the memory block |
Old content is preserved. New content is not initialized.
Internally, this SecBlock calls reallocate() when size must increase. If the size does not increase, then CleanGrow() does not take action. If the size must change, then use resize(). CleanGrow() resets the element count after the previous block is zeroized.
Definition at line 1160 of file secblock.h.
|
inline |
Change size without preserving contents.
newSize | the new size of the memory block |
Old content is not preserved. If the memory block is reduced in size, then the reclaimed content is set to 0. If the memory block grows in size, then the new memory is initialized to 0. New() resets the element count after the previous block is zeroized.
Internally, this SecBlock calls reallocate().
Definition at line 1126 of file secblock.h.
|
inline |
Cast operator.
const T *
Definition at line 823 of file secblock.h.
|
inline |
Cast operator.
const void *
Definition at line 811 of file secblock.h.
|
inline |
Cast operator.
T *
Definition at line 829 of file secblock.h.
|
inline |
Cast operator.
void *
Definition at line 817 of file secblock.h.
|
inline |
Bitwise compare two SecBlocks.
t | the other SecBlock |
Uses a constant time compare if the arrays are equal size. The constant time compare is VerifyBufsEqual() found in misc.h
.
Internally, operator!=() returns the inverse of operator==().
Definition at line 1111 of file secblock.h.
|
inline |
Append contents from another SecBlock.
t | the other SecBlock |
Internally, operator+=() calls Append().
Definition at line 1059 of file secblock.h.
|
inline |
Assign contents from another SecBlock.
t | the other SecBlock |
Internally, operator=() calls Assign().
If the memory block is reduced in size, then the reclaimed memory is set to 0. If an assignment occurs, then Assign() resets the element count after the previous block is zeroized.
Definition at line 1047 of file secblock.h.
|
inline |
Bitwise compare two SecBlocks.
t | the other SecBlock |
Uses a constant time compare if the arrays are equal size. The constant time compare is VerifyBufsEqual() found in misc.h
.
Definition at line 1095 of file secblock.h.
|
inline |
Change size and preserve contents.
newSize | the new size of the memory block |
Old content is preserved. If the memory block grows in size, then new memory is not initialized. resize() resets the element count after the previous block is zeroized.
Internally, this SecBlock calls reallocate().
Definition at line 1198 of file secblock.h.
|
inline |
Sets the number of elements to zeroize.
count | the number of elements |
SetMark is a remediation for Issue 346/CVE-2016-9939 while preserving the streaming interface. The count
controls the number of elements zeroized, which can be less than size
or 0.
An internal variable, m_mark
, is initialized to the maximum number of elements. The maximum number of elements is ELEMS_MAX
. Deallocation triggers a zeroization, and the number of elements zeroized is STDMIN(m_size, m_mark)
. After zeroization, the memory is returned to the system.
The ASN.1 decoder uses SetMark() to set the element count to 0 before throwing an exception. In this case, the attacker provides a large BER encoded length (say 64MB) but only a small number of content octets (say 16). If the allocator zeroized all 64MB, then a transient DoS could occur as CPU cycles are spent zeroizing uninitialized memory.
Generally speaking, any operation which changes the size of the SecBlock results in the mark being reset to ELEMS_MAX
. In particular, if Assign(), New(), Grow(), CleanNew(), CleanGrow() are called, then the count is reset to ELEMS_MAX
. The list is not exhaustive.
Definition at line 1037 of file secblock.h.
|
inline |
Provides the count of elements in the SecBlock.
Definition at line 867 of file secblock.h.
|
inline |
Provides the number of bytes in the SecBlock.
Definition at line 885 of file secblock.h.
|
inline |
Swap contents with another SecBlock.
b | the other SecBlock |
Internally, std::swap() is called on m_alloc, m_size and m_ptr.
Definition at line 1209 of file secblock.h.
|
static |
Returns the maximum number of elements the block can hold.
ELEMS_MAX
is the maximum number of elements the SecBlock
can hold. The value of ELEMS_MAX
is SIZE_MAX/sizeof(T)
. std::numeric_limits
was avoided due to lack of constexpr
-ness in C++03 and below.
ELEMS_MAX
is a static data member of type size_type
. In C++11 and above ELEMS_MAX
is an enum
inheriting from size_type
. In both cases ELEMS_MAX
can be used before objects are fully constructed, and it does not suffer the limitations of class methods like max_size
. Definition at line 757 of file secblock.h.
|
protected |
Definition at line 1219 of file secblock.h.
|
protected |
Definition at line 1220 of file secblock.h.
|
protected |
Definition at line 1221 of file secblock.h.
|
protected |
Definition at line 1220 of file secblock.h.