diff --git a/mult/range_arrayinbuf.3 b/mult/range_arrayinbuf.3 new file mode 100644 index 0000000..d5d283a --- /dev/null +++ b/mult/range_arrayinbuf.3 @@ -0,0 +1,32 @@ +.TH range_arrayinbuf 3 +.SH NAME +range_arrayinbuf \- range check for array in buffer +.SH SYNTAX +.B #include + +int \fBrange_arrayinbuf\fR(const void* buf,size_t len, + const void* arraystart, + size_t elements,size_t membersize); + +.SH DESCRIPTION +range_arrayinbuf checks that the array starting at +\fIarraystart\fR consisting of \fIelements\fR members of size +\fImembersize\fR each starts and ends within the buffer +\fIbuf\fR[0..\fIlen\fR-1]. + +If the array is 0-terminated and you don't know the length beforehand, +use range_strinbuf, range_str2inbuf or range_str4inbuf instead. +.SH "RETURN VALUE" +If the buffer is implausible (buf is NULL or buf+len has an integer +overflow), return 0. + +If the array is implausible (arraystart is NULL, elements*membersize +overflows, or calculating the byte offset of the last element +overflows), return 0. + +If the first or last element of the array points before or after the +buffer, return 0. + +Otherwise, return 1. +.SH "SEE ALSO" +rangecheck(3) diff --git a/mult/range_bufinbuf.3 b/mult/range_bufinbuf.3 new file mode 100644 index 0000000..85cc825 --- /dev/null +++ b/mult/range_bufinbuf.3 @@ -0,0 +1,24 @@ +.TH range_bufinbuf 3 +.SH NAME +range_bufinbuf \- range check for buf in buffer +.SH SYNTAX +.B #include + +int \fBrange_bufinbuf\fR(const void* buf1,size_t len1, + const void* buf2,size_t len2); + +.SH DESCRIPTION +range_bufinbuf checks that the buffer \fIbuf2\fR[0..\fIlen2\fR-1] lies +entirely in \fIbuf1\fR[0..\fIlen1\fR]. + +If the buffer is 0-terminated and you don't know the length beforehand, +use range_strinbuf, range_str2inbuf or range_str4inbuf instead. +.SH "RETURN VALUE" +If one of the buffers is implausible (buf is NULL or buf+len has an integer +overflow), return 0. + +If the buf2[0..len2-1] lies before or after buf1[0..len1-1], return 0. + +Otherwise, return 1. +.SH "SEE ALSO" +rangecheck(3) diff --git a/mult/range_ptrinbuf.3 b/mult/range_ptrinbuf.3 new file mode 100644 index 0000000..2478974 --- /dev/null +++ b/mult/range_ptrinbuf.3 @@ -0,0 +1,20 @@ +.TH range_ptrinbuf 3 +.SH NAME +range_ptrinbuf \- range check pointer in buffer +.SH SYNTAX +.B #include + +int \fBrange_ptrinbuf\fR(const void* buf,size_t len,const void* ptr); + +.SH DESCRIPTION +range_ptrinbuf checks if \fIptr\fR points to \fIbuf\fR[0..\fIlen\fR-1]. +.SH "RETURN VALUE" +If the buffer is implausible (buf is NULL or buf+len has an integer +overflow), return 0. + +If \fIptr\fR points to one of \fIbuf\fR[0], \fIbuf\fR[1], ... or +\fIbuf\fR[\fIlen\fR-1], return 1. + +Otherwise, return 0. +.SH "SEE ALSO" +rangecheck(3) diff --git a/mult/range_str2inbuf.3 b/mult/range_str2inbuf.3 new file mode 100644 index 0000000..af5f97a --- /dev/null +++ b/mult/range_str2inbuf.3 @@ -0,0 +1,24 @@ +.TH range_str2inbuf 3 +.SH NAME +range_str2inbuf \- range check for string in buffer +.SH SYNTAX +.B #include + +int \fBrange_str2inbuf\fP(const void* buf,size_t len,const void* string); +.SH DESCRIPTION +range_str2inbuf checks that the zero terminated UTF-16-string starting at +\fIstring\fR starts and ends within the buffer +\fIbuf\fR[0..\fIlen\fR-1]. + +If the string is not 0-terminated but the length is known beforehand, +use range_arrayinbuf instead. +.SH "RETURN VALUE" +If the buffer is implausible (buf is NULL or buf+len has an integer overflow), return 0. + +If \fIstring\fR points before or after the buffer, return 0. + +If there is no zero terminator within the buffer, return 0. + +Otherwise, return 1. +.SH "SEE ALSO" +rangecheck(3) diff --git a/mult/range_str4inbuf.3 b/mult/range_str4inbuf.3 new file mode 100644 index 0000000..9e374d8 --- /dev/null +++ b/mult/range_str4inbuf.3 @@ -0,0 +1,24 @@ +.TH range_str4inbuf 3 +.SH NAME +range_str4inbuf \- range check for string in buffer +.SH SYNTAX +.B #include + +int \fBrange_str4inbuf\fP(const void* buf,size_t len,const void* string); +.SH DESCRIPTION +range_str4inbuf checks that the zero terminated UTF-32-string starting at +\fIstring\fR starts and ends within the buffer +\fIbuf\fR[0..\fIlen\fR-1]. + +If the string is not 0-terminated but the length is known beforehand, +use range_arrayinbuf instead. +.SH "RETURN VALUE" +If the buffer is implausible (buf is NULL or buf+len has an integer overflow), return 0. + +If \fIstring\fR points before or after the buffer, return 0. + +If there is no zero terminator within the buffer, return 0. + +Otherwise, return 1. +.SH "SEE ALSO" +rangecheck(3) diff --git a/mult/range_strinbuf.3 b/mult/range_strinbuf.3 new file mode 100644 index 0000000..92d4743 --- /dev/null +++ b/mult/range_strinbuf.3 @@ -0,0 +1,24 @@ +.TH range_strinbuf 3 +.SH NAME +range_strinbuf \- range check for string in buffer +.SH SYNTAX +.B #include + +int \fBrange_strinbuf\fP(const void* buf,size_t len,const void* stringstart); +.SH DESCRIPTION +range_strinbuf checks that the ASCIIZ-string starting at +\fIstringstart\fR starts and ends within the buffer +\fIbuf\fR[0..\fIlen\fR-1]. + +If the string is not 0-terminated but the length is known beforehand, +use range_arrayinbuf instead. +.SH "RETURN VALUE" +If the buffer is implausible (buf is NULL or buf+len has an integer overflow), return 0. + +If \fIstringstart\fR points before or after the buffer, return 0. + +If there is no '\\0' within the buffer, return 0. + +Otherwise, return 1. +.SH "SEE ALSO" +rangecheck(3) diff --git a/mult/range_validbuf.3 b/mult/range_validbuf.3 new file mode 100644 index 0000000..640fda8 --- /dev/null +++ b/mult/range_validbuf.3 @@ -0,0 +1,18 @@ +.TH range_validbuf 3 +.SH NAME +range_validbuf \- range check buffer +.SH SYNTAX +.B #include + +int \fBrange_validbuf\fR(const void* buf,size_t len); + +.SH DESCRIPTION +range_validbuf does some basic plausibility checks on the buffer +\fIbuf\fR[0..\fIlen\fR-1]. +.SH "RETURN VALUE" +If the buffer is implausible (buf is NULL or buf+len has an integer +overflow), return 0. + +Otherwise, return 1. +.SH "SEE ALSO" +rangecheck(3) diff --git a/mult/rangecheck.3 b/mult/rangecheck.3 new file mode 100644 index 0000000..1e4b548 --- /dev/null +++ b/mult/rangecheck.3 @@ -0,0 +1,36 @@ +.TH rangecheck 3 +.SH NAME +rangecheck.h \- pointer range checking +.SH SYNTAX +.B #include + +int \fBrange_validbuf\fR(const void* buf,size_t len); + +int \fBrange_ptrinbuf\fR(const void* buf,size_t len,const void* ptr); + +int \fBrange_bufinbuf\fR(const void* buf1,size_t len1, + const void* buf2,size_t len2); + +int \fBrange_arrayinbuf\fR(const void* buf,size_t len, + const void* arraystart, + size_t elements,size_t membersize); + +int \fBrange_strinbuf\fP(const void* buf,size_t len,const void* string); + +int \fBrange_str2inbuf\fP(const void* buf,size_t len,const void* string); + +int \fBrange_str4inbuf\fP(const void* buf,size_t len,const void* string); + +.SH DESCRIPTION +rangecheck.h provides several routines for range checking pointers. +These routines are meant for code that has to validate the syntax and +semantics of buffers coming in from untrusted sources (like a network +connection or an input file). + +.SH "RETURN VALUE" +The routines all return 0 on error, or 1 if the pointers were in range. + +.SH "SEE ALSO" +range_validbuf(3), range_ptrinbuf(3), range_bufinbuf(3), +range_arrayinbuf(3), range_strinbuf(3), range_str2inbuf(3), +range_str4inbuf(3)