diff options
author | Edward Thomson <ethomson@edwardthomson.com> | 2019-01-21 09:56:23 +0000 |
---|---|---|
committer | Edward Thomson <ethomson@edwardthomson.com> | 2019-01-25 22:47:39 +0000 |
commit | f1986a23d8e99b8446e7ec2111c12b1de582885f (patch) | |
tree | 63a25083198a3ddfa644e640414b854efcbcb36a | |
parent | e5e2fac82116fe83cea3649d886af89e68ba5378 (diff) | |
download | libgit2-f1986a23d8e99b8446e7ec2111c12b1de582885f.tar.gz |
streams: don't write more than SSIZE_MAX
Our streams implementation takes a `size_t` that indicates the length of
the data buffer to be written, and returns an `ssize_t` that indicates
the length that _was_ written. Clearly no such implementation can write
more than `SSIZE_MAX` bytes. Ensure that each TLS stream implementation
does not try to write more than `SSIZE_MAX` bytes (or smaller; if the
given implementation takes a smaller size).
-rw-r--r-- | src/streams/mbedtls.c | 12 | ||||
-rw-r--r-- | src/streams/openssl.c | 4 | ||||
-rw-r--r-- | src/streams/socket.c | 5 | ||||
-rw-r--r-- | src/streams/stransport.c | 5 |
4 files changed, 13 insertions, 13 deletions
diff --git a/src/streams/mbedtls.c b/src/streams/mbedtls.c index 45f5b6e75..48d21dd69 100644 --- a/src/streams/mbedtls.c +++ b/src/streams/mbedtls.c @@ -303,22 +303,22 @@ static int mbedtls_set_proxy(git_stream *stream, const git_proxy_options *proxy_ return git_stream_set_proxy(st->io, proxy_options); } -ssize_t mbedtls_stream_write(git_stream *stream, const char *data, size_t len, int flags) +ssize_t mbedtls_stream_write(git_stream *stream, const char *data, size_t data_len, int flags) { - size_t read = 0; + ssize_t written = 0, len = min(data_len, SSIZE_MAX); mbedtls_stream *st = (mbedtls_stream *) stream; GIT_UNUSED(flags); do { - int error = mbedtls_ssl_write(st->ssl, (const unsigned char *)data + read, len - read); + int error = mbedtls_ssl_write(st->ssl, (const unsigned char *)data + written, len - written); if (error <= 0) { return ssl_set_error(st->ssl, error); } - read += error; - } while (read < len); + written += error; + } while (written < len); - return read; + return written; } ssize_t mbedtls_stream_read(git_stream *stream, void *data, size_t len) diff --git a/src/streams/openssl.c b/src/streams/openssl.c index 6f826ef5e..589b8d1f3 100644 --- a/src/streams/openssl.c +++ b/src/streams/openssl.c @@ -644,10 +644,10 @@ static int openssl_set_proxy(git_stream *stream, const git_proxy_options *proxy_ return git_stream_set_proxy(st->io, proxy_opts); } -ssize_t openssl_write(git_stream *stream, const char *data, size_t len, int flags) +ssize_t openssl_write(git_stream *stream, const char *data, size_t data_len, int flags) { openssl_stream *st = (openssl_stream *) stream; - int ret; + int ret, len = min(data_len, INT_MAX); GIT_UNUSED(flags); diff --git a/src/streams/socket.c b/src/streams/socket.c index 1c48a0ea8..e46fcd219 100644 --- a/src/streams/socket.c +++ b/src/streams/socket.c @@ -130,10 +130,9 @@ int socket_connect(git_stream *stream) return 0; } -ssize_t socket_write(git_stream *stream, const char *data, size_t len, int flags) +ssize_t socket_write(git_stream *stream, const char *data, size_t data_len, int flags) { - ssize_t ret; - size_t off = 0; + ssize_t ret, off = 0, len = min(data_len, SSIZE_MAX); git_socket_stream *st = (git_socket_stream *) stream; while (off < len) { diff --git a/src/streams/stransport.c b/src/streams/stransport.c index da1156ca3..a999bb5a0 100644 --- a/src/streams/stransport.c +++ b/src/streams/stransport.c @@ -164,11 +164,12 @@ static ssize_t stransport_write(git_stream *stream, const char *data, size_t len GIT_UNUSED(flags); - data_len = len; + data_len = min(len, SSIZE_MAX); if ((ret = SSLWrite(st->ctx, data, data_len, &processed)) != noErr) return stransport_error(ret); - return processed; + assert(processed < SSIZE_MAX); + return (ssize_t)processed; } /* |