4 * Copyright (c) 2002,2003 Matt Johnston
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
25 /* Buffer handling routines, designed to avoid overflows/using invalid data */
31 /* Prevent integer overflows when incrementing buffer position/length.
32 * Calling functions should check arguments first, but this provides a
34 #define BUF_MAX_INCR 1000000000
35 #define BUF_MAX_SIZE 1000000000
37 /* avoid excessively large numbers, > ~8192 bits */
38 #define BUF_MAX_MPINT (8240 / 8)
40 /* Create (malloc) a new buffer of size */
41 buffer
* buf_new(unsigned int size
) {
45 if (size
> BUF_MAX_SIZE
) {
46 dropbear_exit("buf->size too big");
49 buf
= (buffer
*)m_malloc(sizeof(buffer
));
52 buf
->data
= (unsigned char*)m_malloc(size
);
65 /* free the buffer's data and the buffer itself */
66 void buf_free(buffer
* buf
) {
72 /* overwrite the contents of the buffer to clear it */
73 void buf_burn(buffer
* buf
) {
75 m_burn(buf
->data
, buf
->size
);
79 /* resize a buffer, pos and len will be repositioned if required when
81 void buf_resize(buffer
*buf
, unsigned int newsize
) {
83 if (newsize
> BUF_MAX_SIZE
) {
84 dropbear_exit("buf->size too big");
87 buf
->data
= m_realloc(buf
->data
, newsize
);
89 buf
->len
= MIN(newsize
, buf
->len
);
90 buf
->pos
= MIN(newsize
, buf
->pos
);
94 /* Create a copy of buf, allocating required memory etc. */
95 /* The new buffer is sized the same as the length of the source buffer. */
96 buffer
* buf_newcopy(buffer
* buf
) {
100 ret
= buf_new(buf
->len
);
102 memcpy(ret
->data
, buf
->data
, buf
->len
);
106 /* Set the length of the buffer */
107 void buf_setlen(buffer
* buf
, unsigned int len
) {
108 if (len
> buf
->size
) {
109 dropbear_exit("Bad buf_setlen");
114 /* Increment the length of the buffer */
115 void buf_incrlen(buffer
* buf
, unsigned int incr
) {
116 if (incr
> BUF_MAX_INCR
|| buf
->len
+ incr
> buf
->size
) {
117 dropbear_exit("Bad buf_incrlen");
121 /* Set the position of the buffer */
122 void buf_setpos(buffer
* buf
, unsigned int pos
) {
124 if (pos
> buf
->len
) {
125 dropbear_exit("Bad buf_setpos");
130 /* increment the postion by incr, increasing the buffer length if required */
131 void buf_incrwritepos(buffer
* buf
, unsigned int incr
) {
132 if (incr
> BUF_MAX_INCR
|| buf
->pos
+ incr
> buf
->size
) {
133 dropbear_exit("Bad buf_incrwritepos");
136 if (buf
->pos
> buf
->len
) {
141 /* increment the position by incr, negative values are allowed, to
142 * decrement the pos*/
143 void buf_incrpos(buffer
* buf
, int incr
) {
144 if (incr
> BUF_MAX_INCR
||
145 (unsigned int)((int)buf
->pos
+ incr
) > buf
->len
146 || ((int)buf
->pos
+ incr
) < 0) {
147 dropbear_exit("Bad buf_incrpos");
152 /* Get a byte from the buffer and increment the pos */
153 unsigned char buf_getbyte(buffer
* buf
) {
155 /* This check is really just ==, but the >= allows us to check for the
156 * bad case of pos > len, which should _never_ happen. */
157 if (buf
->pos
>= buf
->len
) {
158 dropbear_exit("Bad buf_getbyte");
160 return buf
->data
[buf
->pos
++];
163 /* Get a bool from the buffer and increment the pos */
164 unsigned char buf_getbool(buffer
* buf
) {
167 b
= buf_getbyte(buf
);
173 /* put a byte, incrementing the length if required */
174 void buf_putbyte(buffer
* buf
, unsigned char val
) {
176 if (buf
->pos
>= buf
->len
) {
179 buf
->data
[buf
->pos
] = val
;
183 /* returns an in-place pointer to the buffer, checking that
184 * the next len bytes from that position can be used */
185 unsigned char* buf_getptr(buffer
* buf
, unsigned int len
) {
187 if (buf
->pos
+ len
> buf
->len
) {
188 dropbear_exit("Bad buf_getptr");
190 return &buf
->data
[buf
->pos
];
193 /* like buf_getptr, but checks against total size, not used length.
194 * This allows writing past the used length, but not past the size */
195 unsigned char* buf_getwriteptr(buffer
* buf
, unsigned int len
) {
197 if (buf
->pos
+ len
> buf
->size
) {
198 dropbear_exit("Bad buf_getwriteptr");
200 return &buf
->data
[buf
->pos
];
203 /* Return a null-terminated string, it is malloced, so must be free()ed
204 * Note that the string isn't checked for null bytes, hence the retlen
205 * may be longer than what is returned by strlen */
206 unsigned char* buf_getstring(buffer
* buf
, unsigned int *retlen
) {
210 len
= buf_getint(buf
);
211 if (len
> MAX_STRING_LEN
) {
212 dropbear_exit("String too long");
215 if (retlen
!= NULL
) {
218 ret
= m_malloc(len
+1);
219 memcpy(ret
, buf_getptr(buf
, len
), len
);
220 buf_incrpos(buf
, len
);
226 /* Return a string as a newly allocated buffer */
227 buffer
* buf_getstringbuf(buffer
*buf
) {
231 str
= buf_getstring(buf
, &len
);
232 ret
= m_malloc(sizeof(*ret
));
240 /* Just increment the buffer position the same as if we'd used buf_getstring,
241 * but don't bother copying/malloc()ing for it */
242 void buf_eatstring(buffer
*buf
) {
244 buf_incrpos( buf
, buf_getint(buf
) );
247 /* Get an uint32 from the buffer and increment the pos */
248 unsigned int buf_getint(buffer
* buf
) {
251 LOAD32H(ret
, buf_getptr(buf
, 4));
256 /* put a 32bit uint into the buffer, incr bufferlen & pos if required */
257 void buf_putint(buffer
* buf
, int unsigned val
) {
259 STORE32H(val
, buf_getwriteptr(buf
, 4));
260 buf_incrwritepos(buf
, 4);
264 /* put a SSH style string into the buffer, increasing buffer len if required */
265 void buf_putstring(buffer
* buf
, const unsigned char* str
, unsigned int len
) {
267 buf_putint(buf
, len
);
268 buf_putbytes(buf
, str
, len
);
272 /* put the set of len bytes into the buffer, incrementing the pos, increasing
274 void buf_putbytes(buffer
*buf
, const unsigned char *bytes
, unsigned int len
) {
275 memcpy(buf_getwriteptr(buf
, len
), bytes
, len
);
276 buf_incrwritepos(buf
, len
);
280 /* for our purposes we only need positive (or 0) numbers, so will
281 * fail if we get negative numbers */
282 void buf_putmpint(buffer
* buf
, mp_int
* mp
) {
284 unsigned int len
, pad
= 0;
285 TRACE2(("enter buf_putmpint"))
287 dropbear_assert(mp
!= NULL
);
289 if (SIGN(mp
) == MP_NEG
) {
290 dropbear_exit("negative bignum");
294 if (USED(mp
) == 1 && DIGIT(mp
, 0) == 0) {
297 /* SSH spec requires padding for mpints with the MSB set, this code
299 len
= mp_count_bits(mp
);
300 /* if the top bit of MSB is set, we need to pad */
301 pad
= (len
%8 == 0) ? 1 : 0;
302 len
= len
/ 8 + 1; /* don't worry about rounding, we need it for
303 padding anyway when len%8 == 0 */
307 /* store the length */
308 buf_putint(buf
, len
);
310 /* store the actual value */
313 buf_putbyte(buf
, 0x00);
315 if (mp_to_unsigned_bin(mp
, buf_getwriteptr(buf
, len
-pad
)) != MP_OKAY
) {
316 dropbear_exit("mpint error");
318 buf_incrwritepos(buf
, len
-pad
);
321 TRACE2(("leave buf_putmpint"))
324 /* Retrieve an mp_int from the buffer.
325 * Will fail for -ve since they shouldn't be required here.
326 * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
327 int buf_getmpint(buffer
* buf
, mp_int
* mp
) {
330 len
= buf_getint(buf
);
334 return DROPBEAR_SUCCESS
;
337 if (len
> BUF_MAX_MPINT
) {
338 return DROPBEAR_FAILURE
;
341 /* check for negative */
342 if (*buf_getptr(buf
, 1) & (1 << (CHAR_BIT
-1))) {
343 return DROPBEAR_FAILURE
;
346 if (mp_read_unsigned_bin(mp
, buf_getptr(buf
, len
), len
) != MP_OKAY
) {
347 return DROPBEAR_FAILURE
;
350 buf_incrpos(buf
, len
);
351 return DROPBEAR_SUCCESS
;