diff --git a/common/iobuf.c b/common/iobuf.c index 795ff11b1..ca8609e70 100644 --- a/common/iobuf.c +++ b/common/iobuf.c @@ -1,2656 +1,2691 @@ /* iobuf.c - File Handling for OpenPGP. * Copyright (C) 1998, 1999, 2000, 2001, 2003, 2004, 2006, 2007, 2008, * 2009, 2010, 2011 Free Software Foundation, Inc. * Copyright (C) 2015 g10 Code GmbH * * This file is part of GnuPG. * * This file is free software; you can redistribute it and/or modify * it under the terms of either * * - the GNU Lesser General Public License as published by the Free * Software Foundation; either version 3 of the License, or (at * your option) any later version. * * or * * - the GNU General Public License as published by the Free * Software Foundation; either version 2 of the License, or (at * your option) any later version. * * or both in parallel, as here. * * This file is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see . */ #include #include #include #include #include #include #include #include #include #include #include #ifdef HAVE_W32_SYSTEM # ifdef HAVE_WINSOCK2_H # include # endif # include #endif #ifdef __riscos__ # include # include #endif /* __riscos__ */ #include #include "util.h" #include "sysutils.h" #include "iobuf.h" /*-- Begin configurable part. --*/ /* The size of the internal buffers. NOTE: If you change this value you MUST also adjust the regression test "armored_key_8192" in armor.test! */ #define IOBUF_BUFFER_SIZE 8192 /* To avoid a potential DoS with compression packets we better limit the number of filters in a chain. */ #define MAX_NESTING_FILTER 64 /*-- End configurable part. --*/ #ifdef HAVE_W32_SYSTEM # ifdef HAVE_W32CE_SYSTEM # define FD_FOR_STDIN (es_fileno (es_stdin)) # define FD_FOR_STDOUT (es_fileno (es_stdout)) # else # define FD_FOR_STDIN (GetStdHandle (STD_INPUT_HANDLE)) # define FD_FOR_STDOUT (GetStdHandle (STD_OUTPUT_HANDLE)) # endif #else /*!HAVE_W32_SYSTEM*/ # define FD_FOR_STDIN (0) # define FD_FOR_STDOUT (1) #endif /*!HAVE_W32_SYSTEM*/ /* The context used by the file filter. */ typedef struct { gnupg_fd_t fp; /* Open file pointer or handle. */ int keep_open; int no_cache; int eof_seen; int print_only_name; /* Flags indicating that fname is not a real file. */ char fname[1]; /* Name of the file. */ } file_filter_ctx_t; /* The context used by the estream filter. */ typedef struct { estream_t fp; /* Open estream handle. */ int keep_open; int no_cache; int eof_seen; int print_only_name; /* Flags indicating that fname is not a real file. */ char fname[1]; /* Name of the file. */ } file_es_filter_ctx_t; /* Object to control the "close cache". */ struct close_cache_s { struct close_cache_s *next; gnupg_fd_t fp; char fname[1]; }; typedef struct close_cache_s *close_cache_t; static close_cache_t close_cache; #ifdef HAVE_W32_SYSTEM typedef struct { int sock; int keep_open; int no_cache; int eof_seen; int print_only_name; /* Flag indicating that fname is not a real file. */ char fname[1]; /* Name of the file */ } sock_filter_ctx_t; #endif /*HAVE_W32_SYSTEM*/ /* The first partial length header block must be of size 512 to make * it easier (and more efficient) we use a min. block size of 512 for * all chunks (but the last one) */ #define OP_MIN_PARTIAL_CHUNK 512 #define OP_MIN_PARTIAL_CHUNK_2POW 9 /* The context we use for the block filter (used to handle OpenPGP length information header). */ typedef struct { int use; size_t size; size_t count; int partial; /* 1 = partial header, 2 in last partial packet. */ char *buffer; /* Used for partial header. */ size_t buflen; /* Used size of buffer. */ int first_c; /* First character of a partial header (which is > 0). */ int eof; } block_filter_ctx_t; /* Global flag to tell whether special file names are enabled. See gpg.c for an explanation of these file names. FIXME: This does not belong in the iobuf subsystem. */ static int special_names_enabled; /* Local prototypes. */ static int underflow (iobuf_t a, int clear_pending_eof); static int translate_file_handle (int fd, int for_write); /* Sends any pending data to the filter's FILTER function. Note: this works on the filter and not on the whole pipeline. That is, iobuf_flush doesn't necessarily cause data to be written to any underlying file; it just causes any data buffered at the filter A to be sent to A's filter function. If A is a IOBUF_OUTPUT_TEMP filter, then this also enlarges the buffer by IOBUF_BUFFER_SIZE. May only be called on an IOBUF_OUTPUT or IOBUF_OUTPUT_TEMP filters. */ static int filter_flush (iobuf_t a); /* This is a replacement for strcmp. Under W32 it does not distinguish between backslash and slash. */ static int fd_cache_strcmp (const char *a, const char *b) { #ifdef HAVE_DOSISH_SYSTEM for (; *a && *b; a++, b++) { if (*a != *b && !((*a == '/' && *b == '\\') || (*a == '\\' && *b == '/')) ) break; } return *(const unsigned char *)a - *(const unsigned char *)b; #else return strcmp (a, b); #endif } /* * Invalidate (i.e. close) a cached iobuf */ static int fd_cache_invalidate (const char *fname) { close_cache_t cc; int rc = 0; assert (fname); if (DBG_IOBUF) log_debug ("fd_cache_invalidate (%s)\n", fname); for (cc = close_cache; cc; cc = cc->next) { if (cc->fp != GNUPG_INVALID_FD && !fd_cache_strcmp (cc->fname, fname)) { if (DBG_IOBUF) log_debug (" did (%s)\n", cc->fname); #ifdef HAVE_W32_SYSTEM if (!CloseHandle (cc->fp)) rc = -1; #else rc = close (cc->fp); #endif cc->fp = GNUPG_INVALID_FD; } } return rc; } /* Try to sync changes to the disk. This is to avoid data loss during a system crash in write/close/rename cycle on some file systems. */ static int fd_cache_synchronize (const char *fname) { int err = 0; #ifdef HAVE_FSYNC close_cache_t cc; if (DBG_IOBUF) log_debug ("fd_cache_synchronize (%s)\n", fname); for (cc=close_cache; cc; cc = cc->next ) { if (cc->fp != GNUPG_INVALID_FD && !fd_cache_strcmp (cc->fname, fname)) { if (DBG_IOBUF) log_debug (" did (%s)\n", cc->fname); err = fsync (cc->fp); } } #else (void)fname; #endif /*HAVE_FSYNC*/ return err; } static gnupg_fd_t direct_open (const char *fname, const char *mode, int mode700) { #ifdef HAVE_W32_SYSTEM unsigned long da, cd, sm; HANDLE hfile; /* Note, that we do not handle all mode combinations */ /* According to the ReactOS source it seems that open() of the * standard MSW32 crt does open the file in shared mode which is * something new for MS applications ;-) */ if (strchr (mode, '+')) { if (fd_cache_invalidate (fname)) return GNUPG_INVALID_FD; da = GENERIC_READ | GENERIC_WRITE; cd = OPEN_EXISTING; sm = FILE_SHARE_READ | FILE_SHARE_WRITE; } else if (strchr (mode, 'w')) { if (fd_cache_invalidate (fname)) return GNUPG_INVALID_FD; da = GENERIC_WRITE; cd = CREATE_ALWAYS; sm = FILE_SHARE_WRITE; } else { da = GENERIC_READ; cd = OPEN_EXISTING; sm = FILE_SHARE_READ; } #ifdef HAVE_W32CE_SYSTEM { wchar_t *wfname = utf8_to_wchar (fname); if (wfname) { hfile = CreateFile (wfname, da, sm, NULL, cd, FILE_ATTRIBUTE_NORMAL, NULL); xfree (wfname); } else hfile = INVALID_HANDLE_VALUE; } #else hfile = CreateFile (fname, da, sm, NULL, cd, FILE_ATTRIBUTE_NORMAL, NULL); #endif return hfile; #else /*!HAVE_W32_SYSTEM*/ int oflag; int cflag = S_IRUSR | S_IWUSR; if (!mode700) cflag |= S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH; /* Note, that we do not handle all mode combinations */ if (strchr (mode, '+')) { if (fd_cache_invalidate (fname)) return GNUPG_INVALID_FD; oflag = O_RDWR; } else if (strchr (mode, 'w')) { if (fd_cache_invalidate (fname)) return GNUPG_INVALID_FD; oflag = O_WRONLY | O_CREAT | O_TRUNC; } else { oflag = O_RDONLY; } #ifdef O_BINARY if (strchr (mode, 'b')) oflag |= O_BINARY; #endif #ifdef __riscos__ { struct stat buf; /* Don't allow iobufs on directories */ if (!stat (fname, &buf) && S_ISDIR (buf.st_mode) && !S_ISREG (buf.st_mode)) return __set_errno (EISDIR); } #endif return open (fname, oflag, cflag); #endif /*!HAVE_W32_SYSTEM*/ } /* * Instead of closing an FD we keep it open and cache it for later reuse * Note that this caching strategy only works if the process does not chdir. */ static void fd_cache_close (const char *fname, gnupg_fd_t fp) { close_cache_t cc; assert (fp); if (!fname || !*fname) { #ifdef HAVE_W32_SYSTEM CloseHandle (fp); #else close (fp); #endif if (DBG_IOBUF) log_debug ("fd_cache_close (%d) real\n", (int)fp); return; } /* try to reuse a slot */ for (cc = close_cache; cc; cc = cc->next) { if (cc->fp == GNUPG_INVALID_FD && !fd_cache_strcmp (cc->fname, fname)) { cc->fp = fp; if (DBG_IOBUF) log_debug ("fd_cache_close (%s) used existing slot\n", fname); return; } } /* add a new one */ if (DBG_IOBUF) log_debug ("fd_cache_close (%s) new slot created\n", fname); cc = xcalloc (1, sizeof *cc + strlen (fname)); strcpy (cc->fname, fname); cc->fp = fp; cc->next = close_cache; close_cache = cc; } /* * Do a direct_open on FNAME but first try to reuse one from the fd_cache */ static gnupg_fd_t fd_cache_open (const char *fname, const char *mode) { close_cache_t cc; assert (fname); for (cc = close_cache; cc; cc = cc->next) { if (cc->fp != GNUPG_INVALID_FD && !fd_cache_strcmp (cc->fname, fname)) { gnupg_fd_t fp = cc->fp; cc->fp = GNUPG_INVALID_FD; if (DBG_IOBUF) log_debug ("fd_cache_open (%s) using cached fp\n", fname); #ifdef HAVE_W32_SYSTEM if (SetFilePointer (fp, 0, NULL, FILE_BEGIN) == 0xffffffff) { log_error ("rewind file failed on handle %p: ec=%d\n", fp, (int) GetLastError ()); fp = GNUPG_INVALID_FD; } #else if (lseek (fp, 0, SEEK_SET) == (off_t) - 1) { log_error ("can't rewind fd %d: %s\n", fp, strerror (errno)); fp = GNUPG_INVALID_FD; } #endif return fp; } } if (DBG_IOBUF) log_debug ("fd_cache_open (%s) not cached\n", fname); return direct_open (fname, mode, 0); } static int file_filter (void *opaque, int control, iobuf_t chain, byte * buf, size_t * ret_len) { file_filter_ctx_t *a = opaque; gnupg_fd_t f = a->fp; size_t size = *ret_len; size_t nbytes = 0; int rc = 0; (void)chain; /* Not used. */ if (control == IOBUFCTRL_UNDERFLOW) { assert (size); /* We need a buffer. */ if (a->eof_seen) { rc = -1; *ret_len = 0; } else { #ifdef HAVE_W32_SYSTEM unsigned long nread; nbytes = 0; if (!ReadFile (f, buf, size, &nread, NULL)) { int ec = (int) GetLastError (); if (ec != ERROR_BROKEN_PIPE) { rc = gpg_error_from_errno (ec); log_error ("%s: read error: ec=%d\n", a->fname, ec); } } else if (!nread) { a->eof_seen = 1; rc = -1; } else { nbytes = nread; } #else int n; nbytes = 0; do { n = read (f, buf, size); } while (n == -1 && errno == EINTR); if (n == -1) { /* error */ if (errno != EPIPE) { rc = gpg_error_from_syserror (); log_error ("%s: read error: %s\n", a->fname, strerror (errno)); } } else if (!n) { /* eof */ a->eof_seen = 1; rc = -1; } else { nbytes = n; } #endif *ret_len = nbytes; } } else if (control == IOBUFCTRL_FLUSH) { if (size) { #ifdef HAVE_W32_SYSTEM byte *p = buf; unsigned long n; nbytes = size; do { if (size && !WriteFile (f, p, nbytes, &n, NULL)) { int ec = (int) GetLastError (); rc = gpg_error_from_errno (ec); log_error ("%s: write error: ec=%d\n", a->fname, ec); break; } p += n; nbytes -= n; } while (nbytes); nbytes = p - buf; #else byte *p = buf; int n; nbytes = size; do { do { n = write (f, p, nbytes); } while (n == -1 && errno == EINTR); if (n > 0) { p += n; nbytes -= n; } } while (n != -1 && nbytes); if (n == -1) { rc = gpg_error_from_syserror (); log_error ("%s: write error: %s\n", a->fname, strerror (errno)); } nbytes = p - buf; #endif } *ret_len = nbytes; } else if (control == IOBUFCTRL_INIT) { a->eof_seen = 0; a->keep_open = 0; a->no_cache = 0; } else if (control == IOBUFCTRL_DESC) { *(char **) buf = "file_filter(fd)"; } else if (control == IOBUFCTRL_FREE) { if (f != FD_FOR_STDIN && f != FD_FOR_STDOUT) { if (DBG_IOBUF) log_debug ("%s: close fd/handle %d\n", a->fname, FD2INT (f)); if (!a->keep_open) fd_cache_close (a->no_cache ? NULL : a->fname, f); } f = GNUPG_INVALID_FD; xfree (a); /* We can free our context now. */ } return rc; } /* Similar to file_filter but using the estream system. */ static int file_es_filter (void *opaque, int control, iobuf_t chain, byte * buf, size_t * ret_len) { file_es_filter_ctx_t *a = opaque; estream_t f = a->fp; size_t size = *ret_len; size_t nbytes = 0; int rc = 0; (void)chain; /* Not used. */ if (control == IOBUFCTRL_UNDERFLOW) { assert (size); /* We need a buffer. */ if (a->eof_seen) { rc = -1; *ret_len = 0; } else { nbytes = 0; rc = es_read (f, buf, size, &nbytes); if (rc == -1) { /* error */ rc = gpg_error_from_syserror (); log_error ("%s: read error: %s\n", a->fname, strerror (errno)); } else if (!nbytes) { /* eof */ a->eof_seen = 1; rc = -1; } *ret_len = nbytes; } } else if (control == IOBUFCTRL_FLUSH) { if (size) { byte *p = buf; size_t nwritten; nbytes = size; do { nwritten = 0; if (es_write (f, p, nbytes, &nwritten)) { rc = gpg_error_from_syserror (); log_error ("%s: write error: %s\n", a->fname, strerror (errno)); break; } p += nwritten; nbytes -= nwritten; } while (nbytes); nbytes = p - buf; } *ret_len = nbytes; } else if (control == IOBUFCTRL_INIT) { a->eof_seen = 0; a->no_cache = 0; } else if (control == IOBUFCTRL_DESC) { *(char **) buf = "estream_filter"; } else if (control == IOBUFCTRL_FREE) { if (f != es_stdin && f != es_stdout) { if (DBG_IOBUF) log_debug ("%s: es_fclose %p\n", a->fname, f); if (!a->keep_open) es_fclose (f); } f = NULL; xfree (a); /* We can free our context now. */ } return rc; } #ifdef HAVE_W32_SYSTEM /* Because network sockets are special objects under Lose32 we have to use a dedicated filter for them. */ static int sock_filter (void *opaque, int control, iobuf_t chain, byte * buf, size_t * ret_len) { sock_filter_ctx_t *a = opaque; size_t size = *ret_len; size_t nbytes = 0; int rc = 0; (void)chain; if (control == IOBUFCTRL_UNDERFLOW) { assert (size); /* need a buffer */ if (a->eof_seen) { rc = -1; *ret_len = 0; } else { int nread; nread = recv (a->sock, buf, size, 0); if (nread == SOCKET_ERROR) { int ec = (int) WSAGetLastError (); rc = gpg_error_from_errno (ec); log_error ("socket read error: ec=%d\n", ec); } else if (!nread) { a->eof_seen = 1; rc = -1; } else { nbytes = nread; } *ret_len = nbytes; } } else if (control == IOBUFCTRL_FLUSH) { if (size) { byte *p = buf; int n; nbytes = size; do { n = send (a->sock, p, nbytes, 0); if (n == SOCKET_ERROR) { int ec = (int) WSAGetLastError (); rc = gpg_error_from_errno (ec); log_error ("socket write error: ec=%d\n", ec); break; } p += n; nbytes -= n; } while (nbytes); nbytes = p - buf; } *ret_len = nbytes; } else if (control == IOBUFCTRL_INIT) { a->eof_seen = 0; a->keep_open = 0; a->no_cache = 0; } else if (control == IOBUFCTRL_DESC) { *(char **) buf = "sock_filter"; } else if (control == IOBUFCTRL_FREE) { if (!a->keep_open) closesocket (a->sock); xfree (a); /* we can free our context now */ } return rc; } #endif /*HAVE_W32_SYSTEM*/ /**************** * This is used to implement the block write mode. * Block reading is done on a byte by byte basis in readbyte(), * without a filter */ static int block_filter (void *opaque, int control, iobuf_t chain, byte * buffer, size_t * ret_len) { block_filter_ctx_t *a = opaque; char *buf = (char *)buffer; size_t size = *ret_len; int c, needed, rc = 0; char *p; if (control == IOBUFCTRL_UNDERFLOW) { size_t n = 0; p = buf; assert (size); /* need a buffer */ if (a->eof) /* don't read any further */ rc = -1; while (!rc && size) { if (!a->size) { /* get the length bytes */ if (a->partial == 2) { a->eof = 1; if (!n) rc = -1; break; } else if (a->partial) { /* These OpenPGP introduced huffman like encoded length * bytes are really a mess :-( */ if (a->first_c) { c = a->first_c; a->first_c = 0; } else if ((c = iobuf_get (chain)) == -1) { log_error ("block_filter: 1st length byte missing\n"); rc = GPG_ERR_BAD_DATA; break; } if (c < 192) { a->size = c; a->partial = 2; if (!a->size) { a->eof = 1; if (!n) rc = -1; break; } } else if (c < 224) { a->size = (c - 192) * 256; if ((c = iobuf_get (chain)) == -1) { log_error ("block_filter: 2nd length byte missing\n"); rc = GPG_ERR_BAD_DATA; break; } a->size += c + 192; a->partial = 2; if (!a->size) { a->eof = 1; if (!n) rc = -1; break; } } else if (c == 255) { a->size = (size_t)iobuf_get (chain) << 24; a->size |= iobuf_get (chain) << 16; a->size |= iobuf_get (chain) << 8; if ((c = iobuf_get (chain)) == -1) { log_error ("block_filter: invalid 4 byte length\n"); rc = GPG_ERR_BAD_DATA; break; } a->size |= c; a->partial = 2; if (!a->size) { a->eof = 1; if (!n) rc = -1; break; } } else { /* Next partial body length. */ a->size = 1 << (c & 0x1f); } /* log_debug("partial: ctx=%p c=%02x size=%u\n", a, c, a->size); */ } else BUG (); } while (!rc && size && a->size) { needed = size < a->size ? size : a->size; c = iobuf_read (chain, p, needed); if (c < needed) { if (c == -1) c = 0; log_error ("block_filter %p: read error (size=%lu,a->size=%lu)\n", a, (ulong) size + c, (ulong) a->size + c); rc = GPG_ERR_BAD_DATA; } else { size -= c; a->size -= c; p += c; n += c; } } } *ret_len = n; } else if (control == IOBUFCTRL_FLUSH) { if (a->partial) { /* the complicated openpgp scheme */ size_t blen, n, nbytes = size + a->buflen; assert (a->buflen <= OP_MIN_PARTIAL_CHUNK); if (nbytes < OP_MIN_PARTIAL_CHUNK) { /* not enough to write a partial block out; so we store it */ if (!a->buffer) a->buffer = xmalloc (OP_MIN_PARTIAL_CHUNK); memcpy (a->buffer + a->buflen, buf, size); a->buflen += size; } else { /* okay, we can write out something */ /* do this in a loop to use the most efficient block lengths */ p = buf; do { /* find the best matching block length - this is limited * by the size of the internal buffering */ for (blen = OP_MIN_PARTIAL_CHUNK * 2, c = OP_MIN_PARTIAL_CHUNK_2POW + 1; blen <= nbytes; blen *= 2, c++) ; blen /= 2; c--; /* write the partial length header */ assert (c <= 0x1f); /*;-) */ c |= 0xe0; iobuf_put (chain, c); if ((n = a->buflen)) { /* write stuff from the buffer */ assert (n == OP_MIN_PARTIAL_CHUNK); if (iobuf_write (chain, a->buffer, n)) rc = gpg_error_from_syserror (); a->buflen = 0; nbytes -= n; } if ((n = nbytes) > blen) n = blen; if (n && iobuf_write (chain, p, n)) rc = gpg_error_from_syserror (); p += n; nbytes -= n; } while (!rc && nbytes >= OP_MIN_PARTIAL_CHUNK); /* store the rest in the buffer */ if (!rc && nbytes) { assert (!a->buflen); assert (nbytes < OP_MIN_PARTIAL_CHUNK); if (!a->buffer) a->buffer = xmalloc (OP_MIN_PARTIAL_CHUNK); memcpy (a->buffer, p, nbytes); a->buflen = nbytes; } } } else BUG (); } else if (control == IOBUFCTRL_INIT) { if (DBG_IOBUF) log_debug ("init block_filter %p\n", a); if (a->partial) a->count = 0; else if (a->use == IOBUF_INPUT) a->count = a->size = 0; else a->count = a->size; /* force first length bytes */ a->eof = 0; a->buffer = NULL; a->buflen = 0; } else if (control == IOBUFCTRL_DESC) { *(char **) buf = "block_filter"; } else if (control == IOBUFCTRL_FREE) { if (a->use == IOBUF_OUTPUT) { /* write the end markers */ if (a->partial) { u32 len; /* write out the remaining bytes without a partial header * the length of this header may be 0 - but if it is * the first block we are not allowed to use a partial header * and frankly we can't do so, because this length must be * a power of 2. This is _really_ complicated because we * have to check the possible length of a packet prior * to it's creation: a chain of filters becomes complicated * and we need a lot of code to handle compressed packets etc. * :-((((((( */ /* construct header */ len = a->buflen; /*log_debug("partial: remaining length=%u\n", len ); */ if (len < 192) rc = iobuf_put (chain, len); else if (len < 8384) { if (!(rc = iobuf_put (chain, ((len - 192) / 256) + 192))) rc = iobuf_put (chain, ((len - 192) % 256)); } else { /* use a 4 byte header */ if (!(rc = iobuf_put (chain, 0xff))) if (!(rc = iobuf_put (chain, (len >> 24) & 0xff))) if (!(rc = iobuf_put (chain, (len >> 16) & 0xff))) if (!(rc = iobuf_put (chain, (len >> 8) & 0xff))) rc = iobuf_put (chain, len & 0xff); } if (!rc && len) rc = iobuf_write (chain, a->buffer, len); if (rc) { log_error ("block_filter: write error: %s\n", strerror (errno)); rc = gpg_error_from_syserror (); } xfree (a->buffer); a->buffer = NULL; a->buflen = 0; } else BUG (); } else if (a->size) { log_error ("block_filter: pending bytes!\n"); } if (DBG_IOBUF) log_debug ("free block_filter %p\n", a); xfree (a); /* we can free our context now */ } return rc; } static const char * iobuf_desc (iobuf_t a) { size_t dummy_len = 0; const char *desc = "?"; if (! a || ! a->filter) return desc; a->filter (a->filter_ov, IOBUFCTRL_DESC, NULL, (byte *) & desc, &dummy_len); return desc; } static void print_chain (iobuf_t a) { if (!DBG_IOBUF) return; for (; a; a = a->chain) { log_debug ("iobuf chain: %d.%d '%s' filter_eof=%d start=%d len=%d\n", a->no, a->subno, iobuf_desc (a), a->filter_eof, (int) a->d.start, (int) a->d.len); } } int iobuf_print_chain (iobuf_t a) { print_chain (a); return 0; } iobuf_t iobuf_alloc (int use, size_t bufsize) { iobuf_t a; static int number = 0; assert (use == IOBUF_INPUT || use == IOBUF_INPUT_TEMP || use == IOBUF_OUTPUT || use == IOBUF_OUTPUT_TEMP); if (bufsize == 0) { log_bug ("iobuf_alloc() passed a bufsize of 0!\n"); bufsize = IOBUF_BUFFER_SIZE; } a = xcalloc (1, sizeof *a); a->use = use; a->d.buf = xmalloc (bufsize); a->d.size = bufsize; a->no = ++number; a->subno = 0; a->real_fname = NULL; return a; } int iobuf_close (iobuf_t a) { iobuf_t a_chain; size_t dummy_len = 0; int rc = 0; for (; a; a = a_chain) { int rc2 = 0; a_chain = a->chain; if (a->use == IOBUF_OUTPUT && (rc = filter_flush (a))) log_error ("filter_flush failed on close: %s\n", gpg_strerror (rc)); if (DBG_IOBUF) log_debug ("iobuf-%d.%d: close '%s'\n", a->no, a->subno, iobuf_desc (a)); if (a->filter && (rc2 = a->filter (a->filter_ov, IOBUFCTRL_FREE, a->chain, NULL, &dummy_len))) log_error ("IOBUFCTRL_FREE failed on close: %s\n", gpg_strerror (rc)); if (! rc && rc2) /* Whoops! An error occured. Save it in RC if we haven't already recorded an error. */ rc = rc2; xfree (a->real_fname); if (a->d.buf) { memset (a->d.buf, 0, a->d.size); /* erase the buffer */ xfree (a->d.buf); } xfree (a); } return rc; } int iobuf_cancel (iobuf_t a) { const char *s; iobuf_t a2; int rc; #if defined(HAVE_W32_SYSTEM) || defined(__riscos__) char *remove_name = NULL; #endif if (a && a->use == IOBUF_OUTPUT) { s = iobuf_get_real_fname (a); if (s && *s) { #if defined(HAVE_W32_SYSTEM) || defined(__riscos__) remove_name = xstrdup (s); #else remove (s); #endif } } /* send a cancel message to all filters */ for (a2 = a; a2; a2 = a2->chain) { size_t dummy; if (a2->filter) a2->filter (a2->filter_ov, IOBUFCTRL_CANCEL, a2->chain, NULL, &dummy); } rc = iobuf_close (a); #if defined(HAVE_W32_SYSTEM) || defined(__riscos__) if (remove_name) { /* Argg, MSDOS does not allow to remove open files. So * we have to do it here */ #ifdef HAVE_W32CE_SYSTEM wchar_t *wtmp = utf8_to_wchar (remove_name); if (wtmp) DeleteFile (wtmp); xfree (wtmp); #else remove (remove_name); #endif xfree (remove_name); } #endif return rc; } iobuf_t iobuf_temp (void) { return iobuf_alloc (IOBUF_OUTPUT_TEMP, IOBUF_BUFFER_SIZE); } iobuf_t iobuf_temp_with_content (const char *buffer, size_t length) { iobuf_t a; int i; a = iobuf_alloc (IOBUF_INPUT_TEMP, length); assert (length == a->d.size); /* memcpy (a->d.buf, buffer, length); */ for (i=0; i < length; i++) a->d.buf[i] = buffer[i]; a->d.len = length; return a; } void iobuf_enable_special_filenames (int yes) { special_names_enabled = yes; } /* See whether the filename has the form "-&nnnn", where n is a non-zero number. Returns this number or -1 if it is not the case. */ static int check_special_filename (const char *fname) { if (special_names_enabled && fname && *fname == '-' && fname[1] == '&') { int i; fname += 2; for (i = 0; digitp (fname+i); i++) ; if (!fname[i]) return atoi (fname); } return -1; } int iobuf_is_pipe_filename (const char *fname) { if (!fname || (*fname=='-' && !fname[1]) ) return 1; return check_special_filename (fname) != -1; } static iobuf_t do_open (const char *fname, int special_filenames, int use, const char *opentype, int mode700) { iobuf_t a; gnupg_fd_t fp; file_filter_ctx_t *fcx; size_t len = 0; int print_only = 0; int fd; assert (use == IOBUF_INPUT || use == IOBUF_OUTPUT); if (special_filenames /* NULL or '-'. */ && (!fname || (*fname == '-' && !fname[1]))) { if (use == IOBUF_INPUT) { fp = FD_FOR_STDIN; fname = "[stdin]"; } else { fp = FD_FOR_STDOUT; fname = "[stdout]"; } print_only = 1; } else if (!fname) return NULL; else if (special_filenames && (fd = check_special_filename (fname)) != -1) return iobuf_fdopen (translate_file_handle (fd, use == IOBUF_INPUT ? 0 : 1), opentype); else { if (use == IOBUF_INPUT) fp = fd_cache_open (fname, opentype); else fp = direct_open (fname, opentype, mode700); if (fp == GNUPG_INVALID_FD) return NULL; } a = iobuf_alloc (use, IOBUF_BUFFER_SIZE); fcx = xmalloc (sizeof *fcx + strlen (fname)); fcx->fp = fp; fcx->print_only_name = print_only; strcpy (fcx->fname, fname); if (!print_only) a->real_fname = xstrdup (fname); a->filter = file_filter; a->filter_ov = fcx; file_filter (fcx, IOBUFCTRL_INIT, NULL, NULL, &len); if (DBG_IOBUF) log_debug ("iobuf-%d.%d: open '%s' desc=%s fd=%d\n", a->no, a->subno, fname, iobuf_desc (a), FD2INT (fcx->fp)); return a; } iobuf_t iobuf_open (const char *fname) { return do_open (fname, 1, IOBUF_INPUT, "rb", 0); } iobuf_t iobuf_create (const char *fname, int mode700) { return do_open (fname, 1, IOBUF_OUTPUT, "wb", mode700); } iobuf_t iobuf_openrw (const char *fname) { return do_open (fname, 0, IOBUF_OUTPUT, "r+b", 0); } static iobuf_t do_iobuf_fdopen (int fd, const char *mode, int keep_open) { iobuf_t a; gnupg_fd_t fp; file_filter_ctx_t *fcx; size_t len; fp = INT2FD (fd); a = iobuf_alloc (strchr (mode, 'w') ? IOBUF_OUTPUT : IOBUF_INPUT, IOBUF_BUFFER_SIZE); fcx = xmalloc (sizeof *fcx + 20); fcx->fp = fp; fcx->print_only_name = 1; fcx->keep_open = keep_open; sprintf (fcx->fname, "[fd %d]", fd); a->filter = file_filter; a->filter_ov = fcx; file_filter (fcx, IOBUFCTRL_INIT, NULL, NULL, &len); if (DBG_IOBUF) log_debug ("iobuf-%d.%d: fdopen%s '%s'\n", a->no, a->subno, keep_open? "_nc":"", fcx->fname); iobuf_ioctl (a, IOBUF_IOCTL_NO_CACHE, 1, NULL); return a; } iobuf_t iobuf_fdopen (int fd, const char *mode) { return do_iobuf_fdopen (fd, mode, 0); } iobuf_t iobuf_fdopen_nc (int fd, const char *mode) { return do_iobuf_fdopen (fd, mode, 1); } iobuf_t iobuf_esopen (estream_t estream, const char *mode, int keep_open) { iobuf_t a; file_es_filter_ctx_t *fcx; size_t len; a = iobuf_alloc (strchr (mode, 'w') ? IOBUF_OUTPUT : IOBUF_INPUT, IOBUF_BUFFER_SIZE); fcx = xtrymalloc (sizeof *fcx + 30); fcx->fp = estream; fcx->print_only_name = 1; fcx->keep_open = keep_open; sprintf (fcx->fname, "[fd %p]", estream); a->filter = file_es_filter; a->filter_ov = fcx; file_es_filter (fcx, IOBUFCTRL_INIT, NULL, NULL, &len); if (DBG_IOBUF) log_debug ("iobuf-%d.%d: esopen%s '%s'\n", a->no, a->subno, keep_open? "_nc":"", fcx->fname); return a; } iobuf_t iobuf_sockopen (int fd, const char *mode) { iobuf_t a; #ifdef HAVE_W32_SYSTEM sock_filter_ctx_t *scx; size_t len; a = iobuf_alloc (strchr (mode, 'w') ? IOBUF_OUTPUT : IOBUF_INPUT, IOBUF_BUFFER_SIZE); scx = xmalloc (sizeof *scx + 25); scx->sock = fd; scx->print_only_name = 1; sprintf (scx->fname, "[sock %d]", fd); a->filter = sock_filter; a->filter_ov = scx; sock_filter (scx, IOBUFCTRL_INIT, NULL, NULL, &len); if (DBG_IOBUF) log_debug ("iobuf-%d.%d: sockopen '%s'\n", a->no, a->subno, scx->fname); iobuf_ioctl (a, IOBUF_IOCTL_NO_CACHE, 1, NULL); #else a = iobuf_fdopen (fd, mode); #endif return a; } int iobuf_ioctl (iobuf_t a, iobuf_ioctl_t cmd, int intval, void *ptrval) { if (cmd == IOBUF_IOCTL_KEEP_OPEN) { /* Keep system filepointer/descriptor open. This was used in the past by http.c; this ioctl is not directly used anymore. */ if (DBG_IOBUF) log_debug ("iobuf-%d.%d: ioctl '%s' keep_open=%d\n", a ? a->no : -1, a ? a->subno : -1, iobuf_desc (a), intval); for (; a; a = a->chain) if (!a->chain && a->filter == file_filter) { file_filter_ctx_t *b = a->filter_ov; b->keep_open = intval; return 0; } #ifdef HAVE_W32_SYSTEM else if (!a->chain && a->filter == sock_filter) { sock_filter_ctx_t *b = a->filter_ov; b->keep_open = intval; return 0; } #endif } else if (cmd == IOBUF_IOCTL_INVALIDATE_CACHE) { if (DBG_IOBUF) log_debug ("iobuf-*.*: ioctl '%s' invalidate\n", ptrval ? (char *) ptrval : "?"); if (!a && !intval && ptrval) { if (fd_cache_invalidate (ptrval)) return -1; return 0; } } else if (cmd == IOBUF_IOCTL_NO_CACHE) { if (DBG_IOBUF) log_debug ("iobuf-%d.%d: ioctl '%s' no_cache=%d\n", a ? a->no : -1, a ? a->subno : -1, iobuf_desc (a), intval); for (; a; a = a->chain) if (!a->chain && a->filter == file_filter) { file_filter_ctx_t *b = a->filter_ov; b->no_cache = intval; return 0; } #ifdef HAVE_W32_SYSTEM else if (!a->chain && a->filter == sock_filter) { sock_filter_ctx_t *b = a->filter_ov; b->no_cache = intval; return 0; } #endif } else if (cmd == IOBUF_IOCTL_FSYNC) { /* Do a fsync on the open fd and return any errors to the caller of iobuf_ioctl. Note that we work on a file name here. */ if (DBG_IOBUF) log_debug ("iobuf-*.*: ioctl '%s' fsync\n", ptrval? (const char*)ptrval:""); if (!a && !intval && ptrval) { return fd_cache_synchronize (ptrval); } } return -1; } /**************** * Register an i/o filter. */ int iobuf_push_filter (iobuf_t a, int (*f) (void *opaque, int control, iobuf_t chain, byte * buf, size_t * len), void *ov) { return iobuf_push_filter2 (a, f, ov, 0); } int iobuf_push_filter2 (iobuf_t a, int (*f) (void *opaque, int control, iobuf_t chain, byte * buf, size_t * len), void *ov, int rel_ov) { iobuf_t b; size_t dummy_len = 0; int rc = 0; if (a->use == IOBUF_OUTPUT && (rc = filter_flush (a))) return rc; if (a->subno >= MAX_NESTING_FILTER) { log_error ("i/o filter too deeply nested - corrupted data?\n"); return GPG_ERR_BAD_DATA; } /* We want to create a new filter and put it in front of A. A simple implementation would do: b = iobuf_alloc (...); b->chain = a; return a; This is a bit problematic: A is the head of the pipeline and there are potentially many pointers to it. Requiring the caller to update all of these pointers is a burden. An alternative implementation would add a level of indirection. For instance, we could use a pipeline object, which contains a pointer to the first filter in the pipeline. This is not what we do either. Instead, we allocate a new buffer (B) and copy the first filter's state into that and use the initial buffer (A) for the new filter. One limitation of this approach is that it is not practical to maintain a pointer to a specific filter's state. Before: A | v 0x100 0x200 +----------+ +----------+ | filter x |--------->| filter y |---->.... +----------+ +----------+ After: B | v 0x300 +----------+ A | filter x | | +----------+ v 0x100 ^ v 0x200 +----------+ +----------+ | filter w | | filter y |---->.... +----------+ +----------+ Note: filter x's address changed from 0x100 to 0x300, but A still points to the head of the pipeline. */ b = xmalloc (sizeof *b); memcpy (b, a, sizeof *b); /* fixme: it is stupid to keep a copy of the name at every level * but we need the name somewhere because the name known by file_filter * may have been released when we need the name of the file */ b->real_fname = a->real_fname ? xstrdup (a->real_fname) : NULL; /* remove the filter stuff from the new stream */ a->filter = NULL; a->filter_ov = NULL; a->filter_ov_owner = 0; a->filter_eof = 0; if (a->use == IOBUF_OUTPUT_TEMP) /* A TEMP filter buffers any data sent to it; it does not forward any data down the pipeline. If we add a new filter to the pipeline, it shouldn't also buffer data. It should send it downstream to be buffered. Thus, the correct type for a filter added in front of an IOBUF_OUTPUT_TEMP filter is IOBUF_OUPUT, not IOBUF_OUTPUT_TEMP. */ { a->use = IOBUF_OUTPUT; /* When pipeline is written to, the temp buffer's size is increased accordingly. We don't need to allocate a 10 MB buffer for a non-terminal filter. Just use the default size. */ a->d.size = IOBUF_BUFFER_SIZE; } else if (a->use == IOBUF_INPUT_TEMP) /* Same idea as above. */ { a->use = IOBUF_INPUT; a->d.size = IOBUF_BUFFER_SIZE; } /* The new filter (A) gets a new buffer. If the pipeline is an output or temp pipeline, then giving the buffer to the new filter means that data that was written before the filter was pushed gets sent to the filter. That's clearly wrong. If the pipeline is an input pipeline, then giving the buffer to the new filter (A) means that data that has read from (B), but not yet read from the pipeline won't be processed by the new filter (A)! That's certainly not what we want. */ a->d.buf = xmalloc (a->d.size); a->d.len = 0; a->d.start = 0; /* disable nlimit for the new stream */ a->ntotal = b->ntotal + b->nbytes; a->nlimit = a->nbytes = 0; a->nofast = 0; /* make a link from the new stream to the original stream */ a->chain = b; /* setup the function on the new stream */ a->filter = f; a->filter_ov = ov; a->filter_ov_owner = rel_ov; a->subno = b->subno + 1; if (DBG_IOBUF) { log_debug ("iobuf-%d.%d: push '%s'\n", a->no, a->subno, iobuf_desc (a)); print_chain (a); } /* now we can initialize the new function if we have one */ if (a->filter && (rc = a->filter (a->filter_ov, IOBUFCTRL_INIT, a->chain, NULL, &dummy_len))) log_error ("IOBUFCTRL_INIT failed: %s\n", gpg_strerror (rc)); return rc; } /**************** * Remove an i/o filter. */ static int pop_filter (iobuf_t a, int (*f) (void *opaque, int control, iobuf_t chain, byte * buf, size_t * len), void *ov) { iobuf_t b; size_t dummy_len = 0; int rc = 0; if (DBG_IOBUF) log_debug ("iobuf-%d.%d: pop '%s'\n", a->no, a->subno, iobuf_desc (a)); if (a->use == IOBUF_INPUT_TEMP || a->use == IOBUF_OUTPUT_TEMP) { /* This should be the last filter in the pipeline. */ assert (! a->chain); return 0; } if (!a->filter) { /* this is simple */ b = a->chain; assert (b); xfree (a->d.buf); xfree (a->real_fname); memcpy (a, b, sizeof *a); xfree (b); return 0; } for (b = a; b; b = b->chain) if (b->filter == f && (!ov || b->filter_ov == ov)) break; if (!b) log_bug ("pop_filter(): filter function not found\n"); /* flush this stream if it is an output stream */ if (a->use == IOBUF_OUTPUT && (rc = filter_flush (b))) { log_error ("filter_flush failed in pop_filter: %s\n", gpg_strerror (rc)); return rc; } /* and tell the filter to free it self */ if (b->filter && (rc = b->filter (b->filter_ov, IOBUFCTRL_FREE, b->chain, NULL, &dummy_len))) { log_error ("IOBUFCTRL_FREE failed: %s\n", gpg_strerror (rc)); return rc; } if (b->filter_ov && b->filter_ov_owner) { xfree (b->filter_ov); b->filter_ov = NULL; } /* and see how to remove it */ if (a == b && !b->chain) log_bug ("can't remove the last filter from the chain\n"); else if (a == b) { /* remove the first iobuf from the chain */ /* everything from b is copied to a. This is save because * a flush has been done on the to be removed entry */ b = a->chain; xfree (a->d.buf); xfree (a->real_fname); memcpy (a, b, sizeof *a); xfree (b); if (DBG_IOBUF) log_debug ("iobuf-%d.%d: popped filter\n", a->no, a->subno); } else if (!b->chain) { /* remove the last iobuf from the chain */ log_bug ("Ohh jeee, trying to remove a head filter\n"); } else { /* remove an intermediate iobuf from the chain */ log_bug ("Ohh jeee, trying to remove an intermediate filter\n"); } return rc; } /**************** * read underflow: read more bytes into the buffer and return * the first byte or -1 on EOF. */ static int underflow (iobuf_t a, int clear_pending_eof) { size_t len; int rc; if (DBG_IOBUF) log_debug ("iobuf-%d.%d: underflow: buffer size: %d; still buffered: %d => space for %d bytes\n", a->no, a->subno, (int) a->d.size, (int) (a->d.len - a->d.start), (int) (a->d.size - (a->d.len - a->d.start))); if (a->use == IOBUF_INPUT_TEMP) /* By definition, there isn't more data to read into the buffer. */ return -1; assert (a->use == IOBUF_INPUT); /* If there is still some buffered data, then move it to the start of the buffer and try to fill the end of the buffer. (This is useful if we are called from iobuf_peek().) */ assert (a->d.start <= a->d.len); a->d.len -= a->d.start; memmove (a->d.buf, &a->d.buf[a->d.start], a->d.len); a->d.start = 0; if (a->d.len == 0 && a->filter_eof) /* The last time we tried to read from this filter, we got an EOF. We couldn't return the EOF, because there was buffered data. Since there is no longer any buffered data, return the error. */ { if (DBG_IOBUF) log_debug ("iobuf-%d.%d: underflow: eof (pending eof)\n", a->no, a->subno); if (! clear_pending_eof) return -1; if (a->chain) /* A filter follows this one. Free this filter. */ { iobuf_t b = a->chain; if (DBG_IOBUF) log_debug ("iobuf-%d.%d: filter popped (pending EOF returned)\n", a->no, a->subno); xfree (a->d.buf); xfree (a->real_fname); memcpy (a, b, sizeof *a); xfree (b); print_chain (a); } else a->filter_eof = 0; /* for the top level filter */ return -1; /* return one(!) EOF */ } if (a->d.len == 0 && a->error) /* The last time we tried to read from this filter, we got an error. We couldn't return the error, because there was buffered data. Since there is no longer any buffered data, return the error. */ { if (DBG_IOBUF) log_debug ("iobuf-%d.%d: pending error (%s) returned\n", a->no, a->subno, gpg_strerror (a->error)); return -1; } if (a->filter && ! a->filter_eof && ! a->error) /* We have a filter function and the last time we tried to read we didn't get an EOF or an error. Try to fill the buffer. */ { /* Be careful to account for any buffered data. */ len = a->d.size - a->d.len; if (DBG_IOBUF) log_debug ("iobuf-%d.%d: underflow: A->FILTER (%lu bytes)\n", a->no, a->subno, (ulong) len); if (len == 0) /* There is no space for more data. Don't bother calling A->FILTER. */ rc = 0; else rc = a->filter (a->filter_ov, IOBUFCTRL_UNDERFLOW, a->chain, &a->d.buf[a->d.len], &len); a->d.len += len; if (DBG_IOBUF) log_debug ("iobuf-%d.%d: A->FILTER() returned rc=%d (%s), read %lu bytes\n", a->no, a->subno, rc, rc == 0 ? "ok" : rc == -1 ? "EOF" : gpg_strerror (rc), (ulong) len); /* if( a->no == 1 ) */ /* log_hexdump (" data:", a->d.buf, len); */ if (rc == -1) /* EOF. */ { size_t dummy_len = 0; /* Tell the filter to free itself */ if ((rc = a->filter (a->filter_ov, IOBUFCTRL_FREE, a->chain, NULL, &dummy_len))) log_error ("IOBUFCTRL_FREE failed: %s\n", gpg_strerror (rc)); /* Free everything except for the internal buffer. */ if (a->filter_ov && a->filter_ov_owner) xfree (a->filter_ov); a->filter_ov = NULL; a->filter = NULL; a->filter_eof = 1; if (clear_pending_eof && a->d.len == 0 && a->chain) /* We don't need to keep this filter around at all: - we got an EOF - we have no buffered data - a filter follows this one. Unlink this filter. */ { iobuf_t b = a->chain; if (DBG_IOBUF) log_debug ("iobuf-%d.%d: pop in underflow (nothing buffered, got EOF)\n", a->no, a->subno); xfree (a->d.buf); xfree (a->real_fname); memcpy (a, b, sizeof *a); xfree (b); print_chain (a); return -1; } else if (a->d.len == 0) /* We can't unlink this filter (it is the only one in the pipeline), but we can immediately return EOF. */ return -1; } else if (rc) /* Record the error. */ { a->error = rc; if (a->d.len == 0) /* There is no buffered data. Immediately return EOF. */ return -1; } } assert (a->d.start <= a->d.len); if (a->d.start < a->d.len) return a->d.buf[a->d.start++]; /* EOF. */ return -1; } static int filter_flush (iobuf_t a) { size_t len; int rc; if (a->use == IOBUF_OUTPUT_TEMP) { /* increase the temp buffer */ size_t newsize = a->d.size + IOBUF_BUFFER_SIZE; if (DBG_IOBUF) log_debug ("increasing temp iobuf from %lu to %lu\n", (ulong) a->d.size, (ulong) newsize); a->d.buf = xrealloc (a->d.buf, newsize); a->d.size = newsize; return 0; } else if (a->use != IOBUF_OUTPUT) log_bug ("flush on non-output iobuf\n"); else if (!a->filter) log_bug ("filter_flush: no filter\n"); len = a->d.len; rc = a->filter (a->filter_ov, IOBUFCTRL_FLUSH, a->chain, a->d.buf, &len); if (!rc && len != a->d.len) { log_info ("filter_flush did not write all!\n"); rc = GPG_ERR_INTERNAL; } else if (rc) a->error = rc; a->d.len = 0; return rc; } int iobuf_readbyte (iobuf_t a) { int c; if (a->use == IOBUF_OUTPUT || a->use == IOBUF_OUTPUT_TEMP) { log_bug ("iobuf_readbyte called on a non-INPUT pipeline!\n"); return -1; } assert (a->d.start <= a->d.len); if (a->nlimit && a->nbytes >= a->nlimit) return -1; /* forced EOF */ if (a->d.start < a->d.len) { c = a->d.buf[a->d.start++]; } else if ((c = underflow (a, 1)) == -1) return -1; /* EOF */ assert (a->d.start <= a->d.len); /* Note: if underflow doesn't return EOF, then it returns the first byte that was read and advances a->d.start appropriately. */ a->nbytes++; return c; } int iobuf_read (iobuf_t a, void *buffer, unsigned int buflen) { unsigned char *buf = (unsigned char *)buffer; int c, n; if (a->use == IOBUF_OUTPUT || a->use == IOBUF_OUTPUT_TEMP) { log_bug ("iobuf_read called on a non-INPUT pipeline!\n"); return -1; } if (a->nlimit) { /* Handle special cases. */ for (n = 0; n < buflen; n++) { if ((c = iobuf_readbyte (a)) == -1) { if (!n) return -1; /* eof */ break; } if (buf) { *buf = c; buf++; } } return n; } n = 0; do { if (n < buflen && a->d.start < a->d.len) /* Drain the buffer. */ { unsigned size = a->d.len - a->d.start; if (size > buflen - n) size = buflen - n; if (buf) memcpy (buf, a->d.buf + a->d.start, size); n += size; a->d.start += size; if (buf) buf += size; } if (n < buflen) /* Draining the internal buffer didn't fill BUFFER. Call underflow to read more data into the filter's internal buffer. */ { if ((c = underflow (a, 1)) == -1) /* EOF. If we managed to read something, don't return EOF now. */ { a->nbytes += n; return n ? n : -1 /*EOF*/; } if (buf) *buf++ = c; n++; } } while (n < buflen); a->nbytes += n; return n; } int iobuf_peek (iobuf_t a, byte * buf, unsigned buflen) { int n = 0; assert (buflen > 0); assert (a->use == IOBUF_INPUT || a->use == IOBUF_INPUT_TEMP); if (buflen > a->d.size) /* We can't peek more than we can buffer. */ buflen = a->d.size; /* Try to fill the internal buffer with enough data to satisfy the request. */ while (buflen > a->d.len - a->d.start) { if (underflow (a, 0) == -1) /* EOF. We can't read any more. */ break; /* Underflow consumes the first character (it's the return value). unget() it by resetting the "file position". */ assert (a->d.start == 1); a->d.start = 0; } n = a->d.len - a->d.start; if (n > buflen) n = buflen; if (n == 0) /* EOF. */ return -1; memcpy (buf, &a->d.buf[a->d.start], n); return n; } int iobuf_writebyte (iobuf_t a, unsigned int c) { int rc; if (a->use == IOBUF_INPUT || a->use == IOBUF_INPUT_TEMP) { log_bug ("iobuf_writebyte called on an input pipeline!\n"); return -1; } if (a->d.len == a->d.size) if ((rc=filter_flush (a))) return rc; assert (a->d.len < a->d.size); a->d.buf[a->d.len++] = c; return 0; } int iobuf_write (iobuf_t a, const void *buffer, unsigned int buflen) { const unsigned char *buf = (const unsigned char *)buffer; int rc; if (a->use == IOBUF_INPUT || a->use == IOBUF_INPUT_TEMP) { log_bug ("iobuf_write called on an input pipeline!\n"); return -1; } do { if (buflen && a->d.len < a->d.size) { unsigned size = a->d.size - a->d.len; if (size > buflen) size = buflen; memcpy (a->d.buf + a->d.len, buf, size); buflen -= size; buf += size; a->d.len += size; } if (buflen) { rc = filter_flush (a); if (rc) return rc; } } while (buflen); return 0; } int iobuf_writestr (iobuf_t a, const char *buf) { if (a->use == IOBUF_INPUT || a->use == IOBUF_INPUT_TEMP) { log_bug ("iobuf_writestr called on an input pipeline!\n"); return -1; } return iobuf_write (a, buf, strlen (buf)); } int iobuf_write_temp (iobuf_t dest, iobuf_t source) { assert (source->use == IOBUF_OUTPUT || source->use == IOBUF_OUTPUT_TEMP); assert (dest->use == IOBUF_OUTPUT || dest->use == IOBUF_OUTPUT_TEMP); iobuf_flush_temp (source); return iobuf_write (dest, source->d.buf, source->d.len); } size_t iobuf_temp_to_buffer (iobuf_t a, byte * buffer, size_t buflen) { size_t n; while (1) { int rc = filter_flush (a); if (rc) log_bug ("Flushing iobuf %d.%d (%s) from iobuf_temp_to_buffer failed. Ignoring.\n", a->no, a->subno, iobuf_desc (a)); if (! a->chain) break; a = a->chain; } n = a->d.len; if (n > buflen) n = buflen; memcpy (buffer, a->d.buf, n); return n; } +/* Copies the data from the input iobuf SOURCE to the output iobuf + DEST until either an error is encountered or EOF is reached. + Returns the number of bytes copies. */ +size_t +iobuf_copy (iobuf_t dest, iobuf_t source) +{ + char *temp; + /* Use a 1 MB buffer. */ + const size_t temp_size = 1024 * 1024; + + size_t nread; + size_t nwrote = 0; + int err; + + assert (source->use == IOBUF_INPUT || source->use == IOBUF_INPUT_TEMP); + assert (dest->use == IOBUF_OUTPUT || source->use == IOBUF_OUTPUT_TEMP); + + temp = xmalloc (temp_size); + while (1) + { + nread = iobuf_read (source, temp, temp_size); + if (nread == -1) + /* EOF. */ + break; + + err = iobuf_write (dest, temp, nread); + if (err) + break; + nwrote += nread; + } + xfree (temp); + + return nwrote; +} + void iobuf_flush_temp (iobuf_t temp) { if (temp->use == IOBUF_INPUT || temp->use == IOBUF_INPUT_TEMP) log_bug ("iobuf_writestr called on an input pipeline!\n"); while (temp->chain) pop_filter (temp, temp->filter, NULL); } void iobuf_set_limit (iobuf_t a, off_t nlimit) { if (nlimit) a->nofast = 1; else a->nofast = 0; a->nlimit = nlimit; a->ntotal += a->nbytes; a->nbytes = 0; } off_t iobuf_get_filelength (iobuf_t a, int *overflow) { struct stat st; if (overflow) *overflow = 0; /* Hmmm: file_filter may have already been removed */ for ( ; a->chain; a = a->chain ) ; if (a->filter != file_filter) return 0; { file_filter_ctx_t *b = a->filter_ov; gnupg_fd_t fp = b->fp; #if defined(HAVE_W32_SYSTEM) ulong size; static int (* __stdcall get_file_size_ex) (void *handle, LARGE_INTEGER *r_size); static int get_file_size_ex_initialized; if (!get_file_size_ex_initialized) { void *handle; handle = dlopen ("kernel32.dll", RTLD_LAZY); if (handle) { get_file_size_ex = dlsym (handle, "GetFileSizeEx"); if (!get_file_size_ex) dlclose (handle); } get_file_size_ex_initialized = 1; } if (get_file_size_ex) { /* This is a newer system with GetFileSizeEx; we use this then because it seem that GetFileSize won't return a proper error in case a file is larger than 4GB. */ LARGE_INTEGER exsize; if (get_file_size_ex (fp, &exsize)) { if (!exsize.u.HighPart) return exsize.u.LowPart; if (overflow) *overflow = 1; return 0; } } else { if ((size=GetFileSize (fp, NULL)) != 0xffffffff) return size; } log_error ("GetFileSize for handle %p failed: %s\n", fp, w32_strerror (0)); #else if ( !fstat (FD2INT (fp), &st) ) return st.st_size; log_error("fstat() failed: %s\n", strerror(errno) ); #endif } return 0; } int iobuf_get_fd (iobuf_t a) { for (; a->chain; a = a->chain) ; if (a->filter != file_filter) return -1; { file_filter_ctx_t *b = a->filter_ov; gnupg_fd_t fp = b->fp; return FD2INT (fp); } } off_t iobuf_tell (iobuf_t a) { return a->ntotal + a->nbytes; } #if !defined(HAVE_FSEEKO) && !defined(fseeko) #ifdef HAVE_LIMITS_H # include #endif #ifndef LONG_MAX # define LONG_MAX ((long) ((unsigned long) -1 >> 1)) #endif #ifndef LONG_MIN # define LONG_MIN (-1 - LONG_MAX) #endif /**************** * A substitute for fseeko, for hosts that don't have it. */ static int fseeko (FILE * stream, off_t newpos, int whence) { while (newpos != (long) newpos) { long pos = newpos < 0 ? LONG_MIN : LONG_MAX; if (fseek (stream, pos, whence) != 0) return -1; newpos -= pos; whence = SEEK_CUR; } return fseek (stream, (long) newpos, whence); } #endif int iobuf_seek (iobuf_t a, off_t newpos) { file_filter_ctx_t *b = NULL; if (a->use == IOBUF_OUTPUT || a->use == IOBUF_INPUT) { /* Find the last filter in the pipeline. */ for (; a->chain; a = a->chain) ; if (a->filter != file_filter) return -1; b = a->filter_ov; #ifdef HAVE_W32_SYSTEM if (SetFilePointer (b->fp, newpos, NULL, FILE_BEGIN) == 0xffffffff) { log_error ("SetFilePointer failed on handle %p: ec=%d\n", b->fp, (int) GetLastError ()); return -1; } #else if (lseek (b->fp, newpos, SEEK_SET) == (off_t) - 1) { log_error ("can't lseek: %s\n", strerror (errno)); return -1; } #endif /* Discard the buffer it is not a temp stream. */ a->d.len = 0; } a->d.start = 0; a->nbytes = 0; a->nlimit = 0; a->nofast = 0; a->ntotal = newpos; a->error = 0; /* It is impossible for A->CHAIN to be non-NULL. If A is an INPUT or OUTPUT buffer, then we find the last filter, which is defined as A->CHAIN being NULL. If A is a TEMP filter, then A must be the only filter in the pipe: when iobuf_push_filter adds a filter to the front of a pipeline, it sets the new filter to be an OUTPUT filter if the pipeline is an OUTPUT or TEMP pipeline and to be an INPUT filter if the pipeline is an INPUT pipeline. Thus, only the last filter in a TEMP pipeline can be a */ /* remove filters, but the last */ if (a->chain) log_debug ("pop_filter called in iobuf_seek - please report\n"); while (a->chain) pop_filter (a, a->filter, NULL); return 0; } const char * iobuf_get_real_fname (iobuf_t a) { if (a->real_fname) return a->real_fname; /* the old solution */ for (; a; a = a->chain) if (!a->chain && a->filter == file_filter) { file_filter_ctx_t *b = a->filter_ov; return b->print_only_name ? NULL : b->fname; } return NULL; } const char * iobuf_get_fname (iobuf_t a) { for (; a; a = a->chain) if (!a->chain && a->filter == file_filter) { file_filter_ctx_t *b = a->filter_ov; return b->fname; } return NULL; } const char * iobuf_get_fname_nonnull (iobuf_t a) { const char *fname; fname = iobuf_get_fname (a); return fname? fname : "[?]"; } /**************** * enable partial block mode as described in the OpenPGP draft. * LEN is the first length byte on read, but ignored on writes. */ void iobuf_set_partial_block_mode (iobuf_t a, size_t len) { block_filter_ctx_t *ctx = xcalloc (1, sizeof *ctx); ctx->use = a->use; if (!len) { if (a->use == IOBUF_INPUT) log_debug ("pop_filter called in set_partial_block_mode" " - please report\n"); /* XXX: This pop_filter doesn't make sense. Since we haven't actually added the filter to the pipeline yet, why are we popping anything? Moreover, since we don't report an error, the caller won't directly see an error. I think that it would be better to push the filter and set a->error to GPG_ERR_BAD_DATA, but Werner thinks it's impossible for len to be 0 (but he doesn't want to remove the check just in case). */ pop_filter (a, block_filter, NULL); } else { ctx->partial = 1; ctx->size = 0; ctx->first_c = len; iobuf_push_filter (a, block_filter, ctx); } } unsigned int iobuf_read_line (iobuf_t a, byte ** addr_of_buffer, unsigned *length_of_buffer, unsigned *max_length) { int c; char *buffer = (char *)*addr_of_buffer; unsigned length = *length_of_buffer; unsigned nbytes = 0; unsigned maxlen = *max_length; char *p; /* The code assumes that we have space for at least a newline and a NUL character in the buffer. This requires at least 2 bytes. We don't complicate the code by handling the stupid corner case, but simply assert that it can't happen. */ assert (length >= 2 || maxlen >= 2); if (!buffer || length <= 1) /* must allocate a new buffer */ { length = 256 <= maxlen ? 256 : maxlen; buffer = xrealloc (buffer, length); *addr_of_buffer = (unsigned char *)buffer; *length_of_buffer = length; } p = buffer; while ((c = iobuf_get (a)) != -1) { *p++ = c; nbytes++; if (c == '\n') break; if (nbytes == length - 1) /* We don't have enough space to add a \n and a \0. Increase the buffer size. */ { if (length == maxlen) /* We reached the buffer's size limit! */ { /* Skip the rest of the line. */ while (c != '\n' && (c = iobuf_get (a)) != -1) ; /* p is pointing at the last byte in the buffer. We always terminate the line with "\n\0" so overwrite the previous byte with a \n. */ assert (p > buffer); p[-1] = '\n'; /* Indicate truncation. */ *max_length = 0; break; } length += length < 1024 ? 256 : 1024; if (length > maxlen) length = maxlen; buffer = xrealloc (buffer, length); *addr_of_buffer = (unsigned char *)buffer; *length_of_buffer = length; p = buffer + nbytes; } } /* Add the terminating NUL. */ *p = 0; /* Return the number of characters written to the buffer including the newline, but not including the terminating NUL. */ return nbytes; } static int translate_file_handle (int fd, int for_write) { #if defined(HAVE_W32CE_SYSTEM) /* This is called only with one of the special filenames. Under W32CE the FD here is not a file descriptor but a rendezvous id, thus we need to finish the pipe first. */ fd = _assuan_w32ce_finish_pipe (fd, for_write); #elif defined(HAVE_W32_SYSTEM) { int x; (void)for_write; if (fd == 0) x = (int) GetStdHandle (STD_INPUT_HANDLE); else if (fd == 1) x = (int) GetStdHandle (STD_OUTPUT_HANDLE); else if (fd == 2) x = (int) GetStdHandle (STD_ERROR_HANDLE); else x = fd; if (x == -1) log_debug ("GetStdHandle(%d) failed: ec=%d\n", fd, (int) GetLastError ()); fd = x; } #else (void)for_write; #endif return fd; } void iobuf_skip_rest (iobuf_t a, unsigned long n, int partial) { if ( partial ) { for (;;) { if (a->nofast || a->d.start >= a->d.len) { if (iobuf_readbyte (a) == -1) { break; } } else { unsigned long count = a->d.len - a->d.start; a->nbytes += count; a->d.start = a->d.len; } } } else { unsigned long remaining = n; while (remaining > 0) { if (a->nofast || a->d.start >= a->d.len) { if (iobuf_readbyte (a) == -1) { break; } --remaining; } else { unsigned long count = a->d.len - a->d.start; if (count > remaining) { count = remaining; } a->nbytes += count; a->d.start += count; remaining -= count; } } } } diff --git a/common/iobuf.h b/common/iobuf.h index bce6c3162..e106292c6 100644 --- a/common/iobuf.h +++ b/common/iobuf.h @@ -1,614 +1,622 @@ /* iobuf.h - I/O buffer * Copyright (C) 1998, 1999, 2000, 2001, 2003, * 2010 Free Software Foundation, Inc. * * This file is part of GnuPG. * * This file is free software; you can redistribute it and/or modify * it under the terms of either * * - the GNU Lesser General Public License as published by the Free * Software Foundation; either version 3 of the License, or (at * your option) any later version. * * or * * - the GNU General Public License as published by the Free * Software Foundation; either version 2 of the License, or (at * your option) any later version. * * or both in parallel, as here. * * This file is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see . */ #ifndef GNUPG_COMMON_IOBUF_H #define GNUPG_COMMON_IOBUF_H /* An iobuf is basically a filter in a pipeline. Consider the following command, which consists of three filters that are chained together: $ cat file | base64 --decode | gunzip The first filter reads the file from the file system and sends that data to the second filter. The second filter decodes base64-encoded data and sends the data to the third and last filter. The last filter decompresses the data and the result is displayed on the terminal. The iobuf system works in the same way where each iobuf is a filter and the individual iobufs can be chained together. There are number of predefined filters. iobuf_open(), for instance, creates a filter that reads from a specified file. And, iobuf_temp_with_content() creates a filter that returns some specified contents. There are also filters for writing content. iobuf_openrw opens a file for writing. iobuf_temp creates a filter that writes data to a fixed-sized buffer. To chain filters together, you use the iobuf_push_filter() function. The filters are chained together using the chain field in the iobuf_t. A pipeline can only be used for reading (IOBUF_INPUT) or for writing (IOBUF_OUTPUT / IOBUF_OUTPUT_TEMP). When reading, data flows from the last filter towards the first. That is, the user calls iobuf_read(), the module reads from the first filter, which gets its input from the second filter, etc. When writing, data flows from the first filter towards the last. In this case, when the user calls iobuf_write(), the data is written to the first filter, which writes the transformed data to the second filter, etc. An iobuf_t contains some state about the filter. For instance, it indicates if the filter has already returned EOF (filter_eof) and the next filter in the pipeline, if any (chain). It also contains a function pointer, filter. This is a generic function. It is called when input is needed or output is available. In this case it is passed a pointer to some filter-specific persistent state (filter_ov), the actual operation, the next filter in the chain, if any, and a buffer that either contains the contents to write, if the pipeline is setup to write data, or is the place to store data, if the pipeline is setup to read data. Unlike a Unix pipeline, an IOBUF pipeline can return EOF multiple times. This is similar to the following: { cat file1; cat file2; } | grep foo However, instead of grep seeing a single stream, grep would see each byte stream followed by an EOF marker. (When a filter returns EOF, the EOF is returned to the user exactly once and then the filter is removed from the pipeline.) */ /* For estream_t. */ #include #include "../common/types.h" #include "../common/sysutils.h" #define DBG_IOBUF iobuf_debug_mode /* Filter control modes. */ enum { IOBUFCTRL_INIT = 1, IOBUFCTRL_FREE = 2, IOBUFCTRL_UNDERFLOW = 3, IOBUFCTRL_FLUSH = 4, IOBUFCTRL_DESC = 5, IOBUFCTRL_CANCEL = 6, IOBUFCTRL_USER = 16 }; /* Command codes for iobuf_ioctl. */ typedef enum { IOBUF_IOCTL_KEEP_OPEN = 1, /* Uses intval. */ IOBUF_IOCTL_INVALIDATE_CACHE = 2, /* Uses ptrval. */ IOBUF_IOCTL_NO_CACHE = 3, /* Uses intval. */ IOBUF_IOCTL_FSYNC = 4 /* Uses ptrval. */ } iobuf_ioctl_t; enum iobuf_use { /* Pipeline is in input mode. The data flows from the end to the beginning. That is, when reading from the pipeline, the first filter gets its input from the second filter, etc. */ IOBUF_INPUT, /* Pipeline is in input mode. The last filter in the pipeline is a temporary buffer from which the data is "read". */ IOBUF_INPUT_TEMP, /* Pipeline is in output mode. The data flows from the beginning to the end. That is, when writing to the pipeline, the user writes to the first filter, which transforms the data and sends it to the second filter, etc. */ IOBUF_OUTPUT, /* Pipeline is in output mode. The last filter in the pipeline is a temporary buffer that grows as necessary. */ IOBUF_OUTPUT_TEMP }; typedef struct iobuf_struct *iobuf_t; typedef struct iobuf_struct *IOBUF; /* Compatibility with gpg 1.4. */ /* fixme: we should hide most of this stuff */ struct iobuf_struct { /* The type of filter. Either IOBUF_INPUT, IOBUF_OUTPUT or IOBUF_OUTPUT_TEMP. */ enum iobuf_use use; /* nlimit can be changed using iobuf_set_limit. If non-zero, it is the number of additional bytes that can be read from the filter before EOF is forcefully returned. */ off_t nlimit; /* nbytes if the number of bytes that have been read (using iobuf_get / iobuf_readbyte / iobuf_read) since the last call to iobuf_set_limit. */ off_t nbytes; /* The number of bytes read prior to the last call to iobuf_set_limit. Thus, the total bytes read (i.e., the position of stream) is ntotal + nbytes. */ off_t ntotal; /* Whether we need to read from the filter one byte at a time or whether we can do bulk reads. We need to read one byte at a time if a limit (set via iobuf_set_limit) is active. */ int nofast; /* A buffer for unread/unwritten data. For an output pipeline (IOBUF_OUTPUT), this is the data that has not yet been written to the filter. Consider a simple pipeline consisting of a single stage, which writes to a file. When you write to the pipeline (iobuf_writebyte or iobuf_write), the data is first stored in this buffer. Only when the buffer is full or you call iobuf_flush() is FILTER actually called and the data written to the file. For an input pipeline (IOBUF_INPUT), this is the data that has been read from this filter, but not yet been read from the preceding filter (or the user, if this filter is the head of the pipeline). Again, consider a simple pipeline consisting of a single stage. This stage reads from a file. If you read a single byte (iobuf_get) and the buffer is empty, then FILTER is called to fill the buffer. In this case, a single byte is not requested, but the whole buffer is filled (if possible). */ struct { /* Size of the buffer. */ size_t size; /* Number of bytes at the beginning of the buffer that have already been consumed. (In other words: the index of the first byte that hasn't been consumed.) This is only non-zero for input filters. */ size_t start; /* The number of bytes in the buffer including any bytes that have been consumed. */ size_t len; /* The buffer itself. */ byte *buf; } d; /* When FILTER is called to read some data, it may read some data and then return EOF. We can't return the EOF immediately. Instead, we note that we observed the EOF and when the buffer is finally empty, we return the EOF. */ int filter_eof; /* Like filter_eof, when FILTER is called to read some data, it may read some data and then return an error. We can't return the error (in the form of an EOF) immediately. Instead, we note that we observed the error and when the buffer is finally empty, we return the EOF. */ int error; /* The callback function to read data from the filter, etc. See iobuf_filter_push for details. */ int (*filter) (void *opaque, int control, iobuf_t chain, byte * buf, size_t * len); /* An opaque pointer that can be used for local filter state. This is passed as the first parameter to FILTER. */ void *filter_ov; /* Whether the iobuf code should free(filter_ov) when destroying the filter. */ int filter_ov_owner; /* When using iobuf_open, iobuf_create, iobuf_openrw to open a file, the file's name is saved here. This is used to delete the file when an output pipeline (IOBUF_OUPUT) is canceled (iobuf_cancel). */ char *real_fname; /* The next filter in the pipeline. */ iobuf_t chain; /* This field is for debugging. Each time a filter is allocated (via iobuf_alloc()), a monotonically increasing counter is incremented and this field is set to the new value. This field should only be accessed via the iobuf_io macro. */ int no; /* The number of filters in the pipeline following (not including) this one. When you call iobuf_push_filter or iobuf_push_filter2, this value is used to check the length of the pipeline if the pipeline already contains 65 stages then these functions fail. This amount of nesting typically indicates corrupted data or an active denial of service attack. */ int subno; }; #ifndef EXTERN_UNLESS_MAIN_MODULE #if defined (__riscos__) && !defined (INCLUDED_BY_MAIN_MODULE) #define EXTERN_UNLESS_MAIN_MODULE extern #else #define EXTERN_UNLESS_MAIN_MODULE #endif #endif EXTERN_UNLESS_MAIN_MODULE int iobuf_debug_mode; /* Whether iobuf_open, iobuf_create and iobuf_is_pipefilename recognize special filenames. Special filenames are of the form "-&nnnn" where n is a positive integer. The integer corresponds to a file descriptor. Note: these functions always recognize the special filename '-', which corresponds to standard input. */ void iobuf_enable_special_filenames (int yes); /* Returns whether the specified filename corresponds to a pipe. In particular, this function checks if FNAME is "-" and, if special filenames are enabled (see iobuf_enable_special_filenames), whether FNAME is a special filename. */ int iobuf_is_pipe_filename (const char *fname); /* Allocate a new filter. This filter doesn't have a function assigned to it. Thus you need to manually set IOBUF->FILTER and IOBUF->FILTER_OV, if required. This function is intended to help create a new primary source or primary sink, i.e., the last filter in the pipeline. USE is IOBUF_INPUT, IOBUF_INPUT_TEMP, IOBUF_OUTPUT or IOBUF_OUTPUT_TEMP. BUFSIZE is the desired internal buffer size (that is, the size of the typical read / write request). */ iobuf_t iobuf_alloc (int use, size_t bufsize); /* Create an output filter that simply buffers data written to it. This is useful for collecting data for later processing. The buffer can be written to in the usual way (iobuf_write, etc.). The data can later be extracted using iobuf_write_temp() or iobuf_temp_to_buffer(). */ iobuf_t iobuf_temp (void); /* Create an input filter that contains some data for reading. */ iobuf_t iobuf_temp_with_content (const char *buffer, size_t length); /* Create an input file filter that reads from a file. If FNAME is '-', reads from stdin. If special filenames are enabled (iobuf_enable_special_filenames), then interprets special filenames. */ iobuf_t iobuf_open (const char *fname); /* Create an output file filter that writes to a file. If FNAME is NULL or '-', writes to stdout. If special filenames are enabled (iobuf_enable_special_filenames), then interprets special filenames. If FNAME is not NULL, '-' or a special filename, the file is opened for writing. If the file exists, it is truncated. If MODE700 is TRUE, the file is created with mode 600. Otherwise, mode 666 is used. */ iobuf_t iobuf_create (const char *fname, int mode700); /* Create an output file filter that writes to a specified file. Neither '-' nor special file names are recognized. */ iobuf_t iobuf_openrw (const char *fname); /* Create a file filter using an existing file descriptor. If MODE contains the letter 'w', creates an output filter. Otherwise, creates an input filter. Note: MODE must reflect the file descriptors actual mode! When the filter is destroyed, the file descriptor is closed. */ iobuf_t iobuf_fdopen (int fd, const char *mode); /* Like iobuf_fdopen, but doesn't close the file descriptor when the filter is destroyed. */ iobuf_t iobuf_fdopen_nc (int fd, const char *mode); /* Create a filter using an existing estream. If MODE contains the letter 'w', creates an output filter. Otherwise, creates an input filter. If KEEP_OPEN is TRUE, then the stream is not closed when the filter is destroyed. Otherwise, the stream is closed when the filter is destroyed. */ iobuf_t iobuf_esopen (estream_t estream, const char *mode, int keep_open); /* Create a filter using an existing socket. On Windows creates a special socket filter. On non-Windows systems simply, this simply calls iobuf_fdopen. */ iobuf_t iobuf_sockopen (int fd, const char *mode); /* Set various options / perform different actions on a PIPELINE. See the IOBUF_IOCTL_* macros above. */ int iobuf_ioctl (iobuf_t a, iobuf_ioctl_t cmd, int intval, void *ptrval); /* Close a pipeline. The filters in the pipeline are first flushed using iobuf_flush, if they are output filters, and then IOBUFCTRL_FREE is called on each filter. If any filter returns a non-zero value in response to the IOBUFCTRL_FREE, that first such non-zero value is returned. Note: processing is not aborted in this case. If all filters are freed successfully, 0 is returned. */ int iobuf_close (iobuf_t iobuf); /* Calls IOBUFCTRL_CANCEL on each filter in the pipeline. Then calls io_close() on the pipeline. Finally, if the pipeline is an output pipeline, deletes the file. Returns the result of calling iobuf_close on the pipeline. */ int iobuf_cancel (iobuf_t iobuf); /* Add a new filter to the front of a pipeline. A is the head of the pipeline. F is the filter implementation. OV is an opaque pointer that is passed to F and is normally used to hold any internal state, such as a file pointer. Note: you may only maintain a reference to an iobuf_t as a reference to the head of the pipeline. That is, don't think about setting a pointer in OV to point to the filter's iobuf_t. This is because when we add a new filter to a pipeline, we memcpy the state in A into new buffer. This has the advantage that there is no need to update any references to the pipeline when a filter is added or removed, but it also means that a filter's state moves around in memory. The behavior of the filter function is determined by the value of the control parameter: IOBUFCTRL_INIT: Called this value just before the filter is linked into the pipeline. This can be used to initialize internal data structures. IOBUFCTRL_FREE: Called with this value just before the filter is removed from the pipeline. Normally used to release internal data structures, close a file handle, etc. IOBUFCTRL_UNDERFLOW: Called with this value to fill the passed buffer with more data. *LEN is the size of the buffer. Before returning, it should be set to the number of bytes which were written into the buffer. The function must return 0 to indicate success, -1 on EOF and a GPG_ERR_xxxxx code for any error. Note: this function may both return data and indicate an error or EOF. In this case, it simply writes the data to BUF, sets *LEN and returns the appropriate return code. The implication is that if an error occurs and no data has yet been written, it is essential that *LEN be set to 0! IOBUFCTRL_FLUSH: Called with this value to write out any collected data. *LEN is the number of bytes in BUF that need to be written out. Returns 0 on success and a GPG_ERR_* code otherwise. *LEN must be set to the number of bytes that were written out. IOBUFCTRL_CANCEL: Called with this value when iobuf_cancel() is called on the pipeline. IOBUFCTRL_DESC: Called with this value to get a human-readable description of the filter. * (char **) BUF should set to the NUL-terminated string. Note: you need to keep track of this value and, if necessary, free it when the filter function is called with control set to IOBUFCTRL_FREE. */ int iobuf_push_filter (iobuf_t a, int (*f) (void *opaque, int control, iobuf_t chain, byte * buf, size_t * len), void *ov); /* This variant of iobuf_push_filter allows the called to indicate that OV should be freed when this filter is freed. That is, if REL_OV is TRUE, then when the filter is popped or freed OV will be freed after the filter function is called with control set to IOBUFCTRL_FREE. */ int iobuf_push_filter2 (iobuf_t a, int (*f) (void *opaque, int control, iobuf_t chain, byte * buf, size_t * len), void *ov, int rel_ov); /* Used for debugging. Prints out the chain using log_debug if IOBUF_DEBUG_MODE is not 0. */ int iobuf_print_chain (iobuf_t a); /* Indicate that some error occured on the specified filter. */ #define iobuf_set_error(a) do { (a)->error = 1; } while(0) /* Return any pending error on filter A. */ #define iobuf_error(a) ((a)->error) /* Limit the amount of additional data that may be read from the filter. That is, if you've already read 100 bytes from A and you set the limit to 50, then you can read up to an additional 50 bytes (i.e., a total of 150 bytes) before EOF is forcefully returned. Setting NLIMIT to 0 removes any active limit. Note: using iobuf_seek removes any currently enforced limit! */ void iobuf_set_limit (iobuf_t a, off_t nlimit); /* Returns the number of bytes that have been read from the pipeline. Note: the result is undefined for IOBUF_OUTPUT and IOBUF_OUTPUT_TEMP pipelines! */ off_t iobuf_tell (iobuf_t a); /* There are two cases: - If A is an INPUT or OUTPUT pipeline, then the last filter in the pipeline is found. If that is not a file filter, -1 is returned. Otherwise, an fseek(..., SEEK_SET) is performed on the file descriptor. - If A is a TEMP pipeline and the *first* (and thus only filter) is a TEMP filter, then the "file position" is effectively unchanged. That is, data is appended to the buffer and the seek does not cause the size of the buffer to grow. If no error occured, then any limit previous set by iobuf_set_limit() is cleared. Further, any error on the filter (the file filter or the temp filter) is cleared. Returns 0 on success and -1 if an error occurs. */ int iobuf_seek (iobuf_t a, off_t newpos); /* Read a single byte. If a filter has no more data, returns -1 to indicate the EOF. Generally, you don't want to use this function, but instead prefer the iobuf_get macro, which is faster if there is data in the internal buffer. */ int iobuf_readbyte (iobuf_t a); /* Get a byte from the iobuf; must check for eof prior to this function. This function returns values in the range 0 .. 255 or -1 to indicate EOF. iobuf_get_noeof() does not return -1 to indicate EOF, but masks the returned value to be in the range 0 .. 255. */ #define iobuf_get(a) \ ( ((a)->nofast || (a)->d.start >= (a)->d.len )? \ iobuf_readbyte((a)) : ( (a)->nbytes++, (a)->d.buf[(a)->d.start++] ) ) #define iobuf_get_noeof(a) (iobuf_get((a))&0xff) /* Fill BUF with up to BUFLEN bytes. If a filter has no more data, returns -1 to indicate the EOF. Otherwise returns the number of bytes read. */ int iobuf_read (iobuf_t a, void *buf, unsigned buflen); /* Read a line of input (including the '\n') from the pipeline. The semantics are the same as for fgets(), but if the buffer is too short a larger one will be allocated up to *MAX_LENGTH and the end of the line except the trailing '\n' discarded. (Thus, *ADDR_OF_BUFFER must be allocated using malloc().) If the buffer is enlarged, then *LENGTH_OF_BUFFER will be updated to reflect the new size. If the line is truncated, then *MAX_LENGTH will be set to 0. If *ADDR_OF_BUFFER is NULL, a buffer is allocated using malloc(). A line is considered a byte stream ending in a '\n'. Returns the number of characters written to the buffer (i.e., excluding any discarded characters due to truncation). Thus, use this instead of strlen(buffer) to determine the length of the string as this is unreliable if the input contains NUL characters. EOF is indicated by a line of length zero. The last LF may be missing due to an EOF. */ unsigned iobuf_read_line (iobuf_t a, byte ** addr_of_buffer, unsigned *length_of_buffer, unsigned *max_length); /* Read up to BUFLEN bytes from pipeline A. Note: this function can't return more than the pipeline's internal buffer size. The return value is the number of bytes actually written to BUF. If the filter returns EOF, then this function returns -1. This function does not clear any pending EOF. That is, if the pipeline consists of two filters and the first one returns EOF during the peek, then the subsequent iobuf_read* will still return EOF before returning the data from the second filter. */ int iobuf_peek (iobuf_t a, byte * buf, unsigned buflen); /* Write a byte to the pipeline. Returns 0 on success and an error code otherwise. */ int iobuf_writebyte (iobuf_t a, unsigned c); /* Alias for iobuf_writebyte. */ #define iobuf_put(a,c) iobuf_writebyte(a,c) /* Write a sequence of bytes to the pipeline. Returns 0 on success and an error code otherwise. */ int iobuf_write (iobuf_t a, const void *buf, unsigned buflen); /* Write a string (not including the NUL terminator) to the pipeline. Returns 0 on success and an error code otherwise. */ int iobuf_writestr (iobuf_t a, const char *buf); /* Flushes the pipeline removing all filters but the sink (the last filter) in the process. */ void iobuf_flush_temp (iobuf_t temp); /* Flushes the pipeline SOURCE removing all filters but the sink (the last filter) in the process (i.e., it calls iobuf_flush_temp(source)) and then writes the data to the pipeline DEST. Note: this doesn't free (iobuf_close()) SOURCE. Both SOURCE and DEST must be output pipelines. */ int iobuf_write_temp (iobuf_t dest, iobuf_t source); /* Flushes each filter in the pipeline (i.e., sends any buffered data to the filter by calling IOBUFCTRL_FLUSH). Then, copies up to the first BUFLEN bytes from the last filter's internal buffer (which will only be non-empty if it is a temp filter) to the buffer BUFFER. Returns the number of bytes actually copied. */ size_t iobuf_temp_to_buffer (iobuf_t a, byte * buffer, size_t buflen); +/* Copies the data from the input iobuf SOURCE to the output iobuf + DEST until either an error is encountered or EOF is reached. + Returns the number of bytes successfully written. If an error + occured, then any buffered bytes are not returned to SOURCE and are + effectively lost. To check if an error occured, use + iobuf_error. */ +size_t iobuf_copy (iobuf_t dest, iobuf_t source); + /* Return the size of any underlying file. This only works with file_filter based pipelines. On Win32, it is sometimes not possible to determine the size of files larger than 4GB. In this case, *OVERFLOW (if not NULL) is set to 1. Otherwise, *OVERFLOW is set to 0. */ off_t iobuf_get_filelength (iobuf_t a, int *overflow); #define IOBUF_FILELENGTH_LIMIT 0xffffffff /* Return the file descriptor designating the underlying file. This only works with file_filter based pipelines. */ int iobuf_get_fd (iobuf_t a); /* Return the real filename, if available. This only supports pipelines that end in file filters. Returns NULL if not available. */ const char *iobuf_get_real_fname (iobuf_t a); /* Return the filename or a description thereof. For instance, for iobuf_open("-"), this will return "[stdin]". This only supports pipelines that end in file filters. Returns NULL if not available. */ const char *iobuf_get_fname (iobuf_t a); /* Like iobuf_getfname, but instead of returning NULL if no description is available, return "[?]". */ const char *iobuf_get_fname_nonnull (iobuf_t a); /* Pushes a filter on the pipeline that interprets the datastream as an OpenPGP data block whose length is encoded using partial body length headers (see Section 4.2.2.4 of RFC 4880). Concretely, it just returns / writes the data and finishes the packet with an EOF. */ void iobuf_set_partial_block_mode (iobuf_t a, size_t len); /* If PARTIAL is set, then read from the pipeline until the first EOF is returned. If PARTIAL is 0, then read up to N bytes or until the first EOF is returned. Recall: a filter can return EOF. In this case, it and all preceding filters are popped from the pipeline and the next read is from the following filter (which may or may not return EOF). */ void iobuf_skip_rest (iobuf_t a, unsigned long n, int partial); #define iobuf_where(a) "[don't know]" /* Each time a filter is allocated (via iobuf_alloc()), a monotonically increasing counter is incremented and this field is set to the new value. This macro returns that number. */ #define iobuf_id(a) ((a)->no) #define iobuf_get_temp_buffer(a) ( (a)->d.buf ) #define iobuf_get_temp_length(a) ( (a)->d.len ) /* Whether the filter uses an in-memory buffer. */ #define iobuf_is_temp(a) ( (a)->use == IOBUF_OUTPUT_TEMP ) #endif /*GNUPG_COMMON_IOBUF_H*/