aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYang Tse <yangsita@gmail.com>2011-08-29 14:27:06 +0200
committerYang Tse <yangsita@gmail.com>2011-08-29 14:27:06 +0200
commit5a45dc4a29b7b65406b8e3d1a78bed99478a9a3a (patch)
treecc7b6a22b9f0c8d8b0c1c0a5666f4c1eb9da4117
parent78199b6030e07112d1515272afd7017337fa79c7 (diff)
pingpong.c: fix Curl_pp_vsendf() arbitrary restrictions on command length
This removes command length restrictions on calling functions.
-rw-r--r--lib/imap.c3
-rw-r--r--lib/pingpong.c66
-rw-r--r--lib/pingpong.h6
3 files changed, 32 insertions, 43 deletions
diff --git a/lib/imap.c b/lib/imap.c
index f6d4362c6..4f2ee4ee3 100644
--- a/lib/imap.c
+++ b/lib/imap.c
@@ -210,9 +210,6 @@ static const struct Curl_handler Curl_handler_imaps_proxy = {
*
* Sends the formated string as an IMAP command to a server
*
- * NOTE: we build the command in a fixed-length buffer, which sets length
- * restrictions on the command!
- *
* Designed to never block.
*/
static CURLcode imapsendf(struct connectdata *conn,
diff --git a/lib/pingpong.c b/lib/pingpong.c
index 23ab69fb2..da1391e8e 100644
--- a/lib/pingpong.c
+++ b/lib/pingpong.c
@@ -177,9 +177,6 @@ void Curl_pp_init(struct pingpong *pp)
* the string should not have any CRLF appended, as this function will
* append the necessary things itself.
*
- * NOTE: we build the command in a fixed-length buffer, which sets length
- * restrictions on the command!
- *
* made to never block
*/
CURLcode Curl_pp_vsendf(struct pingpong *pp,
@@ -187,12 +184,10 @@ CURLcode Curl_pp_vsendf(struct pingpong *pp,
va_list args)
{
ssize_t bytes_written;
-/* may still not be big enough for some krb5 tokens */
-#define SBUF_SIZE 1024
- char s[SBUF_SIZE];
size_t write_len;
- char *sptr=s;
- CURLcode res = CURLE_OK;
+ char *fmt_crlf;
+ char *s;
+ CURLcode error;
struct connectdata *conn = pp->conn;
struct SessionHandle *data = conn->data;
@@ -200,55 +195,61 @@ CURLcode Curl_pp_vsendf(struct pingpong *pp,
enum protection_level data_sec = conn->data_prot;
#endif
- vsnprintf(s, SBUF_SIZE-3, fmt, args);
+ fmt_crlf = aprintf("%s\r\n", fmt); /* append a trailing CRLF */
+ if(!fmt_crlf)
+ return CURLE_OUT_OF_MEMORY;
- strcat(s, "\r\n"); /* append a trailing CRLF */
+ s = vaprintf(fmt_crlf, args); /* trailing CRLF appended */
+ free(fmt_crlf);
+ if(!s)
+ return CURLE_OUT_OF_MEMORY;
- bytes_written=0;
+ bytes_written = 0;
write_len = strlen(s);
Curl_pp_init(pp);
- res = Curl_convert_to_network(data, s, write_len);
+ error = Curl_convert_to_network(data, s, write_len);
/* Curl_convert_to_network calls failf if unsuccessful */
- if(res)
- return res;
+ if(error) {
+ free(s);
+ return error;
+ }
#if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)
conn->data_prot = PROT_CMD;
#endif
- res = Curl_write(conn, conn->sock[FIRSTSOCKET], sptr, write_len,
- &bytes_written);
+ error = Curl_write(conn, conn->sock[FIRSTSOCKET], s, write_len,
+ &bytes_written);
#if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)
DEBUGASSERT(data_sec > PROT_NONE && data_sec < PROT_LAST);
conn->data_prot = data_sec;
#endif
- if(CURLE_OK != res)
- return res;
+ if(error) {
+ free(s);
+ return error;
+ }
if(conn->data->set.verbose)
Curl_debug(conn->data, CURLINFO_HEADER_OUT,
- sptr, (size_t)bytes_written, conn);
+ s, (size_t)bytes_written, conn);
if(bytes_written != (ssize_t)write_len) {
/* the whole chunk was not sent, store the rest of the data */
write_len -= bytes_written;
- sptr += bytes_written;
- pp->sendthis = malloc(write_len);
- if(pp->sendthis) {
- memcpy(pp->sendthis, sptr, write_len);
- pp->sendsize = pp->sendleft = write_len;
- }
- else {
- failf(data, "out of memory");
- res = CURLE_OUT_OF_MEMORY;
- }
+ memmove(s, s + bytes_written, write_len + 1);
+ pp->sendthis = s;
+ pp->sendsize = pp->sendleft = write_len;
}
- else
+ else {
+ free(s);
+ pp->sendthis = NULL;
+ pp->sendleft = pp->sendsize = 0;
pp->response = Curl_tvnow();
+ }
- return res;
+ return CURLE_OK;
}
@@ -260,9 +261,6 @@ CURLcode Curl_pp_vsendf(struct pingpong *pp,
* the string should not have any CRLF appended, as this function will
* append the necessary things itself.
*
- * NOTE: we build the command in a fixed-length buffer, which sets length
- * restrictions on the command!
- *
* made to never block
*/
CURLcode Curl_pp_sendf(struct pingpong *pp,
diff --git a/lib/pingpong.h b/lib/pingpong.h
index 370fd7a76..1d104cfbc 100644
--- a/lib/pingpong.h
+++ b/lib/pingpong.h
@@ -98,9 +98,6 @@ long Curl_pp_state_timeout(struct pingpong *pp);
* the string should not have any CRLF appended, as this function will
* append the necessary things itself.
*
- * NOTE: we build the command in a fixed-length buffer, which sets length
- * restrictions on the command!
- *
* made to never block
*/
CURLcode Curl_pp_sendf(struct pingpong *pp,
@@ -114,9 +111,6 @@ CURLcode Curl_pp_sendf(struct pingpong *pp,
* the string should not have any CRLF appended, as this function will
* append the necessary things itself.
*
- * NOTE: we build the command in a fixed-length buffer, which sets length
- * restrictions on the command!
- *
* made to never block
*/
CURLcode Curl_pp_vsendf(struct pingpong *pp,