Mercurial > dropbear
comparison packet.c @ 1062:210982935887 coverity
merge
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Mon, 02 Mar 2015 21:17:41 +0800 |
| parents | 16584026a1f0 |
| children | 686cd3e8e13e |
comparison
equal
deleted
inserted
replaced
| 1052:e40d1b63b6a6 | 1062:210982935887 |
|---|---|
| 255 ((len - macsize) % blocksize != 0)) { | 255 ((len - macsize) % blocksize != 0)) { |
| 256 dropbear_exit("Integrity error (bad packet size %u)", len); | 256 dropbear_exit("Integrity error (bad packet size %u)", len); |
| 257 } | 257 } |
| 258 | 258 |
| 259 if (len > ses.readbuf->size) { | 259 if (len > ses.readbuf->size) { |
| 260 buf_resize(ses.readbuf, len); | 260 ses.readbuf = buf_resize(ses.readbuf, len); |
| 261 } | 261 } |
| 262 buf_setlen(ses.readbuf, len); | 262 buf_setlen(ses.readbuf, len); |
| 263 buf_setpos(ses.readbuf, blocksize); | 263 buf_setpos(ses.readbuf, blocksize); |
| 264 return DROPBEAR_SUCCESS; | 264 return DROPBEAR_SUCCESS; |
| 265 } | 265 } |
| 312 | 312 |
| 313 #ifndef DISABLE_ZLIB | 313 #ifndef DISABLE_ZLIB |
| 314 if (is_compress_recv()) { | 314 if (is_compress_recv()) { |
| 315 /* decompress */ | 315 /* decompress */ |
| 316 ses.payload = buf_decompress(ses.readbuf, len); | 316 ses.payload = buf_decompress(ses.readbuf, len); |
| 317 buf_setpos(ses.payload, 0); | |
| 318 ses.payload_beginning = 0; | |
| 319 buf_free(ses.readbuf); | |
| 317 } else | 320 } else |
| 318 #endif | 321 #endif |
| 319 { | 322 { |
| 323 ses.payload = ses.readbuf; | |
| 324 ses.payload_beginning = ses.payload->pos; | |
| 325 buf_setlen(ses.payload, ses.payload->pos + len); | |
| 320 /* copy payload */ | 326 /* copy payload */ |
| 321 ses.payload = buf_new(len); | 327 //ses.payload = buf_new(len); |
| 322 memcpy(ses.payload->data, buf_getptr(ses.readbuf, len), len); | 328 //memcpy(ses.payload->data, buf_getptr(ses.readbuf, len), len); |
| 323 buf_incrlen(ses.payload, len); | 329 //buf_incrlen(ses.payload, len); |
| 324 } | 330 } |
| 325 | |
| 326 buf_free(ses.readbuf); | |
| 327 ses.readbuf = NULL; | 331 ses.readbuf = NULL; |
| 328 buf_setpos(ses.payload, 0); | |
| 329 | 332 |
| 330 ses.recvseq++; | 333 ses.recvseq++; |
| 331 | 334 |
| 332 TRACE2(("leave decrypt_packet")) | 335 TRACE2(("leave decrypt_packet")) |
| 333 } | 336 } |
| 396 /* Already been increased as large as it can go, | 399 /* Already been increased as large as it can go, |
| 397 * yet didn't finish up the decompression */ | 400 * yet didn't finish up the decompression */ |
| 398 dropbear_exit("bad packet, oversized decompressed"); | 401 dropbear_exit("bad packet, oversized decompressed"); |
| 399 } | 402 } |
| 400 new_size = MIN(RECV_MAX_PAYLOAD_LEN, ret->size + ZLIB_DECOMPRESS_INCR); | 403 new_size = MIN(RECV_MAX_PAYLOAD_LEN, ret->size + ZLIB_DECOMPRESS_INCR); |
| 401 buf_resize(ret, new_size); | 404 ret = buf_resize(ret, new_size); |
| 402 } | 405 } |
| 403 } | 406 } |
| 404 } | 407 } |
| 405 #endif | 408 #endif |
| 406 | 409 |
| 635 TRACE2(("leave writemac")) | 638 TRACE2(("leave writemac")) |
| 636 } | 639 } |
| 637 | 640 |
| 638 #ifndef DISABLE_ZLIB | 641 #ifndef DISABLE_ZLIB |
| 639 /* compresses len bytes from src, outputting to dest (starting from the | 642 /* compresses len bytes from src, outputting to dest (starting from the |
| 640 * respective current positions. */ | 643 * respective current positions. dest must have sufficient space, |
| 644 * len+ZLIB_COMPRESS_EXPANSION */ | |
| 641 static void buf_compress(buffer * dest, buffer * src, unsigned int len) { | 645 static void buf_compress(buffer * dest, buffer * src, unsigned int len) { |
| 642 | 646 |
| 643 unsigned int endpos = src->pos + len; | 647 unsigned int endpos = src->pos + len; |
| 644 int result; | 648 int result; |
| 645 | 649 |
| 646 TRACE2(("enter buf_compress")) | 650 TRACE2(("enter buf_compress")) |
| 647 | 651 |
| 648 while (1) { | 652 dropbear_assert(dest->size - dest->pos >= len+ZLIB_COMPRESS_EXPANSION); |
| 649 | 653 |
| 650 ses.keys->trans.zstream->avail_in = endpos - src->pos; | 654 ses.keys->trans.zstream->avail_in = endpos - src->pos; |
| 651 ses.keys->trans.zstream->next_in = | 655 ses.keys->trans.zstream->next_in = |
| 652 buf_getptr(src, ses.keys->trans.zstream->avail_in); | 656 buf_getptr(src, ses.keys->trans.zstream->avail_in); |
| 653 | 657 |
| 654 ses.keys->trans.zstream->avail_out = dest->size - dest->pos; | 658 ses.keys->trans.zstream->avail_out = dest->size - dest->pos; |
| 655 ses.keys->trans.zstream->next_out = | 659 ses.keys->trans.zstream->next_out = |
| 656 buf_getwriteptr(dest, ses.keys->trans.zstream->avail_out); | 660 buf_getwriteptr(dest, ses.keys->trans.zstream->avail_out); |
| 657 | 661 |
| 658 result = deflate(ses.keys->trans.zstream, Z_SYNC_FLUSH); | 662 result = deflate(ses.keys->trans.zstream, Z_SYNC_FLUSH); |
| 659 | 663 |
| 660 buf_setpos(src, endpos - ses.keys->trans.zstream->avail_in); | 664 buf_setpos(src, endpos - ses.keys->trans.zstream->avail_in); |
| 661 buf_setlen(dest, dest->size - ses.keys->trans.zstream->avail_out); | 665 buf_setlen(dest, dest->size - ses.keys->trans.zstream->avail_out); |
| 662 buf_setpos(dest, dest->len); | 666 buf_setpos(dest, dest->len); |
| 663 | 667 |
| 664 if (result != Z_OK) { | 668 if (result != Z_OK) { |
| 665 dropbear_exit("zlib error"); | 669 dropbear_exit("zlib error"); |
| 666 } | 670 } |
| 667 | 671 |
| 668 if (ses.keys->trans.zstream->avail_in == 0) { | 672 /* fails if destination buffer wasn't large enough */ |
| 669 break; | 673 dropbear_assert(ses.keys->trans.zstream->avail_in == 0); |
| 670 } | |
| 671 | |
| 672 dropbear_assert(ses.keys->trans.zstream->avail_out == 0); | |
| 673 | |
| 674 /* the buffer has been filled, we must extend. This only happens in | |
| 675 * unusual circumstances where the data grows in size after deflate(), | |
| 676 * but it is possible */ | |
| 677 buf_resize(dest, dest->size + ZLIB_COMPRESS_EXPANSION); | |
| 678 | |
| 679 } | |
| 680 TRACE2(("leave buf_compress")) | 674 TRACE2(("leave buf_compress")) |
| 681 } | 675 } |
| 682 #endif | 676 #endif |