Mercurial > dropbear

comparison buffer.c @ 4:fe6bca95afa7

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Makefile.in contains updated files required
author Matt Johnston <matt@ucc.asn.au>
date Tue, 01 Jun 2004 02:46:09 +0000
parents
children b0316ce64e4b
comparison
equal deleted inserted replaced
-1:000000000000 4:fe6bca95afa7
1 /*
2 * Dropbear - a SSH2 server
3 *
4 * Copyright (c) 2002,2003 Matt Johnston
5 * All rights reserved.
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23 * SOFTWARE. */
24
25 /* Buffer handling routines, designed to avoid overflows/using invalid data */
26
27 #include "includes.h"
28 #include "dbutil.h"
29 #include "buffer.h"
30
31 /* Prevent integer overflows when incrementing buffer position/length.
32 * Calling functions should check arguments first, but this provides a
33 * backstop */
34 #define BUF_MAX_INCR 1000000000
35 #define BUF_MAX_SIZE 1000000000
36
37 /* avoid excessively large numbers, > 5000 bit */
38 #define BUF_MAX_MPINT (5000 / 8)
39
40 /* Create (malloc) a new buffer of size */
41 buffer* buf_new(unsigned int size) {
42
43 buffer* buf;
44
45 if (size > BUF_MAX_SIZE) {
46 dropbear_exit("buf->size too big");
47 }
48
49 buf = (buffer*)m_malloc(sizeof(buffer));
50
51 if (size > 0) {
52 buf->data = (unsigned char*)m_malloc(size);
53 } else {
54 buf->data = NULL;
55 }
56
57 buf->size = size;
58 buf->pos = 0;
59 buf->len = 0;
60
61 return buf;
62
63 }
64
65 /* free the buffer's data and the buffer itself */
66 void buf_free(buffer* buf) {
67
68 m_free(buf->data)
69 m_free(buf);
70 }
71
72 /* overwrite the contents of the buffer to clear it */
73 void buf_burn(buffer* buf) {
74
75 m_burn(buf->data, buf->size);
76
77 }
78
79 /* resize a buffer, pos and len will be repositioned if required */
80 void buf_resize(buffer *buf, unsigned int newsize) {
81
82 if (newsize > BUF_MAX_SIZE) {
83 dropbear_exit("buf->size too big");
84 }
85
86 buf->data = m_realloc(buf->data, newsize);
87 buf->size = newsize;
88 buf->len = MIN(newsize, buf->len);
89 buf->pos = MIN(newsize, buf->pos);
90
91 }
92
93 /* Create a copy of buf, allocating required memory etc. */
94 /* The new buffer is sized the same as the length of the source buffer. */
95 buffer* buf_newcopy(buffer* buf) {
96
97 buffer* ret;
98
99 ret = buf_new(buf->len);
100 ret->len = buf->len;
101 memcpy(ret->data, buf->data, buf->len);
102 return ret;
103 }
104
105 /* Set the length of the buffer */
106 void buf_setlen(buffer* buf, unsigned int len) {
107 if (len > buf->size) {
108 dropbear_exit("bad buf_setlen");
109 }
110 buf->len = len;
111 }
112
113 /* Increment the length of the buffer */
114 void buf_incrlen(buffer* buf, unsigned int incr) {
115 if (incr > BUF_MAX_INCR || buf->len + incr > buf->size) {
116 dropbear_exit("bad buf_incrlen");
117 }
118 buf->len += incr;
119 }
120 /* Set the position of the buffer */
121 void buf_setpos(buffer* buf, unsigned int pos) {
122
123 if (pos > buf->len) {
124 dropbear_exit("bad buf_setpos");
125 }
126 buf->pos = pos;
127 }
128
129 /* increment the postion by incr, increasing the buffer length if required */
130 void buf_incrwritepos(buffer* buf, unsigned int incr) {
131 if (incr > BUF_MAX_INCR || buf->pos + incr > buf->size) {
132 dropbear_exit("bad buf_incrwritepos");
133 }
134 buf->pos += incr;
135 if (buf->pos > buf->len) {
136 buf->len = buf->pos;
137 }
138 }
139
140 /* increment the position by incr, negative values are allowed, to
141 * decrement the pos*/
142 void buf_incrpos(buffer* buf, int incr) {
143 if (incr > BUF_MAX_INCR ||
144 (unsigned int)((int)buf->pos + incr) > buf->len
145 || ((int)buf->pos + incr) < 0) {
146 dropbear_exit("bad buf_incrpos");
147 }
148 buf->pos += incr;
149 }
150
151 /* Get a byte from the buffer and increment the pos */
152 unsigned char buf_getbyte(buffer* buf) {
153
154 if (buf->pos >= buf->len) {
155 dropbear_exit("bad buf_getbyte");
156 }
157 return buf->data[buf->pos++];
158 }
159
160 /* put a byte, incrementing the length if required */
161 void buf_putbyte(buffer* buf, unsigned char val) {
162
163 if (buf->pos >= buf->len) {
164 buf_incrlen(buf, 1);
165 }
166 buf->data[buf->pos] = val;
167 buf->pos++;
168 }
169
170 /* returns an in-place pointer to the buffer, checking that
171 * the next len bytes from that position can be used */
172 unsigned char* buf_getptr(buffer* buf, unsigned int len) {
173
174 if (buf->pos + len > buf->len) {
175 dropbear_exit("bad buf_getptr");
176 }
177 return &buf->data[buf->pos];
178 }
179
180 /* like buf_getptr, but checks against total size, not used length.
181 * This allows writing past the used length, but not past the size */
182 unsigned char* buf_getwriteptr(buffer* buf, unsigned int len) {
183
184 if (buf->pos + len > buf->size) {
185 dropbear_exit("bad buf_getwriteptr");
186 }
187 return &buf->data[buf->pos];
188 }
189
190 /* Return a null-terminated string, it is malloced, so must be free()ed
191 * Note that the string isn't checked for null bytes, hence the retlen
192 * may be longer than what is returned by strlen */
193 unsigned char* buf_getstring(buffer* buf, unsigned int *retlen) {
194
195 unsigned int len;
196 unsigned char* ret;
197 len = buf_getint(buf);
198 if (len > MAX_STRING_LEN) {
199 dropbear_exit("string too long");
200 }
201
202 if (retlen != NULL) {
203 *retlen = len;
204 }
205 ret = m_malloc(len+1);
206 memcpy(ret, buf_getptr(buf, len), len);
207 buf_incrpos(buf, len);
208 ret[len] = '\0';
209
210 return ret;
211 }
212
213 /* Just increment the buffer position the same as if we'd used buf_getstring,
214 * but don't bother copying/malloc()ing for it */
215 void buf_eatstring(buffer *buf) {
216
217 buf_incrpos( buf, buf_getint(buf) );
218 }
219
220 /* Get an uint32 from the buffer and increment the pos */
221 unsigned int buf_getint(buffer* buf) {
222 unsigned int ret;
223
224 LOAD32H(ret, buf_getptr(buf, 4));
225 buf_incrpos(buf, 4);
226 return ret;
227 }
228
229 /* put a 32bit uint into the buffer, incr bufferlen & pos if required */
230 void buf_putint(buffer* buf, int unsigned val) {
231
232 STORE32H(val, buf_getwriteptr(buf, 4));
233 buf_incrwritepos(buf, 4);
234
235 }
236
237 /* put a SSH style string into the buffer, increasing buffer len if required */
238 void buf_putstring(buffer* buf, const unsigned char* str, unsigned int len) {
239
240 buf_putint(buf, len);
241 buf_putbytes(buf, str, len);
242
243 }
244
245 /* put the set of len bytes into the buffer, incrementing the pos, increasing
246 * len if required */
247 void buf_putbytes(buffer *buf, const unsigned char *bytes, unsigned int len) {
248 memcpy(buf_getwriteptr(buf, len), bytes, len);
249 buf_incrwritepos(buf, len);
250 }
251
252
253 /* for our purposes we only need positive (or 0) numbers, so will
254 * fail if we get negative numbers */
255 void buf_putmpint(buffer* buf, mp_int * mp) {
256
257 unsigned int len, pad = 0;
258 TRACE(("enter buf_putmpint"));
259
260 assert(mp != NULL);
261
262 if (SIGN(mp) == MP_NEG) {
263 dropbear_exit("negative bignum");
264 }
265
266 /* zero check */
267 if (USED(mp) == 1 && DIGIT(mp, 0) == 0) {
268 len = 0;
269 } else {
270 /* SSH spec requires padding for mpints with the MSB set, this code
271 * implements it */
272 len = mp_count_bits(mp);
273 /* if the top bit of MSB is set, we need to pad */
274 pad = (len%8 == 0) ? 1 : 0;
275 len = len / 8 + 1; /* don't worry about rounding, we need it for
276 padding anyway when len%8 == 0 */
277
278 }
279
280 /* store the length */
281 buf_putint(buf, len);
282
283 /* store the actual value */
284 if (len > 0) {
285 if (pad) {
286 buf_putbyte(buf, 0x00);
287 }
288 if (mp_to_unsigned_bin(mp, buf_getwriteptr(buf, len-pad)) != MP_OKAY) {
289 dropbear_exit("mpint error");
290 }
291 buf_incrwritepos(buf, len-pad);
292 }
293
294 TRACE(("leave buf_putmpint"));
295 }
296
297 /* Retrieve an mp_int from the buffer.
298 * Will fail for -ve since they shouldn't be required here.
299 * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
300 int buf_getmpint(buffer* buf, mp_int* mp) {
301
302 unsigned int len;
303 len = buf_getint(buf);
304
305 if (len == 0) {
306 mp_zero(mp);
307 return DROPBEAR_SUCCESS;
308 }
309
310 if (len > BUF_MAX_MPINT) {
311 return DROPBEAR_FAILURE;
312 }
313
314 /* check for negative */
315 if (*buf_getptr(buf, 1) & (1 << (CHAR_BIT-1))) {
316 return DROPBEAR_FAILURE;
317 }
318
319 if (mp_read_unsigned_bin(mp, buf_getptr(buf, len), len) != MP_OKAY) {
320 return DROPBEAR_FAILURE;
321 }
322
323 buf_incrpos(buf, len);
324 return DROPBEAR_SUCCESS;
325 }