streams: don't write more than SSIZE_MAX

Our streams implementation takes a `size_t` that indicates the length of the data buffer to be written, and returns an `ssize_t` that indicates the length that _was_ written. Clearly no such implementation can write more than `SSIZE_MAX` bytes. Ensure that each TLS stream implementation does not try to write more than `SSIZE_MAX` bytes (or smaller; if the given implementation takes a smaller size).

streams: don't write more than SSIZE_MAX
Our streams implementation takes a `size_t` that indicates the length of the data buffer to be written, and returns an `ssize_t` that indicates the length that _was_ written. Clearly no such implementation can write more than `SSIZE_MAX` bytes. Ensure that each TLS stream implementation does not try to write more than `SSIZE_MAX` bytes (or smaller; if the given implementation takes a smaller size).
f1986a23 · Edward Thomson · e5e2fac8 · f1986a23 · f1986a23 · f1986a23
Commit f1986a23 authored Jan 21, 2019 by Edward Thomson
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 13 deletions

src/streams/mbedtls.c
+6 -6

src/streams/openssl.c
+2 -2

src/streams/socket.c
+2 -3

src/streams/stransport.c
+3 -2

No files found.
--- a/src/streams/mbedtls.c
+++ b/src/streams/mbedtls.c
@@ -303,22 +303,22 @@ static int mbedtls_set_proxy(git_stream *stream, const git_proxy_options *proxy_
 	return git_stream_set_proxy(st->io, proxy_options);
 }
-ssize_t mbedtls_stream_write(git_stream *stream, const char *data, size_t len, int flags)
+ssize_t mbedtls_stream_write(git_stream *stream, const char *data, size_t data_len, int flags)
 {
-	size_t read = 0;
+	ssize_t written = 0, len = min(data_len, SSIZE_MAX);
 	mbedtls_stream *st = (mbedtls_stream *) stream;
 	GIT_UNUSED(flags);
 	do {
-		int error = mbedtls_ssl_write(st->ssl, (const unsigned char *)data + read, len - read);
+		int error = mbedtls_ssl_write(st->ssl, (const unsigned char *)data + written, len - written);
 		if (error <= 0) {
 			return ssl_set_error(st->ssl, error);
 		}
-		read += error;
+		written += error;
-	} while (read < len);
+	} while (written < len);
-	return read;
+	return written;
 }
 ssize_t mbedtls_stream_read(git_stream *stream, void *data, size_t len)

--- a/src/streams/openssl.c
+++ b/src/streams/openssl.c
@@ -644,10 +644,10 @@ static int openssl_set_proxy(git_stream *stream, const git_proxy_options *proxy_
 	return git_stream_set_proxy(st->io, proxy_opts);
 }
-ssize_t openssl_write(git_stream *stream, const char *data, size_t len, int flags)
+ssize_t openssl_write(git_stream *stream, const char *data, size_t data_len, int flags)
 {
 	openssl_stream *st = (openssl_stream *) stream;
-	int ret;
+	int ret, len = min(data_len, INT_MAX);
 	GIT_UNUSED(flags);

--- a/src/streams/socket.c
+++ b/src/streams/socket.c
@@ -130,10 +130,9 @@ int socket_connect(git_stream *stream)
 	return 0;
 }
-ssize_t socket_write(git_stream *stream, const char *data, size_t len, int flags)
+ssize_t socket_write(git_stream *stream, const char *data, size_t data_len, int flags)
 {
-	ssize_t ret;
+	ssize_t ret, off = 0, len = min(data_len, SSIZE_MAX);
-	size_t off = 0;
 	git_socket_stream *st = (git_socket_stream *) stream;
 	while (off < len) {

--- a/src/streams/stransport.c
+++ b/src/streams/stransport.c
@@ -164,11 +164,12 @@ static ssize_t stransport_write(git_stream *stream, const char *data, size_t len
 	GIT_UNUSED(flags);
-	data_len = len;
+	data_len = min(len, SSIZE_MAX);
 	if ((ret = SSLWrite(st->ctx, data, data_len, &processed)) != noErr)
 		return stransport_error(ret);
-	return processed;
+	assert(processed < SSIZE_MAX);
+	return (ssize_t)processed;
 }
 /*