1 /* $OpenBSD: sshbuf.c,v 1.13 2018/11/16 06:10:29 djm Exp $ */
3 * Copyright (c) 2011 Damien Miller
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 #define SSHBUF_INTERNAL
21 #include <sys/types.h>
32 sshbuf_check_sanity(const struct sshbuf *buf)
34 SSHBUF_TELL("sanity");
35 if (__predict_false(buf == NULL ||
36 (!buf->readonly && buf->d != buf->cd) ||
37 buf->refcount < 1 || buf->refcount > SSHBUF_REFS_MAX ||
39 buf->max_size > SSHBUF_SIZE_MAX ||
40 buf->alloc > buf->max_size ||
41 buf->size > buf->alloc ||
42 buf->off > buf->size)) {
43 /* Do not try to recover from corrupted buffer internals */
44 SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR"));
45 signal(SIGSEGV, SIG_DFL);
47 return SSH_ERR_INTERNAL_ERROR;
53 sshbuf_maybe_pack(struct sshbuf *buf, int force)
55 SSHBUF_DBG(("force %d", force));
56 SSHBUF_TELL("pre-pack");
57 if (buf->off == 0 || buf->readonly || buf->refcount > 1)
60 (buf->off >= SSHBUF_PACK_MIN && buf->off >= buf->size / 2)) {
61 memmove(buf->d, buf->d + buf->off, buf->size - buf->off);
62 buf->size -= buf->off;
64 SSHBUF_TELL("packed");
73 if ((ret = calloc(sizeof(*ret), 1)) == NULL)
75 ret->alloc = SSHBUF_SIZE_INIT;
76 ret->max_size = SSHBUF_SIZE_MAX;
80 if ((ret->cd = ret->d = calloc(1, ret->alloc)) == NULL) {
88 sshbuf_from(const void *blob, size_t len)
92 if (blob == NULL || len > SSHBUF_SIZE_MAX ||
93 (ret = calloc(sizeof(*ret), 1)) == NULL)
95 ret->alloc = ret->size = ret->max_size = len;
105 sshbuf_set_parent(struct sshbuf *child, struct sshbuf *parent)
109 if ((r = sshbuf_check_sanity(child)) != 0 ||
110 (r = sshbuf_check_sanity(parent)) != 0)
112 child->parent = parent;
113 child->parent->refcount++;
118 sshbuf_fromb(struct sshbuf *buf)
122 if (sshbuf_check_sanity(buf) != 0)
124 if ((ret = sshbuf_from(sshbuf_ptr(buf), sshbuf_len(buf))) == NULL)
126 if (sshbuf_set_parent(ret, buf) != 0) {
134 sshbuf_free(struct sshbuf *buf)
139 * The following will leak on insane buffers, but this is the safest
140 * course of action - an invalid pointer or already-freed pointer may
141 * have been passed to us and continuing to scribble over memory would
144 if (sshbuf_check_sanity(buf) != 0)
148 * If we are a parent with still-extant children, then don't free just
149 * yet. The last child's call to sshbuf_free should decrement our
150 * refcount to 0 and trigger the actual free.
153 if (buf->refcount > 0)
157 * If we are a child, the free our parent to decrement its reference
158 * count and possibly free it.
160 sshbuf_free(buf->parent);
163 if (!buf->readonly) {
164 explicit_bzero(buf->d, buf->alloc);
167 explicit_bzero(buf, sizeof(*buf));
172 sshbuf_reset(struct sshbuf *buf)
176 if (buf->readonly || buf->refcount > 1) {
177 /* Nonsensical. Just make buffer appear empty */
178 buf->off = buf->size;
181 (void) sshbuf_check_sanity(buf);
182 buf->off = buf->size = 0;
183 if (buf->alloc != SSHBUF_SIZE_INIT) {
184 if ((d = recallocarray(buf->d, buf->alloc, SSHBUF_SIZE_INIT,
186 buf->cd = buf->d = d;
187 buf->alloc = SSHBUF_SIZE_INIT;
190 explicit_bzero(buf->d, SSHBUF_SIZE_INIT);
194 sshbuf_max_size(const struct sshbuf *buf)
196 return buf->max_size;
200 sshbuf_alloc(const struct sshbuf *buf)
205 const struct sshbuf *
206 sshbuf_parent(const struct sshbuf *buf)
212 sshbuf_refcount(const struct sshbuf *buf)
214 return buf->refcount;
218 sshbuf_set_max_size(struct sshbuf *buf, size_t max_size)
224 SSHBUF_DBG(("set max buf = %p len = %zu", buf, max_size));
225 if ((r = sshbuf_check_sanity(buf)) != 0)
227 if (max_size == buf->max_size)
229 if (buf->readonly || buf->refcount > 1)
230 return SSH_ERR_BUFFER_READ_ONLY;
231 if (max_size > SSHBUF_SIZE_MAX)
232 return SSH_ERR_NO_BUFFER_SPACE;
233 /* pack and realloc if necessary */
234 sshbuf_maybe_pack(buf, max_size < buf->size);
235 if (max_size < buf->alloc && max_size > buf->size) {
236 if (buf->size < SSHBUF_SIZE_INIT)
237 rlen = SSHBUF_SIZE_INIT;
239 rlen = ROUNDUP(buf->size, SSHBUF_SIZE_INC);
242 SSHBUF_DBG(("new alloc = %zu", rlen));
243 if ((dp = recallocarray(buf->d, buf->alloc, rlen, 1)) == NULL)
244 return SSH_ERR_ALLOC_FAIL;
245 buf->cd = buf->d = dp;
248 SSHBUF_TELL("new-max");
249 if (max_size < buf->alloc)
250 return SSH_ERR_NO_BUFFER_SPACE;
251 buf->max_size = max_size;
256 sshbuf_len(const struct sshbuf *buf)
258 if (sshbuf_check_sanity(buf) != 0)
260 return buf->size - buf->off;
264 sshbuf_avail(const struct sshbuf *buf)
266 if (sshbuf_check_sanity(buf) != 0 || buf->readonly || buf->refcount > 1)
268 return buf->max_size - (buf->size - buf->off);
272 sshbuf_ptr(const struct sshbuf *buf)
274 if (sshbuf_check_sanity(buf) != 0)
276 return buf->cd + buf->off;
280 sshbuf_mutable_ptr(const struct sshbuf *buf)
282 if (sshbuf_check_sanity(buf) != 0 || buf->readonly || buf->refcount > 1)
284 return buf->d + buf->off;
288 sshbuf_check_reserve(const struct sshbuf *buf, size_t len)
292 if ((r = sshbuf_check_sanity(buf)) != 0)
294 if (buf->readonly || buf->refcount > 1)
295 return SSH_ERR_BUFFER_READ_ONLY;
296 SSHBUF_TELL("check");
297 /* Check that len is reasonable and that max_size + available < len */
298 if (len > buf->max_size || buf->max_size - len < buf->size - buf->off)
299 return SSH_ERR_NO_BUFFER_SPACE;
304 sshbuf_allocate(struct sshbuf *buf, size_t len)
310 SSHBUF_DBG(("allocate buf = %p len = %zu", buf, len));
311 if ((r = sshbuf_check_reserve(buf, len)) != 0)
314 * If the requested allocation appended would push us past max_size
315 * then pack the buffer, zeroing buf->off.
317 sshbuf_maybe_pack(buf, buf->size + len > buf->max_size);
318 SSHBUF_TELL("allocate");
319 if (len + buf->size <= buf->alloc)
320 return 0; /* already have it. */
323 * Prefer to alloc in SSHBUF_SIZE_INC units, but
324 * allocate less if doing so would overflow max_size.
326 need = len + buf->size - buf->alloc;
327 rlen = ROUNDUP(buf->alloc + need, SSHBUF_SIZE_INC);
328 SSHBUF_DBG(("need %zu initial rlen %zu", need, rlen));
329 if (rlen > buf->max_size)
330 rlen = buf->alloc + need;
331 SSHBUF_DBG(("adjusted rlen %zu", rlen));
332 if ((dp = recallocarray(buf->d, buf->alloc, rlen, 1)) == NULL) {
333 SSHBUF_DBG(("realloc fail"));
334 return SSH_ERR_ALLOC_FAIL;
337 buf->cd = buf->d = dp;
338 if ((r = sshbuf_check_reserve(buf, len)) < 0) {
347 sshbuf_reserve(struct sshbuf *buf, size_t len, u_char **dpp)
355 SSHBUF_DBG(("reserve buf = %p len = %zu", buf, len));
356 if ((r = sshbuf_allocate(buf, len)) != 0)
359 dp = buf->d + buf->size;
367 sshbuf_consume(struct sshbuf *buf, size_t len)
371 SSHBUF_DBG(("len = %zu", len));
372 if ((r = sshbuf_check_sanity(buf)) != 0)
376 if (len > sshbuf_len(buf))
377 return SSH_ERR_MESSAGE_INCOMPLETE;
379 /* deal with empty buffer */
380 if (buf->off == buf->size)
381 buf->off = buf->size = 0;
387 sshbuf_consume_end(struct sshbuf *buf, size_t len)
391 SSHBUF_DBG(("len = %zu", len));
392 if ((r = sshbuf_check_sanity(buf)) != 0)
396 if (len > sshbuf_len(buf))
397 return SSH_ERR_MESSAGE_INCOMPLETE;