sshbuf.c revision 1.5
1 /* $OpenBSD: sshbuf.c,v 1.6 2016/01/12 23:42:54 djm Exp $ */ 2 /* 3 * Copyright (c) 2011 Damien Miller 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 */ 17 #include "includes.h" 18 __RCSID("$NetBSD: sshbuf.c,v 1.5 2016/03/11 01:55:00 christos Exp $"); 19 20 #include <sys/param.h> /* roundup */ 21 #include <sys/types.h> 22 #include <signal.h> 23 #include <stdlib.h> 24 #include <stdio.h> 25 #include <string.h> 26 27 #include "ssherr.h" 28 #define SSHBUF_INTERNAL 29 #include "sshbuf.h" 30 31 static inline int 32 sshbuf_check_sanity(const struct sshbuf *buf) 33 { 34 SSHBUF_TELL("sanity"); 35 if (__predict_false(buf == NULL || 36 (!buf->readonly && buf->d != buf->cd) || 37 buf->refcount < 1 || buf->refcount > SSHBUF_REFS_MAX || 38 buf->cd == NULL || 39 (buf->dont_free && (buf->readonly || buf->parent != NULL)) || 40 buf->max_size > SSHBUF_SIZE_MAX || 41 buf->alloc > buf->max_size || 42 buf->size > buf->alloc || 43 buf->off > buf->size)) { 44 /* Do not try to recover from corrupted buffer internals */ 45 SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR")); 46 signal(SIGSEGV, SIG_DFL); 47 raise(SIGSEGV); 48 return SSH_ERR_INTERNAL_ERROR; 49 } 50 return 0; 51 } 52 53 static void 54 sshbuf_maybe_pack(struct sshbuf *buf, int force) 55 { 56 SSHBUF_DBG(("force %d", force)); 57 SSHBUF_TELL("pre-pack"); 58 if (buf->off == 0 || buf->readonly || buf->refcount > 1) 59 return; 60 if (force || 61 (buf->off >= SSHBUF_PACK_MIN && buf->off >= buf->size / 2)) { 62 memmove(buf->d, buf->d + buf->off, buf->size - buf->off); 63 buf->size -= buf->off; 64 buf->off = 0; 65 SSHBUF_TELL("packed"); 66 } 67 } 68 69 struct sshbuf * 70 sshbuf_new(void) 71 { 72 struct sshbuf *ret; 73 74 if ((ret = calloc(sizeof(*ret), 1)) == NULL) 75 return NULL; 76 ret->alloc = SSHBUF_SIZE_INIT; 77 ret->max_size = SSHBUF_SIZE_MAX; 78 ret->readonly = 0; 79 ret->refcount = 1; 80 ret->parent = NULL; 81 if ((ret->cd = ret->d = calloc(1, ret->alloc)) == NULL) { 82 free(ret); 83 return NULL; 84 } 85 return ret; 86 } 87 88 struct sshbuf * 89 sshbuf_from(const void *blob, size_t len) 90 { 91 struct sshbuf *ret; 92 93 if (blob == NULL || len > SSHBUF_SIZE_MAX || 94 (ret = calloc(sizeof(*ret), 1)) == NULL) 95 return NULL; 96 ret->alloc = ret->size = ret->max_size = len; 97 ret->readonly = 1; 98 ret->refcount = 1; 99 ret->parent = NULL; 100 ret->cd = blob; 101 ret->d = NULL; 102 return ret; 103 } 104 105 int 106 sshbuf_set_parent(struct sshbuf *child, struct sshbuf *parent) 107 { 108 int r; 109 110 if ((r = sshbuf_check_sanity(child)) != 0 || 111 (r = sshbuf_check_sanity(parent)) != 0) 112 return r; 113 child->parent = parent; 114 child->parent->refcount++; 115 return 0; 116 } 117 118 struct sshbuf * 119 sshbuf_fromb(struct sshbuf *buf) 120 { 121 struct sshbuf *ret; 122 123 if (sshbuf_check_sanity(buf) != 0) 124 return NULL; 125 if ((ret = sshbuf_from(sshbuf_ptr(buf), sshbuf_len(buf))) == NULL) 126 return NULL; 127 if (sshbuf_set_parent(ret, buf) != 0) { 128 sshbuf_free(ret); 129 return NULL; 130 } 131 return ret; 132 } 133 134 void 135 sshbuf_init(struct sshbuf *ret) 136 { 137 explicit_bzero(ret, sizeof(*ret)); 138 ret->alloc = SSHBUF_SIZE_INIT; 139 ret->max_size = SSHBUF_SIZE_MAX; 140 ret->readonly = 0; 141 ret->dont_free = 1; 142 ret->refcount = 1; 143 if ((ret->cd = ret->d = calloc(1, ret->alloc)) == NULL) 144 ret->alloc = 0; 145 } 146 147 void 148 sshbuf_free(struct sshbuf *buf) 149 { 150 int dont_free = 0; 151 152 if (buf == NULL) 153 return; 154 /* 155 * The following will leak on insane buffers, but this is the safest 156 * course of action - an invalid pointer or already-freed pointer may 157 * have been passed to us and continuing to scribble over memory would 158 * be bad. 159 */ 160 if (sshbuf_check_sanity(buf) != 0) 161 return; 162 /* 163 * If we are a child, the free our parent to decrement its reference 164 * count and possibly free it. 165 */ 166 sshbuf_free(buf->parent); 167 buf->parent = NULL; 168 /* 169 * If we are a parent with still-extant children, then don't free just 170 * yet. The last child's call to sshbuf_free should decrement our 171 * refcount to 0 and trigger the actual free. 172 */ 173 buf->refcount--; 174 if (buf->refcount > 0) 175 return; 176 dont_free = buf->dont_free; 177 if (!buf->readonly) { 178 explicit_bzero(buf->d, buf->alloc); 179 free(buf->d); 180 } 181 explicit_bzero(buf, sizeof(*buf)); 182 if (!dont_free) 183 free(buf); 184 } 185 186 void 187 sshbuf_reset(struct sshbuf *buf) 188 { 189 u_char *d; 190 191 if (buf->readonly || buf->refcount > 1) { 192 /* Nonsensical. Just make buffer appear empty */ 193 buf->off = buf->size; 194 return; 195 } 196 if (sshbuf_check_sanity(buf) == 0) 197 explicit_bzero(buf->d, buf->alloc); 198 buf->off = buf->size = 0; 199 if (buf->alloc != SSHBUF_SIZE_INIT) { 200 if ((d = realloc(buf->d, SSHBUF_SIZE_INIT)) != NULL) { 201 buf->cd = buf->d = d; 202 buf->alloc = SSHBUF_SIZE_INIT; 203 } 204 } 205 } 206 207 size_t 208 sshbuf_max_size(const struct sshbuf *buf) 209 { 210 return buf->max_size; 211 } 212 213 size_t 214 sshbuf_alloc(const struct sshbuf *buf) 215 { 216 return buf->alloc; 217 } 218 219 const struct sshbuf * 220 sshbuf_parent(const struct sshbuf *buf) 221 { 222 return buf->parent; 223 } 224 225 u_int 226 sshbuf_refcount(const struct sshbuf *buf) 227 { 228 return buf->refcount; 229 } 230 231 int 232 sshbuf_set_max_size(struct sshbuf *buf, size_t max_size) 233 { 234 size_t rlen; 235 u_char *dp; 236 int r; 237 238 SSHBUF_DBG(("set max buf = %p len = %zu", buf, max_size)); 239 if ((r = sshbuf_check_sanity(buf)) != 0) 240 return r; 241 if (max_size == buf->max_size) 242 return 0; 243 if (buf->readonly || buf->refcount > 1) 244 return SSH_ERR_BUFFER_READ_ONLY; 245 if (max_size > SSHBUF_SIZE_MAX) 246 return SSH_ERR_NO_BUFFER_SPACE; 247 /* pack and realloc if necessary */ 248 sshbuf_maybe_pack(buf, max_size < buf->size); 249 if (max_size < buf->alloc && max_size > buf->size) { 250 if (buf->size < SSHBUF_SIZE_INIT) 251 rlen = SSHBUF_SIZE_INIT; 252 else 253 rlen = roundup(buf->size, SSHBUF_SIZE_INC); 254 if (rlen > max_size) 255 rlen = max_size; 256 explicit_bzero(buf->d + buf->size, buf->alloc - buf->size); 257 SSHBUF_DBG(("new alloc = %zu", rlen)); 258 if ((dp = realloc(buf->d, rlen)) == NULL) 259 return SSH_ERR_ALLOC_FAIL; 260 buf->cd = buf->d = dp; 261 buf->alloc = rlen; 262 } 263 SSHBUF_TELL("new-max"); 264 if (max_size < buf->alloc) 265 return SSH_ERR_NO_BUFFER_SPACE; 266 buf->max_size = max_size; 267 return 0; 268 } 269 270 size_t 271 sshbuf_len(const struct sshbuf *buf) 272 { 273 if (sshbuf_check_sanity(buf) != 0) 274 return 0; 275 return buf->size - buf->off; 276 } 277 278 size_t 279 sshbuf_avail(const struct sshbuf *buf) 280 { 281 if (sshbuf_check_sanity(buf) != 0 || buf->readonly || buf->refcount > 1) 282 return 0; 283 return buf->max_size - (buf->size - buf->off); 284 } 285 286 const u_char * 287 sshbuf_ptr(const struct sshbuf *buf) 288 { 289 if (sshbuf_check_sanity(buf) != 0) 290 return NULL; 291 return buf->cd + buf->off; 292 } 293 294 u_char * 295 sshbuf_mutable_ptr(const struct sshbuf *buf) 296 { 297 if (sshbuf_check_sanity(buf) != 0 || buf->readonly || buf->refcount > 1) 298 return NULL; 299 return buf->d + buf->off; 300 } 301 302 int 303 sshbuf_check_reserve(const struct sshbuf *buf, size_t len) 304 { 305 int r; 306 307 if ((r = sshbuf_check_sanity(buf)) != 0) 308 return r; 309 if (buf->readonly || buf->refcount > 1) 310 return SSH_ERR_BUFFER_READ_ONLY; 311 SSHBUF_TELL("check"); 312 /* Check that len is reasonable and that max_size + available < len */ 313 if (len > buf->max_size || buf->max_size - len < buf->size - buf->off) 314 return SSH_ERR_NO_BUFFER_SPACE; 315 return 0; 316 } 317 318 int 319 sshbuf_reserve(struct sshbuf *buf, size_t len, u_char **dpp) 320 { 321 size_t rlen, need; 322 u_char *dp; 323 int r; 324 325 if (dpp != NULL) 326 *dpp = NULL; 327 328 SSHBUF_DBG(("reserve buf = %p len = %zu", buf, len)); 329 if ((r = sshbuf_check_reserve(buf, len)) != 0) 330 return r; 331 /* 332 * If the requested allocation appended would push us past max_size 333 * then pack the buffer, zeroing buf->off. 334 */ 335 sshbuf_maybe_pack(buf, buf->size + len > buf->max_size); 336 SSHBUF_TELL("reserve"); 337 if (len + buf->size > buf->alloc) { 338 /* 339 * Prefer to alloc in SSHBUF_SIZE_INC units, but 340 * allocate less if doing so would overflow max_size. 341 */ 342 need = len + buf->size - buf->alloc; 343 rlen = roundup(buf->alloc + need, SSHBUF_SIZE_INC); 344 SSHBUF_DBG(("need %zu initial rlen %zu", need, rlen)); 345 if (rlen > buf->max_size) 346 rlen = buf->alloc + need; 347 SSHBUF_DBG(("adjusted rlen %zu", rlen)); 348 if ((dp = realloc(buf->d, rlen)) == NULL) { 349 SSHBUF_DBG(("realloc fail")); 350 if (dpp != NULL) 351 *dpp = NULL; 352 return SSH_ERR_ALLOC_FAIL; 353 } 354 buf->alloc = rlen; 355 buf->cd = buf->d = dp; 356 if ((r = sshbuf_check_reserve(buf, len)) < 0) { 357 /* shouldn't fail */ 358 if (dpp != NULL) 359 *dpp = NULL; 360 return r; 361 } 362 } 363 dp = buf->d + buf->size; 364 buf->size += len; 365 SSHBUF_TELL("done"); 366 if (dpp != NULL) 367 *dpp = dp; 368 return 0; 369 } 370 371 int 372 sshbuf_consume(struct sshbuf *buf, size_t len) 373 { 374 int r; 375 376 SSHBUF_DBG(("len = %zu", len)); 377 if ((r = sshbuf_check_sanity(buf)) != 0) 378 return r; 379 if (len == 0) 380 return 0; 381 if (len > sshbuf_len(buf)) 382 return SSH_ERR_MESSAGE_INCOMPLETE; 383 buf->off += len; 384 SSHBUF_TELL("done"); 385 return 0; 386 } 387 388 int 389 sshbuf_consume_end(struct sshbuf *buf, size_t len) 390 { 391 int r; 392 393 SSHBUF_DBG(("len = %zu", len)); 394 if ((r = sshbuf_check_sanity(buf)) != 0) 395 return r; 396 if (len == 0) 397 return 0; 398 if (len > sshbuf_len(buf)) 399 return SSH_ERR_MESSAGE_INCOMPLETE; 400 buf->size -= len; 401 SSHBUF_TELL("done"); 402 return 0; 403 } 404 405
Indexes created Wed Mar 04 05:31:52 UTC 2026