diff options
author | Yang Tse <yangsita@gmail.com> | 2011-08-29 14:27:06 +0200 |
---|---|---|
committer | Yang Tse <yangsita@gmail.com> | 2011-08-29 14:27:06 +0200 |
commit | 5a45dc4a29b7b65406b8e3d1a78bed99478a9a3a (patch) | |
tree | cc7b6a22b9f0c8d8b0c1c0a5666f4c1eb9da4117 | |
parent | 78199b6030e07112d1515272afd7017337fa79c7 (diff) |
pingpong.c: fix Curl_pp_vsendf() arbitrary restrictions on command length
This removes command length restrictions on calling functions.
-rw-r--r-- | lib/imap.c | 3 | ||||
-rw-r--r-- | lib/pingpong.c | 66 | ||||
-rw-r--r-- | lib/pingpong.h | 6 |
3 files changed, 32 insertions, 43 deletions
diff --git a/lib/imap.c b/lib/imap.c index f6d4362c6..4f2ee4ee3 100644 --- a/lib/imap.c +++ b/lib/imap.c @@ -210,9 +210,6 @@ static const struct Curl_handler Curl_handler_imaps_proxy = { * * Sends the formated string as an IMAP command to a server * - * NOTE: we build the command in a fixed-length buffer, which sets length - * restrictions on the command! - * * Designed to never block. */ static CURLcode imapsendf(struct connectdata *conn, diff --git a/lib/pingpong.c b/lib/pingpong.c index 23ab69fb2..da1391e8e 100644 --- a/lib/pingpong.c +++ b/lib/pingpong.c @@ -177,9 +177,6 @@ void Curl_pp_init(struct pingpong *pp) * the string should not have any CRLF appended, as this function will * append the necessary things itself. * - * NOTE: we build the command in a fixed-length buffer, which sets length - * restrictions on the command! - * * made to never block */ CURLcode Curl_pp_vsendf(struct pingpong *pp, @@ -187,12 +184,10 @@ CURLcode Curl_pp_vsendf(struct pingpong *pp, va_list args) { ssize_t bytes_written; -/* may still not be big enough for some krb5 tokens */ -#define SBUF_SIZE 1024 - char s[SBUF_SIZE]; size_t write_len; - char *sptr=s; - CURLcode res = CURLE_OK; + char *fmt_crlf; + char *s; + CURLcode error; struct connectdata *conn = pp->conn; struct SessionHandle *data = conn->data; @@ -200,55 +195,61 @@ CURLcode Curl_pp_vsendf(struct pingpong *pp, enum protection_level data_sec = conn->data_prot; #endif - vsnprintf(s, SBUF_SIZE-3, fmt, args); + fmt_crlf = aprintf("%s\r\n", fmt); /* append a trailing CRLF */ + if(!fmt_crlf) + return CURLE_OUT_OF_MEMORY; - strcat(s, "\r\n"); /* append a trailing CRLF */ + s = vaprintf(fmt_crlf, args); /* trailing CRLF appended */ + free(fmt_crlf); + if(!s) + return CURLE_OUT_OF_MEMORY; - bytes_written=0; + bytes_written = 0; write_len = strlen(s); Curl_pp_init(pp); - res = Curl_convert_to_network(data, s, write_len); + error = Curl_convert_to_network(data, s, write_len); /* Curl_convert_to_network calls failf if unsuccessful */ - if(res) - return res; + if(error) { + free(s); + return error; + } #if defined(HAVE_KRB4) || defined(HAVE_GSSAPI) conn->data_prot = PROT_CMD; #endif - res = Curl_write(conn, conn->sock[FIRSTSOCKET], sptr, write_len, - &bytes_written); + error = Curl_write(conn, conn->sock[FIRSTSOCKET], s, write_len, + &bytes_written); #if defined(HAVE_KRB4) || defined(HAVE_GSSAPI) DEBUGASSERT(data_sec > PROT_NONE && data_sec < PROT_LAST); conn->data_prot = data_sec; #endif - if(CURLE_OK != res) - return res; + if(error) { + free(s); + return error; + } if(conn->data->set.verbose) Curl_debug(conn->data, CURLINFO_HEADER_OUT, - sptr, (size_t)bytes_written, conn); + s, (size_t)bytes_written, conn); if(bytes_written != (ssize_t)write_len) { /* the whole chunk was not sent, store the rest of the data */ write_len -= bytes_written; - sptr += bytes_written; - pp->sendthis = malloc(write_len); - if(pp->sendthis) { - memcpy(pp->sendthis, sptr, write_len); - pp->sendsize = pp->sendleft = write_len; - } - else { - failf(data, "out of memory"); - res = CURLE_OUT_OF_MEMORY; - } + memmove(s, s + bytes_written, write_len + 1); + pp->sendthis = s; + pp->sendsize = pp->sendleft = write_len; } - else + else { + free(s); + pp->sendthis = NULL; + pp->sendleft = pp->sendsize = 0; pp->response = Curl_tvnow(); + } - return res; + return CURLE_OK; } @@ -260,9 +261,6 @@ CURLcode Curl_pp_vsendf(struct pingpong *pp, * the string should not have any CRLF appended, as this function will * append the necessary things itself. * - * NOTE: we build the command in a fixed-length buffer, which sets length - * restrictions on the command! - * * made to never block */ CURLcode Curl_pp_sendf(struct pingpong *pp, diff --git a/lib/pingpong.h b/lib/pingpong.h index 370fd7a76..1d104cfbc 100644 --- a/lib/pingpong.h +++ b/lib/pingpong.h @@ -98,9 +98,6 @@ long Curl_pp_state_timeout(struct pingpong *pp); * the string should not have any CRLF appended, as this function will * append the necessary things itself. * - * NOTE: we build the command in a fixed-length buffer, which sets length - * restrictions on the command! - * * made to never block */ CURLcode Curl_pp_sendf(struct pingpong *pp, @@ -114,9 +111,6 @@ CURLcode Curl_pp_sendf(struct pingpong *pp, * the string should not have any CRLF appended, as this function will * append the necessary things itself. * - * NOTE: we build the command in a fixed-length buffer, which sets length - * restrictions on the command! - * * made to never block */ CURLcode Curl_pp_vsendf(struct pingpong *pp, |