xref: /freebsd/crypto/openssh/sshbuf-getput-basic.c (revision 3fc36ee018bb836bd1796067cf4ef8683f166ebc)
1 /*	$OpenBSD: sshbuf-getput-basic.c,v 1.5 2015/10/20 23:24:25 mmcc Exp $	*/
2 /*
3  * Copyright (c) 2011 Damien Miller
4  *
5  * Permission to use, copy, modify, and distribute this software for any
6  * purpose with or without fee is hereby granted, provided that the above
7  * copyright notice and this permission notice appear in all copies.
8  *
9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16  */
17 
18 #define SSHBUF_INTERNAL
19 #include "includes.h"
20 
21 #include <sys/types.h>
22 #include <stdlib.h>
23 #include <stdio.h>
24 #include <string.h>
25 
26 #include "ssherr.h"
27 #include "sshbuf.h"
28 
29 int
30 sshbuf_get(struct sshbuf *buf, void *v, size_t len)
31 {
32 	const u_char *p = sshbuf_ptr(buf);
33 	int r;
34 
35 	if ((r = sshbuf_consume(buf, len)) < 0)
36 		return r;
37 	if (v != NULL && len != 0)
38 		memcpy(v, p, len);
39 	return 0;
40 }
41 
42 int
43 sshbuf_get_u64(struct sshbuf *buf, u_int64_t *valp)
44 {
45 	const u_char *p = sshbuf_ptr(buf);
46 	int r;
47 
48 	if ((r = sshbuf_consume(buf, 8)) < 0)
49 		return r;
50 	if (valp != NULL)
51 		*valp = PEEK_U64(p);
52 	return 0;
53 }
54 
55 int
56 sshbuf_get_u32(struct sshbuf *buf, u_int32_t *valp)
57 {
58 	const u_char *p = sshbuf_ptr(buf);
59 	int r;
60 
61 	if ((r = sshbuf_consume(buf, 4)) < 0)
62 		return r;
63 	if (valp != NULL)
64 		*valp = PEEK_U32(p);
65 	return 0;
66 }
67 
68 int
69 sshbuf_get_u16(struct sshbuf *buf, u_int16_t *valp)
70 {
71 	const u_char *p = sshbuf_ptr(buf);
72 	int r;
73 
74 	if ((r = sshbuf_consume(buf, 2)) < 0)
75 		return r;
76 	if (valp != NULL)
77 		*valp = PEEK_U16(p);
78 	return 0;
79 }
80 
81 int
82 sshbuf_get_u8(struct sshbuf *buf, u_char *valp)
83 {
84 	const u_char *p = sshbuf_ptr(buf);
85 	int r;
86 
87 	if ((r = sshbuf_consume(buf, 1)) < 0)
88 		return r;
89 	if (valp != NULL)
90 		*valp = (u_int8_t)*p;
91 	return 0;
92 }
93 
94 int
95 sshbuf_get_string(struct sshbuf *buf, u_char **valp, size_t *lenp)
96 {
97 	const u_char *val;
98 	size_t len;
99 	int r;
100 
101 	if (valp != NULL)
102 		*valp = NULL;
103 	if (lenp != NULL)
104 		*lenp = 0;
105 	if ((r = sshbuf_get_string_direct(buf, &val, &len)) < 0)
106 		return r;
107 	if (valp != NULL) {
108 		if ((*valp = malloc(len + 1)) == NULL) {
109 			SSHBUF_DBG(("SSH_ERR_ALLOC_FAIL"));
110 			return SSH_ERR_ALLOC_FAIL;
111 		}
112 		if (len != 0)
113 			memcpy(*valp, val, len);
114 		(*valp)[len] = '\0';
115 	}
116 	if (lenp != NULL)
117 		*lenp = len;
118 	return 0;
119 }
120 
121 int
122 sshbuf_get_string_direct(struct sshbuf *buf, const u_char **valp, size_t *lenp)
123 {
124 	size_t len;
125 	const u_char *p;
126 	int r;
127 
128 	if (valp != NULL)
129 		*valp = NULL;
130 	if (lenp != NULL)
131 		*lenp = 0;
132 	if ((r = sshbuf_peek_string_direct(buf, &p, &len)) < 0)
133 		return r;
134 	if (valp != NULL)
135 		*valp = p;
136 	if (lenp != NULL)
137 		*lenp = len;
138 	if (sshbuf_consume(buf, len + 4) != 0) {
139 		/* Shouldn't happen */
140 		SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR"));
141 		SSHBUF_ABORT();
142 		return SSH_ERR_INTERNAL_ERROR;
143 	}
144 	return 0;
145 }
146 
147 int
148 sshbuf_peek_string_direct(const struct sshbuf *buf, const u_char **valp,
149     size_t *lenp)
150 {
151 	u_int32_t len;
152 	const u_char *p = sshbuf_ptr(buf);
153 
154 	if (valp != NULL)
155 		*valp = NULL;
156 	if (lenp != NULL)
157 		*lenp = 0;
158 	if (sshbuf_len(buf) < 4) {
159 		SSHBUF_DBG(("SSH_ERR_MESSAGE_INCOMPLETE"));
160 		return SSH_ERR_MESSAGE_INCOMPLETE;
161 	}
162 	len = PEEK_U32(p);
163 	if (len > SSHBUF_SIZE_MAX - 4) {
164 		SSHBUF_DBG(("SSH_ERR_STRING_TOO_LARGE"));
165 		return SSH_ERR_STRING_TOO_LARGE;
166 	}
167 	if (sshbuf_len(buf) - 4 < len) {
168 		SSHBUF_DBG(("SSH_ERR_MESSAGE_INCOMPLETE"));
169 		return SSH_ERR_MESSAGE_INCOMPLETE;
170 	}
171 	if (valp != NULL)
172 		*valp = p + 4;
173 	if (lenp != NULL)
174 		*lenp = len;
175 	return 0;
176 }
177 
178 int
179 sshbuf_get_cstring(struct sshbuf *buf, char **valp, size_t *lenp)
180 {
181 	size_t len;
182 	const u_char *p, *z;
183 	int r;
184 
185 	if (valp != NULL)
186 		*valp = NULL;
187 	if (lenp != NULL)
188 		*lenp = 0;
189 	if ((r = sshbuf_peek_string_direct(buf, &p, &len)) != 0)
190 		return r;
191 	/* Allow a \0 only at the end of the string */
192 	if (len > 0 &&
193 	    (z = memchr(p , '\0', len)) != NULL && z < p + len - 1) {
194 		SSHBUF_DBG(("SSH_ERR_INVALID_FORMAT"));
195 		return SSH_ERR_INVALID_FORMAT;
196 	}
197 	if ((r = sshbuf_skip_string(buf)) != 0)
198 		return -1;
199 	if (valp != NULL) {
200 		if ((*valp = malloc(len + 1)) == NULL) {
201 			SSHBUF_DBG(("SSH_ERR_ALLOC_FAIL"));
202 			return SSH_ERR_ALLOC_FAIL;
203 		}
204 		if (len != 0)
205 			memcpy(*valp, p, len);
206 		(*valp)[len] = '\0';
207 	}
208 	if (lenp != NULL)
209 		*lenp = (size_t)len;
210 	return 0;
211 }
212 
213 int
214 sshbuf_get_stringb(struct sshbuf *buf, struct sshbuf *v)
215 {
216 	u_int32_t len;
217 	u_char *p;
218 	int r;
219 
220 	/*
221 	 * Use sshbuf_peek_string_direct() to figure out if there is
222 	 * a complete string in 'buf' and copy the string directly
223 	 * into 'v'.
224 	 */
225 	if ((r = sshbuf_peek_string_direct(buf, NULL, NULL)) != 0 ||
226 	    (r = sshbuf_get_u32(buf, &len)) != 0 ||
227 	    (r = sshbuf_reserve(v, len, &p)) != 0 ||
228 	    (r = sshbuf_get(buf, p, len)) != 0)
229 		return r;
230 	return 0;
231 }
232 
233 int
234 sshbuf_put(struct sshbuf *buf, const void *v, size_t len)
235 {
236 	u_char *p;
237 	int r;
238 
239 	if ((r = sshbuf_reserve(buf, len, &p)) < 0)
240 		return r;
241 	if (len != 0)
242 		memcpy(p, v, len);
243 	return 0;
244 }
245 
246 int
247 sshbuf_putb(struct sshbuf *buf, const struct sshbuf *v)
248 {
249 	return sshbuf_put(buf, sshbuf_ptr(v), sshbuf_len(v));
250 }
251 
252 int
253 sshbuf_putf(struct sshbuf *buf, const char *fmt, ...)
254 {
255 	va_list ap;
256 	int r;
257 
258 	va_start(ap, fmt);
259 	r = sshbuf_putfv(buf, fmt, ap);
260 	va_end(ap);
261 	return r;
262 }
263 
264 int
265 sshbuf_putfv(struct sshbuf *buf, const char *fmt, va_list ap)
266 {
267 	va_list ap2;
268 	int r, len;
269 	u_char *p;
270 
271 	va_copy(ap2, ap);
272 	if ((len = vsnprintf(NULL, 0, fmt, ap2)) < 0) {
273 		r = SSH_ERR_INVALID_ARGUMENT;
274 		goto out;
275 	}
276 	if (len == 0) {
277 		r = 0;
278 		goto out; /* Nothing to do */
279 	}
280 	va_end(ap2);
281 	va_copy(ap2, ap);
282 	if ((r = sshbuf_reserve(buf, (size_t)len + 1, &p)) < 0)
283 		goto out;
284 	if ((r = vsnprintf((char *)p, len + 1, fmt, ap2)) != len) {
285 		r = SSH_ERR_INTERNAL_ERROR;
286 		goto out; /* Shouldn't happen */
287 	}
288 	/* Consume terminating \0 */
289 	if ((r = sshbuf_consume_end(buf, 1)) != 0)
290 		goto out;
291 	r = 0;
292  out:
293 	va_end(ap2);
294 	return r;
295 }
296 
297 int
298 sshbuf_put_u64(struct sshbuf *buf, u_int64_t val)
299 {
300 	u_char *p;
301 	int r;
302 
303 	if ((r = sshbuf_reserve(buf, 8, &p)) < 0)
304 		return r;
305 	POKE_U64(p, val);
306 	return 0;
307 }
308 
309 int
310 sshbuf_put_u32(struct sshbuf *buf, u_int32_t val)
311 {
312 	u_char *p;
313 	int r;
314 
315 	if ((r = sshbuf_reserve(buf, 4, &p)) < 0)
316 		return r;
317 	POKE_U32(p, val);
318 	return 0;
319 }
320 
321 int
322 sshbuf_put_u16(struct sshbuf *buf, u_int16_t val)
323 {
324 	u_char *p;
325 	int r;
326 
327 	if ((r = sshbuf_reserve(buf, 2, &p)) < 0)
328 		return r;
329 	POKE_U16(p, val);
330 	return 0;
331 }
332 
333 int
334 sshbuf_put_u8(struct sshbuf *buf, u_char val)
335 {
336 	u_char *p;
337 	int r;
338 
339 	if ((r = sshbuf_reserve(buf, 1, &p)) < 0)
340 		return r;
341 	p[0] = val;
342 	return 0;
343 }
344 
345 int
346 sshbuf_put_string(struct sshbuf *buf, const void *v, size_t len)
347 {
348 	u_char *d;
349 	int r;
350 
351 	if (len > SSHBUF_SIZE_MAX - 4) {
352 		SSHBUF_DBG(("SSH_ERR_NO_BUFFER_SPACE"));
353 		return SSH_ERR_NO_BUFFER_SPACE;
354 	}
355 	if ((r = sshbuf_reserve(buf, len + 4, &d)) < 0)
356 		return r;
357 	POKE_U32(d, len);
358 	if (len != 0)
359 		memcpy(d + 4, v, len);
360 	return 0;
361 }
362 
363 int
364 sshbuf_put_cstring(struct sshbuf *buf, const char *v)
365 {
366 	return sshbuf_put_string(buf, (u_char *)v, v == NULL ? 0 : strlen(v));
367 }
368 
369 int
370 sshbuf_put_stringb(struct sshbuf *buf, const struct sshbuf *v)
371 {
372 	return sshbuf_put_string(buf, sshbuf_ptr(v), sshbuf_len(v));
373 }
374 
375 int
376 sshbuf_froms(struct sshbuf *buf, struct sshbuf **bufp)
377 {
378 	const u_char *p;
379 	size_t len;
380 	struct sshbuf *ret;
381 	int r;
382 
383 	if (buf == NULL || bufp == NULL)
384 		return SSH_ERR_INVALID_ARGUMENT;
385 	*bufp = NULL;
386 	if ((r = sshbuf_peek_string_direct(buf, &p, &len)) != 0)
387 		return r;
388 	if ((ret = sshbuf_from(p, len)) == NULL)
389 		return SSH_ERR_ALLOC_FAIL;
390 	if ((r = sshbuf_consume(buf, len + 4)) != 0 ||  /* Shouldn't happen */
391 	    (r = sshbuf_set_parent(ret, buf)) != 0) {
392 		sshbuf_free(ret);
393 		return r;
394 	}
395 	*bufp = ret;
396 	return 0;
397 }
398 
399 int
400 sshbuf_put_bignum2_bytes(struct sshbuf *buf, const void *v, size_t len)
401 {
402 	u_char *d;
403 	const u_char *s = (const u_char *)v;
404 	int r, prepend;
405 
406 	if (len > SSHBUF_SIZE_MAX - 5) {
407 		SSHBUF_DBG(("SSH_ERR_NO_BUFFER_SPACE"));
408 		return SSH_ERR_NO_BUFFER_SPACE;
409 	}
410 	/* Skip leading zero bytes */
411 	for (; len > 0 && *s == 0; len--, s++)
412 		;
413 	/*
414 	 * If most significant bit is set then prepend a zero byte to
415 	 * avoid interpretation as a negative number.
416 	 */
417 	prepend = len > 0 && (s[0] & 0x80) != 0;
418 	if ((r = sshbuf_reserve(buf, len + 4 + prepend, &d)) < 0)
419 		return r;
420 	POKE_U32(d, len + prepend);
421 	if (prepend)
422 		d[4] = 0;
423 	if (len != 0)
424 		memcpy(d + 4 + prepend, s, len);
425 	return 0;
426 }
427 
428 int
429 sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf,
430     const u_char **valp, size_t *lenp)
431 {
432 	const u_char *d;
433 	size_t len, olen;
434 	int r;
435 
436 	if ((r = sshbuf_peek_string_direct(buf, &d, &olen)) < 0)
437 		return r;
438 	len = olen;
439 	/* Refuse negative (MSB set) bignums */
440 	if ((len != 0 && (*d & 0x80) != 0))
441 		return SSH_ERR_BIGNUM_IS_NEGATIVE;
442 	/* Refuse overlong bignums, allow prepended \0 to avoid MSB set */
443 	if (len > SSHBUF_MAX_BIGNUM + 1 ||
444 	    (len == SSHBUF_MAX_BIGNUM + 1 && *d != 0))
445 		return SSH_ERR_BIGNUM_TOO_LARGE;
446 	/* Trim leading zeros */
447 	while (len > 0 && *d == 0x00) {
448 		d++;
449 		len--;
450 	}
451 	if (valp != NULL)
452 		*valp = d;
453 	if (lenp != NULL)
454 		*lenp = len;
455 	if (sshbuf_consume(buf, olen + 4) != 0) {
456 		/* Shouldn't happen */
457 		SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR"));
458 		SSHBUF_ABORT();
459 		return SSH_ERR_INTERNAL_ERROR;
460 	}
461 	return 0;
462 }
463