diff --git a/client.c b/client.c index 3cf4acee..26c392b1 100644 --- a/client.c +++ b/client.c @@ -488,14 +488,19 @@ static void client_write_open(void *data, size_t datalen) { struct msg_write_open *msg = data; + const char *path; struct msg_write_ready reply; struct client_file find, *cf; const int flags = O_NONBLOCK|O_WRONLY|O_CREAT; int error = 0; - if (datalen != sizeof *msg) + if (datalen < sizeof *msg) fatalx("bad MSG_WRITE_OPEN size"); - log_debug("open write file %d %s", msg->stream, msg->path); + if (datalen == sizeof *msg) + path = "-"; + else + path = (const char *)(msg + 1); + log_debug("open write file %d %s", msg->stream, path); find.stream = msg->stream; if ((cf = RB_FIND(client_files, &client_files, &find)) == NULL) { @@ -512,7 +517,7 @@ client_write_open(void *data, size_t datalen) cf->fd = -1; if (msg->fd == -1) - cf->fd = open(msg->path, msg->flags|flags, 0644); + cf->fd = open(path, msg->flags|flags, 0644); else { if (msg->fd != STDOUT_FILENO && msg->fd != STDERR_FILENO) errno = EBADF; @@ -544,16 +549,17 @@ client_write_data(void *data, size_t datalen) { struct msg_write_data *msg = data; struct client_file find, *cf; + size_t size = datalen - sizeof *msg; - if (datalen != sizeof *msg) + if (datalen < sizeof *msg) fatalx("bad MSG_WRITE size"); find.stream = msg->stream; if ((cf = RB_FIND(client_files, &client_files, &find)) == NULL) fatalx("unknown stream number"); - log_debug("write %zu to file %d", msg->size, cf->stream); + log_debug("write %zu to file %d", size, cf->stream); if (cf->event != NULL) - bufferevent_write(cf->event, msg->data, msg->size); + bufferevent_write(cf->event, msg + 1, size); } /* Close client file. */ @@ -587,26 +593,29 @@ client_read_callback(__unused struct bufferevent *bev, void *arg) struct client_file *cf = arg; void *bdata; size_t bsize; - struct msg_read_data msg; + struct msg_read_data *msg; + size_t msglen; + msg = xmalloc(sizeof *msg); for (;;) { bdata = EVBUFFER_DATA(cf->event->input); bsize = EVBUFFER_LENGTH(cf->event->input); if (bsize == 0) break; - if (bsize > sizeof msg.data) - bsize = sizeof msg.data; + if (bsize > MAX_IMSGSIZE - IMSG_HEADER_SIZE - sizeof *msg) + bsize = MAX_IMSGSIZE - IMSG_HEADER_SIZE - sizeof *msg; log_debug("read %zu from file %d", bsize, cf->stream); - memcpy(msg.data, bdata, bsize); - msg.size = bsize; - - msg.stream = cf->stream; - proc_send(client_peer, MSG_READ, -1, &msg, sizeof msg); + msglen = (sizeof *msg) + bsize; + msg = xrealloc(msg, msglen); + msg->stream = cf->stream; + memcpy(msg + 1, bdata, bsize); + proc_send(client_peer, MSG_READ, -1, msg, msglen); evbuffer_drain(cf->event->input, bsize); } + free(msg); } /* File read error callback. */ @@ -634,14 +643,19 @@ static void client_read_open(void *data, size_t datalen) { struct msg_read_open *msg = data; + const char *path; struct msg_read_done reply; struct client_file find, *cf; const int flags = O_NONBLOCK|O_RDONLY; int error = 0; - if (datalen != sizeof *msg) + if (datalen < sizeof *msg) fatalx("bad MSG_READ_OPEN size"); - log_debug("open read file %d %s", msg->stream, msg->path); + if (datalen == sizeof *msg) + path = "-"; + else + path = (const char *)(msg + 1); + log_debug("open read file %d %s", msg->stream, path); find.stream = msg->stream; if ((cf = RB_FIND(client_files, &client_files, &find)) == NULL) { @@ -658,7 +672,7 @@ client_read_open(void *data, size_t datalen) cf->fd = -1; if (msg->fd == -1) - cf->fd = open(msg->path, flags); + cf->fd = open(path, flags); else { if (msg->fd != STDIN_FILENO) errno = EBADF; diff --git a/file.c b/file.c index f0d622bc..439d3464 100644 --- a/file.c +++ b/file.c @@ -17,9 +17,11 @@ */ #include +#include #include #include +#include #include #include #include @@ -31,6 +33,18 @@ static int file_next_stream = 3; RB_GENERATE(client_files, client_file, entry, file_cmp); +static char * +file_get_path(struct client *c, const char *file) +{ + char *path; + + if (*file == '/') + path = xstrdup(file); + else + xasprintf(&path, "%s/%s", server_client_get_cwd(c, NULL), file); + return (path); +} + int file_cmp(struct client_file *cf1, struct client_file *cf2) { @@ -147,7 +161,6 @@ file_vprint(struct client *c, const char *fmt, va_list ap) msg.stream = 1; msg.fd = STDOUT_FILENO; msg.flags = 0; - strlcpy(msg.path, "-", sizeof msg.path); proc_send(c->peer, MSG_WRITE_OPEN, -1, &msg, sizeof msg); } else { evbuffer_add_vprintf(cf->buffer, fmt, ap); @@ -174,7 +187,6 @@ file_print_buffer(struct client *c, void *data, size_t size) msg.stream = 1; msg.fd = STDOUT_FILENO; msg.flags = 0; - strlcpy(msg.path, "-", sizeof msg.path); proc_send(c->peer, MSG_WRITE_OPEN, -1, &msg, sizeof msg); } else { evbuffer_add(cf->buffer, data, size); @@ -204,7 +216,6 @@ file_error(struct client *c, const char *fmt, ...) msg.stream = 2; msg.fd = STDERR_FILENO; msg.flags = 0; - strlcpy(msg.path, "-", sizeof msg.path); proc_send(c->peer, MSG_WRITE_OPEN, -1, &msg, sizeof msg); } else { evbuffer_add_vprintf(cf->buffer, fmt, ap); @@ -220,7 +231,8 @@ file_write(struct client *c, const char *path, int flags, const void *bdata, { struct client_file *cf; FILE *f; - struct msg_write_open msg; + struct msg_write_open *msg; + size_t msglen; int fd = -1; const char *mode; @@ -237,7 +249,7 @@ file_write(struct client *c, const char *path, int flags, const void *bdata, } cf = file_create(c, file_next_stream++, cb, cbdata); - cf->path = server_client_get_path(c, path); + cf->path = file_get_path(c, path); if (c == NULL || c->flags & CLIENT_ATTACHED) { if (flags & O_APPEND) @@ -261,17 +273,22 @@ file_write(struct client *c, const char *path, int flags, const void *bdata, skip: evbuffer_add(cf->buffer, bdata, bsize); - msg.stream = cf->stream; - msg.fd = fd; - msg.flags = flags; - if (strlcpy(msg.path, cf->path, sizeof msg.path) >= sizeof msg.path) { + msglen = strlen(cf->path) + 1 + sizeof *msg; + if (msglen > MAX_IMSGSIZE - IMSG_HEADER_SIZE) { cf->error = E2BIG; goto done; } - if (proc_send(c->peer, MSG_WRITE_OPEN, -1, &msg, sizeof msg) != 0) { + msg = xmalloc(msglen); + msg->stream = cf->stream; + msg->fd = fd; + msg->flags = flags; + memcpy(msg + 1, cf->path, msglen - sizeof *msg); + if (proc_send(c->peer, MSG_WRITE_OPEN, -1, msg, msglen) != 0) { + free(msg); cf->error = EINVAL; goto done; } + free(msg); return; done: @@ -283,10 +300,10 @@ file_read(struct client *c, const char *path, client_file_cb cb, void *cbdata) { struct client_file *cf; FILE *f; - struct msg_read_open msg; + struct msg_read_open *msg; + size_t msglen, size; int fd = -1; char buffer[BUFSIZ]; - size_t size; if (strcmp(path, "-") == 0) { cf = file_create(c, file_next_stream++, cb, cbdata); @@ -301,7 +318,7 @@ file_read(struct client *c, const char *path, client_file_cb cb, void *cbdata) } cf = file_create(c, file_next_stream++, cb, cbdata); - cf->path = server_client_get_path(c, path); + cf->path = file_get_path(c, path); if (c == NULL || c->flags & CLIENT_ATTACHED) { f = fopen(cf->path, "rb"); @@ -327,16 +344,21 @@ file_read(struct client *c, const char *path, client_file_cb cb, void *cbdata) } skip: - msg.stream = cf->stream; - msg.fd = fd; - if (strlcpy(msg.path, cf->path, sizeof msg.path) >= sizeof msg.path) { + msglen = strlen(cf->path) + 1 + sizeof *msg; + if (msglen > MAX_IMSGSIZE - IMSG_HEADER_SIZE) { cf->error = E2BIG; goto done; } - if (proc_send(c->peer, MSG_READ_OPEN, -1, &msg, sizeof msg) != 0) { + msg = xmalloc(msglen); + msg->stream = cf->stream; + msg->fd = fd; + memcpy(msg + 1, cf->path, msglen - sizeof *msg); + if (proc_send(c->peer, MSG_READ_OPEN, -1, msg, msglen) != 0) { + free(msg); cf->error = EINVAL; goto done; } + free(msg); return; done: @@ -358,20 +380,22 @@ void file_push(struct client_file *cf) { struct client *c = cf->c; - struct msg_write_data msg; + struct msg_write_data *msg; + size_t msglen, sent, left; struct msg_write_close close; - size_t sent, left; + msg = xmalloc(sizeof *msg); left = EVBUFFER_LENGTH(cf->buffer); while (left != 0) { sent = left; - if (sent > sizeof msg.data) - sent = sizeof msg.data; - memcpy(msg.data, EVBUFFER_DATA(cf->buffer), sent); - msg.size = sent; + if (sent > MAX_IMSGSIZE - IMSG_HEADER_SIZE - sizeof *msg) + sent = MAX_IMSGSIZE - IMSG_HEADER_SIZE - sizeof *msg; - msg.stream = cf->stream; - if (proc_send(c->peer, MSG_WRITE, -1, &msg, sizeof msg) != 0) + msglen = (sizeof *msg) + sent; + msg = xrealloc(msg, msglen); + msg->stream = cf->stream; + memcpy(msg + 1, EVBUFFER_DATA(cf->buffer), sent); + if (proc_send(c->peer, MSG_WRITE, -1, msg, msglen) != 0) break; evbuffer_drain(cf->buffer, sent); @@ -387,4 +411,5 @@ file_push(struct client_file *cf) proc_send(c->peer, MSG_WRITE_CLOSE, -1, &close, sizeof close); file_fire_done(cf); } + free(msg); } diff --git a/server-client.c b/server-client.c index 743ced40..13d58558 100644 --- a/server-client.c +++ b/server-client.c @@ -2026,10 +2026,10 @@ server_client_dispatch_read_data(struct client *c, struct imsg *imsg) struct msg_read_data *msg = imsg->data; size_t msglen = imsg->hdr.len - IMSG_HEADER_SIZE; struct client_file find, *cf; - void *bdata = msg->data; - size_t bsize = msg->size; + void *bdata = msg + 1; + size_t bsize = msglen - sizeof *msg; - if (msglen != sizeof *msg) + if (msglen < sizeof *msg) fatalx("bad MSG_READ_DATA size"); find.stream = msg->stream; if ((cf = RB_FIND(client_files, &c->files, &find)) == NULL) @@ -2113,19 +2113,3 @@ server_client_get_cwd(struct client *c, struct session *s) return (home); return ("/"); } - -/* Resolve an absolute path or relative to client working directory. */ -char * -server_client_get_path(struct client *c, const char *file) -{ - char *path, resolved[PATH_MAX]; - - if (*file == '/') - path = xstrdup(file); - else - xasprintf(&path, "%s/%s", server_client_get_cwd(c, NULL), file); - if (realpath(path, resolved) == NULL) - return (path); - free(path); - return (xstrdup(resolved)); -} diff --git a/tmux.h b/tmux.h index bdebf248..96b4e397 100644 --- a/tmux.h +++ b/tmux.h @@ -509,13 +509,10 @@ struct msg_command { struct msg_read_open { int stream; int fd; - char path[PATH_MAX]; -}; +}; /* followed by path */ struct msg_read_data { int stream; - size_t size; - char data[BUFSIZ]; }; struct msg_read_done { @@ -526,15 +523,12 @@ struct msg_read_done { struct msg_write_open { int stream; int fd; - char path[PATH_MAX]; int flags; -}; +}; /* followed by path */ struct msg_write_data { int stream; - size_t size; - char data[BUFSIZ]; -}; +}; /* followed by data */ struct msg_write_ready { int stream; @@ -2236,7 +2230,6 @@ void server_client_push_stdout(struct client *); void server_client_push_stderr(struct client *); void printflike(2, 3) server_client_add_message(struct client *, const char *, ...); -char *server_client_get_path(struct client *, const char *); const char *server_client_get_cwd(struct client *, struct session *); /* server-fn.c */