From 8ed9f5e69bd61fbc615094e328fc81e6f31d3453 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Mon, 15 Jul 2024 13:39:32 +0200
Subject: [PATCH] sftpserver: Reuse ssh_{read,write}n

This removes the code reported by the following coverity issue:

 *** CID 1548867:  Insecure data handling  (INTEGER_OVERFLOW)

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>
---
 src/sftpserver.c | 41 +++++++++++++++--------------------------
 1 file changed, 15 insertions(+), 26 deletions(-)

diff --git a/src/sftpserver.c b/src/sftpserver.c
index bceb28f7..9b21c43f 100644
--- a/src/sftpserver.c
+++ b/src/sftpserver.c
@@ -943,7 +943,7 @@ process_read(sftp_client_message client_msg)
     sftp_session sftp = client_msg->sftp;
     ssh_string handle = client_msg->handle;
     struct sftp_handle *h = NULL;
-    ssize_t allreadn = 0;
+    ssize_t readn = 0;
     int fd = -1;
     char *buffer = NULL;
     int rv;
@@ -978,22 +978,14 @@ process_read(sftp_client_message client_msg)
         SSH_LOG(SSH_LOG_PROTOCOL, "Failed to allocate memory for read data");
         return SSH_ERROR;
     }
-    do {
-        ssize_t readn = read(fd, buffer + allreadn, client_msg->len - allreadn);
-        if (readn < 0) {
-            sftp_reply_status(client_msg, SSH_FX_FAILURE, NULL);
-            SSH_LOG(SSH_LOG_PROTOCOL, "read file error!");
-            free(buffer);
-            return SSH_ERROR;
-        } else if (readn == 0) {
-            /* no more data to read, EOF ? */
-            break;
-        }
-        allreadn += readn;
-    } while (allreadn < (ssize_t)client_msg->len);
-
-    if (allreadn > 0) {
-        sftp_reply_data(client_msg, buffer, allreadn);
+    readn = ssh_readn(fd, buffer, client_msg->len);
+    if (readn < 0) {
+        sftp_reply_status(client_msg, SSH_FX_FAILURE, NULL);
+        SSH_LOG(SSH_LOG_PROTOCOL, "read file error!");
+        free(buffer);
+        return SSH_ERROR;
+    } else if (readn > 0) {
+        sftp_reply_data(client_msg, buffer, readn);
     } else {
         sftp_reply_status(client_msg, SSH_FX_EOF, NULL);
     }
@@ -1037,15 +1029,12 @@ process_write(sftp_client_message client_msg)
         SSH_LOG(SSH_LOG_PROTOCOL, "error seeking file at offset: %" PRIu64,
                 client_msg->offset);
     }
-    do {
-        rv = write(fd, msg_data + written, len - written);
-        if (rv < 0) {
-            sftp_reply_status(client_msg, SSH_FX_FAILURE, "Write error");
-            SSH_LOG(SSH_LOG_PROTOCOL, "file write error!");
-            return SSH_ERROR;
-        }
-        written += rv;
-    } while (written < (int)len);
+    written = ssh_writen(fd, msg_data, len);
+    if (written != (ssize_t)len) {
+        sftp_reply_status(client_msg, SSH_FX_FAILURE, "Write error");
+        SSH_LOG(SSH_LOG_PROTOCOL, "file write error!");
+        return SSH_ERROR;
+    }
 
     sftp_reply_status(client_msg, SSH_FX_OK, NULL);