Bugzilla – Attachment 818 Details for
Bug 896
Improper Input buffer handling
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
allow maximum utilization of input buffer
openssh-input-buffer-limit.patch (text/plain), 3.91 KB, created by
Darren Tucker
on 2005-02-11 13:43:57 AEDT
(
hide
)
Description:
allow maximum utilization of input buffer
Filename:
MIME Type:
Creator:
Darren Tucker
Created:
2005-02-11 13:43:57 AEDT
Size:
3.91 KB
patch
obsolete
>Index: buffer.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/buffer.c,v >retrieving revision 1.22 >diff -u -p -r1.22 buffer.c >--- buffer.c 29 Oct 2004 23:56:17 -0000 1.22 >+++ buffer.c 11 Feb 2005 02:28:51 -0000 >@@ -18,6 +18,10 @@ RCSID("$OpenBSD: buffer.c,v 1.22 2004/10 > #include "buffer.h" > #include "log.h" > >+#define BUFFER_MAX_SIZE 0xa00000 >+#define BUFFER_MAX_APPEND 0x100000 >+#define BUFFER_ALLOC_INCREMENT 32768 >+ > /* Initializes the buffer structure. */ > > void >@@ -78,7 +82,7 @@ buffer_append_space(Buffer *buffer, u_in > u_int newlen; > void *p; > >- if (len > 0x100000) >+ if (len > BUFFER_MAX_APPEND) > fatal("buffer_append_space: len %u not supported", len); > > /* If the buffer is empty, start using it from the beginning. */ >@@ -106,8 +110,8 @@ restart: > } > /* Increase the size of the buffer and retry. */ > >- newlen = buffer->alloc + len + 32768; >- if (newlen > 0xa00000) >+ newlen = buffer->alloc + len + BUFFER_ALLOC_INCREMENT; >+ if (newlen > BUFFER_MAX_SIZE) > fatal("buffer_append_space: alloc %u not supported", > newlen); > buffer->buf = xrealloc(buffer->buf, newlen); >@@ -122,6 +126,27 @@ u_int > buffer_len(Buffer *buffer) > { > return buffer->end - buffer->offset; >+} >+ >+/* >+ * Returns the number of bytes that may be safely appended to the buffer in >+ * one operation. >+ */ >+ >+u_int >+buffer_max_append(Buffer *buffer) >+{ >+ long remaining; >+ >+ if (buffer->end > BUFFER_MAX_SIZE) /* should never happen */ >+ fatal("buffer_max_add: buffer has exceeded allowable size"); >+ >+ /* We need to allow for the increment buffer_append_space will add. */ >+ remaining = BUFFER_MAX_SIZE - BUFFER_ALLOC_INCREMENT - buffer->end; >+ >+ if (remaining < 0) >+ return 0; >+ return MIN(BUFFER_MAX_APPEND, (u_int)remaining); > } > > /* Gets data from the beginning of the buffer. */ >Index: buffer.h >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/buffer.h,v >retrieving revision 1.12 >diff -u -p -r1.12 buffer.h >--- buffer.h 29 Oct 2004 23:56:17 -0000 1.12 >+++ buffer.h 11 Feb 2005 02:28:51 -0000 >@@ -28,6 +28,7 @@ void buffer_clear(Buffer *); > void buffer_free(Buffer *); > > u_int buffer_len(Buffer *); >+u_int buffer_max_append(Buffer *); > void *buffer_ptr(Buffer *); > > void buffer_append(Buffer *, const void *, u_int); >Index: channels.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/channels.c,v >retrieving revision 1.211 >diff -u -p -r1.211 channels.c >--- channels.c 29 Oct 2004 21:47:15 -0000 1.211 >+++ channels.c 11 Feb 2005 02:28:52 -0000 >@@ -56,6 +56,8 @@ RCSID("$OpenBSD: channels.c,v 1.211 2004 > #include "pathnames.h" > #include "bufaux.h" > >+#define CHANNEL_MAX_READ_BUFSZ (1024 * 16) >+ > /* -- channel core */ > > /* >@@ -711,6 +713,13 @@ channel_pre_open(Channel *c, fd_set * re > { > u_int limit = compat20 ? c->remote_window : packet_get_maxsize(); > >+ debug("DAZ: buffer_max_append %u", buffer_max_append(&c->input)); >+ if (buffer_max_append(&c->input) < CHANNEL_MAX_READ_BUFSZ) { >+ debug2("channel_pre_open: channel %d: input buffer full", >+ c->self); >+ limit = 0; >+ } >+ > if (c->istate == CHAN_INPUT_OPEN && > limit > 0 && > buffer_len(&c->input) < limit) >@@ -1115,7 +1124,7 @@ channel_post_x11_listener(Channel *c, fd > struct sockaddr addr; > int newsock; > socklen_t addrlen; >- char buf[16384], *remote_ipaddr; >+ char buf[CHANNEL_MAX_READ_BUFSZ], *remote_ipaddr; > int remote_port; > > if (FD_ISSET(c->sock, readset)) { >@@ -1359,7 +1368,7 @@ channel_post_connecting(Channel *c, fd_s > static int > channel_handle_rfd(Channel *c, fd_set * readset, fd_set * writeset) > { >- char buf[16*1024]; >+ char buf[CHANNEL_MAX_READ_BUFSZ]; > int len; > > if (c->rfd != -1 && >@@ -1448,7 +1457,7 @@ channel_handle_wfd(Channel *c, fd_set * > static int > channel_handle_efd(Channel *c, fd_set * readset, fd_set * writeset) > { >- char buf[16*1024]; >+ char buf[CHANNEL_MAX_READ_BUFSZ]; > int len; > > /** XXX handle drain efd, too */
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=818">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 896
:
685
|
817
|
818
|
819