Fix potential bug where TLSRecv returns less than expected

TLSRecv may return less than the requested amount of Bytes. We fix this my repeatedly calling it until we get the expected number. Ticket: None Changelog: None Signed-off-by: Lars Erik Wik <[email protected]>
cfengine · Oct 24, 2024 · 575c455 · 575c455
1 parent c00c9ed
commit 575c455
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 6 deletions.
diff --git a/libcfnet/client_code.c b/libcfnet/client_code.c
@@ -753,6 +753,7 @@ bool CopyRegularFileNet(const char *source, const char *dest, off_t size,
                         bool encrypt, AgentConnection *conn, mode_t mode)
 {
     assert(conn != NULL);
+    assert(conn->conn_info != NULL);
 
     char buf[CF_BUFSIZE + sizeof(int)]; /* Note CF_BUFSIZE not buf_size !! */
     char workbuf[CF_BUFSIZE], cfchangedstr[265];
@@ -812,7 +813,7 @@ bool CopyRegularFileNet(const char *source, const char *dest, off_t size,
         assert(toget > 0);
 
         /* Stage C1 - receive */
-        int n_read;
+        int n_read = 0;
 
         const ProtocolVersion version = conn->conn_info->protocol;
 
@@ -822,7 +823,19 @@ bool CopyRegularFileNet(const char *source, const char *dest, off_t size,
         }
         else if (ProtocolIsTLS(version))
         {
-            n_read = TLSRecv(conn->conn_info->ssl, buf, toget);
+            /* TLSRecv may return less than the requested number of Bytes, in
+             * which case we repeatedly call it until we get the expected
+             * number. */
+            while (n_read < toget)
+            {
+                rc = TLSRecv(conn->conn_info->ssl, buf + n_read, toget - n_read);
+                if (rc <= 0)
+                {
+                    n_read = rc;
+                    break;
+                }
+                n_read += rc;
+            }
         }
         else
         {
@@ -831,8 +844,6 @@ bool CopyRegularFileNet(const char *source, const char *dest, off_t size,
             n_read = -1;
         }
 
-        /* TODO what if 0 < n_read < toget? Might happen with TLS. */
-
         if (n_read <= 0)
         {
             /* This may happen on race conditions, where the file has shrunk

diff --git a/libcfnet/net.c b/libcfnet/net.c
@@ -148,6 +148,8 @@ int SendTransaction(ConnectionInfo *conn_info,
  */
 int ReceiveTransaction(ConnectionInfo *conn_info, char *buffer, int *more)
 {
+    assert(conn_info != NULL);
+
     char proto[CF_INBAND_OFFSET + 1] = { 0 };
     int ret;
 
@@ -158,7 +160,19 @@ int ReceiveTransaction(ConnectionInfo *conn_info, char *buffer, int *more)
         ret = RecvSocketStream(conn_info->sd, proto, CF_INBAND_OFFSET);
         break;
     case CF_PROTOCOL_TLS:
-        ret = TLSRecv(conn_info->ssl, proto, CF_INBAND_OFFSET);
+        /* TLSRecv may return less than the requested number of Bytes, in
+         * which case we repeatedly call it until we get the expected number.
+         */
+        while (ret < CF_INBAND_OFFSET)
+        {
+            int rc = TLSRecv(conn_info->ssl, proto + ret, CF_INBAND_OFFSET - ret);
+            if (rc <= 0)
+            {
+                ret = rc;
+                break;
+            }
+            ret += rc;
+        }
         break;
     default:
         UnexpectedError("ReceiveTransaction: ProtocolVersion %d!",
@@ -251,7 +265,18 @@ int ReceiveTransaction(ConnectionInfo *conn_info, char *buffer, int *more)
         ret = RecvSocketStream(conn_info->sd, buffer, len);
         break;
     case CF_PROTOCOL_TLS:
-        ret = TLSRecv(conn_info->ssl, buffer, len);
+        while (ret < len)
+        {
+            /* TLSRecv may return less than the requested number of Bytes, in
+             * which case we repeatedly call it until we get the expected
+             * number. */
+            int rc = TLSRecv(conn_info->ssl, buffer + ret, len - ret);
+            if (rc <= 0)
+            {
+                ret = rc;
+            }
+            ret += rc;
+        }
         break;
     default:
         UnexpectedError("ReceiveTransaction: ProtocolVersion %d!",