From cb7a1f6390094a9fc84376d4c6c6eb6e0f2ddf0b Mon Sep 17 00:00:00 2001 From: Laslo Hunhold Date: Wed, 5 Aug 2020 18:59:55 +0200 Subject: [PATCH] Replace off_t with size_t While off_t might be better suited for file-offsets and -sizes, the IEEE Computer Society was unable to mandate limits (min, max) for it in the POSIX specification in the last 32 years. Because it's impossible to portably determine these numbers for signed integers, I decided to switch to size_t for the offsets to be able to pass proper values to strtonum(), because C99 is sane and has defined limits for size_t (i.e. SIZE_MIN and SIZE_MAX). On my system, long long and off_t have the same size, so it didn't trigger any bugs, but strtonum() could pass a bigger number to lower and upper than they can handle and make them overflow. The rationale for switching to size_t is actually given by the fact that functions like mmap() blur the border between memory and filesystem. Another point is that glibc has a horrible define _FILE_OFFSET_BITS you need to set to 64 to actually get decent values for off_t, which was a huge headache in sbase until we found that out. Signed-off-by: Laslo Hunhold --- http.c | 10 +++++----- resp.c | 7 ++++--- resp.h | 2 +- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/http.c b/http.c index bc4ca84..49b30dc 100644 --- a/http.c +++ b/http.c @@ -396,7 +396,7 @@ squash: } static enum status -parse_range(const char *str, off_t size, off_t *lower, off_t *upper) +parse_range(const char *str, size_t size, size_t *lower, size_t *upper) { char first[FIELD_MAX], last[FIELD_MAX]; const char *p, *q, *r, *err; @@ -469,10 +469,10 @@ parse_range(const char *str, off_t size, off_t *lower, off_t *upper) * last byte if 'last' is not given), * inclusively, and byte-numbering beginning at 0 */ - *lower = strtonum(first, 0, LLONG_MAX, &err); + *lower = strtonum(first, 0, SIZE_MAX, &err); if (!err) { if (last[0] != '\0') { - *upper = strtonum(last, 0, LLONG_MAX, &err); + *upper = strtonum(last, 0, SIZE_MAX, &err); } else { *upper = size - 1; } @@ -504,7 +504,7 @@ parse_range(const char *str, off_t size, off_t *lower, off_t *upper) * use upper as a temporary storage for 'num', * as we know 'upper' is size - 1 */ - *upper = strtonum(last, 0, LLONG_MAX, &err); + *upper = strtonum(last, 0, SIZE_MAX, &err); if (err) { return S_BAD_REQUEST; } @@ -536,7 +536,7 @@ http_send_response(int fd, const struct request *req) struct stat st; struct tm tm = { 0 }; size_t len, i; - off_t lower, upper; + size_t lower, upper; int hasport, ipv6host; static char realtarget[PATH_MAX], tmptarget[PATH_MAX]; char *p, *mime; diff --git a/resp.c b/resp.c index babb860..2f639e5 100644 --- a/resp.c +++ b/resp.c @@ -156,7 +156,8 @@ cleanup: enum status resp_file(int fd, const char *name, const struct request *req, - const struct stat *st, const char *mime, off_t lower, off_t upper) + const struct stat *st, const char *mime, size_t lower, + size_t upper) { FILE *fp; enum status sendstatus; @@ -166,7 +167,7 @@ resp_file(int fd, const char *name, const struct request *req, .field[RES_ACCEPT_RANGES] = "bytes", }; ssize_t bread, bwritten; - off_t remaining; + size_t remaining; static char buf[BUFSIZ], *p; /* open file */ @@ -217,7 +218,7 @@ resp_file(int fd, const char *name, const struct request *req, remaining = upper - lower + 1; while ((bread = fread(buf, 1, MIN(sizeof(buf), - (size_t)remaining), fp))) { + remaining), fp))) { if (bread < 0) { res.status = S_INTERNAL_SERVER_ERROR; goto cleanup; diff --git a/resp.h b/resp.h index 5fa51c3..32d4c5d 100644 --- a/resp.h +++ b/resp.h @@ -9,6 +9,6 @@ enum status resp_dir(int, const char *, const struct request *); enum status resp_file(int, const char *, const struct request *, - const struct stat *, const char *, off_t, off_t); + const struct stat *, const char *, size_t, size_t); #endif /* RESP_H */