summaryrefslogtreecommitdiff
path: root/usr.bin
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2007-05-17 07:55:30 +0000
committerDamien Miller <djm@cvs.openbsd.org>2007-05-17 07:55:30 +0000
commitff635519255cb2b42ffeffe4bbc3ac3b808aa9fc (patch)
treec7b149c8b038ed966399bce3cfce17be88b4668f /usr.bin
parent7035a1767bee0ef9cc524953d0c706ab416d1048 (diff)
bz#1286 stop reading and processing commands when input or output buffer
is nearly full, otherwise sftp-server would happily try to grow the input/output buffers past the maximum supported by the buffer API and promptly fatal() based on patch from Thue Janus Kristensen; feedback & ok dtucker@
Diffstat (limited to 'usr.bin')
-rw-r--r--usr.bin/ssh/sftp-server.c25
1 files changed, 19 insertions, 6 deletions
diff --git a/usr.bin/ssh/sftp-server.c b/usr.bin/ssh/sftp-server.c
index 6122ed0eabe..632c331d0d2 100644
--- a/usr.bin/ssh/sftp-server.c
+++ b/usr.bin/ssh/sftp-server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-server.c,v 1.72 2007/04/18 01:12:43 stevesk Exp $ */
+/* $OpenBSD: sftp-server.c,v 1.73 2007/05/17 07:55:29 djm Exp $ */
/*
* Copyright (c) 2000-2004 Markus Friedl. All rights reserved.
*
@@ -1193,7 +1193,7 @@ main(int argc, char **argv)
int in, out, max, ch, skipargs = 0, log_stderr = 0;
ssize_t len, olen, set_size;
SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;
- char *cp;
+ char *cp, buf[4*4096];
extern char *optarg;
extern char *__progname;
@@ -1271,7 +1271,15 @@ main(int argc, char **argv)
memset(rset, 0, set_size);
memset(wset, 0, set_size);
- FD_SET(in, rset);
+ /*
+ * Ensure that we can read a full buffer and handle
+ * the worst-case length packet it can generate,
+ * otherwise apply backpressure by stopping reads.
+ */
+ if (buffer_check_alloc(&iqueue, sizeof(buf)) &&
+ buffer_check_alloc(&oqueue, SFTP_MAX_MSG_LENGTH))
+ FD_SET(in, rset);
+
olen = buffer_len(&oqueue);
if (olen > 0)
FD_SET(out, wset);
@@ -1285,7 +1293,6 @@ main(int argc, char **argv)
/* copy stdin to iqueue */
if (FD_ISSET(in, rset)) {
- char buf[4*4096];
len = read(in, buf, sizeof buf);
if (len == 0) {
debug("read eof");
@@ -1307,7 +1314,13 @@ main(int argc, char **argv)
buffer_consume(&oqueue, len);
}
}
- /* process requests from client */
- process();
+
+ /*
+ * Process requests from client if we can fit the results
+ * into the output buffer, otherwise stop processing input
+ * and let the output queue drain.
+ */
+ if (buffer_check_alloc(&oqueue, SFTP_MAX_MSG_LENGTH))
+ process();
}
}