From 025f752c90a75a25b04ccd2bae134ff2f4905c20 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 20 Sep 2012 20:53:54 +1000 Subject: [PATCH] convert sftp* to new buffer API --- ssh/sftp-client.c | 676 +++++++++++++++++++++++++++------------------- ssh/sftp-common.c | 97 ++++--- ssh/sftp-common.h | 5 +- ssh/sftp-glob.c | 1 - ssh/sftp-server.c | 570 +++++++++++++++++++++----------------- ssh/sftp.c | 3 +- 6 files changed, 790 insertions(+), 562 deletions(-) diff --git a/ssh/sftp-client.c b/ssh/sftp-client.c index fa99918..81dc479 100644 --- a/ssh/sftp-client.c +++ b/ssh/sftp-client.c @@ -39,7 +39,8 @@ #include #include "xmalloc.h" -#include "buffer.h" +#include "err.h" +#include "sshbuf.h" #include "log.h" #include "atomicio.h" #include "progressmeter.h" @@ -75,7 +76,7 @@ struct sftp_conn { }; static char * -get_handle(struct sftp_conn *conn, u_int expected_id, u_int *len, +get_handle(struct sftp_conn *conn, u_int expected_id, size_t *len, const char *errfmt, ...) __attribute__((format(printf, 4, 5))); /* ARGSUSED */ @@ -89,36 +90,39 @@ sftpio(void *_bwlimit, size_t amount) } static void -send_msg(struct sftp_conn *conn, Buffer *m) +send_msg(struct sftp_conn *conn, struct sshbuf *m) { u_char mlen[4]; struct iovec iov[2]; - if (buffer_len(m) > SFTP_MAX_MSG_LENGTH) - fatal("Outbound message too long %u", buffer_len(m)); + if (sshbuf_len(m) > SFTP_MAX_MSG_LENGTH) + fatal("Outbound message too long %zu", sshbuf_len(m)); /* Send length first */ - put_u32(mlen, buffer_len(m)); + put_u32(mlen, sshbuf_len(m)); iov[0].iov_base = mlen; iov[0].iov_len = sizeof(mlen); - iov[1].iov_base = buffer_ptr(m); - iov[1].iov_len = buffer_len(m); + iov[1].iov_base = sshbuf_ptr(m); + iov[1].iov_len = sshbuf_len(m); if (atomiciov6(writev, conn->fd_out, iov, 2, conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_out) != - buffer_len(m) + sizeof(mlen)) + sshbuf_len(m) + sizeof(mlen)) fatal("Couldn't send packet: %s", strerror(errno)); - buffer_clear(m); + sshbuf_reset(m); } static void -get_msg(struct sftp_conn *conn, Buffer *m) +get_msg(struct sftp_conn *conn, struct sshbuf *m) { u_int msg_len; + u_char *p; + int r; - buffer_append_space(m, 4); - if (atomicio6(read, conn->fd_in, buffer_ptr(m), 4, + if ((r = sshbuf_reserve(m, 4, &p)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (atomicio6(read, conn->fd_in, p, 4, conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_in) != 4) { if (errno == EPIPE) fatal("Connection closed"); @@ -126,12 +130,14 @@ get_msg(struct sftp_conn *conn, Buffer *m) fatal("Couldn't read packet: %s", strerror(errno)); } - msg_len = buffer_get_int(m); + if ((r = sshbuf_get_u32(m, &msg_len)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (msg_len > SFTP_MAX_MSG_LENGTH) fatal("Received message too long %u", msg_len); - buffer_append_space(m, msg_len); - if (atomicio6(read, conn->fd_in, buffer_ptr(m), msg_len, + if ((r = sshbuf_reserve(m, msg_len, &p)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (atomicio6(read, conn->fd_in, p, msg_len, conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_in) != msg_len) { if (errno == EPIPE) @@ -145,43 +151,53 @@ static void send_string_request(struct sftp_conn *conn, u_int id, u_int code, char *s, u_int len) { - Buffer msg; + struct sshbuf *msg; + int r; - buffer_init(&msg); - buffer_put_char(&msg, code); - buffer_put_int(&msg, id); - buffer_put_string(&msg, s, len); - send_msg(conn, &msg); + if ((msg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_u8(msg, code)) != 0 || + (r = sshbuf_put_u32(msg, id)) != 0 || + (r = sshbuf_put_string(msg, s, len)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + send_msg(conn, msg); debug3("Sent message fd %d T:%u I:%u", conn->fd_out, code, id); - buffer_free(&msg); + sshbuf_free(msg); } static void send_string_attrs_request(struct sftp_conn *conn, u_int id, u_int code, char *s, u_int len, Attrib *a) { - Buffer msg; + struct sshbuf *msg; + int r; - buffer_init(&msg); - buffer_put_char(&msg, code); - buffer_put_int(&msg, id); - buffer_put_string(&msg, s, len); - encode_attrib(&msg, a); - send_msg(conn, &msg); + if ((msg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_u8(msg, code)) != 0 || + (r = sshbuf_put_u32(msg, id)) != 0 || + (r = sshbuf_put_string(msg, s, len)) != 0 || + (r = encode_attrib(msg, a)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + send_msg(conn, msg); debug3("Sent message fd %d T:%u I:%u", conn->fd_out, code, id); - buffer_free(&msg); + sshbuf_free(msg); } static u_int get_status(struct sftp_conn *conn, u_int expected_id) { - Buffer msg; - u_int type, id, status; + struct sshbuf *msg; + u_char type; + u_int id, status; + int r; - buffer_init(&msg); - get_msg(conn, &msg); - type = buffer_get_char(&msg); - id = buffer_get_int(&msg); + if ((msg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + get_msg(conn, msg); + if ((r = sshbuf_get_u8(msg, &type)) != 0 || + (r = sshbuf_get_u32(msg, &id)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (id != expected_id) fatal("ID mismatch (%u != %u)", id, expected_id); @@ -189,8 +205,9 @@ get_status(struct sftp_conn *conn, u_int expected_id) fatal("Expected SSH2_FXP_STATUS(%u) packet, got %u", SSH2_FXP_STATUS, type); - status = buffer_get_int(&msg); - buffer_free(&msg); + if ((r = sshbuf_get_u32(msg, &status)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + sshbuf_free(msg); debug3("SSH2_FXP_STATUS %u", status); @@ -198,103 +215,126 @@ get_status(struct sftp_conn *conn, u_int expected_id) } static char * -get_handle(struct sftp_conn *conn, u_int expected_id, u_int *len, +get_handle(struct sftp_conn *conn, u_int expected_id, size_t *len, const char *errfmt, ...) { - Buffer msg; - u_int type, id; - char *handle, errmsg[256]; + struct sshbuf *msg; + u_int id; + u_char type; + u_char *handle; + char errmsg[256]; va_list args; - int status; + int r, status; va_start(args, errfmt); if (errfmt != NULL) vsnprintf(errmsg, sizeof(errmsg), errfmt, args); va_end(args); - buffer_init(&msg); - get_msg(conn, &msg); - type = buffer_get_char(&msg); - id = buffer_get_int(&msg); + if ((msg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + get_msg(conn, msg); + if ((r = sshbuf_get_u8(msg, &type)) != 0 || + (r = sshbuf_get_u32(msg, &id)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (id != expected_id) fatal("%s: ID mismatch (%u != %u)", errfmt == NULL ? __func__ : errmsg, id, expected_id); if (type == SSH2_FXP_STATUS) { - status = buffer_get_int(&msg); + if ((r = sshbuf_get_u32(msg, &status)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (errfmt != NULL) error("%s: %s", errmsg, fx2txt(status)); - buffer_free(&msg); + sshbuf_free(msg); return(NULL); } else if (type != SSH2_FXP_HANDLE) fatal("%s: Expected SSH2_FXP_HANDLE(%u) packet, got %u", errfmt == NULL ? __func__ : errmsg, SSH2_FXP_HANDLE, type); - handle = buffer_get_string(&msg, len); - buffer_free(&msg); + if ((r = sshbuf_get_string(msg, &handle, len)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + sshbuf_free(msg); - return(handle); + return handle; } static Attrib * get_decode_stat(struct sftp_conn *conn, u_int expected_id, int quiet) { - Buffer msg; - u_int type, id; - Attrib *a; + struct sshbuf *msg; + u_int id; + u_char type; + int r; + static Attrib a; - buffer_init(&msg); - get_msg(conn, &msg); + if ((msg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + get_msg(conn, msg); - type = buffer_get_char(&msg); - id = buffer_get_int(&msg); + if ((r = sshbuf_get_u8(msg, &type)) != 0 || + (r = sshbuf_get_u32(msg, &id)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); debug3("Received stat reply T:%u I:%u", type, id); if (id != expected_id) fatal("ID mismatch (%u != %u)", id, expected_id); if (type == SSH2_FXP_STATUS) { - int status = buffer_get_int(&msg); + u_int status; + if ((r = sshbuf_get_u32(msg, &status)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (quiet) debug("Couldn't stat remote file: %s", fx2txt(status)); else error("Couldn't stat remote file: %s", fx2txt(status)); - buffer_free(&msg); + sshbuf_free(msg); return(NULL); } else if (type != SSH2_FXP_ATTRS) { fatal("Expected SSH2_FXP_ATTRS(%u) packet, got %u", SSH2_FXP_ATTRS, type); } - a = decode_attrib(&msg); - buffer_free(&msg); + if ((r = decode_attrib(msg, &a)) != 0) { + error("%s: couldn't decode attrib: %s", __func__, ssh_err(r)); + sshbuf_free(msg); + return NULL; + } + sshbuf_free(msg); - return(a); + return &a; } static int get_decode_statvfs(struct sftp_conn *conn, struct sftp_statvfs *st, u_int expected_id, int quiet) { - Buffer msg; - u_int type, id, flag; + struct sshbuf *msg; + u_char type; + u_int id; + u_int64_t flag; + int r; - buffer_init(&msg); - get_msg(conn, &msg); + if ((msg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + get_msg(conn, msg); - type = buffer_get_char(&msg); - id = buffer_get_int(&msg); + if ((r = sshbuf_get_u8(msg, &type)) != 0 || + (r = sshbuf_get_u32(msg, &id)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); debug3("Received statvfs reply T:%u I:%u", type, id); if (id != expected_id) fatal("ID mismatch (%u != %u)", id, expected_id); if (type == SSH2_FXP_STATUS) { - int status = buffer_get_int(&msg); + u_int status; + if ((r = sshbuf_get_u32(msg, &status)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (quiet) debug("Couldn't statvfs: %s", fx2txt(status)); else error("Couldn't statvfs: %s", fx2txt(status)); - buffer_free(&msg); + sshbuf_free(msg); return -1; } else if (type != SSH2_FXP_EXTENDED_REPLY) { fatal("Expected SSH2_FXP_EXTENDED_REPLY(%u) packet, got %u", @@ -302,22 +342,23 @@ get_decode_statvfs(struct sftp_conn *conn, struct sftp_statvfs *st, } bzero(st, sizeof(*st)); - st->f_bsize = buffer_get_int64(&msg); - st->f_frsize = buffer_get_int64(&msg); - st->f_blocks = buffer_get_int64(&msg); - st->f_bfree = buffer_get_int64(&msg); - st->f_bavail = buffer_get_int64(&msg); - st->f_files = buffer_get_int64(&msg); - st->f_ffree = buffer_get_int64(&msg); - st->f_favail = buffer_get_int64(&msg); - st->f_fsid = buffer_get_int64(&msg); - flag = buffer_get_int64(&msg); - st->f_namemax = buffer_get_int64(&msg); + if ((r = sshbuf_get_u64(msg, &st->f_bsize)) == 0 || + (r = sshbuf_get_u64(msg, &st->f_frsize)) == 0 || + (r = sshbuf_get_u64(msg, &st->f_blocks)) == 0 || + (r = sshbuf_get_u64(msg, &st->f_bfree)) == 0 || + (r = sshbuf_get_u64(msg, &st->f_bavail)) == 0 || + (r = sshbuf_get_u64(msg, &st->f_files)) == 0 || + (r = sshbuf_get_u64(msg, &st->f_ffree)) == 0 || + (r = sshbuf_get_u64(msg, &st->f_favail)) == 0 || + (r = sshbuf_get_u64(msg, &st->f_fsid)) == 0 || + (r = sshbuf_get_u64(msg, &flag)) == 0 || + (r = sshbuf_get_u64(msg, &st->f_namemax)) == 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); st->f_flag = (flag & SSH2_FXE_STATVFS_ST_RDONLY) ? ST_RDONLY : 0; st->f_flag |= (flag & SSH2_FXE_STATVFS_ST_NOSUID) ? ST_NOSUID : 0; - buffer_free(&msg); + sshbuf_free(msg); return 0; } @@ -326,9 +367,10 @@ struct sftp_conn * do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests, u_int64_t limit_kbps) { - u_int type; - Buffer msg; + u_char type; + struct sshbuf *msg; struct sftp_conn *ret; + int r; ret = xmalloc(sizeof(*ret)); ret->fd_in = fd_in; @@ -338,32 +380,41 @@ do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests, ret->exts = 0; ret->limit_kbps = 0; - buffer_init(&msg); - buffer_put_char(&msg, SSH2_FXP_INIT); - buffer_put_int(&msg, SSH2_FILEXFER_VERSION); - send_msg(ret, &msg); + if ((msg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_u8(msg, SSH2_FXP_INIT)) != 0 || + (r = sshbuf_put_u32(msg, SSH2_FILEXFER_VERSION)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + send_msg(ret, msg); - buffer_clear(&msg); + sshbuf_reset(msg); - get_msg(ret, &msg); + get_msg(ret, msg); /* Expecting a VERSION reply */ - if ((type = buffer_get_char(&msg)) != SSH2_FXP_VERSION) { + if ((r = sshbuf_get_u8(msg, &type)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (type != SSH2_FXP_VERSION) { error("Invalid packet back from SSH2_FXP_INIT (type %u)", type); - buffer_free(&msg); + sshbuf_free(msg); return(NULL); } - ret->version = buffer_get_int(&msg); + if ((r = sshbuf_get_u32(msg, &ret->version)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); debug2("Remote version: %u", ret->version); /* Check for extensions */ - while (buffer_len(&msg) > 0) { - char *name = buffer_get_string(&msg, NULL); - char *value = buffer_get_string(&msg, NULL); + while (sshbuf_len(msg) > 0) { + char *name; + u_char *value; + size_t vlen; int known = 0; + if ((r = sshbuf_get_cstring(msg, &name, NULL)) != 0 || + (r = sshbuf_get_string(msg, &value, &vlen)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (strcmp(name, "posix-rename@openssh.com") == 0 && strcmp(value, "1") == 0) { ret->exts |= SFTP_EXT_POSIX_RENAME; @@ -391,7 +442,7 @@ do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests, xfree(value); } - buffer_free(&msg); + sshbuf_free(msg); /* Some filexfer v.0 servers don't support large packets */ if (ret->version == 0) @@ -418,22 +469,25 @@ int do_close(struct sftp_conn *conn, char *handle, u_int handle_len) { u_int id, status; - Buffer msg; + struct sshbuf *msg; + int r; - buffer_init(&msg); + if ((msg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); id = conn->msg_id++; - buffer_put_char(&msg, SSH2_FXP_CLOSE); - buffer_put_int(&msg, id); - buffer_put_string(&msg, handle, handle_len); - send_msg(conn, &msg); + if ((r = sshbuf_put_u8(msg, SSH2_FXP_CLOSE)) != 0 || + (r = sshbuf_put_u32(msg, id)) != 0 || + (r = sshbuf_put_string(msg, handle, handle_len)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + send_msg(conn, msg); debug3("Sent message SSH2_FXP_CLOSE I:%u", id); status = get_status(conn, id); if (status != SSH2_FX_OK) error("Couldn't close file: %s", fx2txt(status)); - buffer_free(&msg); + sshbuf_free(msg); return status; } @@ -443,22 +497,27 @@ static int do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, SFTP_DIRENT ***dir) { - Buffer msg; - u_int count, type, id, handle_len, i, expected_id, ents = 0; + struct sshbuf *msg; + u_int count, id, i, expected_id, ents = 0; + size_t handle_len; char *handle; + int r; + u_char type; id = conn->msg_id++; - buffer_init(&msg); - buffer_put_char(&msg, SSH2_FXP_OPENDIR); - buffer_put_int(&msg, id); - buffer_put_cstring(&msg, path); - send_msg(conn, &msg); + if ((msg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_u8(msg, SSH2_FXP_OPENDIR)) != 0 || + (r = sshbuf_put_u32(msg, id)) != 0 || + (r = sshbuf_put_cstring(msg, path)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + send_msg(conn, msg); handle = get_handle(conn, id, &handle_len, "remote readdir(\"%s\")", path); if (handle == NULL) { - buffer_free(&msg); + sshbuf_free(msg); return -1; } @@ -473,18 +532,20 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, debug3("Sending SSH2_FXP_READDIR I:%u", id); - buffer_clear(&msg); - buffer_put_char(&msg, SSH2_FXP_READDIR); - buffer_put_int(&msg, id); - buffer_put_string(&msg, handle, handle_len); - send_msg(conn, &msg); + sshbuf_reset(msg); + if ((r = sshbuf_put_u8(msg, SSH2_FXP_READDIR)) != 0 || + (r = sshbuf_put_u32(msg, id)) != 0 || + (r = sshbuf_put_string(msg, handle, handle_len)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + send_msg(conn, msg); - buffer_clear(&msg); + sshbuf_reset(msg); - get_msg(conn, &msg); + get_msg(conn, msg); - type = buffer_get_char(&msg); - id = buffer_get_int(&msg); + if ((r = sshbuf_get_u8(msg, &type)) != 0 || + (r = sshbuf_get_u32(msg, &id)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); debug3("Received reply T:%u I:%u", type, id); @@ -492,8 +553,11 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, fatal("ID mismatch (%u != %u)", id, expected_id); if (type == SSH2_FXP_STATUS) { - int status = buffer_get_int(&msg); + u_int status; + if ((r = sshbuf_get_u32(msg, &status)) != 0) + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); debug3("Received SSH2_FXP_STATUS %d", status); if (status == SSH2_FX_EOF) { @@ -503,24 +567,36 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, fx2txt(status)); do_close(conn, handle, handle_len); xfree(handle); - buffer_free(&msg); + sshbuf_free(msg); return(status); } } else if (type != SSH2_FXP_NAME) fatal("Expected SSH2_FXP_NAME(%u) packet, got %u", SSH2_FXP_NAME, type); - count = buffer_get_int(&msg); + if ((r = sshbuf_get_u32(msg, &count)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (count == 0) break; debug3("Received %d SSH2_FXP_NAME responses", count); for (i = 0; i < count; i++) { char *filename, *longname; - Attrib *a; + Attrib a; - filename = buffer_get_string(&msg, NULL); - longname = buffer_get_string(&msg, NULL); - a = decode_attrib(&msg); + if ((r = sshbuf_get_cstring(msg, &filename, + NULL)) != 0 || + (r = sshbuf_get_cstring(msg, &longname, + NULL)) != 0) + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); + if ((r = decode_attrib(msg, &a)) != 0) { + error("%s: couldn't decode attrib: %s", + __func__, ssh_err(r)); + free(filename); + free(longname); + sshbuf_free(msg); + return -1; + } if (printflag) printf("%s\n", longname); @@ -541,7 +617,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, (*dir)[ents] = xmalloc(sizeof(***dir)); (*dir)[ents]->filename = xstrdup(filename); (*dir)[ents]->longname = xstrdup(longname); - memcpy(&(*dir)[ents]->a, a, sizeof(*a)); + memcpy(&(*dir)[ents]->a, &a, sizeof(a)); (*dir)[++ents] = NULL; } next: @@ -550,7 +626,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, } } - buffer_free(&msg); + sshbuf_free(msg); do_close(conn, handle, handle_len); xfree(handle); @@ -714,48 +790,56 @@ do_fsetstat(struct sftp_conn *conn, char *handle, u_int handle_len, char * do_realpath(struct sftp_conn *conn, char *path) { - Buffer msg; - u_int type, expected_id, count, id; + struct sshbuf *msg; + u_int expected_id, count, id; char *filename, *longname; - Attrib *a; + Attrib a; + u_char type; + int r; expected_id = id = conn->msg_id++; send_string_request(conn, id, SSH2_FXP_REALPATH, path, strlen(path)); - buffer_init(&msg); + if ((msg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); - get_msg(conn, &msg); - type = buffer_get_char(&msg); - id = buffer_get_int(&msg); + get_msg(conn, msg); + if ((r = sshbuf_get_u8(msg, &type)) != 0 || + (r = sshbuf_get_u32(msg, &id)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (id != expected_id) fatal("ID mismatch (%u != %u)", id, expected_id); if (type == SSH2_FXP_STATUS) { - u_int status = buffer_get_int(&msg); + u_int status; + if ((r = sshbuf_get_u32(msg, &status)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); error("Couldn't canonicalise: %s", fx2txt(status)); - buffer_free(&msg); + sshbuf_free(msg); return NULL; } else if (type != SSH2_FXP_NAME) fatal("Expected SSH2_FXP_NAME(%u) packet, got %u", SSH2_FXP_NAME, type); - count = buffer_get_int(&msg); + if ((r = sshbuf_get_u32(msg, &count)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (count != 1) fatal("Got multiple names (%d) from SSH_FXP_REALPATH", count); - filename = buffer_get_string(&msg, NULL); - longname = buffer_get_string(&msg, NULL); - a = decode_attrib(&msg); + if ((r = sshbuf_get_cstring(msg, &filename, NULL)) != 0 || + (r = sshbuf_get_cstring(msg, &longname, NULL)) != 0 || + (r = decode_attrib(msg, &a)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); debug3("SSH_FXP_REALPATH %s -> %s size %lu", path, filename, - (unsigned long)a->size); + (unsigned long)a.size); xfree(longname); - buffer_free(&msg); + sshbuf_free(msg); return(filename); } @@ -763,28 +847,34 @@ do_realpath(struct sftp_conn *conn, char *path) int do_rename(struct sftp_conn *conn, char *oldpath, char *newpath) { - Buffer msg; + struct sshbuf *msg; u_int status, id; + int r; - buffer_init(&msg); + if ((msg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); /* Send rename request */ id = conn->msg_id++; if ((conn->exts & SFTP_EXT_POSIX_RENAME)) { - buffer_put_char(&msg, SSH2_FXP_EXTENDED); - buffer_put_int(&msg, id); - buffer_put_cstring(&msg, "posix-rename@openssh.com"); + if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 || + (r = sshbuf_put_u32(msg, id)) != 0 || + (r = sshbuf_put_cstring(msg, + "posix-rename@openssh.com")) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); } else { - buffer_put_char(&msg, SSH2_FXP_RENAME); - buffer_put_int(&msg, id); + if ((r = sshbuf_put_u8(msg, SSH2_FXP_RENAME)) != 0 || + (r = sshbuf_put_u32(msg, id)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); } - buffer_put_cstring(&msg, oldpath); - buffer_put_cstring(&msg, newpath); - send_msg(conn, &msg); + if ((r = sshbuf_put_cstring(msg, oldpath)) != 0 || + (r = sshbuf_put_cstring(msg, newpath)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + send_msg(conn, msg); debug3("Sent message %s \"%s\" -> \"%s\"", (conn->exts & SFTP_EXT_POSIX_RENAME) ? "posix-rename@openssh.com" : "SSH2_FXP_RENAME", oldpath, newpath); - buffer_free(&msg); + sshbuf_free(msg); status = get_status(conn, id); if (status != SSH2_FX_OK) @@ -797,27 +887,30 @@ do_rename(struct sftp_conn *conn, char *oldpath, char *newpath) int do_hardlink(struct sftp_conn *conn, char *oldpath, char *newpath) { - Buffer msg; + struct sshbuf *msg; u_int status, id; + int r; if ((conn->exts & SFTP_EXT_HARDLINK) == 0) { error("Server does not support hardlink@openssh.com extension"); return -1; } - buffer_init(&msg); + if ((msg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); /* Send link request */ id = conn->msg_id++; - buffer_put_char(&msg, SSH2_FXP_EXTENDED); - buffer_put_int(&msg, id); - buffer_put_cstring(&msg, "hardlink@openssh.com"); - buffer_put_cstring(&msg, oldpath); - buffer_put_cstring(&msg, newpath); - send_msg(conn, &msg); + if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 || + (r = sshbuf_put_u32(msg, id)) != 0 || + (r = sshbuf_put_cstring(msg, "hardlink@openssh.com")) != 0 || + (r = sshbuf_put_cstring(msg, oldpath)) != 0 || + (r = sshbuf_put_cstring(msg, newpath)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + send_msg(conn, msg); debug3("Sent message hardlink@openssh.com \"%s\" -> \"%s\"", oldpath, newpath); - buffer_free(&msg); + sshbuf_free(msg); status = get_status(conn, id); if (status != SSH2_FX_OK) @@ -830,26 +923,29 @@ do_hardlink(struct sftp_conn *conn, char *oldpath, char *newpath) int do_symlink(struct sftp_conn *conn, char *oldpath, char *newpath) { - Buffer msg; + struct sshbuf *msg; u_int status, id; + int r; if (conn->version < 3) { error("This server does not support the symlink operation"); return(SSH2_FX_OP_UNSUPPORTED); } - buffer_init(&msg); + if ((msg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); /* Send symlink request */ id = conn->msg_id++; - buffer_put_char(&msg, SSH2_FXP_SYMLINK); - buffer_put_int(&msg, id); - buffer_put_cstring(&msg, oldpath); - buffer_put_cstring(&msg, newpath); - send_msg(conn, &msg); + if ((r = sshbuf_put_u8(msg, SSH2_FXP_SYMLINK)) != 0 || + (r = sshbuf_put_u32(msg, id)) != 0 || + (r = sshbuf_put_cstring(msg, oldpath)) != 0 || + (r = sshbuf_put_cstring(msg, newpath)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + send_msg(conn, msg); debug3("Sent message SSH2_FXP_SYMLINK \"%s\" -> \"%s\"", oldpath, newpath); - buffer_free(&msg); + sshbuf_free(msg); status = get_status(conn, id); if (status != SSH2_FX_OK) @@ -863,48 +959,56 @@ do_symlink(struct sftp_conn *conn, char *oldpath, char *newpath) char * do_readlink(struct sftp_conn *conn, char *path) { - Buffer msg; - u_int type, expected_id, count, id; + struct sshbuf *msg; + u_int expected_id, count, id; char *filename, *longname; - Attrib *a; + Attrib a; + u_char type; + int r; expected_id = id = conn->msg_id++; send_string_request(conn, id, SSH2_FXP_READLINK, path, strlen(path)); - buffer_init(&msg); + if ((msg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); - get_msg(conn, &msg); - type = buffer_get_char(&msg); - id = buffer_get_int(&msg); + get_msg(conn, msg); + if ((r = sshbuf_get_u8(msg, &type)) != 0 || + (r = sshbuf_get_u32(msg, &id)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (id != expected_id) fatal("ID mismatch (%u != %u)", id, expected_id); if (type == SSH2_FXP_STATUS) { - u_int status = buffer_get_int(&msg); + u_int status; + if ((r = sshbuf_get_u32(msg, &status)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); error("Couldn't readlink: %s", fx2txt(status)); - buffer_free(&msg); + sshbuf_free(msg); return(NULL); } else if (type != SSH2_FXP_NAME) fatal("Expected SSH2_FXP_NAME(%u) packet, got %u", SSH2_FXP_NAME, type); - count = buffer_get_int(&msg); + if ((r = sshbuf_get_u32(msg, &count)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (count != 1) fatal("Got multiple names (%d) from SSH_FXP_READLINK", count); - filename = buffer_get_string(&msg, NULL); - longname = buffer_get_string(&msg, NULL); - a = decode_attrib(&msg); + if ((r = sshbuf_get_cstring(msg, &filename, NULL)) != 0 || + (r = sshbuf_get_cstring(msg, &longname, NULL)) != 0 || + (r = decode_attrib(msg, &a)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); debug3("SSH_FXP_READLINK %s -> %s", path, filename); xfree(longname); - buffer_free(&msg); + sshbuf_free(msg); - return(filename); + return filename; } #endif @@ -912,8 +1016,9 @@ int do_statvfs(struct sftp_conn *conn, const char *path, struct sftp_statvfs *st, int quiet) { - Buffer msg; + struct sshbuf *msg; u_int id; + int r; if ((conn->exts & SFTP_EXT_STATVFS) == 0) { error("Server does not support statvfs@openssh.com extension"); @@ -922,14 +1027,16 @@ do_statvfs(struct sftp_conn *conn, const char *path, struct sftp_statvfs *st, id = conn->msg_id++; - buffer_init(&msg); - buffer_clear(&msg); - buffer_put_char(&msg, SSH2_FXP_EXTENDED); - buffer_put_int(&msg, id); - buffer_put_cstring(&msg, "statvfs@openssh.com"); - buffer_put_cstring(&msg, path); - send_msg(conn, &msg); - buffer_free(&msg); + if ((msg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + sshbuf_reset(msg); + if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 || + (r = sshbuf_put_u32(msg, id)) != 0 || + (r = sshbuf_put_cstring(msg, "statvfs@openssh.com")) != 0 || + (r = sshbuf_put_cstring(msg, path)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + send_msg(conn, msg); + sshbuf_free(msg); return get_decode_statvfs(conn, st, id, quiet); } @@ -939,7 +1046,7 @@ int do_fstatvfs(struct sftp_conn *conn, const char *handle, u_int handle_len, struct sftp_statvfs *st, int quiet) { - Buffer msg; + struct sshbuf *msg; u_int id; if ((conn->exts & SFTP_EXT_FSTATVFS) == 0) { @@ -949,14 +1056,16 @@ do_fstatvfs(struct sftp_conn *conn, const char *handle, u_int handle_len, id = conn->msg_id++; - buffer_init(&msg); - buffer_clear(&msg); - buffer_put_char(&msg, SSH2_FXP_EXTENDED); - buffer_put_int(&msg, id); - buffer_put_cstring(&msg, "fstatvfs@openssh.com"); - buffer_put_string(&msg, handle, handle_len); - send_msg(conn, &msg); - buffer_free(&msg); + if ((msg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + sshbuf_reset(msg); + if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 || + (r = sshbuf_put_u32(msg, id)) != 0 || + (r = sshbuf_put_cstring(msg, "fstatvfs@openssh.com")) != 0 || + (r = sshbuf_put_string(msg, handle, handle_len)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + send_msg(conn, msg); + sshbuf_free(msg); return get_decode_statvfs(conn, st, id, quiet); } @@ -966,17 +1075,20 @@ static void send_read_request(struct sftp_conn *conn, u_int id, u_int64_t offset, u_int len, char *handle, u_int handle_len) { - Buffer msg; + struct sshbuf *msg; + int r; - buffer_init(&msg); - buffer_clear(&msg); - buffer_put_char(&msg, SSH2_FXP_READ); - buffer_put_int(&msg, id); - buffer_put_string(&msg, handle, handle_len); - buffer_put_int64(&msg, offset); - buffer_put_int(&msg, len); - send_msg(conn, &msg); - buffer_free(&msg); + if ((msg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + sshbuf_reset(msg); + if ((r = sshbuf_put_u8(msg, SSH2_FXP_READ)) != 0 || + (r = sshbuf_put_u32(msg, id)) != 0 || + (r = sshbuf_put_string(msg, handle, handle_len)) != 0 || + (r = sshbuf_put_u64(msg, offset)) != 0 || + (r = sshbuf_put_u32(msg, len)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + send_msg(conn, msg); + sshbuf_free(msg); } int @@ -984,21 +1096,23 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, Attrib *a, int pflag) { Attrib junk; - Buffer msg; + struct sshbuf *msg; char *handle; int local_fd, status = 0, write_error; - int read_error, write_errno; + int read_error, write_errno, r; u_int64_t offset, size; - u_int handle_len, mode, type, id, buflen, num_req, max_req; + u_int mode, id, buflen, num_req, max_req; off_t progress_counter; + size_t handle_len; struct request { u_int id; - u_int len; + size_t len; u_int64_t offset; TAILQ_ENTRY(request) tq; }; TAILQ_HEAD(reqhead, request) requests; struct request *req; + u_char type; TAILQ_INIT(&requests); @@ -1023,23 +1137,26 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, size = 0; buflen = conn->transfer_buflen; - buffer_init(&msg); + if ((msg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + + attrib_clear(&junk); /* Send empty attributes */ /* Send open request */ id = conn->msg_id++; - buffer_put_char(&msg, SSH2_FXP_OPEN); - buffer_put_int(&msg, id); - buffer_put_cstring(&msg, remote_path); - buffer_put_int(&msg, SSH2_FXF_READ); - attrib_clear(&junk); /* Send empty attributes */ - encode_attrib(&msg, &junk); - send_msg(conn, &msg); + if ((r = sshbuf_put_u8(msg, SSH2_FXP_OPEN)) != 0 || + (r = sshbuf_put_u32(msg, id)) != 0 || + (r = sshbuf_put_cstring(msg, remote_path)) != 0 || + (r = sshbuf_put_u32(msg, SSH2_FXF_READ)) != 0 || + (r = encode_attrib(msg, &junk)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + send_msg(conn, msg); debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, remote_path); handle = get_handle(conn, id, &handle_len, "remote open(\"%s\")", remote_path); if (handle == NULL) { - buffer_free(&msg); + sshbuf_free(msg); return(-1); } @@ -1049,7 +1166,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, error("Couldn't open local file \"%s\" for writing: %s", local_path, strerror(errno)); do_close(conn, handle, handle_len); - buffer_free(&msg); + sshbuf_free(msg); xfree(handle); return(-1); } @@ -1063,8 +1180,8 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, start_progress_meter(remote_path, size, &progress_counter); while (num_req > 0 || max_req > 0) { - char *data; - u_int len; + u_char *data; + size_t len; /* * Simulate EOF on interrupt: stop sending new requests and @@ -1093,10 +1210,11 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, req->len, handle, handle_len); } - buffer_clear(&msg); - get_msg(conn, &msg); - type = buffer_get_char(&msg); - id = buffer_get_int(&msg); + sshbuf_reset(msg); + get_msg(conn, msg); + if ((r = sshbuf_get_u8(msg, &type)) != 0 || + (r = sshbuf_get_u32(msg, &id)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); debug3("Received reply T:%u I:%u R:%d", type, id, max_req); /* Find the request in our queue */ @@ -1109,7 +1227,9 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, switch (type) { case SSH2_FXP_STATUS: - status = buffer_get_int(&msg); + if ((r = sshbuf_get_u32(msg, &status)) != 0) + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); if (status != SSH2_FX_EOF) read_error = 1; max_req = 0; @@ -1118,13 +1238,15 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, num_req--; break; case SSH2_FXP_DATA: - data = buffer_get_string(&msg, &len); + if ((r = sshbuf_get_string(msg, &data, &len)) != 0) + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); debug3("Received data %llu -> %llu", (unsigned long long)req->offset, (unsigned long long)req->offset + len - 1); if (len > req->len) fatal("Received more data than asked for " - "%u > %u", len, req->len); + "%zu > %zu", len, req->len); if ((lseek(local_fd, req->offset, SEEK_SET) == -1 || atomicio(vwrite, local_fd, data, len) != len) && !write_error) { @@ -1208,7 +1330,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, } } close(local_fd); - buffer_free(&msg); + sshbuf_free(msg); xfree(handle); return(status); @@ -1326,12 +1448,13 @@ int do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, int pflag) { - int local_fd; + int r, local_fd; int status = SSH2_FX_OK; - u_int handle_len, id, type; + u_int id; + u_char type; off_t offset; char *handle, *data; - Buffer msg; + struct sshbuf *msg; struct stat sb; Attrib a; u_int32_t startid; @@ -1344,6 +1467,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, }; TAILQ_HEAD(ackhead, outstanding_ack) acks; struct outstanding_ack *ack = NULL; + size_t handle_len; TAILQ_INIT(&acks); @@ -1371,25 +1495,28 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, if (!pflag) a.flags &= ~SSH2_FILEXFER_ATTR_ACMODTIME; - buffer_init(&msg); + if ((msg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); /* Send open request */ id = conn->msg_id++; - buffer_put_char(&msg, SSH2_FXP_OPEN); - buffer_put_int(&msg, id); - buffer_put_cstring(&msg, remote_path); - buffer_put_int(&msg, SSH2_FXF_WRITE|SSH2_FXF_CREAT|SSH2_FXF_TRUNC); - encode_attrib(&msg, &a); - send_msg(conn, &msg); + if ((r = sshbuf_put_u8(msg, SSH2_FXP_OPEN)) != 0 || + (r = sshbuf_put_u32(msg, id)) != 0 || + (r = sshbuf_put_cstring(msg, remote_path)) != 0 || + (r = sshbuf_put_u32(msg, + SSH2_FXF_WRITE|SSH2_FXF_CREAT|SSH2_FXF_TRUNC)) != 0 || + (r = encode_attrib(msg, &a)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + send_msg(conn, msg); debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, remote_path); - buffer_clear(&msg); + sshbuf_reset(msg); handle = get_handle(conn, id, &handle_len, "remote open(\"%s\")", remote_path); if (handle == NULL) { close(local_fd); - buffer_free(&msg); + sshbuf_free(msg); return -1; } @@ -1427,13 +1554,16 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, ack->len = len; TAILQ_INSERT_TAIL(&acks, ack, tq); - buffer_clear(&msg); - buffer_put_char(&msg, SSH2_FXP_WRITE); - buffer_put_int(&msg, ack->id); - buffer_put_string(&msg, handle, handle_len); - buffer_put_int64(&msg, offset); - buffer_put_string(&msg, data, len); - send_msg(conn, &msg); + sshbuf_reset(msg); + if ((r = sshbuf_put_u8(msg, SSH2_FXP_WRITE)) != 0 || + (r = sshbuf_put_u32(msg, ack->id)) != 0 || + (r = sshbuf_put_string(msg, handle, + handle_len)) != 0 || + (r = sshbuf_put_u64(msg, offset)) != 0 || + (r = sshbuf_put_string(msg, data, len)) != 0) + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); + send_msg(conn, msg); debug3("Sent message SSH2_FXP_WRITE I:%u O:%llu S:%u", id, (unsigned long long)offset, len); } else if (TAILQ_FIRST(&acks) == NULL) @@ -1444,27 +1574,31 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, if (id == startid || len == 0 || id - ackid >= conn->num_requests) { - u_int r_id; + u_int rid; - buffer_clear(&msg); - get_msg(conn, &msg); - type = buffer_get_char(&msg); - r_id = buffer_get_int(&msg); + sshbuf_reset(msg); + get_msg(conn, msg); + if ((r = sshbuf_get_u8(msg, &type)) != 0 || + (r = sshbuf_get_u32(msg, &rid)) != 0) + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); if (type != SSH2_FXP_STATUS) fatal("Expected SSH2_FXP_STATUS(%d) packet, " "got %d", SSH2_FXP_STATUS, type); - status = buffer_get_int(&msg); + if ((r = sshbuf_get_u32(msg, &status)) != 0) + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); debug3("SSH2_FXP_STATUS %d", status); /* Find the request in our queue */ for (ack = TAILQ_FIRST(&acks); - ack != NULL && ack->id != r_id; + ack != NULL && ack->id != rid; ack = TAILQ_NEXT(ack, tq)) ; if (ack == NULL) - fatal("Can't find request for ID %u", r_id); + fatal("Can't find request for ID %u", rid); TAILQ_REMOVE(&acks, ack, tq); debug3("In write loop, ack for %u %u bytes at %lld", ack->id, ack->len, (long long)ack->offset); @@ -1475,7 +1609,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, if (offset < 0) fatal("%s: offset < 0", __func__); } - buffer_free(&msg); + sshbuf_free(msg); if (showprogress) stop_progress_meter(); diff --git a/ssh/sftp-common.c b/ssh/sftp-common.c index e290399..5858259 100644 --- a/ssh/sftp-common.c +++ b/ssh/sftp-common.c @@ -37,7 +37,8 @@ #include #include "xmalloc.h" -#include "buffer.h" +#include "err.h" +#include "sshbuf.h" #include "log.h" #include "sftp.h" @@ -95,59 +96,81 @@ attrib_to_stat(const Attrib *a, struct stat *st) } /* Decode attributes in buffer */ -Attrib * -decode_attrib(Buffer *b) +int +decode_attrib(struct sshbuf *b, Attrib *a) { - static Attrib a; + int r; - attrib_clear(&a); - a.flags = buffer_get_int(b); - if (a.flags & SSH2_FILEXFER_ATTR_SIZE) - a.size = buffer_get_int64(b); - if (a.flags & SSH2_FILEXFER_ATTR_UIDGID) { - a.uid = buffer_get_int(b); - a.gid = buffer_get_int(b); + attrib_clear(a); + if ((r = sshbuf_get_u32(b, &a->flags)) != 0) + return r; + if (a->flags & SSH2_FILEXFER_ATTR_SIZE) { + if ((r = sshbuf_get_u64(b, &a->size)) != 0) + return r; } - if (a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) - a.perm = buffer_get_int(b); - if (a.flags & SSH2_FILEXFER_ATTR_ACMODTIME) { - a.atime = buffer_get_int(b); - a.mtime = buffer_get_int(b); + if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) { + if ((r = sshbuf_get_u32(b, &a->uid)) != 0 || + (r = sshbuf_get_u32(b, &a->gid)) != 0) + return r; + } + if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) { + if ((r = sshbuf_get_u32(b, &a->perm)) != 0) + return r; + } + if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) { + if ((r = sshbuf_get_u32(b, &a->atime)) != 0 || + (r = sshbuf_get_u32(b, &a->mtime)) != 0) + return r; } /* vendor-specific extensions */ - if (a.flags & SSH2_FILEXFER_ATTR_EXTENDED) { - char *type, *data; - int i, count; + if (a->flags & SSH2_FILEXFER_ATTR_EXTENDED) { + char *type; + u_char *data; + size_t dlen; + u_int i, count; - count = buffer_get_int(b); + if ((r = sshbuf_get_u32(b, &count)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); for (i = 0; i < count; i++) { - type = buffer_get_string(b, NULL); - data = buffer_get_string(b, NULL); - debug3("Got file attribute \"%s\"", type); - xfree(type); - xfree(data); + if ((r = sshbuf_get_cstring(b, &type, NULL)) != 0 || + (r = sshbuf_get_string(b, &data, &dlen)) != 0) + return r; + debug3("Got file attribute \"%.100s\" len %zu", + type, dlen); + free(type); + free(data); } } - return &a; + return 0; } /* Encode attributes to buffer */ -void -encode_attrib(Buffer *b, const Attrib *a) +int +encode_attrib(struct sshbuf *b, const Attrib *a) { - buffer_put_int(b, a->flags); - if (a->flags & SSH2_FILEXFER_ATTR_SIZE) - buffer_put_int64(b, a->size); + int r; + + if ((r = sshbuf_put_u32(b, a->flags)) != 0) + return r; + if (a->flags & SSH2_FILEXFER_ATTR_SIZE) { + if ((r = sshbuf_put_u64(b, a->size)) != 0) + return r; + } if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) { - buffer_put_int(b, a->uid); - buffer_put_int(b, a->gid); + if ((r = sshbuf_put_u32(b, a->uid)) != 0 || + (r = sshbuf_put_u32(b, a->gid)) != 0) + return r; + } + if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) { + if ((r = sshbuf_put_u32(b, a->perm)) != 0) + return r; } - if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) - buffer_put_int(b, a->perm); if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) { - buffer_put_int(b, a->atime); - buffer_put_int(b, a->mtime); + if ((r = sshbuf_put_u32(b, a->atime)) != 0 || + (r = sshbuf_put_u32(b, a->mtime)) != 0) + return r; } + return 0; } /* Convert from SSH2_FX_ status to text error message */ diff --git a/ssh/sftp-common.h b/ssh/sftp-common.h index 9ed86c0..047d5d7 100644 --- a/ssh/sftp-common.h +++ b/ssh/sftp-common.h @@ -28,6 +28,7 @@ /* Maximum packet that we are willing to send/accept */ #define SFTP_MAX_MSG_LENGTH (256 * 1024) +struct sshbuf; typedef struct Attrib Attrib; /* File attributes */ @@ -44,8 +45,8 @@ struct Attrib { void attrib_clear(Attrib *); void stat_to_attrib(const struct stat *, Attrib *); void attrib_to_stat(const Attrib *, struct stat *); -Attrib *decode_attrib(Buffer *); -void encode_attrib(Buffer *, const Attrib *); +int decode_attrib(struct sshbuf *, Attrib *); +int encode_attrib(struct sshbuf *, const Attrib *); char *ls_file(const char *, const struct stat *, int, int); const char *fx2txt(int); diff --git a/ssh/sftp-glob.c b/ssh/sftp-glob.c index 552bf91..3a172d6 100644 --- a/ssh/sftp-glob.c +++ b/ssh/sftp-glob.c @@ -24,7 +24,6 @@ #include "xmalloc.h" #include "sftp.h" -#include "buffer.h" #include "sftp-common.h" #include "sftp-client.h" diff --git a/ssh/sftp-server.c b/ssh/sftp-server.c index bff7120..9272428 100644 --- a/ssh/sftp-server.c +++ b/ssh/sftp-server.c @@ -34,7 +34,8 @@ #include #include "xmalloc.h" -#include "buffer.h" +#include "sshbuf.h" +#include "err.h" #include "log.h" #include "misc.h" #include "uidswap.h" @@ -42,11 +43,6 @@ #include "sftp.h" #include "sftp-common.h" -/* helper */ -#define get_int64() buffer_get_int64(&iqueue); -#define get_int() buffer_get_int(&iqueue); -#define get_string(lenp) buffer_get_string(&iqueue, lenp); - /* Our verbosity */ LogLevel log_level = SYSLOG_LEVEL_ERROR; @@ -55,8 +51,8 @@ struct passwd *pw = NULL; char *client_addr = NULL; /* input and output queue */ -Buffer iqueue; -Buffer oqueue; +struct sshbuf *iqueue; +struct sshbuf *oqueue; /* Version of client */ u_int version; @@ -157,12 +153,6 @@ string_from_portable(int pflags) return ret; } -static Attrib * -get_attrib(void) -{ - return decode_attrib(&iqueue); -} - /* handle handles */ typedef struct Handle Handle; @@ -349,29 +339,31 @@ handle_log_exit(void) } static int -get_handle(void) +get_handle(struct sshbuf *queue, int *hp) { - char *handle; - int val = -1; - u_int hlen; + u_char *handle; + int r; + size_t hlen; - handle = get_string(&hlen); + *hp = -1; + if ((r = sshbuf_get_string(queue, &handle, &hlen)) != 0) + return r; if (hlen < 256) - val = handle_from_string(handle, hlen); + *hp = handle_from_string(handle, hlen); xfree(handle); - return val; + return 0; } /* send replies */ static void -send_msg(Buffer *m) +send_msg(struct sshbuf *m) { - int mlen = buffer_len(m); + int r; - buffer_put_int(&oqueue, mlen); - buffer_append(&oqueue, buffer_ptr(m), mlen); - buffer_consume(m, mlen); + if ((r = sshbuf_put_stringb(oqueue, m)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + sshbuf_reset(m); } static const char * @@ -395,34 +387,42 @@ status_to_message(u_int32_t status) static void send_status(u_int32_t id, u_int32_t status) { - Buffer msg; + struct sshbuf *msg; + int r; debug3("request %u: sent status %u", id, status); if (log_level > SYSLOG_LEVEL_VERBOSE || (status != SSH2_FX_OK && status != SSH2_FX_EOF)) logit("sent status %s", status_to_message(status)); - buffer_init(&msg); - buffer_put_char(&msg, SSH2_FXP_STATUS); - buffer_put_int(&msg, id); - buffer_put_int(&msg, status); + if ((msg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_u8(msg, SSH2_FXP_STATUS)) != 0 || + (r = sshbuf_put_u32(msg, id)) != 0 || + (r = sshbuf_put_u32(msg, status)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (version >= 3) { - buffer_put_cstring(&msg, status_to_message(status)); - buffer_put_cstring(&msg, ""); + if ((r = sshbuf_put_cstring(msg, + status_to_message(status))) != 0 || + (r = sshbuf_put_cstring(msg, "")) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); } - send_msg(&msg); - buffer_free(&msg); + send_msg(msg); + sshbuf_free(msg); } static void send_data_or_handle(char type, u_int32_t id, const char *data, int dlen) { - Buffer msg; + struct sshbuf *msg; + int r; - buffer_init(&msg); - buffer_put_char(&msg, type); - buffer_put_int(&msg, id); - buffer_put_string(&msg, data, dlen); - send_msg(&msg); - buffer_free(&msg); + if ((msg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_u8(msg, type)) != 0 || + (r = sshbuf_put_u32(msg, id)) != 0 || + (r = sshbuf_put_string(msg, data, dlen)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + send_msg(msg); + sshbuf_free(msg); } static void @@ -447,62 +447,71 @@ send_handle(u_int32_t id, int handle) static void send_names(u_int32_t id, int count, const Stat *stats) { - Buffer msg; - int i; + struct sshbuf *msg; + int i, r; - buffer_init(&msg); - buffer_put_char(&msg, SSH2_FXP_NAME); - buffer_put_int(&msg, id); - buffer_put_int(&msg, count); + if ((msg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_u8(msg, SSH2_FXP_NAME)) != 0 || + (r = sshbuf_put_u32(msg, id)) != 0 || + (r = sshbuf_put_u32(msg, count)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); debug("request %u: sent names count %d", id, count); for (i = 0; i < count; i++) { - buffer_put_cstring(&msg, stats[i].name); - buffer_put_cstring(&msg, stats[i].long_name); - encode_attrib(&msg, &stats[i].attrib); + if ((r = sshbuf_put_cstring(msg, stats[i].name)) != 0 || + (r = sshbuf_put_cstring(msg, stats[i].long_name)) != 0 || + (r = encode_attrib(msg, &stats[i].attrib)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); } - send_msg(&msg); - buffer_free(&msg); + send_msg(msg); + sshbuf_free(msg); } static void send_attrib(u_int32_t id, const Attrib *a) { - Buffer msg; + struct sshbuf *msg; + int r; debug("request %u: sent attrib have 0x%x", id, a->flags); - buffer_init(&msg); - buffer_put_char(&msg, SSH2_FXP_ATTRS); - buffer_put_int(&msg, id); - encode_attrib(&msg, a); - send_msg(&msg); - buffer_free(&msg); + if ((msg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_u8(msg, SSH2_FXP_ATTRS)) != 0 || + (r = sshbuf_put_u32(msg, id)) != 0 || + (r = encode_attrib(msg, a)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + send_msg(msg); + sshbuf_free(msg); } static void send_statvfs(u_int32_t id, struct statvfs *st) { - Buffer msg; + struct sshbuf *msg; u_int64_t flag; + int r; flag = (st->f_flag & ST_RDONLY) ? SSH2_FXE_STATVFS_ST_RDONLY : 0; flag |= (st->f_flag & ST_NOSUID) ? SSH2_FXE_STATVFS_ST_NOSUID : 0; - buffer_init(&msg); - buffer_put_char(&msg, SSH2_FXP_EXTENDED_REPLY); - buffer_put_int(&msg, id); - buffer_put_int64(&msg, st->f_bsize); - buffer_put_int64(&msg, st->f_frsize); - buffer_put_int64(&msg, st->f_blocks); - buffer_put_int64(&msg, st->f_bfree); - buffer_put_int64(&msg, st->f_bavail); - buffer_put_int64(&msg, st->f_files); - buffer_put_int64(&msg, st->f_ffree); - buffer_put_int64(&msg, st->f_favail); - buffer_put_int64(&msg, st->f_fsid); - buffer_put_int64(&msg, flag); - buffer_put_int64(&msg, st->f_namemax); - send_msg(&msg); - buffer_free(&msg); + if ((msg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED_REPLY)) != 0 || + (r = sshbuf_put_u32(msg, id)) != 0 || + (r = sshbuf_put_u64(msg, st->f_bsize)) != 0 || + (r = sshbuf_put_u64(msg, st->f_frsize)) != 0 || + (r = sshbuf_put_u64(msg, st->f_blocks)) != 0 || + (r = sshbuf_put_u64(msg, st->f_bfree)) != 0 || + (r = sshbuf_put_u64(msg, st->f_bavail)) != 0 || + (r = sshbuf_put_u64(msg, st->f_files)) != 0 || + (r = sshbuf_put_u64(msg, st->f_ffree)) != 0 || + (r = sshbuf_put_u64(msg, st->f_favail)) != 0 || + (r = sshbuf_put_u64(msg, st->f_fsid)) != 0 || + (r = sshbuf_put_u64(msg, flag)) != 0 || + (r = sshbuf_put_u64(msg, st->f_namemax)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + send_msg(msg); + sshbuf_free(msg); } /* parse incoming */ @@ -510,44 +519,50 @@ send_statvfs(u_int32_t id, struct statvfs *st) static void process_init(void) { - Buffer msg; + struct sshbuf *msg; + int r; - version = get_int(); + if ((r = sshbuf_get_u32(iqueue, &version)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); verbose("received client version %u", version); - buffer_init(&msg); - buffer_put_char(&msg, SSH2_FXP_VERSION); - buffer_put_int(&msg, SSH2_FILEXFER_VERSION); - /* POSIX rename extension */ - buffer_put_cstring(&msg, "posix-rename@openssh.com"); - buffer_put_cstring(&msg, "1"); /* version */ - /* statvfs extension */ - buffer_put_cstring(&msg, "statvfs@openssh.com"); - buffer_put_cstring(&msg, "2"); /* version */ - /* fstatvfs extension */ - buffer_put_cstring(&msg, "fstatvfs@openssh.com"); - buffer_put_cstring(&msg, "2"); /* version */ - /* hardlink extension */ - buffer_put_cstring(&msg, "hardlink@openssh.com"); - buffer_put_cstring(&msg, "1"); /* version */ - send_msg(&msg); - buffer_free(&msg); + if ((msg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_u8(msg, SSH2_FXP_VERSION)) != 0 || + (r = sshbuf_put_u32(msg, SSH2_FILEXFER_VERSION)) != 0 || + /* POSIX rename extension */ + (r = sshbuf_put_cstring(msg, "posix-rename@openssh.com")) != 0 || + (r = sshbuf_put_cstring(msg, "1")) != 0 || /* version */ + /* statvfs extension */ + (r = sshbuf_put_cstring(msg, "statvfs@openssh.com")) != 0 || + (r = sshbuf_put_cstring(msg, "2")) != 0 || /* version */ + /* fstatvfs extension */ + (r = sshbuf_put_cstring(msg, "fstatvfs@openssh.com")) != 0 || + (r = sshbuf_put_cstring(msg, "2")) != 0 || /* version */ + /* hardlink extension */ + (r = sshbuf_put_cstring(msg, "hardlink@openssh.com")) != 0 || + (r = sshbuf_put_cstring(msg, "1")) != 0) /* version */ + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + send_msg(msg); + sshbuf_free(msg); } static void process_open(void) { u_int32_t id, pflags; - Attrib *a; + Attrib a; char *name; - int handle, fd, flags, mode, status = SSH2_FX_FAILURE; + int r, handle, fd, flags, mode, status = SSH2_FX_FAILURE; + + if ((r = sshbuf_get_u32(iqueue, &id)) != 0 || + (r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 || + (r = sshbuf_get_u32(iqueue, &pflags)) != 0 || /* portable flags */ + (r = decode_attrib(iqueue, &a)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - id = get_int(); - name = get_string(NULL); - pflags = get_int(); /* portable flags */ debug3("request %u: open flags %d", id, pflags); - a = get_attrib(); flags = flags_from_portable(pflags); - mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm : 0666; + mode = (a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a.perm : 0666; logit("open \"%s\" flags %s mode 0%o", name, string_from_portable(pflags), mode); if (readonly && @@ -576,10 +591,12 @@ static void process_close(void) { u_int32_t id; - int handle, ret, status = SSH2_FX_FAILURE; + int r, handle, ret, status = SSH2_FX_FAILURE; + + if ((r = sshbuf_get_u32(iqueue, &id)) != 0 || + (r = get_handle(iqueue, &handle)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - id = get_int(); - handle = get_handle(); debug3("request %u: close handle %u", id, handle); handle_log_close(handle, NULL); ret = handle_close(handle); @@ -592,13 +609,14 @@ process_read(void) { char buf[64*1024]; u_int32_t id, len; - int handle, fd, ret, status = SSH2_FX_FAILURE; + int r, handle, fd, ret, status = SSH2_FX_FAILURE; u_int64_t off; - id = get_int(); - handle = get_handle(); - off = get_int64(); - len = get_int(); + if ((r = sshbuf_get_u32(iqueue, &id)) != 0 || + (r = get_handle(iqueue, &handle)) != 0 || + (r = sshbuf_get_u64(iqueue, &off)) != 0 || + (r = sshbuf_get_u32(iqueue, &len)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); debug("request %u: read \"%s\" (handle %d) off %llu len %d", id, handle_to_name(handle), handle, (unsigned long long)off, len); @@ -633,16 +651,17 @@ process_write(void) { u_int32_t id; u_int64_t off; - u_int len; - int handle, fd, ret, status; - char *data; + size_t len; + int r, handle, fd, ret, status; + u_char *data; - id = get_int(); - handle = get_handle(); - off = get_int64(); - data = get_string(&len); + if ((r = sshbuf_get_u32(iqueue, &id)) != 0 || + (r = get_handle(iqueue, &handle)) != 0 || + (r = sshbuf_get_u64(iqueue, &off)) != 0 || + (r = sshbuf_get_string(iqueue, &data, &len)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - debug("request %u: write \"%s\" (handle %d) off %llu len %d", + debug("request %u: write \"%s\" (handle %d) off %llu len %zu", id, handle_to_name(handle), handle, (unsigned long long)off, len); fd = handle_to_fd(handle); @@ -680,14 +699,16 @@ process_do_stat(int do_lstat) struct stat st; u_int32_t id; char *name; - int ret, status = SSH2_FX_FAILURE; + int r, status = SSH2_FX_FAILURE; + + if ((r = sshbuf_get_u32(iqueue, &id)) != 0 || + (r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - id = get_int(); - name = get_string(NULL); debug3("request %u: %sstat", id, do_lstat ? "l" : ""); verbose("%sstat name \"%s\"", do_lstat ? "l" : "", name); - ret = do_lstat ? lstat(name, &st) : stat(name, &st); - if (ret < 0) { + r = do_lstat ? lstat(name, &st) : stat(name, &st); + if (r < 0) { status = errno_to_portable(errno); } else { stat_to_attrib(&st, &a); @@ -717,16 +738,18 @@ process_fstat(void) Attrib a; struct stat st; u_int32_t id; - int fd, ret, handle, status = SSH2_FX_FAILURE; + int fd, r, handle, status = SSH2_FX_FAILURE; + + if ((r = sshbuf_get_u32(iqueue, &id)) != 0 || + (r = get_handle(iqueue, &handle)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - id = get_int(); - handle = get_handle(); debug("request %u: fstat \"%s\" (handle %u)", id, handle_to_name(handle), handle); fd = handle_to_fd(handle); if (fd >= 0) { - ret = fstat(fd, &st); - if (ret < 0) { + r = fstat(fd, &st); + if (r < 0) { status = errno_to_portable(errno); } else { stat_to_attrib(&st, &a); @@ -753,48 +776,50 @@ attrib_to_tv(const Attrib *a) static void process_setstat(void) { - Attrib *a; + Attrib a; u_int32_t id; char *name; - int status = SSH2_FX_OK, ret; + int r, status = SSH2_FX_OK; + + if ((r = sshbuf_get_u32(iqueue, &id)) != 0 || + (r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 || + (r = decode_attrib(iqueue, &a)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - id = get_int(); - name = get_string(NULL); - a = get_attrib(); debug("request %u: setstat name \"%s\"", id, name); if (readonly) { status = SSH2_FX_PERMISSION_DENIED; - a->flags = 0; + a.flags = 0; } - if (a->flags & SSH2_FILEXFER_ATTR_SIZE) { + if (a.flags & SSH2_FILEXFER_ATTR_SIZE) { logit("set \"%s\" size %llu", - name, (unsigned long long)a->size); - ret = truncate(name, a->size); - if (ret == -1) + name, (unsigned long long)a.size); + r = truncate(name, a.size); + if (r == -1) status = errno_to_portable(errno); } - if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) { - logit("set \"%s\" mode %04o", name, a->perm); - ret = chmod(name, a->perm & 07777); - if (ret == -1) + if (a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) { + logit("set \"%s\" mode %04o", name, a.perm); + r = chmod(name, a.perm & 07777); + if (r == -1) status = errno_to_portable(errno); } - if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) { + if (a.flags & SSH2_FILEXFER_ATTR_ACMODTIME) { char buf[64]; - time_t t = a->mtime; + time_t t = a.mtime; strftime(buf, sizeof(buf), "%Y%m%d-%H:%M:%S", localtime(&t)); logit("set \"%s\" modtime %s", name, buf); - ret = utimes(name, attrib_to_tv(a)); - if (ret == -1) + r = utimes(name, attrib_to_tv(&a)); + if (r == -1) status = errno_to_portable(errno); } - if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) { + if (a.flags & SSH2_FILEXFER_ATTR_UIDGID) { logit("set \"%s\" owner %lu group %lu", name, - (u_long)a->uid, (u_long)a->gid); - ret = chown(name, a->uid, a->gid); - if (ret == -1) + (u_long)a.uid, (u_long)a.gid); + r = chown(name, a.uid, a.gid); + if (r == -1) status = errno_to_portable(errno); } send_status(id, status); @@ -804,14 +829,16 @@ process_setstat(void) static void process_fsetstat(void) { - Attrib *a; + Attrib a; u_int32_t id; - int handle, fd, ret; + int handle, fd, r; int status = SSH2_FX_OK; - id = get_int(); - handle = get_handle(); - a = get_attrib(); + if ((r = sshbuf_get_u32(iqueue, &id)) != 0 || + (r = get_handle(iqueue, &handle)) != 0 || + (r = decode_attrib(iqueue, &a)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + debug("request %u: fsetstat handle %d", id, handle); fd = handle_to_fd(handle); if (fd < 0) @@ -821,35 +848,35 @@ process_fsetstat(void) else { char *name = handle_to_name(handle); - if (a->flags & SSH2_FILEXFER_ATTR_SIZE) { + if (a.flags & SSH2_FILEXFER_ATTR_SIZE) { logit("set \"%s\" size %llu", - name, (unsigned long long)a->size); - ret = ftruncate(fd, a->size); - if (ret == -1) + name, (unsigned long long)a.size); + r = ftruncate(fd, a.size); + if (r == -1) status = errno_to_portable(errno); } - if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) { - logit("set \"%s\" mode %04o", name, a->perm); - ret = fchmod(fd, a->perm & 07777); - if (ret == -1) + if (a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) { + logit("set \"%s\" mode %04o", name, a.perm); + r = fchmod(fd, a.perm & 07777); + if (r == -1) status = errno_to_portable(errno); } - if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) { + if (a.flags & SSH2_FILEXFER_ATTR_ACMODTIME) { char buf[64]; - time_t t = a->mtime; + time_t t = a.mtime; strftime(buf, sizeof(buf), "%Y%m%d-%H:%M:%S", localtime(&t)); logit("set \"%s\" modtime %s", name, buf); - ret = futimes(fd, attrib_to_tv(a)); - if (ret == -1) + r = futimes(fd, attrib_to_tv(&a)); + if (r == -1) status = errno_to_portable(errno); } - if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) { + if (a.flags & SSH2_FILEXFER_ATTR_UIDGID) { logit("set \"%s\" owner %lu group %lu", name, - (u_long)a->uid, (u_long)a->gid); - ret = fchown(fd, a->uid, a->gid); - if (ret == -1) + (u_long)a.uid, (u_long)a.gid); + r = fchown(fd, a.uid, a.gid); + if (r == -1) status = errno_to_portable(errno); } } @@ -861,11 +888,13 @@ process_opendir(void) { DIR *dirp = NULL; char *path; - int handle, status = SSH2_FX_FAILURE; + int r, handle, status = SSH2_FX_FAILURE; u_int32_t id; - id = get_int(); - path = get_string(NULL); + if ((r = sshbuf_get_u32(iqueue, &id)) != 0 || + (r = sshbuf_get_cstring(iqueue, &path, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + debug3("request %u: opendir", id); logit("opendir \"%s\"", path); dirp = opendir(path); @@ -892,11 +921,13 @@ process_readdir(void) DIR *dirp; struct dirent *dp; char *path; - int handle; + int r, handle; u_int32_t id; - id = get_int(); - handle = get_handle(); + if ((r = sshbuf_get_u32(iqueue, &id)) != 0 || + (r = get_handle(iqueue, &handle)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + debug("request %u: readdir \"%s\" (handle %d)", id, handle_to_name(handle), handle); dirp = handle_to_dir(handle); @@ -947,18 +978,19 @@ process_remove(void) { char *name; u_int32_t id; - int status = SSH2_FX_FAILURE; - int ret; + int r, status = SSH2_FX_FAILURE; + + if ((r = sshbuf_get_u32(iqueue, &id)) != 0 || + (r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - id = get_int(); - name = get_string(NULL); debug3("request %u: remove", id); logit("remove name \"%s\"", name); if (readonly) status = SSH2_FX_PERMISSION_DENIED; else { - ret = unlink(name); - status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; + r = unlink(name); + status = (r == -1) ? errno_to_portable(errno) : SSH2_FX_OK; } send_status(id, status); xfree(name); @@ -967,23 +999,25 @@ process_remove(void) static void process_mkdir(void) { - Attrib *a; + Attrib a; u_int32_t id; char *name; - int ret, mode, status = SSH2_FX_FAILURE; + int r, mode, status = SSH2_FX_FAILURE; - id = get_int(); - name = get_string(NULL); - a = get_attrib(); - mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? - a->perm & 07777 : 0777; + if ((r = sshbuf_get_u32(iqueue, &id)) != 0 || + (r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 || + (r = decode_attrib(iqueue, &a)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + + mode = (a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? + a.perm & 07777 : 0777; debug3("request %u: mkdir", id); logit("mkdir name \"%s\" mode 0%o", name, mode); if (readonly) status = SSH2_FX_PERMISSION_DENIED; else { - ret = mkdir(name, mode); - status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; + r = mkdir(name, mode); + status = (r == -1) ? errno_to_portable(errno) : SSH2_FX_OK; } send_status(id, status); xfree(name); @@ -994,17 +1028,19 @@ process_rmdir(void) { u_int32_t id; char *name; - int ret, status; + int r, status; + + if ((r = sshbuf_get_u32(iqueue, &id)) != 0 || + (r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - id = get_int(); - name = get_string(NULL); debug3("request %u: rmdir", id); logit("rmdir name \"%s\"", name); if (readonly) status = SSH2_FX_PERMISSION_DENIED; else { - ret = rmdir(name); - status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; + r = rmdir(name); + status = (r == -1) ? errno_to_portable(errno) : SSH2_FX_OK; } send_status(id, status); xfree(name); @@ -1016,9 +1052,12 @@ process_realpath(void) char resolvedname[MAXPATHLEN]; u_int32_t id; char *path; + int r; + + if ((r = sshbuf_get_u32(iqueue, &id)) != 0 || + (r = sshbuf_get_cstring(iqueue, &path, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - id = get_int(); - path = get_string(NULL); if (path[0] == '\0') { xfree(path); path = xstrdup("."); @@ -1041,12 +1080,14 @@ process_rename(void) { u_int32_t id; char *oldpath, *newpath; - int status; + int r, status; struct stat sb; - id = get_int(); - oldpath = get_string(NULL); - newpath = get_string(NULL); + if ((r = sshbuf_get_u32(iqueue, &id)) != 0 || + (r = sshbuf_get_cstring(iqueue, &oldpath, NULL)) != 0 || + (r = sshbuf_get_cstring(iqueue, &newpath, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + debug3("request %u: rename", id); logit("rename old \"%s\" new \"%s\"", oldpath, newpath); status = SSH2_FX_FAILURE; @@ -1095,12 +1136,14 @@ static void process_readlink(void) { u_int32_t id; - int len; + int r, len; char buf[MAXPATHLEN]; char *path; - id = get_int(); - path = get_string(NULL); + if ((r = sshbuf_get_u32(iqueue, &id)) != 0 || + (r = sshbuf_get_cstring(iqueue, &path, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + debug3("request %u: readlink", id); verbose("readlink \"%s\"", path); if ((len = readlink(path, buf, sizeof(buf) - 1)) == -1) @@ -1121,19 +1164,21 @@ process_symlink(void) { u_int32_t id; char *oldpath, *newpath; - int ret, status; + int r, status; + + if ((r = sshbuf_get_u32(iqueue, &id)) != 0 || + (r = sshbuf_get_cstring(iqueue, &oldpath, NULL)) != 0 || + (r = sshbuf_get_cstring(iqueue, &newpath, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - id = get_int(); - oldpath = get_string(NULL); - newpath = get_string(NULL); debug3("request %u: symlink", id); logit("symlink old \"%s\" new \"%s\"", oldpath, newpath); /* this will fail if 'newpath' exists */ if (readonly) status = SSH2_FX_PERMISSION_DENIED; else { - ret = symlink(oldpath, newpath); - status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; + r = symlink(oldpath, newpath); + status = (r == -1) ? errno_to_portable(errno) : SSH2_FX_OK; } send_status(id, status); xfree(oldpath); @@ -1144,17 +1189,19 @@ static void process_extended_posix_rename(u_int32_t id) { char *oldpath, *newpath; - int ret, status; + int r, status; + + if ((r = sshbuf_get_cstring(iqueue, &oldpath, NULL)) != 0 || + (r = sshbuf_get_cstring(iqueue, &newpath, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - oldpath = get_string(NULL); - newpath = get_string(NULL); debug3("request %u: posix-rename", id); logit("posix-rename old \"%s\" new \"%s\"", oldpath, newpath); if (readonly) status = SSH2_FX_PERMISSION_DENIED; else { - ret = rename(oldpath, newpath); - status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; + r = rename(oldpath, newpath); + status = (r == -1) ? errno_to_portable(errno) : SSH2_FX_OK; } send_status(id, status); xfree(oldpath); @@ -1166,8 +1213,10 @@ process_extended_statvfs(u_int32_t id) { char *path; struct statvfs st; + int r; - path = get_string(NULL); + if ((r = sshbuf_get_cstring(iqueue, &path, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); debug3("request %u: statfs", id); logit("statfs \"%s\"", path); @@ -1181,10 +1230,11 @@ process_extended_statvfs(u_int32_t id) static void process_extended_fstatvfs(u_int32_t id) { - int handle, fd; + int r, handle, fd; struct statvfs st; - handle = get_handle(); + if ((r = get_handle(iqueue, &handle)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); debug("request %u: fstatvfs \"%s\" (handle %u)", id, handle_to_name(handle), handle); if ((fd = handle_to_fd(handle)) < 0) { @@ -1201,17 +1251,19 @@ static void process_extended_hardlink(u_int32_t id) { char *oldpath, *newpath; - int ret, status; + int r, status; + + if ((r = sshbuf_get_cstring(iqueue, &oldpath, NULL)) != 0 || + (r = sshbuf_get_cstring(iqueue, &newpath, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - oldpath = get_string(NULL); - newpath = get_string(NULL); debug3("request %u: hardlink", id); logit("hardlink old \"%s\" new \"%s\"", oldpath, newpath); if (readonly) status = SSH2_FX_PERMISSION_DENIED; else { - ret = link(oldpath, newpath); - status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; + r = link(oldpath, newpath); + status = (r == -1) ? errno_to_portable(errno) : SSH2_FX_OK; } send_status(id, status); xfree(oldpath); @@ -1223,9 +1275,12 @@ process_extended(void) { u_int32_t id; char *request; + int r; + + if ((r = sshbuf_get_u32(iqueue, &id)) != 0 || + (r = sshbuf_get_cstring(iqueue, &request, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - id = get_int(); - request = get_string(NULL); if (strcmp(request, "posix-rename@openssh.com") == 0) process_extended_posix_rename(id); else if (strcmp(request, "statvfs@openssh.com") == 0) @@ -1247,13 +1302,13 @@ process(void) u_int msg_len; u_int buf_len; u_int consumed; - u_int type; - u_char *cp; + u_char type, *cp; + int r; - buf_len = buffer_len(&iqueue); + buf_len = sshbuf_len(iqueue); if (buf_len < 5) return; /* Incomplete message. */ - cp = buffer_ptr(&iqueue); + cp = sshbuf_ptr(iqueue); msg_len = get_u32(cp); if (msg_len > SFTP_MAX_MSG_LENGTH) { error("bad message from %s local user %s", @@ -1262,9 +1317,11 @@ process(void) } if (buf_len < msg_len + 4) return; - buffer_consume(&iqueue, 4); + if ((r = sshbuf_consume(iqueue, 4)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); buf_len -= 4; - type = buffer_get_char(&iqueue); + if ((r = sshbuf_get_u8(iqueue, &type)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); switch (type) { case SSH2_FXP_INIT: process_init(); @@ -1331,17 +1388,18 @@ process(void) break; } /* discard the remaining bytes from the current packet */ - if (buf_len < buffer_len(&iqueue)) { + if (buf_len < sshbuf_len(iqueue)) { error("iqueue grew unexpectedly"); sftp_server_cleanup_exit(255); } - consumed = buf_len - buffer_len(&iqueue); + consumed = buf_len - sshbuf_len(iqueue); if (msg_len < consumed) { error("msg_len %d < consumed %d", msg_len, consumed); sftp_server_cleanup_exit(255); } - if (msg_len > consumed) - buffer_consume(&iqueue, msg_len - consumed); + if (msg_len > consumed && + (r = sshbuf_consume(iqueue, msg_len - consumed)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); } /* Cleanup handler that logs active handles upon normal exit */ @@ -1371,7 +1429,7 @@ int sftp_server_main(int argc, char **argv, struct passwd *user_pw) { fd_set *rset, *wset; - int in, out, max, ch, skipargs = 0, log_stderr = 0; + int r, in, out, max, ch, skipargs = 0, log_stderr = 0; ssize_t len, olen, set_size; SyslogFacility log_facility = SYSLOG_FACILITY_AUTH; char *cp, buf[4*4096]; @@ -1448,8 +1506,10 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) if (out > max) max = out; - buffer_init(&iqueue); - buffer_init(&oqueue); + if ((iqueue = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((oqueue = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); set_size = howmany(max + 1, NFDBITS) * sizeof(fd_mask); rset = (fd_set *)xmalloc(set_size); @@ -1464,11 +1524,15 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) * the worst-case length packet it can generate, * otherwise apply backpressure by stopping reads. */ - if (buffer_check_alloc(&iqueue, sizeof(buf)) && - buffer_check_alloc(&oqueue, SFTP_MAX_MSG_LENGTH)) + if ((r = sshbuf_check_reserve(iqueue, sizeof(buf))) == 0 && + (r = sshbuf_check_reserve(oqueue, + SFTP_MAX_MSG_LENGTH)) == 0) FD_SET(in, rset); + else if (r != SSH_ERR_NO_BUFFER_SPACE) + fatal("%s: sshbuf_check_reserve failed: %s", + __func__, ssh_err(r)); - olen = buffer_len(&oqueue); + olen = sshbuf_len(oqueue); if (olen > 0) FD_SET(out, wset); @@ -1488,18 +1552,20 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) } else if (len < 0) { error("read: %s", strerror(errno)); sftp_server_cleanup_exit(1); - } else { - buffer_append(&iqueue, buf, len); + } else if ((r = sshbuf_put(iqueue, buf, len)) != 0) { + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); } } /* send oqueue to stdout */ if (FD_ISSET(out, wset)) { - len = write(out, buffer_ptr(&oqueue), olen); + len = write(out, sshbuf_ptr(oqueue), olen); if (len < 0) { error("write: %s", strerror(errno)); sftp_server_cleanup_exit(1); - } else { - buffer_consume(&oqueue, len); + } else if ((r = sshbuf_consume(oqueue, len)) != 0) { + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); } } @@ -1508,7 +1574,11 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) * into the output buffer, otherwise stop processing input * and let the output queue drain. */ - if (buffer_check_alloc(&oqueue, SFTP_MAX_MSG_LENGTH)) + r = sshbuf_check_reserve(oqueue, SFTP_MAX_MSG_LENGTH); + if (r == 0) process(); + else if (r != SSH_ERR_NO_BUFFER_SPACE) + fatal("%s: sshbuf_check_reserve: %s", + __func__, ssh_err(r)); } } diff --git a/ssh/sftp.c b/ssh/sftp.c index 4964f79..d2beb57 100644 --- a/ssh/sftp.c +++ b/ssh/sftp.c @@ -43,7 +43,8 @@ #include "misc.h" #include "sftp.h" -#include "buffer.h" +#include "err.h" +#include "sshbuf.h" #include "sftp-common.h" #include "sftp-client.h"