1
1

buffer: Improve argument checking in ssh_buffer_pack()

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
Этот коммит содержится в:
Andreas Schneider 2015-02-02 14:14:12 +01:00
родитель 2490404d45
Коммит afc9988c93
3 изменённых файлов: 62 добавлений и 8 удалений

Просмотреть файл

@ -52,9 +52,18 @@ int buffer_add_u16(ssh_buffer buffer, uint16_t data);
int buffer_add_u32(ssh_buffer buffer, uint32_t data);
int buffer_add_u64(ssh_buffer buffer, uint64_t data);
int ssh_buffer_add_data(ssh_buffer buffer, const void *data, uint32_t len);
int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer, const char *format, va_list ap);
int _ssh_buffer_pack(struct ssh_buffer_struct *buffer, const char *format, ...);
#define ssh_buffer_pack(buffer, format, ...) _ssh_buffer_pack((buffer),(format), __VA_ARGS__, SSH_BUFFER_PACK_END)
int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer,
const char *format,
int argc,
va_list ap);
int _ssh_buffer_pack(struct ssh_buffer_struct *buffer,
const char *format,
int argc,
...);
#define ssh_buffer_pack(buffer, format, ...) \
_ssh_buffer_pack((buffer), (format), __VA_NARG__(__VA_ARGS__), __VA_ARGS__, SSH_BUFFER_PACK_END)
int ssh_buffer_unpack_va(struct ssh_buffer_struct *buffer, const char *format, va_list ap);
int _ssh_buffer_unpack(struct ssh_buffer_struct *buffer, const char *format, ...);
#define ssh_buffer_unpack(buffer, format, ...) _ssh_buffer_unpack((buffer),(format), __VA_ARGS__, SSH_BUFFER_PACK_END)

Просмотреть файл

@ -301,5 +301,29 @@ int match_hostname(const char *host, const char *pattern, unsigned int len);
*/
#define discard_const_p(type, ptr) ((type *)discard_const(ptr))
/**
* Get the argument cound of variadic arguments
*/
#define __VA_NARG__(...) \
(__VA_NARG_(_0, ## __VA_ARGS__, __RSEQ_N()) - 1)
#define __VA_NARG_(...) \
__VA_ARG_N(__VA_ARGS__)
#define __VA_ARG_N( \
_1, _2, _3, _4, _5, _6, _7, _8, _9,_10, \
_11,_12,_13,_14,_15,_16,_17,_18,_19,_20, \
_21,_22,_23,_24,_25,_26,_27,_28,_29,_30, \
_31,_32,_33,_34,_35,_36,_37,_38,_39,_40, \
_41,_42,_43,_44,_45,_46,_47,_48,_49,_50, \
_51,_52,_53,_54,_55,_56,_57,_58,_59,_60, \
_61,_62,_63,N,...) N
#define __RSEQ_N() \
63, 62, 61, 60, \
59, 58, 57, 56, 55, 54, 53, 52, 51, 50, \
49, 48, 47, 46, 45, 44, 43, 42, 41, 40, \
39, 38, 37, 36, 35, 34, 33, 32, 31, 30, \
29, 28, 27, 26, 25, 24, 23, 22, 21, 20, \
19, 18, 17, 16, 15, 14, 13, 12, 11, 10, \
9, 8, 7, 6, 5, 4, 3, 2, 1, 0
#endif /* _LIBSSH_PRIV_H */
/* vim: set ts=4 sw=4 et cindent: */

Просмотреть файл

@ -688,7 +688,11 @@ struct ssh_string_struct *buffer_get_mpint(struct ssh_buffer_struct *buffer) {
* SSH_ERROR on error
* @see ssh_buffer_add_format() for format list values.
*/
int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer, const char *format, va_list ap){
int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer,
const char *format,
int argc,
va_list ap)
{
int rc = SSH_ERROR;
const char *p;
union {
@ -702,8 +706,14 @@ int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer, const char *format, va_
char *cstring;
bignum b;
size_t len;
int count;
for (p = format, count = 0; *p != '\0'; p++, count++) {
/* Invalid number of arguments passed */
if (count > argc) {
return SSH_ERROR;
}
for (p = format; *p != '\0'; p++) {
switch(*p) {
case 'b':
o.byte = (uint8_t)va_arg(ap, unsigned int);
@ -740,7 +750,10 @@ int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer, const char *format, va_
break;
case 'P':
len = va_arg(ap, size_t);
o.data = va_arg(ap, void *);
count++; /* increase argument count */
rc = ssh_buffer_add_data(buffer, o.data, len);
o.data = NULL;
break;
@ -769,6 +782,10 @@ int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer, const char *format, va_
}
}
if (argc != count) {
return SSH_ERROR;
}
if (rc != SSH_ERROR){
/* verify that the last hidden argument is correct */
o.dword = va_arg(ap, uint32_t);
@ -799,12 +816,16 @@ int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer, const char *format, va_
* @warning when using 'P' with a constant size (e.g. 8), do not
* forget to cast to (size_t).
*/
int _ssh_buffer_pack(struct ssh_buffer_struct *buffer, const char *format, ...){
int _ssh_buffer_pack(struct ssh_buffer_struct *buffer,
const char *format,
int argc,
...)
{
va_list ap;
int rc;
va_start(ap, format);
rc = ssh_buffer_pack_va(buffer, format, ap);
va_start(ap, argc);
rc = ssh_buffer_pack_va(buffer, format, argc, ap);
va_end(ap);
return rc;
}