diff options
Diffstat (limited to 'usr.bin')
-rw-r--r-- | usr.bin/tmux/client.c | 50 | ||||
-rw-r--r-- | usr.bin/tmux/file.c | 63 | ||||
-rw-r--r-- | usr.bin/tmux/server-client.c | 8 | ||||
-rw-r--r-- | usr.bin/tmux/tmux.h | 14 |
4 files changed, 78 insertions, 57 deletions
diff --git a/usr.bin/tmux/client.c b/usr.bin/tmux/client.c index b34efbec191..838f365237d 100644 --- a/usr.bin/tmux/client.c +++ b/usr.bin/tmux/client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: client.c,v 1.134 2019/12/13 07:00:22 nicm Exp $ */ +/* $OpenBSD: client.c,v 1.135 2019/12/16 15:48:50 nicm Exp $ */ /* * Copyright (c) 2007 Nicholas Marriott <nicholas.marriott@gmail.com> @@ -486,14 +486,19 @@ static void client_write_open(void *data, size_t datalen) { struct msg_write_open *msg = data; + const char *path; struct msg_write_ready reply; struct client_file find, *cf; const int flags = O_NONBLOCK|O_WRONLY|O_CREAT; int error = 0; - if (datalen != sizeof *msg) + if (datalen < sizeof *msg) fatalx("bad MSG_WRITE_OPEN size"); - log_debug("open write file %d %s", msg->stream, msg->path); + if (datalen == sizeof *msg) + path = "-"; + else + path = (const char *)(msg + 1); + log_debug("open write file %d %s", msg->stream, path); find.stream = msg->stream; if ((cf = RB_FIND(client_files, &client_files, &find)) == NULL) { @@ -510,7 +515,7 @@ client_write_open(void *data, size_t datalen) cf->fd = -1; if (msg->fd == -1) - cf->fd = open(msg->path, msg->flags|flags, 0644); + cf->fd = open(path, msg->flags|flags, 0644); else { if (msg->fd != STDOUT_FILENO && msg->fd != STDERR_FILENO) errno = EBADF; @@ -542,16 +547,17 @@ client_write_data(void *data, size_t datalen) { struct msg_write_data *msg = data; struct client_file find, *cf; + size_t size = datalen - sizeof *msg; - if (datalen != sizeof *msg) + if (datalen < sizeof *msg) fatalx("bad MSG_WRITE size"); find.stream = msg->stream; if ((cf = RB_FIND(client_files, &client_files, &find)) == NULL) fatalx("unknown stream number"); - log_debug("write %zu to file %d", msg->size, cf->stream); + log_debug("write %zu to file %d", size, cf->stream); if (cf->event != NULL) - bufferevent_write(cf->event, msg->data, msg->size); + bufferevent_write(cf->event, msg + 1, size); } /* Close client file. */ @@ -585,26 +591,29 @@ client_read_callback(__unused struct bufferevent *bev, void *arg) struct client_file *cf = arg; void *bdata; size_t bsize; - struct msg_read_data msg; + struct msg_read_data *msg; + size_t msglen; + msg = xmalloc(sizeof *msg); for (;;) { bdata = EVBUFFER_DATA(cf->event->input); bsize = EVBUFFER_LENGTH(cf->event->input); if (bsize == 0) break; - if (bsize > sizeof msg.data) - bsize = sizeof msg.data; + if (bsize > MAX_IMSGSIZE - IMSG_HEADER_SIZE) + bsize = MAX_IMSGSIZE - IMSG_HEADER_SIZE; log_debug("read %zu from file %d", bsize, cf->stream); - memcpy(msg.data, bdata, bsize); - msg.size = bsize; - - msg.stream = cf->stream; - proc_send(client_peer, MSG_READ, -1, &msg, sizeof msg); + msglen = (sizeof *msg) + bsize; + msg = xrealloc(msg, msglen); + msg->stream = cf->stream; + memcpy(msg + 1, bdata, bsize); + proc_send(client_peer, MSG_READ, -1, msg, msglen); evbuffer_drain(cf->event->input, bsize); } + free(msg); } /* File read error callback. */ @@ -632,14 +641,19 @@ static void client_read_open(void *data, size_t datalen) { struct msg_read_open *msg = data; + const char *path; struct msg_read_done reply; struct client_file find, *cf; const int flags = O_NONBLOCK|O_RDONLY; int error = 0; - if (datalen != sizeof *msg) + if (datalen < sizeof *msg) fatalx("bad MSG_READ_OPEN size"); - log_debug("open read file %d %s", msg->stream, msg->path); + if (datalen == sizeof *msg) + path = "-"; + else + path = (const char *)(msg + 1); + log_debug("open read file %d %s", msg->stream, path); find.stream = msg->stream; if ((cf = RB_FIND(client_files, &client_files, &find)) == NULL) { @@ -656,7 +670,7 @@ client_read_open(void *data, size_t datalen) cf->fd = -1; if (msg->fd == -1) - cf->fd = open(msg->path, flags); + cf->fd = open(path, flags); else { if (msg->fd != STDIN_FILENO) errno = EBADF; diff --git a/usr.bin/tmux/file.c b/usr.bin/tmux/file.c index 7a32b24acdd..c7d68fecf7b 100644 --- a/usr.bin/tmux/file.c +++ b/usr.bin/tmux/file.c @@ -1,4 +1,4 @@ -/* $OpenBSD: file.c,v 1.2 2019/12/12 11:51:32 nicm Exp $ */ +/* $OpenBSD: file.c,v 1.3 2019/12/16 15:48:50 nicm Exp $ */ /* * Copyright (c) 2019 Nicholas Marriott <nicholas.marriott@gmail.com> @@ -17,9 +17,11 @@ */ #include <sys/types.h> +#include <sys/queue.h> #include <errno.h> #include <fcntl.h> +#include <imsg.h> #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -147,7 +149,6 @@ file_vprint(struct client *c, const char *fmt, va_list ap) msg.stream = 1; msg.fd = STDOUT_FILENO; msg.flags = 0; - strlcpy(msg.path, "-", sizeof msg.path); proc_send(c->peer, MSG_WRITE_OPEN, -1, &msg, sizeof msg); } else { evbuffer_add_vprintf(cf->buffer, fmt, ap); @@ -174,7 +175,6 @@ file_print_buffer(struct client *c, void *data, size_t size) msg.stream = 1; msg.fd = STDOUT_FILENO; msg.flags = 0; - strlcpy(msg.path, "-", sizeof msg.path); proc_send(c->peer, MSG_WRITE_OPEN, -1, &msg, sizeof msg); } else { evbuffer_add(cf->buffer, data, size); @@ -204,7 +204,6 @@ file_error(struct client *c, const char *fmt, ...) msg.stream = 2; msg.fd = STDERR_FILENO; msg.flags = 0; - strlcpy(msg.path, "-", sizeof msg.path); proc_send(c->peer, MSG_WRITE_OPEN, -1, &msg, sizeof msg); } else { evbuffer_add_vprintf(cf->buffer, fmt, ap); @@ -220,7 +219,8 @@ file_write(struct client *c, const char *path, int flags, const void *bdata, { struct client_file *cf; FILE *f; - struct msg_write_open msg; + struct msg_write_open *msg; + size_t msglen; int fd = -1; const char *mode; @@ -261,17 +261,22 @@ file_write(struct client *c, const char *path, int flags, const void *bdata, skip: evbuffer_add(cf->buffer, bdata, bsize); - msg.stream = cf->stream; - msg.fd = fd; - msg.flags = flags; - if (strlcpy(msg.path, cf->path, sizeof msg.path) >= sizeof msg.path) { + msglen = strlen(cf->path) + 1 + sizeof *msg; + if (msglen > MAX_IMSGSIZE - IMSG_HEADER_SIZE) { cf->error = E2BIG; goto done; } - if (proc_send(c->peer, MSG_WRITE_OPEN, -1, &msg, sizeof msg) != 0) { + msg = xmalloc(msglen); + msg->stream = cf->stream; + msg->fd = fd; + msg->flags = flags; + memcpy(msg + 1, cf->path, msglen - sizeof *msg); + if (proc_send(c->peer, MSG_WRITE_OPEN, -1, msg, msglen) != 0) { + free(msg); cf->error = EINVAL; goto done; } + free(msg); return; done: @@ -283,10 +288,10 @@ file_read(struct client *c, const char *path, client_file_cb cb, void *cbdata) { struct client_file *cf; FILE *f; - struct msg_read_open msg; + struct msg_read_open *msg; + size_t msglen, size; int fd = -1; char buffer[BUFSIZ]; - size_t size; if (strcmp(path, "-") == 0) { cf = file_create(c, file_next_stream++, cb, cbdata); @@ -327,16 +332,21 @@ file_read(struct client *c, const char *path, client_file_cb cb, void *cbdata) } skip: - msg.stream = cf->stream; - msg.fd = fd; - if (strlcpy(msg.path, cf->path, sizeof msg.path) >= sizeof msg.path) { + msglen = strlen(cf->path) + 1 + sizeof *msg; + if (msglen > MAX_IMSGSIZE - IMSG_HEADER_SIZE) { cf->error = E2BIG; goto done; } - if (proc_send(c->peer, MSG_READ_OPEN, -1, &msg, sizeof msg) != 0) { + msg = xmalloc(msglen); + msg->stream = cf->stream; + msg->fd = fd; + memcpy(msg + 1, cf->path, msglen - sizeof *msg); + if (proc_send(c->peer, MSG_READ_OPEN, -1, msg, msglen) != 0) { + free(msg); cf->error = EINVAL; goto done; } + free(msg); return; done: @@ -358,20 +368,22 @@ void file_push(struct client_file *cf) { struct client *c = cf->c; - struct msg_write_data msg; + struct msg_write_data *msg; + size_t msglen, sent, left; struct msg_write_close close; - size_t sent, left; + msg = xmalloc(sizeof *msg); left = EVBUFFER_LENGTH(cf->buffer); while (left != 0) { sent = left; - if (sent > sizeof msg.data) - sent = sizeof msg.data; - memcpy(msg.data, EVBUFFER_DATA(cf->buffer), sent); - msg.size = sent; - - msg.stream = cf->stream; - if (proc_send(c->peer, MSG_WRITE, -1, &msg, sizeof msg) != 0) + if (sent > MAX_IMSGSIZE - IMSG_HEADER_SIZE) + sent = MAX_IMSGSIZE - IMSG_HEADER_SIZE; + + msglen = (sizeof *msg) + sent; + msg = xrealloc(msg, msglen); + msg->stream = cf->stream; + memcpy(msg + 1, EVBUFFER_DATA(cf->buffer), sent); + if (proc_send(c->peer, MSG_WRITE, -1, msg, msglen) != 0) break; evbuffer_drain(cf->buffer, sent); @@ -387,4 +399,5 @@ file_push(struct client_file *cf) proc_send(c->peer, MSG_WRITE_CLOSE, -1, &close, sizeof close); file_fire_done(cf); } + free(msg); } diff --git a/usr.bin/tmux/server-client.c b/usr.bin/tmux/server-client.c index 1b131cebe91..78a379cfdc9 100644 --- a/usr.bin/tmux/server-client.c +++ b/usr.bin/tmux/server-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: server-client.c,v 1.300 2019/12/12 11:39:56 nicm Exp $ */ +/* $OpenBSD: server-client.c,v 1.301 2019/12/16 15:48:50 nicm Exp $ */ /* * Copyright (c) 2009 Nicholas Marriott <nicholas.marriott@gmail.com> @@ -2024,10 +2024,10 @@ server_client_dispatch_read_data(struct client *c, struct imsg *imsg) struct msg_read_data *msg = imsg->data; size_t msglen = imsg->hdr.len - IMSG_HEADER_SIZE; struct client_file find, *cf; - void *bdata = msg->data; - size_t bsize = msg->size; + void *bdata = msg + 1; + size_t bsize = msglen - sizeof *msg; - if (msglen != sizeof *msg) + if (msglen < sizeof *msg) fatalx("bad MSG_READ_DATA size"); find.stream = msg->stream; if ((cf = RB_FIND(client_files, &c->files, &find)) == NULL) diff --git a/usr.bin/tmux/tmux.h b/usr.bin/tmux/tmux.h index cde4e8ef636..d306f43f604 100644 --- a/usr.bin/tmux/tmux.h +++ b/usr.bin/tmux/tmux.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tmux.h,v 1.939 2019/12/12 12:49:36 nicm Exp $ */ +/* $OpenBSD: tmux.h,v 1.940 2019/12/16 15:48:50 nicm Exp $ */ /* * Copyright (c) 2007 Nicholas Marriott <nicholas.marriott@gmail.com> @@ -507,13 +507,10 @@ struct msg_command { struct msg_read_open { int stream; int fd; - char path[PATH_MAX]; -}; +}; /* followed by path */ struct msg_read_data { int stream; - size_t size; - char data[BUFSIZ]; }; struct msg_read_done { @@ -524,15 +521,12 @@ struct msg_read_done { struct msg_write_open { int stream; int fd; - char path[PATH_MAX]; int flags; -}; +}; /* followed by path */ struct msg_write_data { int stream; - size_t size; - char data[BUFSIZ]; -}; +}; /* followed by data */ struct msg_write_ready { int stream; |