From 5a45dc4a29b7b65406b8e3d1a78bed99478a9a3a Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Mon, 29 Aug 2011 14:27:06 +0200 Subject: pingpong.c: fix Curl_pp_vsendf() arbitrary restrictions on command length This removes command length restrictions on calling functions. --- lib/imap.c | 3 --- lib/pingpong.c | 66 ++++++++++++++++++++++++++++------------------------------ lib/pingpong.h | 6 ------ 3 files changed, 32 insertions(+), 43 deletions(-) (limited to 'lib') diff --git a/lib/imap.c b/lib/imap.c index f6d4362c6..4f2ee4ee3 100644 --- a/lib/imap.c +++ b/lib/imap.c @@ -210,9 +210,6 @@ static const struct Curl_handler Curl_handler_imaps_proxy = { * * Sends the formated string as an IMAP command to a server * - * NOTE: we build the command in a fixed-length buffer, which sets length - * restrictions on the command! - * * Designed to never block. */ static CURLcode imapsendf(struct connectdata *conn, diff --git a/lib/pingpong.c b/lib/pingpong.c index 23ab69fb2..da1391e8e 100644 --- a/lib/pingpong.c +++ b/lib/pingpong.c @@ -177,9 +177,6 @@ void Curl_pp_init(struct pingpong *pp) * the string should not have any CRLF appended, as this function will * append the necessary things itself. * - * NOTE: we build the command in a fixed-length buffer, which sets length - * restrictions on the command! - * * made to never block */ CURLcode Curl_pp_vsendf(struct pingpong *pp, @@ -187,12 +184,10 @@ CURLcode Curl_pp_vsendf(struct pingpong *pp, va_list args) { ssize_t bytes_written; -/* may still not be big enough for some krb5 tokens */ -#define SBUF_SIZE 1024 - char s[SBUF_SIZE]; size_t write_len; - char *sptr=s; - CURLcode res = CURLE_OK; + char *fmt_crlf; + char *s; + CURLcode error; struct connectdata *conn = pp->conn; struct SessionHandle *data = conn->data; @@ -200,55 +195,61 @@ CURLcode Curl_pp_vsendf(struct pingpong *pp, enum protection_level data_sec = conn->data_prot; #endif - vsnprintf(s, SBUF_SIZE-3, fmt, args); + fmt_crlf = aprintf("%s\r\n", fmt); /* append a trailing CRLF */ + if(!fmt_crlf) + return CURLE_OUT_OF_MEMORY; - strcat(s, "\r\n"); /* append a trailing CRLF */ + s = vaprintf(fmt_crlf, args); /* trailing CRLF appended */ + free(fmt_crlf); + if(!s) + return CURLE_OUT_OF_MEMORY; - bytes_written=0; + bytes_written = 0; write_len = strlen(s); Curl_pp_init(pp); - res = Curl_convert_to_network(data, s, write_len); + error = Curl_convert_to_network(data, s, write_len); /* Curl_convert_to_network calls failf if unsuccessful */ - if(res) - return res; + if(error) { + free(s); + return error; + } #if defined(HAVE_KRB4) || defined(HAVE_GSSAPI) conn->data_prot = PROT_CMD; #endif - res = Curl_write(conn, conn->sock[FIRSTSOCKET], sptr, write_len, - &bytes_written); + error = Curl_write(conn, conn->sock[FIRSTSOCKET], s, write_len, + &bytes_written); #if defined(HAVE_KRB4) || defined(HAVE_GSSAPI) DEBUGASSERT(data_sec > PROT_NONE && data_sec < PROT_LAST); conn->data_prot = data_sec; #endif - if(CURLE_OK != res) - return res; + if(error) { + free(s); + return error; + } if(conn->data->set.verbose) Curl_debug(conn->data, CURLINFO_HEADER_OUT, - sptr, (size_t)bytes_written, conn); + s, (size_t)bytes_written, conn); if(bytes_written != (ssize_t)write_len) { /* the whole chunk was not sent, store the rest of the data */ write_len -= bytes_written; - sptr += bytes_written; - pp->sendthis = malloc(write_len); - if(pp->sendthis) { - memcpy(pp->sendthis, sptr, write_len); - pp->sendsize = pp->sendleft = write_len; - } - else { - failf(data, "out of memory"); - res = CURLE_OUT_OF_MEMORY; - } + memmove(s, s + bytes_written, write_len + 1); + pp->sendthis = s; + pp->sendsize = pp->sendleft = write_len; } - else + else { + free(s); + pp->sendthis = NULL; + pp->sendleft = pp->sendsize = 0; pp->response = Curl_tvnow(); + } - return res; + return CURLE_OK; } @@ -260,9 +261,6 @@ CURLcode Curl_pp_vsendf(struct pingpong *pp, * the string should not have any CRLF appended, as this function will * append the necessary things itself. * - * NOTE: we build the command in a fixed-length buffer, which sets length - * restrictions on the command! - * * made to never block */ CURLcode Curl_pp_sendf(struct pingpong *pp, diff --git a/lib/pingpong.h b/lib/pingpong.h index 370fd7a76..1d104cfbc 100644 --- a/lib/pingpong.h +++ b/lib/pingpong.h @@ -98,9 +98,6 @@ long Curl_pp_state_timeout(struct pingpong *pp); * the string should not have any CRLF appended, as this function will * append the necessary things itself. * - * NOTE: we build the command in a fixed-length buffer, which sets length - * restrictions on the command! - * * made to never block */ CURLcode Curl_pp_sendf(struct pingpong *pp, @@ -114,9 +111,6 @@ CURLcode Curl_pp_sendf(struct pingpong *pp, * the string should not have any CRLF appended, as this function will * append the necessary things itself. * - * NOTE: we build the command in a fixed-length buffer, which sets length - * restrictions on the command! - * * made to never block */ CURLcode Curl_pp_vsendf(struct pingpong *pp, -- cgit v1.2.3