From 270d6aa2bb01f3430d07cce5f97b48b741e3df9c Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Fri, 7 Dec 2018 12:06:03 +0100 Subject: [PATCH] buffer: Use size_t for argc argument in ssh_buffer_(un)pack() Signed-off-by: Andreas Schneider Signed-off-by: Baruch Siach --- Upstream status: commit c306a693f3fbe include/libssh/buffer.h | 4 ++-- src/buffer.c | 38 +++++++++++++++++++------------------- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/include/libssh/buffer.h b/include/libssh/buffer.h index 4721cbe06c20..1c375343ee14 100644 --- a/include/libssh/buffer.h +++ b/include/libssh/buffer.h @@ -40,11 +40,11 @@ void *ssh_buffer_allocate(struct ssh_buffer_struct *buffer, uint32_t len); int ssh_buffer_allocate_size(struct ssh_buffer_struct *buffer, uint32_t len); int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer, const char *format, - int argc, + size_t argc, va_list ap); int _ssh_buffer_pack(struct ssh_buffer_struct *buffer, const char *format, - int argc, + size_t argc, ...); #define ssh_buffer_pack(buffer, format, ...) \ _ssh_buffer_pack((buffer), (format), __VA_NARG__(__VA_ARGS__), __VA_ARGS__, SSH_BUFFER_PACK_END) diff --git a/src/buffer.c b/src/buffer.c index b029f202660f..99863747fc3c 100644 --- a/src/buffer.c +++ b/src/buffer.c @@ -809,7 +809,7 @@ ssh_buffer_get_ssh_string(struct ssh_buffer_struct *buffer) */ static int ssh_buffer_pack_allocate_va(struct ssh_buffer_struct *buffer, const char *format, - int argc, + size_t argc, va_list ap) { const char *p = NULL; @@ -817,12 +817,12 @@ static int ssh_buffer_pack_allocate_va(struct ssh_buffer_struct *buffer, char *cstring = NULL; size_t needed_size = 0; size_t len; - int count; /* int for size comparison with argc */ + size_t count; int rc = SSH_OK; for (p = format, count = 0; *p != '\0'; p++, count++) { /* Invalid number of arguments passed */ - if (argc != -1 && count > argc) { + if (count > argc) { return SSH_ERROR; } @@ -881,7 +881,7 @@ static int ssh_buffer_pack_allocate_va(struct ssh_buffer_struct *buffer, } } - if (argc != -1 && argc != count) { + if (argc != count) { return SSH_ERROR; } @@ -891,11 +891,7 @@ static int ssh_buffer_pack_allocate_va(struct ssh_buffer_struct *buffer, */ uint32_t canary = va_arg(ap, uint32_t); if (canary != SSH_BUFFER_PACK_END) { - if (argc == -1){ - return SSH_ERROR; - } else { - abort(); - } + abort(); } } @@ -918,7 +914,7 @@ static int ssh_buffer_pack_allocate_va(struct ssh_buffer_struct *buffer, */ int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer, const char *format, - int argc, + size_t argc, va_list ap) { int rc = SSH_ERROR; @@ -934,11 +930,15 @@ int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer, char *cstring; bignum b; size_t len; - int count; /* int for size comparison with argc */ + size_t count; + + if (argc > 256) { + return SSH_ERROR; + } for (p = format, count = 0; *p != '\0'; p++, count++) { /* Invalid number of arguments passed */ - if (argc != -1 && count > argc) { + if (count > argc) { return SSH_ERROR; } @@ -1010,7 +1010,7 @@ int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer, } } - if (argc != -1 && argc != count) { + if (argc != count) { return SSH_ERROR; } @@ -1018,11 +1018,7 @@ int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer, /* Check if our canary is intact, if not somthing really bad happened */ uint32_t canary = va_arg(ap, uint32_t); if (canary != SSH_BUFFER_PACK_END) { - if (argc == -1){ - return SSH_ERROR; - } else { - abort(); - } + abort(); } } return rc; @@ -1050,12 +1046,16 @@ int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer, */ int _ssh_buffer_pack(struct ssh_buffer_struct *buffer, const char *format, - int argc, + size_t argc, ...) { va_list ap; int rc; + if (argc > 256) { + return SSH_ERROR; + } + va_start(ap, argc); rc = ssh_buffer_pack_allocate_va(buffer, format, argc, ap); va_end(ap); -- 2.20.1