Home Verkennen Help
Registreren Inloggen
PUBLIC_REPOS
/
buildroot
spiegel van git://git.buildroot.net/buildroot
2
1
Vork 0
Bestanden
Boom: 5d504dad2f
Aftakkingen Labels
buildroot
/
package
/
libssh
/
0002-buffer-Use-size_t-for-argc-argument-in-ssh_buffer_-u.patch

0002-buffer-Use-size_t-for-argc-argument-in-ssh_buffer_-u.patch 4.9 KB
Geschiedenis Ruwe

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152 
  1. From 270d6aa2bb01f3430d07cce5f97b48b741e3df9c Mon Sep 17 00:00:00 2001
    2. 

  2. From: Andreas Schneider <asn@cryptomilk.org>
    3. 

  3. Date: Fri, 7 Dec 2018 12:06:03 +0100
    4. 

  4. Subject: [PATCH] buffer: Use size_t for argc argument in ssh_buffer_(un)pack()
    5. 

  5. 

  6. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
    7. 

  7. Signed-off-by: Baruch Siach <baruch@tkos.co.il>
    8. 

  8. ---
    9. 

  9. Upstream status: commit c306a693f3fbe
    10. 

  10. 

  11.  include/libssh/buffer.h |  4 ++--
    12. 

  12.  src/buffer.c            | 38 +++++++++++++++++++-------------------
    13. 

  13.  2 files changed, 21 insertions(+), 21 deletions(-)
    14. 

  14. 

  15. diff --git a/include/libssh/buffer.h b/include/libssh/buffer.h
    16. 

  16. index 4721cbe06c20..1c375343ee14 100644
    17. 

  17. --- a/include/libssh/buffer.h
    18. 

  18. +++ b/include/libssh/buffer.h
    19. 

  19. @@ -40,11 +40,11 @@ void *ssh_buffer_allocate(struct ssh_buffer_struct *buffer, uint32_t len);
    20. 

  20.  int ssh_buffer_allocate_size(struct ssh_buffer_struct *buffer, uint32_t len);
    21. 

  21.  int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer,
    22. 

  22.                         const char *format,
    23. 

  23. -                       int argc,
    24. 

  24. +                       size_t argc,
    25. 

  25.                         va_list ap);
    26. 

  26.  int _ssh_buffer_pack(struct ssh_buffer_struct *buffer,
    27. 

  27.                       const char *format,
    28. 

  28. -                     int argc,
    29. 

  29. +                     size_t argc,
    30. 

  30.                       ...);
    31. 

  31.  #define ssh_buffer_pack(buffer, format, ...) \
    32. 

  32.      _ssh_buffer_pack((buffer), (format), __VA_NARG__(__VA_ARGS__), __VA_ARGS__, SSH_BUFFER_PACK_END)
    33. 

  33. diff --git a/src/buffer.c b/src/buffer.c
    34. 

  34. index b029f202660f..99863747fc3c 100644
    35. 

  35. --- a/src/buffer.c
    36. 

  36. +++ b/src/buffer.c
    37. 

  37. @@ -809,7 +809,7 @@ ssh_buffer_get_ssh_string(struct ssh_buffer_struct *buffer)
    38. 

  38.   */
    39. 

  39.  static int ssh_buffer_pack_allocate_va(struct ssh_buffer_struct *buffer,
    40. 

  40.                                         const char *format,
    41. 

  41. -                                       int argc,
    42. 

  42. +                                       size_t argc,
    43. 

  43.                                         va_list ap)
    44. 

  44.  {
    45. 

  45.      const char *p = NULL;
    46. 

  46. @@ -817,12 +817,12 @@ static int ssh_buffer_pack_allocate_va(struct ssh_buffer_struct *buffer,
    47. 

  47.      char *cstring = NULL;
    48. 

  48.      size_t needed_size = 0;
    49. 

  49.      size_t len;
    50. 

  50. -    int count; /* int for size comparison with argc */
    51. 

  51. +    size_t count;
    52. 

  52.      int rc = SSH_OK;
    53. 

  53.  
    54. 

  54.      for (p = format, count = 0; *p != '\0'; p++, count++) {
    55. 

  55.          /* Invalid number of arguments passed */
    56. 

  56. -        if (argc != -1 && count > argc) {
    57. 

  57. +        if (count > argc) {
    58. 

  58.              return SSH_ERROR;
    59. 

  59.          }
    60. 

  60.  
    61. 

  61. @@ -881,7 +881,7 @@ static int ssh_buffer_pack_allocate_va(struct ssh_buffer_struct *buffer,
    62. 

  62.          }
    63. 

  63.      }
    64. 

  64.  
    65. 

  65. -    if (argc != -1 && argc != count) {
    66. 

  66. +    if (argc != count) {
    67. 

  67.          return SSH_ERROR;
    68. 

  68.      }
    69. 

  69.  
    70. 

  70. @@ -891,11 +891,7 @@ static int ssh_buffer_pack_allocate_va(struct ssh_buffer_struct *buffer,
    71. 

  71.           */
    72. 

  72.          uint32_t canary = va_arg(ap, uint32_t);
    73. 

  73.          if (canary != SSH_BUFFER_PACK_END) {
    74. 

  74. -            if (argc == -1){
    75. 

  75. -                return SSH_ERROR;
    76. 

  76. -            } else {
    77. 

  77. -                abort();
    78. 

  78. -            }
    79. 

  79. +            abort();
    80. 

  80.          }
    81. 

  81.      }
    82. 

  82.  
    83. 

  83. @@ -918,7 +914,7 @@ static int ssh_buffer_pack_allocate_va(struct ssh_buffer_struct *buffer,
    84. 

  84.   */
    85. 

  85.  int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer,
    86. 

  86.                         const char *format,
    87. 

  87. -                       int argc,
    88. 

  88. +                       size_t argc,
    89. 

  89.                         va_list ap)
    90. 

  90.  {
    91. 

  91.      int rc = SSH_ERROR;
    92. 

  92. @@ -934,11 +930,15 @@ int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer,
    93. 

  93.      char *cstring;
    94. 

  94.      bignum b;
    95. 

  95.      size_t len;
    96. 

  96. -    int count; /* int for size comparison with argc */
    97. 

  97. +    size_t count;
    98. 

  98. +
    99. 

  99. +    if (argc > 256) {
    100. 

  100. +        return SSH_ERROR;
    101. 

  101. +    }
    102. 

  102.  
    103. 

  103.      for (p = format, count = 0; *p != '\0'; p++, count++) {
    104. 

  104.          /* Invalid number of arguments passed */
    105. 

  105. -        if (argc != -1 && count > argc) {
    106. 

  106. +        if (count > argc) {
    107. 

  107.              return SSH_ERROR;
    108. 

  108.          }
    109. 

  109.  
    110. 

  110. @@ -1010,7 +1010,7 @@ int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer,
    111. 

  111.          }
    112. 

  112.      }
    113. 

  113.  
    114. 

  114. -    if (argc != -1 && argc != count) {
    115. 

  115. +    if (argc != count) {
    116. 

  116.          return SSH_ERROR;
    117. 

  117.      }
    118. 

  118.  
    119. 

  119. @@ -1018,11 +1018,7 @@ int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer,
    120. 

  120.          /* Check if our canary is intact, if not somthing really bad happened */
    121. 

  121.          uint32_t canary = va_arg(ap, uint32_t);
    122. 

  122.          if (canary != SSH_BUFFER_PACK_END) {
    123. 

  123. -            if (argc == -1){
    124. 

  124. -                return SSH_ERROR;
    125. 

  125. -            } else {
    126. 

  126. -                abort();
    127. 

  127. -            }
    128. 

  128. +            abort();
    129. 

  129.          }
    130. 

  130.      }
    131. 

  131.      return rc;
    132. 

  132. @@ -1050,12 +1046,16 @@ int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer,
    133. 

  133.   */
    134. 

  134.  int _ssh_buffer_pack(struct ssh_buffer_struct *buffer,
    135. 

  135.                       const char *format,
    136. 

  136. -                     int argc,
    137. 

  137. +                     size_t argc,
    138. 

  138.                       ...)
    139. 

  139.  {
    140. 

  140.      va_list ap;
    141. 

  141.      int rc;
    142. 

  142.  
    143. 

  143. +    if (argc > 256) {
    144. 

  144. +        return SSH_ERROR;
    145. 

  145. +    }
    146. 

  146. +
    147. 

  147.      va_start(ap, argc);
    148. 

  148.      rc = ssh_buffer_pack_allocate_va(buffer, format, argc, ap);
    149. 

  149.      va_end(ap);
    150. 

  150. -- 
    151. 

  151. 2.20.1
    152. 

  152.