buffer: Improve argument checking in ssh_buffer_pack()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
Этот коммит содержится в:
родитель
2490404d45
Коммит
afc9988c93
@ -52,9 +52,18 @@ int buffer_add_u16(ssh_buffer buffer, uint16_t data);
|
||||
int buffer_add_u32(ssh_buffer buffer, uint32_t data);
|
||||
int buffer_add_u64(ssh_buffer buffer, uint64_t data);
|
||||
int ssh_buffer_add_data(ssh_buffer buffer, const void *data, uint32_t len);
|
||||
int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer, const char *format, va_list ap);
|
||||
int _ssh_buffer_pack(struct ssh_buffer_struct *buffer, const char *format, ...);
|
||||
#define ssh_buffer_pack(buffer, format, ...) _ssh_buffer_pack((buffer),(format), __VA_ARGS__, SSH_BUFFER_PACK_END)
|
||||
|
||||
int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer,
|
||||
const char *format,
|
||||
int argc,
|
||||
va_list ap);
|
||||
int _ssh_buffer_pack(struct ssh_buffer_struct *buffer,
|
||||
const char *format,
|
||||
int argc,
|
||||
...);
|
||||
#define ssh_buffer_pack(buffer, format, ...) \
|
||||
_ssh_buffer_pack((buffer), (format), __VA_NARG__(__VA_ARGS__), __VA_ARGS__, SSH_BUFFER_PACK_END)
|
||||
|
||||
int ssh_buffer_unpack_va(struct ssh_buffer_struct *buffer, const char *format, va_list ap);
|
||||
int _ssh_buffer_unpack(struct ssh_buffer_struct *buffer, const char *format, ...);
|
||||
#define ssh_buffer_unpack(buffer, format, ...) _ssh_buffer_unpack((buffer),(format), __VA_ARGS__, SSH_BUFFER_PACK_END)
|
||||
|
@ -301,5 +301,29 @@ int match_hostname(const char *host, const char *pattern, unsigned int len);
|
||||
*/
|
||||
#define discard_const_p(type, ptr) ((type *)discard_const(ptr))
|
||||
|
||||
/**
|
||||
* Get the argument cound of variadic arguments
|
||||
*/
|
||||
#define __VA_NARG__(...) \
|
||||
(__VA_NARG_(_0, ## __VA_ARGS__, __RSEQ_N()) - 1)
|
||||
#define __VA_NARG_(...) \
|
||||
__VA_ARG_N(__VA_ARGS__)
|
||||
#define __VA_ARG_N( \
|
||||
_1, _2, _3, _4, _5, _6, _7, _8, _9,_10, \
|
||||
_11,_12,_13,_14,_15,_16,_17,_18,_19,_20, \
|
||||
_21,_22,_23,_24,_25,_26,_27,_28,_29,_30, \
|
||||
_31,_32,_33,_34,_35,_36,_37,_38,_39,_40, \
|
||||
_41,_42,_43,_44,_45,_46,_47,_48,_49,_50, \
|
||||
_51,_52,_53,_54,_55,_56,_57,_58,_59,_60, \
|
||||
_61,_62,_63,N,...) N
|
||||
#define __RSEQ_N() \
|
||||
63, 62, 61, 60, \
|
||||
59, 58, 57, 56, 55, 54, 53, 52, 51, 50, \
|
||||
49, 48, 47, 46, 45, 44, 43, 42, 41, 40, \
|
||||
39, 38, 37, 36, 35, 34, 33, 32, 31, 30, \
|
||||
29, 28, 27, 26, 25, 24, 23, 22, 21, 20, \
|
||||
19, 18, 17, 16, 15, 14, 13, 12, 11, 10, \
|
||||
9, 8, 7, 6, 5, 4, 3, 2, 1, 0
|
||||
|
||||
#endif /* _LIBSSH_PRIV_H */
|
||||
/* vim: set ts=4 sw=4 et cindent: */
|
||||
|
31
src/buffer.c
31
src/buffer.c
@ -688,7 +688,11 @@ struct ssh_string_struct *buffer_get_mpint(struct ssh_buffer_struct *buffer) {
|
||||
* SSH_ERROR on error
|
||||
* @see ssh_buffer_add_format() for format list values.
|
||||
*/
|
||||
int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer, const char *format, va_list ap){
|
||||
int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer,
|
||||
const char *format,
|
||||
int argc,
|
||||
va_list ap)
|
||||
{
|
||||
int rc = SSH_ERROR;
|
||||
const char *p;
|
||||
union {
|
||||
@ -702,8 +706,14 @@ int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer, const char *format, va_
|
||||
char *cstring;
|
||||
bignum b;
|
||||
size_t len;
|
||||
int count;
|
||||
|
||||
for (p = format, count = 0; *p != '\0'; p++, count++) {
|
||||
/* Invalid number of arguments passed */
|
||||
if (count > argc) {
|
||||
return SSH_ERROR;
|
||||
}
|
||||
|
||||
for (p = format; *p != '\0'; p++) {
|
||||
switch(*p) {
|
||||
case 'b':
|
||||
o.byte = (uint8_t)va_arg(ap, unsigned int);
|
||||
@ -740,7 +750,10 @@ int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer, const char *format, va_
|
||||
break;
|
||||
case 'P':
|
||||
len = va_arg(ap, size_t);
|
||||
|
||||
o.data = va_arg(ap, void *);
|
||||
count++; /* increase argument count */
|
||||
|
||||
rc = ssh_buffer_add_data(buffer, o.data, len);
|
||||
o.data = NULL;
|
||||
break;
|
||||
@ -769,6 +782,10 @@ int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer, const char *format, va_
|
||||
}
|
||||
}
|
||||
|
||||
if (argc != count) {
|
||||
return SSH_ERROR;
|
||||
}
|
||||
|
||||
if (rc != SSH_ERROR){
|
||||
/* verify that the last hidden argument is correct */
|
||||
o.dword = va_arg(ap, uint32_t);
|
||||
@ -799,12 +816,16 @@ int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer, const char *format, va_
|
||||
* @warning when using 'P' with a constant size (e.g. 8), do not
|
||||
* forget to cast to (size_t).
|
||||
*/
|
||||
int _ssh_buffer_pack(struct ssh_buffer_struct *buffer, const char *format, ...){
|
||||
int _ssh_buffer_pack(struct ssh_buffer_struct *buffer,
|
||||
const char *format,
|
||||
int argc,
|
||||
...)
|
||||
{
|
||||
va_list ap;
|
||||
int rc;
|
||||
|
||||
va_start(ap, format);
|
||||
rc = ssh_buffer_pack_va(buffer, format, ap);
|
||||
va_start(ap, argc);
|
||||
rc = ssh_buffer_pack_va(buffer, format, argc, ap);
|
||||
va_end(ap);
|
||||
return rc;
|
||||
}
|
||||
|
Загрузка…
Ссылка в новой задаче
Block a user