diff options
| author | Adam Ierymenko <adam.ierymenko@gmail.com> | 2014-10-02 10:06:29 -0700 |
|---|---|---|
| committer | Adam Ierymenko <adam.ierymenko@gmail.com> | 2014-10-02 10:06:29 -0700 |
| commit | e53d208ea4ca7c6496c976be6db3383d99f993c3 (patch) | |
| tree | 9dd2873eab5c593bf452768cae9e8c93af72ed28 /node/Buffer.hpp | |
| parent | e8c5495b61ebde115ee133e8c85933191bd0cd61 (diff) | |
| download | infinitytier-e53d208ea4ca7c6496c976be6db3383d99f993c3.tar.gz infinitytier-e53d208ea4ca7c6496c976be6db3383d99f993c3.zip | |
Improve security posture by eliminating non-const data() accessor from Buffer.
Diffstat (limited to 'node/Buffer.hpp')
| -rw-r--r-- | node/Buffer.hpp | 36 |
1 files changed, 30 insertions, 6 deletions
diff --git a/node/Buffer.hpp b/node/Buffer.hpp index bc74f048..64176e58 100644 --- a/node/Buffer.hpp +++ b/node/Buffer.hpp @@ -163,11 +163,13 @@ public: return ((unsigned char *)_b)[i]; } - unsigned char *data() throw() { return (unsigned char *)_b; } - const unsigned char *data() const throw() { return (const unsigned char *)_b; } - /** - * Safe way to get a pointer to a field from data() with bounds checking + * Get a raw pointer to a field with bounds checking + * + * This isn't perfectly safe in that the caller could still overflow + * the pointer, but its use provides both a sanity check and + * documentation / reminder to the calling code to treat the returned + * pointer as being of size [l]. * * @param i Index of field in buffer * @param l Length of field in bytes @@ -304,8 +306,9 @@ public: /** * Increment size and return pointer to field of specified size * - * The memory isn't actually written, so this is a shortcut for a multi-step - * process involving getting the current pointer and adding size. + * Nothing is actually written to the memory. This is a shortcut + * for addSize() followed by field() to reference the previous + * position and the new size. * * @param l Length of field to append * @return Pointer to beginning of appended field of length 'l' @@ -353,6 +356,22 @@ public: } /** + * Move everything after 'at' to the buffer's front and truncate + * + * @param at Truncate before this position + * @throw std::out_of_range Position is beyond size of buffer + */ + inline void behead(const unsigned int at) + throw(std::out_of_range) + { + if (!at) + return; + if (at > _l) + throw std::out_of_range("Buffer: behead() beyond capacity"); + ::memmove(_b,_b + at,_l -= at); + } + + /** * Set buffer data length to zero */ inline void clear() @@ -389,6 +408,11 @@ public: } /** + * @return Constant pointer to data in buffer + */ + inline const void *data() const throw() { return _b; } + + /** * @return Size of data in buffer */ inline unsigned int size() const throw() { return _l; } |