streams: don't write more than SSIZE_MAX Our streams implementation takes a `size_t` that indicates the length of the data buffer to be written, and returns an `ssize_t` that indicates the length that _was_ written. Clearly no such implementation can write more than `SSIZE_MAX` bytes. Ensure that each TLS stream implementation does not try to write more than `SSIZE_MAX` bytes (or smaller; if the given implementation takes a smaller size).
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86
diff --git a/src/streams/mbedtls.c b/src/streams/mbedtls.c
index 45f5b6e..48d21dd 100644
--- a/src/streams/mbedtls.c
+++ b/src/streams/mbedtls.c
@@ -303,22 +303,22 @@ static int mbedtls_set_proxy(git_stream *stream, const git_proxy_options *proxy_
return git_stream_set_proxy(st->io, proxy_options);
}
-ssize_t mbedtls_stream_write(git_stream *stream, const char *data, size_t len, int flags)
+ssize_t mbedtls_stream_write(git_stream *stream, const char *data, size_t data_len, int flags)
{
- size_t read = 0;
+ ssize_t written = 0, len = min(data_len, SSIZE_MAX);
mbedtls_stream *st = (mbedtls_stream *) stream;
GIT_UNUSED(flags);
do {
- int error = mbedtls_ssl_write(st->ssl, (const unsigned char *)data + read, len - read);
+ int error = mbedtls_ssl_write(st->ssl, (const unsigned char *)data + written, len - written);
if (error <= 0) {
return ssl_set_error(st->ssl, error);
}
- read += error;
- } while (read < len);
+ written += error;
+ } while (written < len);
- return read;
+ return written;
}
ssize_t mbedtls_stream_read(git_stream *stream, void *data, size_t len)
diff --git a/src/streams/openssl.c b/src/streams/openssl.c
index 6f826ef..589b8d1 100644
--- a/src/streams/openssl.c
+++ b/src/streams/openssl.c
@@ -644,10 +644,10 @@ static int openssl_set_proxy(git_stream *stream, const git_proxy_options *proxy_
return git_stream_set_proxy(st->io, proxy_opts);
}
-ssize_t openssl_write(git_stream *stream, const char *data, size_t len, int flags)
+ssize_t openssl_write(git_stream *stream, const char *data, size_t data_len, int flags)
{
openssl_stream *st = (openssl_stream *) stream;
- int ret;
+ int ret, len = min(data_len, INT_MAX);
GIT_UNUSED(flags);
diff --git a/src/streams/socket.c b/src/streams/socket.c
index 1c48a0e..e46fcd2 100644
--- a/src/streams/socket.c
+++ b/src/streams/socket.c
@@ -130,10 +130,9 @@ int socket_connect(git_stream *stream)
return 0;
}
-ssize_t socket_write(git_stream *stream, const char *data, size_t len, int flags)
+ssize_t socket_write(git_stream *stream, const char *data, size_t data_len, int flags)
{
- ssize_t ret;
- size_t off = 0;
+ ssize_t ret, off = 0, len = min(data_len, SSIZE_MAX);
git_socket_stream *st = (git_socket_stream *) stream;
while (off < len) {
diff --git a/src/streams/stransport.c b/src/streams/stransport.c
index da1156c..a999bb5 100644
--- a/src/streams/stransport.c
+++ b/src/streams/stransport.c
@@ -164,11 +164,12 @@ static ssize_t stransport_write(git_stream *stream, const char *data, size_t len
GIT_UNUSED(flags);
- data_len = len;
+ data_len = min(len, SSIZE_MAX);
if ((ret = SSLWrite(st->ctx, data, data_len, &processed)) != noErr)
return stransport_error(ret);
- return processed;
+ assert(processed < SSIZE_MAX);
+ return (ssize_t)processed;
}
/*