pretty: fix out-of-bounds read when parsing invalid padding format
[git/debian.git] / pkt-line.h
blob8c90daa59ef0ca5f32202a1bcf52583b3f324e4f
1 #ifndef PKTLINE_H
2 #define PKTLINE_H
4 #include "git-compat-util.h"
5 #include "strbuf.h"
6 #include "sideband.h"
8 /*
9 * Write a packetized stream, where each line is preceded by
10 * its length (including the header) as a 4-byte hex number.
11 * A length of 'zero' means end of stream (and a length of 1-3
12 * would be an error).
14 * This is all pretty stupid, but we use this packetized line
15 * format to make a streaming format possible without ever
16 * over-running the read buffers. That way we'll never read
17 * into what might be the pack data (which should go to another
18 * process entirely).
20 * The writing side could use stdio, but since the reading
21 * side can't, we stay with pure read/write interfaces.
23 void packet_flush(int fd);
24 void packet_delim(int fd);
25 void packet_response_end(int fd);
26 void packet_write_fmt(int fd, const char *fmt, ...) __attribute__((format (printf, 2, 3)));
27 void packet_buf_flush(struct strbuf *buf);
28 void packet_buf_delim(struct strbuf *buf);
29 void set_packet_header(char *buf, int size);
30 void packet_write(int fd_out, const char *buf, size_t size);
31 void packet_buf_write(struct strbuf *buf, const char *fmt, ...) __attribute__((format (printf, 2, 3)));
32 void packet_buf_write_len(struct strbuf *buf, const char *data, size_t len);
33 int packet_flush_gently(int fd);
34 int packet_write_fmt_gently(int fd, const char *fmt, ...) __attribute__((format (printf, 2, 3)));
35 int write_packetized_from_fd(int fd_in, int fd_out);
36 int write_packetized_from_buf(const char *src_in, size_t len, int fd_out);
39 * Read a packetized line into the buffer, which must be at least size bytes
40 * long. The return value specifies the number of bytes read into the buffer.
42 * If src_buffer and *src_buffer are not NULL, it should point to a buffer
43 * containing the packet data to parse, of at least *src_len bytes. After the
44 * function returns, src_buf will be incremented and src_len decremented by the
45 * number of bytes consumed.
47 * If src_buffer (or *src_buffer) is NULL, then data is read from the
48 * descriptor "fd".
50 * If options does not contain PACKET_READ_GENTLE_ON_EOF, we will die under any
51 * of the following conditions:
53 * 1. Read error from descriptor.
55 * 2. Protocol error from the remote (e.g., bogus length characters).
57 * 3. Receiving a packet larger than "size" bytes.
59 * 4. Truncated output from the remote (e.g., we expected a packet but got
60 * EOF, or we got a partial packet followed by EOF).
62 * If options does contain PACKET_READ_GENTLE_ON_EOF, we will not die on
63 * condition 4 (truncated input), but instead return -1. However, we will still
64 * die for the other 3 conditions.
66 * If options contains PACKET_READ_CHOMP_NEWLINE, a trailing newline (if
67 * present) is removed from the buffer before returning.
69 * If options contains PACKET_READ_DIE_ON_ERR_PACKET, it dies when it sees an
70 * ERR packet.
72 #define PACKET_READ_GENTLE_ON_EOF (1u<<0)
73 #define PACKET_READ_CHOMP_NEWLINE (1u<<1)
74 #define PACKET_READ_DIE_ON_ERR_PACKET (1u<<2)
75 int packet_read(int fd, char **src_buffer, size_t *src_len, char
76 *buffer, unsigned size, int options);
79 * Convert a four hex digit packet line length header into its numeric
80 * representation.
82 * If lenbuf_hex contains non-hex characters, return -1. Otherwise, return the
83 * numeric value of the length header.
85 int packet_length(const char lenbuf_hex[4]);
88 * Read a packetized line into a buffer like the 'packet_read()' function but
89 * returns an 'enum packet_read_status' which indicates the status of the read.
90 * The number of bytes read will be assigned to *pktlen if the status of the
91 * read was 'PACKET_READ_NORMAL'.
93 enum packet_read_status {
94 PACKET_READ_EOF,
95 PACKET_READ_NORMAL,
96 PACKET_READ_FLUSH,
97 PACKET_READ_DELIM,
98 PACKET_READ_RESPONSE_END,
100 enum packet_read_status packet_read_with_status(int fd, char **src_buffer,
101 size_t *src_len, char *buffer,
102 unsigned size, int *pktlen,
103 int options);
106 * Convenience wrapper for packet_read that is not gentle, and sets the
107 * CHOMP_NEWLINE option. The return value is NULL for a flush packet,
108 * and otherwise points to a static buffer (that may be overwritten by
109 * subsequent calls). If the size parameter is not NULL, the length of the
110 * packet is written to it.
112 char *packet_read_line(int fd, int *size);
115 * Convenience wrapper for packet_read that sets the PACKET_READ_GENTLE_ON_EOF
116 * and CHOMP_NEWLINE options. The return value specifies the number of bytes
117 * read into the buffer or -1 on truncated input. If the *dst_line parameter
118 * is not NULL it will return NULL for a flush packet or when the number of
119 * bytes copied is zero and otherwise points to a static buffer (that may be
120 * overwritten by subsequent calls). If the size parameter is not NULL, the
121 * length of the packet is written to it.
123 int packet_read_line_gently(int fd, int *size, char **dst_line);
126 * Same as packet_read_line, but read from a buf rather than a descriptor;
127 * see packet_read for details on how src_* is used.
129 char *packet_read_line_buf(char **src_buf, size_t *src_len, int *size);
132 * Reads a stream of variable sized packets until a flush packet is detected.
134 ssize_t read_packetized_to_strbuf(int fd_in, struct strbuf *sb_out);
137 * Receive multiplexed output stream over git native protocol.
138 * in_stream is the input stream from the remote, which carries data
139 * in pkt_line format with band designator. Demultiplex it into out
140 * and err and return error appropriately. Band #1 carries the
141 * primary payload. Things coming over band #2 is not necessarily
142 * error; they are usually informative message on the standard error
143 * stream, aka "verbose"). A message over band #3 is a signal that
144 * the remote died unexpectedly. A flush() concludes the stream.
146 * Returns SIDEBAND_FLUSH upon a normal conclusion, and SIDEBAND_PROTOCOL_ERROR
147 * or SIDEBAND_REMOTE_ERROR if an error occurred.
149 int recv_sideband(const char *me, int in_stream, int out);
151 struct packet_reader {
152 /* source file descriptor */
153 int fd;
155 /* source buffer and its size */
156 char *src_buffer;
157 size_t src_len;
159 /* buffer that pkt-lines are read into and its size */
160 char *buffer;
161 unsigned buffer_size;
163 /* options to be used during reads */
164 int options;
166 /* status of the last read */
167 enum packet_read_status status;
169 /* length of data read during the last read */
170 int pktlen;
172 /* the last line read */
173 const char *line;
175 /* indicates if a line has been peeked */
176 int line_peeked;
178 unsigned use_sideband : 1;
179 const char *me;
181 /* hash algorithm in use */
182 const struct git_hash_algo *hash_algo;
186 * Initialize a 'struct packet_reader' object which is an
187 * abstraction around the 'packet_read_with_status()' function.
189 void packet_reader_init(struct packet_reader *reader, int fd,
190 char *src_buffer, size_t src_len,
191 int options);
194 * Perform a packet read and return the status of the read.
195 * The values of 'pktlen' and 'line' are updated based on the status of the
196 * read as follows:
198 * PACKET_READ_ERROR: 'pktlen' is set to '-1' and 'line' is set to NULL
199 * PACKET_READ_NORMAL: 'pktlen' is set to the number of bytes read
200 * 'line' is set to point at the read line
201 * PACKET_READ_FLUSH: 'pktlen' is set to '0' and 'line' is set to NULL
203 enum packet_read_status packet_reader_read(struct packet_reader *reader);
206 * Peek the next packet line without consuming it and return the status.
207 * The next call to 'packet_reader_read()' will perform a read of the same line
208 * that was peeked, consuming the line.
210 * Peeking multiple times without calling 'packet_reader_read()' will return
211 * the same result.
213 enum packet_read_status packet_reader_peek(struct packet_reader *reader);
215 #define DEFAULT_PACKET_MAX 1000
216 #define LARGE_PACKET_MAX 65520
217 #define LARGE_PACKET_DATA_MAX (LARGE_PACKET_MAX - 4)
218 extern char packet_buffer[LARGE_PACKET_MAX];
220 struct packet_writer {
221 int dest_fd;
222 unsigned use_sideband : 1;
225 void packet_writer_init(struct packet_writer *writer, int dest_fd);
227 /* These functions die upon failure. */
228 __attribute__((format (printf, 2, 3)))
229 void packet_writer_write(struct packet_writer *writer, const char *fmt, ...);
230 __attribute__((format (printf, 2, 3)))
231 void packet_writer_error(struct packet_writer *writer, const char *fmt, ...);
232 void packet_writer_delim(struct packet_writer *writer);
233 void packet_writer_flush(struct packet_writer *writer);
235 #endif