lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-12-09 15:41:10 +03:00
Code Activity

sftpserver: Reuse ssh_{read,write}n

Browse Source 
This removes the code reported by the following coverity issue:

 *** CID 1548867:  Insecure data handling  (INTEGER_OVERFLOW)

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>
This commit is contained in:
Jakub Jelen
2024-07-15 13:39:32 +02:00
committed by Sahana Prasad
parent af8de95805
commit 8ed9f5e69b
1 changed files with 15 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
src/sftpserver.c
View File

@@ -943,7 +943,7 @@ process_read(sftp_client_message client_msg)
sftp_session sftp = client_msg->sftp; sftp_session sftp = client_msg->sftp;
ssh_string handle = client_msg->handle; ssh_string handle = client_msg->handle;
struct sftp_handle *h = NULL; struct sftp_handle *h = NULL;
ssize_t allreadn = 0; ssize_t readn = 0;
int fd = -1; int fd = -1;
char *buffer = NULL; char *buffer = NULL;
int rv; int rv;
@@ -978,22 +978,14 @@ process_read(sftp_client_message client_msg)
SSH_LOG(SSH_LOG_PROTOCOL, "Failed to allocate memory for read data"); SSH_LOG(SSH_LOG_PROTOCOL, "Failed to allocate memory for read data");
return SSH_ERROR; return SSH_ERROR;
} }
do { readn = ssh_readn(fd, buffer, client_msg->len);
ssize_t readn = read(fd, buffer + allreadn, client_msg->len - allreadn); if (readn < 0) {
if (readn < 0) { sftp_reply_status(client_msg, SSH_FX_FAILURE, NULL);
sftp_reply_status(client_msg, SSH_FX_FAILURE, NULL); SSH_LOG(SSH_LOG_PROTOCOL, "read file error!");
SSH_LOG(SSH_LOG_PROTOCOL, "read file error!"); free(buffer);
free(buffer); return SSH_ERROR;
return SSH_ERROR; } else if (readn > 0) {
} else if (readn == 0) { sftp_reply_data(client_msg, buffer, readn);
/* no more data to read, EOF ? */
break;
}
allreadn += readn;
} while (allreadn < (ssize_t)client_msg->len);
if (allreadn > 0) {
sftp_reply_data(client_msg, buffer, allreadn);
} else { } else {
sftp_reply_status(client_msg, SSH_FX_EOF, NULL); sftp_reply_status(client_msg, SSH_FX_EOF, NULL);
} }
@@ -1037,15 +1029,12 @@ process_write(sftp_client_message client_msg)
SSH_LOG(SSH_LOG_PROTOCOL, "error seeking file at offset: %" PRIu64, SSH_LOG(SSH_LOG_PROTOCOL, "error seeking file at offset: %" PRIu64,
client_msg->offset); client_msg->offset);
} }
do { written = ssh_writen(fd, msg_data, len);
rv = write(fd, msg_data + written, len - written); if (written != (ssize_t)len) {
if (rv < 0) { sftp_reply_status(client_msg, SSH_FX_FAILURE, "Write error");
sftp_reply_status(client_msg, SSH_FX_FAILURE, "Write error"); SSH_LOG(SSH_LOG_PROTOCOL, "file write error!");
SSH_LOG(SSH_LOG_PROTOCOL, "file write error!"); return SSH_ERROR;
return SSH_ERROR; }
}
written += rv;
} while (written < (int)len);
sftp_reply_status(client_msg, SSH_FX_OK, NULL); sftp_reply_status(client_msg, SSH_FX_OK, NULL);