Skip to content

Commit beb9f0b

Browse files
zandbeltzandbelt
committed
code: apply boundary checks on oidc_metrics_shm_size in metrics.c
and use a global static for performance reasons; enable SonarQube Signed-off-by: Hans Zandbelt <[email protected]>
1 parent c06ebff commit beb9f0b

File tree

3 files changed

+15
-3
lines changed

3 files changed

+15
-3
lines changed

.github/workflows/sonarqube.yml.save .github/workflows/sonarqube.yml

File renamed without changes.

ChangeLog

+1
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@
55
- code: declare introspection_endpoint_method member as int so it can be set to OIDC_CONFIG_POS_INT_UNSET without warning
66
- code: check return value of oidc_get_provider_from_session and oidc_refresh_token_grant in logout.c
77
- code: avoid potential crash on non-conformant literal IPv6 adresses in oidc_util_current_url_host
8+
- code: apply boundary checks on oidc_metrics_shm_size and use a global static for performance reasons
89

910
12/15/2024
1011
- add Coverity Github action

src/metrics.c

+14-3
Original file line numberDiff line numberDiff line change
@@ -337,11 +337,22 @@ static inline int oidc_metrics_get_env_int(const char *name, int dval) {
337337

338338
#define OIDC_METRICS_CACHE_JSON_MAX_ENV_VAR "OIDC_METRICS_CACHE_JSON_MAX"
339339

340+
static apr_size_t _oidc_metrics_shm_size = 0;
341+
340342
/*
341343
* get the size of the to-be-allocated shared memory segment
342344
*/
343-
static inline int oidc_metrics_shm_size(server_rec *s) {
344-
return oidc_metrics_get_env_int(OIDC_METRICS_CACHE_JSON_MAX_ENV_VAR, OIDC_METRICS_CACHE_JSON_MAX_DEFAULT);
345+
static inline apr_size_t oidc_metrics_shm_size(server_rec *s) {
346+
if (_oidc_metrics_shm_size == 0) {
347+
int n =
348+
oidc_metrics_get_env_int(OIDC_METRICS_CACHE_JSON_MAX_ENV_VAR, OIDC_METRICS_CACHE_JSON_MAX_DEFAULT);
349+
if ((n < 1) || (n > 1024 * 256 * 4 * 100)) {
350+
oidc_serror(s, "environment value %s out of bounds, fallback to default",
351+
OIDC_METRICS_CACHE_JSON_MAX_ENV_VAR);
352+
_oidc_metrics_shm_size = OIDC_METRICS_CACHE_JSON_MAX_DEFAULT;
353+
}
354+
}
355+
return _oidc_metrics_shm_size;
345356
}
346357

347358
/*
@@ -354,7 +365,7 @@ static inline void oidc_metrics_storage_set(server_rec *s, const char *value) {
354365
if (n > oidc_metrics_shm_size(s))
355366
oidc_serror(s,
356367
"json value too large: set or increase system environment variable %s to a value "
357-
"larger than %d",
368+
"larger than %" APR_SIZE_T_FMT,
358369
OIDC_METRICS_CACHE_JSON_MAX_ENV_VAR, oidc_metrics_shm_size(s));
359370
else
360371
_oidc_memcpy(p, value, n);

0 commit comments

Comments
 (0)