- djm@cvs.openbsd.org 2007/05/17 07:55:29

[sftp-server.c] bz#1286 stop reading and processing commands when input or output buffer is nearly full, otherwise sftp-server would happily try to grow the input/output buffers past the maximum supported by the buffer API and promptly fatal() based on patch from Thue Janus Kristensen; feedback & ok dtucker@
author: Darren Tucker <dtucker@zip.com.au> 2007-05-20 15:09:04 +1000
committer: Darren Tucker <dtucker@zip.com.au> 2007-05-20 15:09:04 +1000
commit: e9405983dc1cf9399e560e70f7c681ba62e09131 (patch)
tree: 14b2393fd9137f4ff5547c6a0233385350d39d77
parent: 36b78000a7bc14def417251aa50ebcdfcf182345 (diff)
2 files changed, 27 insertions, 7 deletions
diff --git a/ChangeLog b/ChangeLog
index c189c7810..2bc077cf7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -15,6 +15,13 @@
   - djm@cvs.openbsd.org 2007/05/17 07:50:31
     [log.c]
     save and restore errno when logging; ok deraadt@
+   - djm@cvs.openbsd.org 2007/05/17 07:55:29
+     [sftp-server.c]
+     bz#1286 stop reading and processing commands when input or output buffer
+     is nearly full, otherwise sftp-server would happily try to grow the
+     input/output buffers past the maximum supported by the buffer API and
+     promptly fatal()
+     based on patch from Thue Janus Kristensen; feedback & ok dtucker@
 20070509
 - (tim) [configure.ac] Bug #1287: Add missing test for ucred.h.
@@ -2915,4 +2922,4 @@
   OpenServer 6 and add osr5bigcrypt support so when someone migrates
   passwords between UnixWare and OpenServer they will still work. OK dtucker@
-$Id: ChangeLog,v 1.4664 2007/05/20 05:08:15 dtucker Exp $
+$Id: ChangeLog,v 1.4665 2007/05/20 05:09:04 dtucker Exp $
diff --git a/sftp-server.c b/sftp-server.c
index d68584b52..76edebc5a 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-server.c,v 1.72 2007/04/18 01:12:43 stevesk Exp $ */
+/* $OpenBSD: sftp-server.c,v 1.73 2007/05/17 07:55:29 djm Exp $ */
 /*
 * Copyright (c) 2000-2004 Markus Friedl.  All rights reserved.
 *
@@ -1214,7 +1214,7 @@ main(int argc, char **argv)
        int in, out, max, ch, skipargs = 0, log_stderr = 0;
        ssize_t len, olen, set_size;
        SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;
-        char *cp;
+        char *cp, buf[4*4096];
        extern char *optarg;
        extern char *__progname;
@@ -1298,7 +1298,15 @@ main(int argc, char **argv)
                memset(rset, 0, set_size);
                memset(wset, 0, set_size);
-                FD_SET(in, rset);
+                /*
+                 * Ensure that we can read a full buffer and handle
+                 * the worst-case length packet it can generate,
+                 * otherwise apply backpressure by stopping reads.
+                 */
+                if (buffer_check_alloc(&iqueue, sizeof(buf)) &&
+                    buffer_check_alloc(&oqueue, SFTP_MAX_MSG_LENGTH))
+                        FD_SET(in, rset);
                olen = buffer_len(&oqueue);
                if (olen > 0)
                        FD_SET(out, wset);
@@ -1312,7 +1320,6 @@ main(int argc, char **argv)
                /* copy stdin to iqueue */
                if (FD_ISSET(in, rset)) {
-                        char buf[4*4096];
                        len = read(in, buf, sizeof buf);
                        if (len == 0) {
                                debug("read eof");
@@ -1334,7 +1341,13 @@ main(int argc, char **argv)
                                buffer_consume(&oqueue, len);
                        }
                }
-                /* process requests from client */
-                process();
+                /*
+                 * Process requests from client if we can fit the results
+                 * into the output buffer, otherwise stop processing input
+                 * and let the output queue drain.
+                 */
+                if (buffer_check_alloc(&oqueue, SFTP_MAX_MSG_LENGTH))
+                        process();
        }
 }
author	Darren Tucker <dtucker@zip.com.au>	2007-05-20 15:09:04 +1000
committer	Darren Tucker <dtucker@zip.com.au>	2007-05-20 15:09:04 +1000
commit	e9405983dc1cf9399e560e70f7c681ba62e09131 (patch)
tree	14b2393fd9137f4ff5547c6a0233385350d39d77
parent	36b78000a7bc14def417251aa50ebcdfcf182345 (diff)

diff --git a/ChangeLog b/ChangeLog index c189c7810..2bc077cf7 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -15,6 +15,13 @@
15	- djm@cvs.openbsd.org 2007/05/17 07:50:31	15	- djm@cvs.openbsd.org 2007/05/17 07:50:31
16	[log.c]	16	[log.c]
17	save and restore errno when logging; ok deraadt@	17	save and restore errno when logging; ok deraadt@
		18	- djm@cvs.openbsd.org 2007/05/17 07:55:29
		19	[sftp-server.c]
		20	bz#1286 stop reading and processing commands when input or output buffer
		21	is nearly full, otherwise sftp-server would happily try to grow the
		22	input/output buffers past the maximum supported by the buffer API and
		23	promptly fatal()
		24	based on patch from Thue Janus Kristensen; feedback & ok dtucker@
18		25
19	20070509	26	20070509
20	- (tim) [configure.ac] Bug #1287: Add missing test for ucred.h.	27	- (tim) [configure.ac] Bug #1287: Add missing test for ucred.h.
@@ -2915,4 +2922,4 @@
2915	OpenServer 6 and add osr5bigcrypt support so when someone migrates	2922	OpenServer 6 and add osr5bigcrypt support so when someone migrates
2916	passwords between UnixWare and OpenServer they will still work. OK dtucker@	2923	passwords between UnixWare and OpenServer they will still work. OK dtucker@
2917		2924
2918	$Id: ChangeLog,v 1.4664 2007/05/20 05:08:15 dtucker Exp $	2925	$Id: ChangeLog,v 1.4665 2007/05/20 05:09:04 dtucker Exp $


diff --git a/sftp-server.c b/sftp-server.c index d68584b52..76edebc5a 100644 --- a/sftp-server.c +++ b/sftp-server.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: sftp-server.c,v 1.72 2007/04/18 01:12:43 stevesk Exp $ */	1	/* $OpenBSD: sftp-server.c,v 1.73 2007/05/17 07:55:29 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000-2004 Markus Friedl. All rights reserved.	3	* Copyright (c) 2000-2004 Markus Friedl. All rights reserved.
4	*	4	*
@@ -1214,7 +1214,7 @@ main(int argc, char **argv)
1214	int in, out, max, ch, skipargs = 0, log_stderr = 0;	1214	int in, out, max, ch, skipargs = 0, log_stderr = 0;
1215	ssize_t len, olen, set_size;	1215	ssize_t len, olen, set_size;
1216	SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;	1216	SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;
1217	char *cp;	1217	char cp, buf[44096];
1218		1218
1219	extern char *optarg;	1219	extern char *optarg;
1220	extern char *__progname;	1220	extern char *__progname;
@@ -1298,7 +1298,15 @@ main(int argc, char **argv)
1298	memset(rset, 0, set_size);	1298	memset(rset, 0, set_size);
1299	memset(wset, 0, set_size);	1299	memset(wset, 0, set_size);
1300		1300
1301	FD_SET(in, rset);	1301	/*
		1302	* Ensure that we can read a full buffer and handle
		1303	* the worst-case length packet it can generate,
		1304	* otherwise apply backpressure by stopping reads.
		1305	*/
		1306	if (buffer_check_alloc(&iqueue, sizeof(buf)) &&
		1307	buffer_check_alloc(&oqueue, SFTP_MAX_MSG_LENGTH))
		1308	FD_SET(in, rset);
		1309
1302	olen = buffer_len(&oqueue);	1310	olen = buffer_len(&oqueue);
1303	if (olen > 0)	1311	if (olen > 0)
1304	FD_SET(out, wset);	1312	FD_SET(out, wset);
@@ -1312,7 +1320,6 @@ main(int argc, char **argv)
1312		1320
1313	/* copy stdin to iqueue */	1321	/* copy stdin to iqueue */
1314	if (FD_ISSET(in, rset)) {	1322	if (FD_ISSET(in, rset)) {
1315	char buf[4*4096];
1316	len = read(in, buf, sizeof buf);	1323	len = read(in, buf, sizeof buf);
1317	if (len == 0) {	1324	if (len == 0) {
1318	debug("read eof");	1325	debug("read eof");
@@ -1334,7 +1341,13 @@ main(int argc, char **argv)
1334	buffer_consume(&oqueue, len);	1341	buffer_consume(&oqueue, len);
1335	}	1342	}
1336	}	1343	}
1337	/* process requests from client */	1344
1338	process();	1345	/*
		1346	* Process requests from client if we can fit the results
		1347	* into the output buffer, otherwise stop processing input
		1348	* and let the output queue drain.
		1349	*/
		1350	if (buffer_check_alloc(&oqueue, SFTP_MAX_MSG_LENGTH))
		1351	process();
1339	}	1352	}
1340	}	1353	}