openssl/crypto/mem.c
Rich Salz f7edeced4d Add "random malloc failure" tooling
Still needs to be documented, somehow/somewhere.

The env var OPENSSL_MALLOC_FAILURES controls how often malloc/realloc
should fail.  It's a set of fields separated by semicolons.  Each field
is a count and optional percentage (separated by @) which defaults to 100.
If count is zero then it lasts "forever."  For example: 100;@25 means the
first 100 allocations pass, then the rest have a 25% chance of failing
until the program exits or crashes.

If env var OPENSSL_MALLOC_FD parses as a positive integer, a record
of all malloc "shouldfail" tests is written to that file descriptor.
If a malloc will fail, and OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE is not set
(platform specific), then a backtrace will be written to the descriptor
when a malloc fails.  This can be useful because a malloc may fail but
not be checked, and problems will only occur later.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1252)
2017-01-12 11:27:27 -05:00

279 lines
6.6 KiB
C

/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <stdlib.h>
#include <limits.h>
#include <openssl/crypto.h>
#include "internal/cryptlib.h"
#include "internal/cryptlib_int.h"
#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
# include <execinfo.h>
#endif
/*
* the following pointers may be changed as long as 'allow_customize' is set
*/
static int allow_customize = 1;
static void *(*malloc_impl)(size_t, const char *, int)
= CRYPTO_malloc;
static void *(*realloc_impl)(void *, size_t, const char *, int)
= CRYPTO_realloc;
static void (*free_impl)(void *, const char *, int)
= CRYPTO_free;
#ifndef OPENSSL_NO_CRYPTO_MDEBUG
static char *md_failstring;
static long md_count;
static int md_percent = 100;
static int md_tracefd = -1;
static int call_malloc_debug = 1;
static void parseit(void);
static int shouldfail(void);
# define FAILTEST() if (shouldfail()) return NULL
#else
static int call_malloc_debug = 0;
# define FAILTEST() /* empty */
#endif
int CRYPTO_set_mem_functions(
void *(*m)(size_t, const char *, int),
void *(*r)(void *, size_t, const char *, int),
void (*f)(void *, const char *, int))
{
if (!allow_customize)
return 0;
if (m)
malloc_impl = m;
if (r)
realloc_impl = r;
if (f)
free_impl = f;
return 1;
}
int CRYPTO_set_mem_debug(int flag)
{
if (!allow_customize)
return 0;
call_malloc_debug = flag;
return 1;
}
void CRYPTO_get_mem_functions(
void *(**m)(size_t, const char *, int),
void *(**r)(void *, size_t, const char *, int),
void (**f)(void *, const char *, int))
{
if (m != NULL)
*m = malloc_impl;
if (r != NULL)
*r = realloc_impl;
if (f != NULL)
*f = free_impl;
}
#ifndef OPENSSL_NO_CRYPTO_MDEBUG
/*
* Parse a "malloc failure spec" string. This likes like a set of fields
* separated by semicolons. Each field has a count and an optional failure
* percentage. For example:
* 100;100@25;@100
* This means 100 mallocs succeed, then next 100 fail 25% of the time, and
* all remaining (count is zero) succeed.
*/
static void parseit(void)
{
char *semi = strchr(md_failstring, ';');
char *atsign;
if (semi != NULL)
*semi++ = '\0';
/* Get the count (atol will stop at the @ if there), and percentage */
md_count = atol(md_failstring);
atsign = strchr(md_failstring, '@');
md_percent = atsign == NULL ? 100 : atoi(atsign + 1);
if (semi != NULL)
md_failstring = semi;
}
/*
* See if the current malloc should fail.
*/
static int shouldfail(void)
{
int roll = (int)(random() % 100);
int shouldfail = roll > md_percent;
char buff[80];
if (md_tracefd > 0) {
BIO_snprintf(buff, sizeof(buff),
"%c C%ld %%%d R%d\n",
shouldfail ? '-' : '+', md_count, md_percent, roll);
write(md_tracefd, buff, strlen(buff));
#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
if (shouldfail) {
void *addrs[30];
int num = backtrace(addrs, OSSL_NELEM(addrs));
backtrace_symbols_fd(addrs, num, md_tracefd);
}
#endif
}
if (md_count) {
/* If we used up this one, go to the next. */
if (--md_count == 0)
parseit();
}
return shouldfail;
}
void ossl_malloc_setup_failures(void)
{
const char *cp = getenv("OPENSSL_MALLOC_FAILURES");
if (cp != NULL && (md_failstring = strdup(cp)) != NULL)
parseit();
if ((cp = getenv("OPENSSL_MALLOC_FD")) != NULL)
md_tracefd = atoi(cp);
}
#endif
void *CRYPTO_malloc(size_t num, const char *file, int line)
{
void *ret = NULL;
if (malloc_impl != NULL && malloc_impl != CRYPTO_malloc)
return malloc_impl(num, file, line);
if (num <= 0)
return NULL;
FAILTEST();
allow_customize = 0;
#ifndef OPENSSL_NO_CRYPTO_MDEBUG
if (call_malloc_debug) {
CRYPTO_mem_debug_malloc(NULL, num, 0, file, line);
ret = malloc(num);
CRYPTO_mem_debug_malloc(ret, num, 1, file, line);
} else {
ret = malloc(num);
}
#else
osslargused(file); osslargused(line);
ret = malloc(num);
#endif
return ret;
}
void *CRYPTO_zalloc(size_t num, const char *file, int line)
{
void *ret = CRYPTO_malloc(num, file, line);
FAILTEST();
if (ret != NULL)
memset(ret, 0, num);
return ret;
}
void *CRYPTO_realloc(void *str, size_t num, const char *file, int line)
{
if (realloc_impl != NULL && realloc_impl != &CRYPTO_realloc)
return realloc_impl(str, num, file, line);
FAILTEST();
if (str == NULL)
return CRYPTO_malloc(num, file, line);
if (num == 0) {
CRYPTO_free(str, file, line);
return NULL;
}
allow_customize = 0;
#ifndef OPENSSL_NO_CRYPTO_MDEBUG
if (call_malloc_debug) {
void *ret;
CRYPTO_mem_debug_realloc(str, NULL, num, 0, file, line);
ret = realloc(str, num);
CRYPTO_mem_debug_realloc(str, ret, num, 1, file, line);
return ret;
}
#else
osslargused(file); osslargused(line);
#endif
return realloc(str, num);
}
void *CRYPTO_clear_realloc(void *str, size_t old_len, size_t num,
const char *file, int line)
{
void *ret = NULL;
if (str == NULL)
return CRYPTO_malloc(num, file, line);
if (num == 0) {
CRYPTO_clear_free(str, old_len, file, line);
return NULL;
}
/* Can't shrink the buffer since memcpy below copies |old_len| bytes. */
if (num < old_len) {
OPENSSL_cleanse((char*)str + num, old_len - num);
return str;
}
ret = CRYPTO_malloc(num, file, line);
if (ret != NULL) {
memcpy(ret, str, old_len);
CRYPTO_clear_free(str, old_len, file, line);
}
return ret;
}
void CRYPTO_free(void *str, const char *file, int line)
{
if (free_impl != NULL && free_impl != &CRYPTO_free) {
free_impl(str, file, line);
return;
}
#ifndef OPENSSL_NO_CRYPTO_MDEBUG
if (call_malloc_debug) {
CRYPTO_mem_debug_free(str, 0, file, line);
free(str);
CRYPTO_mem_debug_free(str, 1, file, line);
} else {
free(str);
}
#else
free(str);
#endif
}
void CRYPTO_clear_free(void *str, size_t num, const char *file, int line)
{
if (str == NULL)
return;
if (num)
OPENSSL_cleanse(str, num);
CRYPTO_free(str, file, line);
}