pingpong.c: fix Curl_pp_vsendf() arbitrary restrictions on command length

 *

 *

 * Sends the formated string as an IMAP command to a server

 * Sends the formated string as an IMAP command to a server

 *

 *

 * NOTE: we build the command in a fixed-length buffer, which sets length

 * restrictions on the command!

 *

 * Designed to never block.

 * Designed to never block.

 */

 */

static CURLcode imapsendf(struct connectdata *conn,

static CURLcode imapsendf(struct connectdata *conn,

 * the string should not have any CRLF appended, as this function will

 * the string should not have any CRLF appended, as this function will

 * append the necessary things itself.

 * append the necessary things itself.

 *

 *

 * NOTE: we build the command in a fixed-length buffer, which sets length

 * restrictions on the command!

 *

 * made to never block

 * made to never block

 */

 */

CURLcode Curl_pp_vsendf(struct pingpong *pp,

CURLcode Curl_pp_vsendf(struct pingpong *pp,

                        va_list args)

                        va_list args)

{

{

  ssize_t bytes_written;

  ssize_t bytes_written;

/* may still not be big enough for some krb5 tokens */

#define SBUF_SIZE 1024

  char s[SBUF_SIZE];

  size_t write_len;

  size_t write_len;

  char *sptr=s;

  char *fmt_crlf;

  CURLcode res = CURLE_OK;

  char *s;

  CURLcode error;

  struct connectdata *conn = pp->conn;

  struct connectdata *conn = pp->conn;

  struct SessionHandle *data = conn->data;

  struct SessionHandle *data = conn->data;

  enum protection_level data_sec = conn->data_prot;

  enum protection_level data_sec = conn->data_prot;

#endif

#endif

  vsnprintf(s, SBUF_SIZE-3, fmt, args);

  fmt_crlf = aprintf("%s\r\n", fmt); /* append a trailing CRLF */

  if(!fmt_crlf)

    return CURLE_OUT_OF_MEMORY;

  strcat(s, "\r\n"); /* append a trailing CRLF */

  s = vaprintf(fmt_crlf, args); /* trailing CRLF appended */

  free(fmt_crlf);

  if(!s)

    return CURLE_OUT_OF_MEMORY;

  bytes_written = 0;

  bytes_written = 0;

  write_len = strlen(s);

  write_len = strlen(s);

  Curl_pp_init(pp);

  Curl_pp_init(pp);

  res = Curl_convert_to_network(data, s, write_len);

  error = Curl_convert_to_network(data, s, write_len);

  /* Curl_convert_to_network calls failf if unsuccessful */

  /* Curl_convert_to_network calls failf if unsuccessful */

  if(res)

  if(error) {

    return res;

    free(s);

    return error;

  }

#if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)

#if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)

  conn->data_prot = PROT_CMD;

  conn->data_prot = PROT_CMD;

#endif

#endif

  res = Curl_write(conn, conn->sock[FIRSTSOCKET], sptr, write_len,

  error = Curl_write(conn, conn->sock[FIRSTSOCKET], s, write_len,

                     &bytes_written);

                     &bytes_written);

#if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)

#if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)

  DEBUGASSERT(data_sec > PROT_NONE && data_sec < PROT_LAST);

  DEBUGASSERT(data_sec > PROT_NONE && data_sec < PROT_LAST);

  conn->data_prot = data_sec;

  conn->data_prot = data_sec;

#endif

#endif

  if(CURLE_OK != res)

  if(error) {

    return res;

    free(s);

    return error;

  }

  if(conn->data->set.verbose)

  if(conn->data->set.verbose)

    Curl_debug(conn->data, CURLINFO_HEADER_OUT,

    Curl_debug(conn->data, CURLINFO_HEADER_OUT,

               sptr, (size_t)bytes_written, conn);

               s, (size_t)bytes_written, conn);

  if(bytes_written != (ssize_t)write_len) {

  if(bytes_written != (ssize_t)write_len) {

    /* the whole chunk was not sent, store the rest of the data */

    /* the whole chunk was not sent, store the rest of the data */

    write_len -= bytes_written;

    write_len -= bytes_written;

    sptr += bytes_written;

    memmove(s, s + bytes_written, write_len + 1);

    pp->sendthis = malloc(write_len);

    pp->sendthis = s;

    if(pp->sendthis) {

      memcpy(pp->sendthis, sptr, write_len);

    pp->sendsize = pp->sendleft = write_len;

    pp->sendsize = pp->sendleft = write_len;

  }

  }

  else {

  else {

      failf(data, "out of memory");

    free(s);

      res = CURLE_OUT_OF_MEMORY;

    pp->sendthis = NULL;

    }

    pp->sendleft = pp->sendsize = 0;

  }

  else

    pp->response = Curl_tvnow();

    pp->response = Curl_tvnow();

  }

  return res;

  return CURLE_OK;

}

}

 * the string should not have any CRLF appended, as this function will

 * the string should not have any CRLF appended, as this function will

 * append the necessary things itself.

 * append the necessary things itself.

 *

 *

 * NOTE: we build the command in a fixed-length buffer, which sets length

 * restrictions on the command!

 *

 * made to never block

 * made to never block

 */

 */

CURLcode Curl_pp_sendf(struct pingpong *pp,

CURLcode Curl_pp_sendf(struct pingpong *pp,

 * the string should not have any CRLF appended, as this function will

 * the string should not have any CRLF appended, as this function will

 * append the necessary things itself.

 * append the necessary things itself.

 *

 *

 * NOTE: we build the command in a fixed-length buffer, which sets length

 * restrictions on the command!

 *

 * made to never block

 * made to never block

 */

 */

CURLcode Curl_pp_sendf(struct pingpong *pp,

CURLcode Curl_pp_sendf(struct pingpong *pp,

 * the string should not have any CRLF appended, as this function will

 * the string should not have any CRLF appended, as this function will

 * append the necessary things itself.

 * append the necessary things itself.

 *

 *

 * NOTE: we build the command in a fixed-length buffer, which sets length

 * restrictions on the command!

 *

 * made to never block

 * made to never block

 */

 */

CURLcode Curl_pp_vsendf(struct pingpong *pp,

CURLcode Curl_pp_vsendf(struct pingpong *pp,