1 /* iobuf.c - File Handling for OpenPGP.
2 * Copyright (C) 1998, 1999, 2000, 2001, 2003, 2004, 2006, 2007, 2008,
3 * 2009, 2010, 2011 Free Software Foundation, Inc.
4 * Copyright (C) 2015 g10 Code GmbH
6 * This file is part of GnuPG.
8 * This file is free software; you can redistribute it and/or modify
9 * it under the terms of either
11 * - the GNU Lesser General Public License as published by the Free
12 * Software Foundation; either version 3 of the License, or (at
13 * your option) any later version.
17 * - the GNU General Public License as published by the Free
18 * Software Foundation; either version 2 of the License, or (at
19 * your option) any later version.
21 * or both in parallel, as here.
23 * This file is distributed in the hope that it will be useful,
24 * but WITHOUT ANY WARRANTY; without even the implied warranty of
25 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
26 * GNU General Public License for more details.
28 * You should have received a copy of the GNU General Public License
29 * along with this program; if not, see <https://www.gnu.org/licenses/>.
39 #include <sys/types.h>
43 #ifdef HAVE_W32_SYSTEM
44 # ifdef HAVE_WINSOCK2_H
45 # include <winsock2.h>
52 #endif /* __riscos__ */
60 /*-- Begin configurable part. --*/
62 /* The standard size of the internal buffers. */
63 #define DEFAULT_IOBUF_BUFFER_SIZE (64*1024)
65 /* To avoid a potential DoS with compression packets we better limit
66 the number of filters in a chain. */
67 #define MAX_NESTING_FILTER 64
69 /* The threshold for switching to use external buffers directly
70 instead of the internal buffers. */
71 #define IOBUF_ZEROCOPY_THRESHOLD_SIZE 1024
73 /*-- End configurable part. --*/
75 /* The size of the iobuffers. This can be changed using the
76 * iobuf_set_buffer_size function. */
77 static unsigned int iobuf_buffer_size = DEFAULT_IOBUF_BUFFER_SIZE;
80 #ifdef HAVE_W32_SYSTEM
81 # define FD_FOR_STDIN (GetStdHandle (STD_INPUT_HANDLE))
82 # define FD_FOR_STDOUT (GetStdHandle (STD_OUTPUT_HANDLE))
83 #else /*!HAVE_W32_SYSTEM*/
84 # define FD_FOR_STDIN (0)
85 # define FD_FOR_STDOUT (1)
86 #endif /*!HAVE_W32_SYSTEM*/
89 /* The context used by the file filter. */
92 gnupg_fd_t fp; /* Open file pointer or handle. */
97 int print_only_name; /* Flags indicating that fname is not a real file. */
98 char fname[1]; /* Name of the file. */
101 /* The context used by the estream filter. */
104 estream_t fp; /* Open estream handle. */
108 int use_readlimit; /* Take care of the readlimit. */
109 size_t readlimit; /* Number of bytes left to read. */
110 int print_only_name; /* Flags indicating that fname is not a real file. */
111 char fname[1]; /* Name of the file. */
112 } file_es_filter_ctx_t;
115 /* Object to control the "close cache". */
118 struct close_cache_s *next;
122 typedef struct close_cache_s *close_cache_t;
123 static close_cache_t close_cache;
125 int iobuf_debug_mode;
128 #ifdef HAVE_W32_SYSTEM
135 int print_only_name; /* Flag indicating that fname is not a real file. */
136 char fname[1]; /* Name of the file */
139 #endif /*HAVE_W32_SYSTEM*/
141 /* The first partial length header block must be of size 512 to make
142 * it easier (and more efficient) we use a min. block size of 512 for
143 * all chunks (but the last one) */
144 #define OP_MIN_PARTIAL_CHUNK 512
145 #define OP_MIN_PARTIAL_CHUNK_2POW 9
147 /* The context we use for the block filter (used to handle OpenPGP
148 length information header). */
154 int partial; /* 1 = partial header, 2 in last partial packet. */
155 char *buffer; /* Used for partial header. */
156 size_t buflen; /* Used size of buffer. */
157 int first_c; /* First character of a partial header (which is > 0). */
163 /* Local prototypes. */
164 static int underflow (iobuf_t a, int clear_pending_eof);
165 static int underflow_target (iobuf_t a, int clear_pending_eof, size_t target);
166 static int translate_file_handle (int fd, int for_write);
168 /* Sends any pending data to the filter's FILTER function. Note: this
169 works on the filter and not on the whole pipeline. That is,
170 iobuf_flush doesn't necessarily cause data to be written to any
171 underlying file; it just causes any data buffered at the filter A
172 to be sent to A's filter function.
174 If A is a IOBUF_OUTPUT_TEMP filter, then this also enlarges the
175 buffer by iobuf_buffer_size.
177 May only be called on an IOBUF_OUTPUT or IOBUF_OUTPUT_TEMP filters. */
178 static int filter_flush (iobuf_t a);
182 /* This is a replacement for strcmp. Under W32 it does not
183 distinguish between backslash and slash. */
185 fd_cache_strcmp (const char *a, const char *b)
187 #ifdef HAVE_DOSISH_SYSTEM
188 for (; *a && *b; a++, b++)
190 if (*a != *b && !((*a == '/' && *b == '\\')
191 || (*a == '\\' && *b == '/')) )
194 return *(const unsigned char *)a - *(const unsigned char *)b;
196 return strcmp (a, b);
202 * Invalidate (i.e. close) a cached iobuf
205 fd_cache_invalidate (const char *fname)
212 log_debug ("fd_cache_invalidate (%s)\n", fname);
214 for (cc = close_cache; cc; cc = cc->next)
216 if (cc->fp != GNUPG_INVALID_FD && !fd_cache_strcmp (cc->fname, fname))
219 log_debug (" did (%s)\n", cc->fname);
220 #ifdef HAVE_W32_SYSTEM
221 if (!CloseHandle (cc->fp))
226 cc->fp = GNUPG_INVALID_FD;
233 /* Try to sync changes to the disk. This is to avoid data loss during
234 a system crash in write/close/rename cycle on some file
237 fd_cache_synchronize (const char *fname)
245 log_debug ("fd_cache_synchronize (%s)\n", fname);
247 for (cc=close_cache; cc; cc = cc->next )
249 if (cc->fp != GNUPG_INVALID_FD && !fd_cache_strcmp (cc->fname, fname))
252 log_debug (" did (%s)\n", cc->fname);
254 err = fsync (cc->fp);
259 #endif /*HAVE_FSYNC*/
266 direct_open (const char *fname, const char *mode, int mode700)
268 #ifdef HAVE_W32_SYSTEM
269 unsigned long da, cd, sm;
273 /* Note, that we do not handle all mode combinations */
275 /* According to the ReactOS source it seems that open() of the
276 * standard MSW32 crt does open the file in shared mode which is
277 * something new for MS applications ;-)
279 if (strchr (mode, '+'))
281 if (fd_cache_invalidate (fname))
282 return GNUPG_INVALID_FD;
283 da = GENERIC_READ | GENERIC_WRITE;
285 sm = FILE_SHARE_READ | FILE_SHARE_WRITE;
287 else if (strchr (mode, 'w'))
289 if (fd_cache_invalidate (fname))
290 return GNUPG_INVALID_FD;
293 sm = FILE_SHARE_WRITE;
299 sm = FILE_SHARE_READ;
302 /* We always use the Unicode version because it supports file names
303 * longer than MAX_PATH. (requires gpgrt 1.45) */
306 wchar_t *wfname = gpgrt_fname_to_wchar (fname);
309 hfile = CreateFileW (wfname, da, sm, NULL, cd,
310 FILE_ATTRIBUTE_NORMAL, NULL);
314 hfile = INVALID_HANDLE_VALUE;
319 #else /*!HAVE_W32_SYSTEM*/
322 int cflag = S_IRUSR | S_IWUSR;
325 cflag |= S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH;
327 /* Note, that we do not handle all mode combinations */
328 if (strchr (mode, '+'))
330 if (fd_cache_invalidate (fname))
331 return GNUPG_INVALID_FD;
334 else if (strchr (mode, 'w'))
336 if (fd_cache_invalidate (fname))
337 return GNUPG_INVALID_FD;
338 oflag = O_WRONLY | O_CREAT | O_TRUNC;
345 if (strchr (mode, 'b'))
353 /* Don't allow iobufs on directories */
354 if (!stat (fname, &buf) && S_ISDIR (buf.st_mode) && !S_ISREG (buf.st_mode))
355 return __set_errno (EISDIR);
358 return open (fname, oflag, cflag);
360 #endif /*!HAVE_W32_SYSTEM*/
365 * Instead of closing an FD we keep it open and cache it for later reuse
366 * Note that this caching strategy only works if the process does not chdir.
369 fd_cache_close (const char *fname, gnupg_fd_t fp)
374 if (!fname || !*fname)
376 #ifdef HAVE_W32_SYSTEM
382 log_debug ("fd_cache_close (%d) real\n", (int)fp);
385 /* try to reuse a slot */
386 for (cc = close_cache; cc; cc = cc->next)
388 if (cc->fp == GNUPG_INVALID_FD && !fd_cache_strcmp (cc->fname, fname))
392 log_debug ("fd_cache_close (%s) used existing slot\n", fname);
398 log_debug ("fd_cache_close (%s) new slot created\n", fname);
399 cc = xcalloc (1, sizeof *cc + strlen (fname));
400 strcpy (cc->fname, fname);
402 cc->next = close_cache;
407 * Do a direct_open on FNAME but first try to reuse one from the fd_cache
410 fd_cache_open (const char *fname, const char *mode)
415 for (cc = close_cache; cc; cc = cc->next)
417 if (cc->fp != GNUPG_INVALID_FD && !fd_cache_strcmp (cc->fname, fname))
419 gnupg_fd_t fp = cc->fp;
420 cc->fp = GNUPG_INVALID_FD;
422 log_debug ("fd_cache_open (%s) using cached fp\n", fname);
423 #ifdef HAVE_W32_SYSTEM
424 if (SetFilePointer (fp, 0, NULL, FILE_BEGIN) == 0xffffffff)
426 log_error ("rewind file failed on handle %p: ec=%d\n",
427 fp, (int) GetLastError ());
428 fp = GNUPG_INVALID_FD;
431 if (lseek (fp, 0, SEEK_SET) == (off_t) - 1)
433 log_error ("can't rewind fd %d: %s\n", fp, strerror (errno));
434 fp = GNUPG_INVALID_FD;
441 log_debug ("fd_cache_open (%s) not cached\n", fname);
442 return direct_open (fname, mode, 0);
447 file_filter (void *opaque, int control, iobuf_t chain, byte * buf,
450 file_filter_ctx_t *a = opaque;
451 gnupg_fd_t f = a->fp;
452 size_t size = *ret_len;
456 (void)chain; /* Not used. */
458 if (control == IOBUFCTRL_UNDERFLOW)
460 log_assert (size); /* We need a buffer. */
466 else if (a->delayed_rc)
476 #ifdef HAVE_W32_SYSTEM
480 if (!ReadFile (f, buf, size, &nread, NULL))
482 int ec = (int) GetLastError ();
483 if (ec != ERROR_BROKEN_PIPE)
485 rc = gpg_error_from_errno (ec);
486 log_error ("%s: read error: ec=%d\n", a->fname, ec);
507 n = read (f, buf + nbytes, size - nbytes);
509 while (n == -1 && errno == EINTR);
516 else if (!n) /* eof */
528 rc = gpg_error_from_syserror ();
529 if (gpg_err_code (rc) != GPG_ERR_EPIPE)
530 log_error ("%s: read error: %s\n", a->fname, gpg_strerror (rc));
541 else if (control == IOBUFCTRL_FLUSH)
545 #ifdef HAVE_W32_SYSTEM
552 if (size && !WriteFile (f, p, nbytes, &n, NULL))
554 int ec = (int) GetLastError ();
555 rc = gpg_error_from_errno (ec);
556 log_error ("%s: write error: ec=%d\n", a->fname, ec);
573 n = write (f, p, nbytes);
575 while (n == -1 && errno == EINTR);
582 while (n != -1 && nbytes);
585 rc = gpg_error_from_syserror ();
586 log_error ("%s: write error: %s\n", a->fname, strerror (errno));
593 else if (control == IOBUFCTRL_INIT)
600 else if (control == IOBUFCTRL_DESC)
602 mem2str (buf, "file_filter(fd)", *ret_len);
604 else if (control == IOBUFCTRL_FREE)
606 if (f != FD_FOR_STDIN && f != FD_FOR_STDOUT)
609 log_debug ("%s: close fd/handle %d\n", a->fname, FD2INT (f));
611 fd_cache_close (a->no_cache ? NULL : a->fname, f);
613 xfree (a); /* We can free our context now. */
620 /* Similar to file_filter but using the estream system. */
622 file_es_filter (void *opaque, int control, iobuf_t chain, byte * buf,
625 file_es_filter_ctx_t *a = opaque;
627 size_t size = *ret_len;
631 (void)chain; /* Not used. */
633 if (control == IOBUFCTRL_UNDERFLOW)
635 assert (size); /* We need a buffer. */
641 else if (a->use_readlimit)
651 if (size > a->readlimit)
653 rc = es_read (f, buf, size, &nbytes);
656 rc = gpg_error_from_syserror ();
657 log_error ("%s: read error: %s\n", a->fname,strerror (errno));
665 a->readlimit -= nbytes;
672 rc = es_read (f, buf, size, &nbytes);
675 rc = gpg_error_from_syserror ();
676 log_error ("%s: read error: %s\n", a->fname, strerror (errno));
686 else if (control == IOBUFCTRL_FLUSH)
697 if (es_write (f, p, nbytes, &nwritten))
699 rc = gpg_error_from_syserror ();
700 log_error ("%s: write error: %s\n",
701 a->fname, strerror (errno));
712 else if (control == IOBUFCTRL_INIT)
717 else if (control == IOBUFCTRL_DESC)
719 mem2str (buf, "estream_filter", *ret_len);
721 else if (control == IOBUFCTRL_FREE)
723 if (f != es_stdin && f != es_stdout)
726 log_debug ("%s: es_fclose %p\n", a->fname, f);
731 xfree (a); /* We can free our context now. */
738 #ifdef HAVE_W32_SYSTEM
739 /* Because network sockets are special objects under Lose32 we have to
740 use a dedicated filter for them. */
742 sock_filter (void *opaque, int control, iobuf_t chain, byte * buf,
745 sock_filter_ctx_t *a = opaque;
746 size_t size = *ret_len;
752 if (control == IOBUFCTRL_UNDERFLOW)
754 assert (size); /* need a buffer */
764 nread = recv (a->sock, buf, size, 0);
765 if (nread == SOCKET_ERROR)
767 int ec = (int) WSAGetLastError ();
768 rc = gpg_error_from_errno (ec);
769 log_error ("socket read error: ec=%d\n", ec);
783 else if (control == IOBUFCTRL_FLUSH)
793 n = send (a->sock, p, nbytes, 0);
794 if (n == SOCKET_ERROR)
796 int ec = (int) WSAGetLastError ();
797 rc = gpg_error_from_errno (ec);
798 log_error ("socket write error: ec=%d\n", ec);
809 else if (control == IOBUFCTRL_INIT)
815 else if (control == IOBUFCTRL_DESC)
817 mem2str (buf, "sock_filter", *ret_len);
819 else if (control == IOBUFCTRL_FREE)
822 closesocket (a->sock);
823 xfree (a); /* we can free our context now */
827 #endif /*HAVE_W32_SYSTEM*/
830 * This is used to implement the block write mode.
831 * Block reading is done on a byte by byte basis in readbyte(),
835 block_filter (void *opaque, int control, iobuf_t chain, byte * buffer,
838 block_filter_ctx_t *a = opaque;
839 char *buf = (char *)buffer;
840 size_t size = *ret_len;
841 int c, needed, rc = 0;
844 if (control == IOBUFCTRL_UNDERFLOW)
849 assert (size); /* need a buffer */
850 if (a->eof) /* don't read any further */
855 { /* get the length bytes */
865 /* These OpenPGP introduced huffman like encoded length
866 * bytes are really a mess :-( */
872 else if ((c = iobuf_get (chain)) == -1)
874 log_error ("block_filter: 1st length byte missing\n");
875 rc = GPG_ERR_BAD_DATA;
892 a->size = (c - 192) * 256;
893 if ((c = iobuf_get (chain)) == -1)
896 ("block_filter: 2nd length byte missing\n");
897 rc = GPG_ERR_BAD_DATA;
915 for (i = 0; i < 4; i++)
916 if ((c = iobuf_get (chain)) == -1)
919 len = ((len << 8) | c);
923 log_error ("block_filter: invalid 4 byte length\n");
924 rc = GPG_ERR_BAD_DATA;
938 { /* Next partial body length. */
939 a->size = 1 << (c & 0x1f);
941 /* log_debug("partial: ctx=%p c=%02x size=%u\n", a, c, a->size); */
947 while (!rc && size && a->size)
949 needed = size < a->size ? size : a->size;
950 c = iobuf_read (chain, p, needed);
956 ("block_filter %p: read error (size=%lu,a->size=%lu)\n",
957 a, (ulong) size + c, (ulong) a->size + c);
958 rc = GPG_ERR_BAD_DATA;
971 else if (control == IOBUFCTRL_FLUSH)
974 { /* the complicated openpgp scheme */
975 size_t blen, n, nbytes = size + a->buflen;
977 assert (a->buflen <= OP_MIN_PARTIAL_CHUNK);
978 if (nbytes < OP_MIN_PARTIAL_CHUNK)
980 /* not enough to write a partial block out; so we store it */
982 a->buffer = xmalloc (OP_MIN_PARTIAL_CHUNK);
983 memcpy (a->buffer + a->buflen, buf, size);
987 { /* okay, we can write out something */
988 /* do this in a loop to use the most efficient block lengths */
992 /* find the best matching block length - this is limited
993 * by the size of the internal buffering */
994 for (blen = OP_MIN_PARTIAL_CHUNK * 2,
995 c = OP_MIN_PARTIAL_CHUNK_2POW + 1; blen <= nbytes;
1000 /* write the partial length header */
1001 assert (c <= 0x1f); /*;-) */
1003 iobuf_put (chain, c);
1004 if ((n = a->buflen))
1005 { /* write stuff from the buffer */
1006 assert (n == OP_MIN_PARTIAL_CHUNK);
1007 if (iobuf_write (chain, a->buffer, n))
1008 rc = gpg_error_from_syserror ();
1012 if ((n = nbytes) > blen)
1014 if (n && iobuf_write (chain, p, n))
1015 rc = gpg_error_from_syserror ();
1019 while (!rc && nbytes >= OP_MIN_PARTIAL_CHUNK);
1020 /* store the rest in the buffer */
1023 assert (!a->buflen);
1024 assert (nbytes < OP_MIN_PARTIAL_CHUNK);
1026 a->buffer = xmalloc (OP_MIN_PARTIAL_CHUNK);
1027 memcpy (a->buffer, p, nbytes);
1035 else if (control == IOBUFCTRL_INIT)
1038 log_debug ("init block_filter %p\n", a);
1041 else if (a->use == IOBUF_INPUT)
1042 a->count = a->size = 0;
1044 a->count = a->size; /* force first length bytes */
1049 else if (control == IOBUFCTRL_DESC)
1051 mem2str (buf, "block_filter", *ret_len);
1053 else if (control == IOBUFCTRL_FREE)
1055 if (a->use == IOBUF_OUTPUT)
1056 { /* write the end markers */
1060 /* write out the remaining bytes without a partial header
1061 * the length of this header may be 0 - but if it is
1062 * the first block we are not allowed to use a partial header
1063 * and frankly we can't do so, because this length must be
1064 * a power of 2. This is _really_ complicated because we
1065 * have to check the possible length of a packet prior
1066 * to it's creation: a chain of filters becomes complicated
1067 * and we need a lot of code to handle compressed packets etc.
1070 /* construct header */
1072 /*log_debug("partial: remaining length=%u\n", len ); */
1074 rc = iobuf_put (chain, len);
1075 else if (len < 8384)
1077 if (!(rc = iobuf_put (chain, ((len - 192) / 256) + 192)))
1078 rc = iobuf_put (chain, ((len - 192) % 256));
1081 { /* use a 4 byte header */
1082 if (!(rc = iobuf_put (chain, 0xff)))
1083 if (!(rc = iobuf_put (chain, (len >> 24) & 0xff)))
1084 if (!(rc = iobuf_put (chain, (len >> 16) & 0xff)))
1085 if (!(rc = iobuf_put (chain, (len >> 8) & 0xff)))
1086 rc = iobuf_put (chain, len & 0xff);
1089 rc = iobuf_write (chain, a->buffer, len);
1092 log_error ("block_filter: write error: %s\n",
1094 rc = gpg_error_from_syserror ();
1105 log_error ("block_filter: pending bytes!\n");
1108 log_debug ("free block_filter %p\n", a);
1109 xfree (a); /* we can free our context now */
1116 /* Change the default size for all IOBUFs to KILOBYTE. This needs to
1117 * be called before any iobufs are used and can only be used once.
1118 * Returns the current value. Using 0 has no effect except for
1119 * returning the current value. */
1121 iobuf_set_buffer_size (unsigned int kilobyte)
1125 if (!used && kilobyte)
1129 else if (kilobyte > 16*1024)
1132 iobuf_buffer_size = kilobyte * 1024;
1135 return iobuf_buffer_size / 1024;
1139 #define MAX_IOBUF_DESC 32
1141 * Fill the buffer by the description of iobuf A.
1142 * The buffer size should be MAX_IOBUF_DESC (or larger).
1143 * Returns BUF as (const char *).
1146 iobuf_desc (iobuf_t a, byte *buf)
1148 size_t len = MAX_IOBUF_DESC;
1150 if (! a || ! a->filter)
1151 memcpy (buf, "?", 2);
1153 a->filter (a->filter_ov, IOBUFCTRL_DESC, NULL, buf, &len);
1159 print_chain (iobuf_t a)
1163 for (; a; a = a->chain)
1165 byte desc[MAX_IOBUF_DESC];
1167 log_debug ("iobuf chain: %d.%d '%s' filter_eof=%d start=%d len=%d\n",
1168 a->no, a->subno, iobuf_desc (a, desc), a->filter_eof,
1169 (int) a->d.start, (int) a->d.len);
1174 iobuf_print_chain (iobuf_t a)
1181 iobuf_alloc (int use, size_t bufsize)
1184 static int number = 0;
1186 assert (use == IOBUF_INPUT || use == IOBUF_INPUT_TEMP
1187 || use == IOBUF_OUTPUT || use == IOBUF_OUTPUT_TEMP);
1190 log_bug ("iobuf_alloc() passed a bufsize of 0!\n");
1191 bufsize = iobuf_buffer_size;
1194 a = xcalloc (1, sizeof *a);
1196 a->d.buf = xmalloc (bufsize);
1197 a->d.size = bufsize;
1201 a->e_d.preferred = 0;
1204 a->real_fname = NULL;
1209 iobuf_close (iobuf_t a)
1212 size_t dummy_len = 0;
1215 for (; a; a = a_chain)
1217 byte desc[MAX_IOBUF_DESC];
1222 if (a->use == IOBUF_OUTPUT && (rc = filter_flush (a)))
1223 log_error ("filter_flush failed on close: %s\n", gpg_strerror (rc));
1226 log_debug ("iobuf-%d.%d: close '%s'\n",
1227 a->no, a->subno, iobuf_desc (a, desc));
1229 if (a->filter && (rc2 = a->filter (a->filter_ov, IOBUFCTRL_FREE,
1230 a->chain, NULL, &dummy_len)))
1231 log_error ("IOBUFCTRL_FREE failed on close: %s\n", gpg_strerror (rc));
1233 /* Whoops! An error occurred. Save it in RC if we haven't
1234 already recorded an error. */
1237 xfree (a->real_fname);
1240 memset (a->d.buf, 0, a->d.size); /* erase the buffer */
1249 iobuf_cancel (iobuf_t a)
1254 #if defined(HAVE_W32_SYSTEM) || defined(__riscos__)
1255 char *remove_name = NULL;
1258 if (a && a->use == IOBUF_OUTPUT)
1260 s = iobuf_get_real_fname (a);
1263 #if defined(HAVE_W32_SYSTEM) || defined(__riscos__)
1264 remove_name = xstrdup (s);
1271 /* send a cancel message to all filters */
1272 for (a2 = a; a2; a2 = a2->chain)
1276 a2->filter (a2->filter_ov, IOBUFCTRL_CANCEL, a2->chain, NULL, &dummy);
1279 rc = iobuf_close (a);
1280 #if defined(HAVE_W32_SYSTEM) || defined(__riscos__)
1283 /* Argg, MSDOS does not allow removing open files. So
1284 * we have to do it here */
1285 gnupg_remove (remove_name);
1287 xfree (remove_name);
1297 return iobuf_alloc (IOBUF_OUTPUT_TEMP, iobuf_buffer_size);
1301 iobuf_temp_with_content (const char *buffer, size_t length)
1306 a = iobuf_alloc (IOBUF_INPUT_TEMP, length);
1307 assert (length == a->d.size);
1308 /* memcpy (a->d.buf, buffer, length); */
1309 for (i=0; i < length; i++)
1310 a->d.buf[i] = buffer[i];
1318 iobuf_is_pipe_filename (const char *fname)
1320 if (!fname || (*fname=='-' && !fname[1]) )
1322 return check_special_filename (fname, 0, 1) != -1;
1327 do_open (const char *fname, int special_filenames,
1328 int use, const char *opentype, int mode700)
1332 file_filter_ctx_t *fcx;
1336 byte desc[MAX_IOBUF_DESC];
1338 assert (use == IOBUF_INPUT || use == IOBUF_OUTPUT);
1340 if (special_filenames
1342 && (!fname || (*fname == '-' && !fname[1])))
1344 if (use == IOBUF_INPUT)
1358 else if (special_filenames
1359 && (fd = check_special_filename (fname, 0, 1)) != -1)
1360 return iobuf_fdopen (translate_file_handle (fd, use == IOBUF_INPUT ? 0 : 1),
1364 if (use == IOBUF_INPUT)
1365 fp = fd_cache_open (fname, opentype);
1367 fp = direct_open (fname, opentype, mode700);
1368 if (fp == GNUPG_INVALID_FD)
1372 a = iobuf_alloc (use, iobuf_buffer_size);
1373 fcx = xmalloc (sizeof *fcx + strlen (fname));
1375 fcx->print_only_name = print_only;
1376 strcpy (fcx->fname, fname);
1378 a->real_fname = xstrdup (fname);
1379 a->filter = file_filter;
1381 file_filter (fcx, IOBUFCTRL_INIT, NULL, NULL, &len);
1383 log_debug ("iobuf-%d.%d: open '%s' desc=%s fd=%d\n",
1384 a->no, a->subno, fname, iobuf_desc (a, desc), FD2INT (fcx->fp));
1390 iobuf_open (const char *fname)
1392 return do_open (fname, 1, IOBUF_INPUT, "rb", 0);
1396 iobuf_create (const char *fname, int mode700)
1398 return do_open (fname, 1, IOBUF_OUTPUT, "wb", mode700);
1402 iobuf_openrw (const char *fname)
1404 return do_open (fname, 0, IOBUF_OUTPUT, "r+b", 0);
1409 do_iobuf_fdopen (int fd, const char *mode, int keep_open)
1413 file_filter_ctx_t *fcx;
1418 a = iobuf_alloc (strchr (mode, 'w') ? IOBUF_OUTPUT : IOBUF_INPUT,
1420 fcx = xmalloc (sizeof *fcx + 20);
1422 fcx->print_only_name = 1;
1423 fcx->keep_open = keep_open;
1424 sprintf (fcx->fname, "[fd %d]", fd);
1425 a->filter = file_filter;
1427 file_filter (fcx, IOBUFCTRL_INIT, NULL, NULL, &len);
1429 log_debug ("iobuf-%d.%d: fdopen%s '%s'\n",
1430 a->no, a->subno, keep_open? "_nc":"", fcx->fname);
1431 iobuf_ioctl (a, IOBUF_IOCTL_NO_CACHE, 1, NULL);
1437 iobuf_fdopen (int fd, const char *mode)
1439 return do_iobuf_fdopen (fd, mode, 0);
1443 iobuf_fdopen_nc (int fd, const char *mode)
1445 return do_iobuf_fdopen (fd, mode, 1);
1450 iobuf_esopen (estream_t estream, const char *mode, int keep_open,
1454 file_es_filter_ctx_t *fcx;
1457 a = iobuf_alloc (strchr (mode, 'w') ? IOBUF_OUTPUT : IOBUF_INPUT,
1459 fcx = xtrymalloc (sizeof *fcx + 30);
1461 fcx->print_only_name = 1;
1462 fcx->keep_open = keep_open;
1463 fcx->readlimit = readlimit;
1464 fcx->use_readlimit = !!readlimit;
1465 snprintf (fcx->fname, 30, "[fd %p]", estream);
1466 a->filter = file_es_filter;
1468 file_es_filter (fcx, IOBUFCTRL_INIT, NULL, NULL, &len);
1470 log_debug ("iobuf-%d.%d: esopen%s '%s'\n",
1471 a->no, a->subno, keep_open? "_nc":"", fcx->fname);
1477 iobuf_sockopen (int fd, const char *mode)
1480 #ifdef HAVE_W32_SYSTEM
1481 sock_filter_ctx_t *scx;
1484 a = iobuf_alloc (strchr (mode, 'w') ? IOBUF_OUTPUT : IOBUF_INPUT,
1486 scx = xmalloc (sizeof *scx + 25);
1488 scx->print_only_name = 1;
1489 sprintf (scx->fname, "[sock %d]", fd);
1490 a->filter = sock_filter;
1492 sock_filter (scx, IOBUFCTRL_INIT, NULL, NULL, &len);
1494 log_debug ("iobuf-%d.%d: sockopen '%s'\n", a->no, a->subno, scx->fname);
1495 iobuf_ioctl (a, IOBUF_IOCTL_NO_CACHE, 1, NULL);
1497 a = iobuf_fdopen (fd, mode);
1503 iobuf_ioctl (iobuf_t a, iobuf_ioctl_t cmd, int intval, void *ptrval)
1505 byte desc[MAX_IOBUF_DESC];
1507 if (cmd == IOBUF_IOCTL_KEEP_OPEN)
1509 /* Keep system filepointer/descriptor open. This was used in
1510 the past by http.c; this ioctl is not directly used
1513 log_debug ("iobuf-%d.%d: ioctl '%s' keep_open=%d\n",
1514 a ? a->no : -1, a ? a->subno : -1, iobuf_desc (a, desc),
1516 for (; a; a = a->chain)
1517 if (!a->chain && a->filter == file_filter)
1519 file_filter_ctx_t *b = a->filter_ov;
1520 b->keep_open = intval;
1523 #ifdef HAVE_W32_SYSTEM
1524 else if (!a->chain && a->filter == sock_filter)
1526 sock_filter_ctx_t *b = a->filter_ov;
1527 b->keep_open = intval;
1532 else if (cmd == IOBUF_IOCTL_INVALIDATE_CACHE)
1535 log_debug ("iobuf-*.*: ioctl '%s' invalidate\n",
1536 ptrval ? (char *) ptrval : "?");
1537 if (!a && !intval && ptrval)
1539 if (fd_cache_invalidate (ptrval))
1544 else if (cmd == IOBUF_IOCTL_NO_CACHE)
1547 log_debug ("iobuf-%d.%d: ioctl '%s' no_cache=%d\n",
1548 a ? a->no : -1, a ? a->subno : -1, iobuf_desc (a, desc),
1550 for (; a; a = a->chain)
1551 if (!a->chain && a->filter == file_filter)
1553 file_filter_ctx_t *b = a->filter_ov;
1554 b->no_cache = intval;
1557 #ifdef HAVE_W32_SYSTEM
1558 else if (!a->chain && a->filter == sock_filter)
1560 sock_filter_ctx_t *b = a->filter_ov;
1561 b->no_cache = intval;
1566 else if (cmd == IOBUF_IOCTL_FSYNC)
1568 /* Do a fsync on the open fd and return any errors to the caller
1569 of iobuf_ioctl. Note that we work on a file name here. */
1571 log_debug ("iobuf-*.*: ioctl '%s' fsync\n",
1572 ptrval? (const char*)ptrval:"<null>");
1574 if (!a && !intval && ptrval)
1576 return fd_cache_synchronize (ptrval);
1586 * Register an i/o filter.
1589 iobuf_push_filter (iobuf_t a,
1590 int (*f) (void *opaque, int control,
1591 iobuf_t chain, byte * buf, size_t * len),
1594 return iobuf_push_filter2 (a, f, ov, 0);
1598 iobuf_push_filter2 (iobuf_t a,
1599 int (*f) (void *opaque, int control,
1600 iobuf_t chain, byte * buf, size_t * len),
1601 void *ov, int rel_ov)
1604 size_t dummy_len = 0;
1607 if (a->use == IOBUF_OUTPUT && (rc = filter_flush (a)))
1610 if (a->subno >= MAX_NESTING_FILTER)
1612 log_error ("i/o filter too deeply nested - corrupted data?\n");
1613 return GPG_ERR_BAD_DATA;
1616 /* We want to create a new filter and put it in front of A. A
1617 simple implementation would do:
1619 b = iobuf_alloc (...);
1623 This is a bit problematic: A is the head of the pipeline and
1624 there are potentially many pointers to it. Requiring the caller
1625 to update all of these pointers is a burden.
1627 An alternative implementation would add a level of indirection.
1628 For instance, we could use a pipeline object, which contains a
1629 pointer to the first filter in the pipeline. This is not what we
1632 Instead, we allocate a new buffer (B) and copy the first filter's
1633 state into that and use the initial buffer (A) for the new
1634 filter. One limitation of this approach is that it is not
1635 practical to maintain a pointer to a specific filter's state.
1642 +----------+ +----------+
1643 | filter x |--------->| filter y |---->....
1644 +----------+ +----------+
1653 +----------+ +----------+
1654 | filter w | | filter y |---->....
1655 +----------+ +----------+
1657 Note: filter x's address changed from 0x100 to 0x300, but A still
1658 points to the head of the pipeline.
1661 b = xmalloc (sizeof *b);
1662 memcpy (b, a, sizeof *b);
1663 /* fixme: it is stupid to keep a copy of the name at every level
1664 * but we need the name somewhere because the name known by file_filter
1665 * may have been released when we need the name of the file */
1666 b->real_fname = a->real_fname ? xstrdup (a->real_fname) : NULL;
1667 /* remove the filter stuff from the new stream */
1669 a->filter_ov = NULL;
1670 a->filter_ov_owner = 0;
1672 if (a->use == IOBUF_OUTPUT_TEMP)
1673 /* A TEMP filter buffers any data sent to it; it does not forward
1674 any data down the pipeline. If we add a new filter to the
1675 pipeline, it shouldn't also buffer data. It should send it
1676 downstream to be buffered. Thus, the correct type for a filter
1677 added in front of an IOBUF_OUTPUT_TEMP filter is IOBUF_OUPUT, not
1678 IOBUF_OUTPUT_TEMP. */
1680 a->use = IOBUF_OUTPUT;
1682 /* When pipeline is written to, the temp buffer's size is
1683 increased accordingly. We don't need to allocate a 10 MB
1684 buffer for a non-terminal filter. Just use the default
1686 a->d.size = iobuf_buffer_size;
1688 else if (a->use == IOBUF_INPUT_TEMP)
1689 /* Same idea as above. */
1691 a->use = IOBUF_INPUT;
1692 a->d.size = iobuf_buffer_size;
1695 /* The new filter (A) gets a new buffer.
1697 If the pipeline is an output or temp pipeline, then giving the
1698 buffer to the new filter means that data that was written before
1699 the filter was pushed gets sent to the filter. That's clearly
1702 If the pipeline is an input pipeline, then giving the buffer to
1703 the new filter (A) means that data that has read from (B), but
1704 not yet read from the pipeline won't be processed by the new
1705 filter (A)! That's certainly not what we want. */
1706 a->d.buf = xmalloc (a->d.size);
1710 /* disable nlimit for the new stream */
1711 a->ntotal = b->ntotal + b->nbytes;
1712 a->nlimit = a->nbytes = 0;
1714 /* make a link from the new stream to the original stream */
1717 /* setup the function on the new stream */
1720 a->filter_ov_owner = rel_ov;
1722 a->subno = b->subno + 1;
1726 byte desc[MAX_IOBUF_DESC];
1727 log_debug ("iobuf-%d.%d: push '%s'\n",
1728 a->no, a->subno, iobuf_desc (a, desc));
1732 /* now we can initialize the new function if we have one */
1733 if (a->filter && (rc = a->filter (a->filter_ov, IOBUFCTRL_INIT, a->chain,
1735 log_error ("IOBUFCTRL_INIT failed: %s\n", gpg_strerror (rc));
1740 * Remove an i/o filter.
1743 iobuf_pop_filter (iobuf_t a, int (*f) (void *opaque, int control,
1744 iobuf_t chain, byte * buf, size_t * len),
1748 size_t dummy_len = 0;
1750 byte desc[MAX_IOBUF_DESC];
1753 log_debug ("iobuf-%d.%d: pop '%s'\n",
1754 a->no, a->subno, iobuf_desc (a, desc));
1755 if (a->use == IOBUF_INPUT_TEMP || a->use == IOBUF_OUTPUT_TEMP)
1757 /* This should be the last filter in the pipeline. */
1758 assert (! a->chain);
1762 { /* this is simple */
1766 xfree (a->real_fname);
1767 memcpy (a, b, sizeof *a);
1771 for (b = a; b; b = b->chain)
1772 if (b->filter == f && (!ov || b->filter_ov == ov))
1775 log_bug ("iobuf_pop_filter(): filter function not found\n");
1777 /* flush this stream if it is an output stream */
1778 if (a->use == IOBUF_OUTPUT && (rc = filter_flush (b)))
1780 log_error ("filter_flush failed in iobuf_pop_filter: %s\n",
1784 /* and tell the filter to free it self */
1785 if (b->filter && (rc = b->filter (b->filter_ov, IOBUFCTRL_FREE, b->chain,
1788 log_error ("IOBUFCTRL_FREE failed: %s\n", gpg_strerror (rc));
1791 if (b->filter_ov && b->filter_ov_owner)
1793 xfree (b->filter_ov);
1794 b->filter_ov = NULL;
1798 /* and see how to remove it */
1799 if (a == b && !b->chain)
1800 log_bug ("can't remove the last filter from the chain\n");
1802 { /* remove the first iobuf from the chain */
1803 /* everything from b is copied to a. This is save because
1804 * a flush has been done on the to be removed entry
1808 xfree (a->real_fname);
1809 memcpy (a, b, sizeof *a);
1812 log_debug ("iobuf-%d.%d: popped filter\n", a->no, a->subno);
1815 { /* remove the last iobuf from the chain */
1816 log_bug ("Ohh jeee, trying to remove a head filter\n");
1819 { /* remove an intermediate iobuf from the chain */
1820 log_bug ("Ohh jeee, trying to remove an intermediate filter\n");
1828 * read underflow: read at least one byte into the buffer and return
1829 * the first byte or -1 on EOF.
1832 underflow (iobuf_t a, int clear_pending_eof)
1834 return underflow_target (a, clear_pending_eof, 1);
1839 * read underflow: read TARGET bytes into the buffer and return
1840 * the first byte or -1 on EOF.
1843 underflow_target (iobuf_t a, int clear_pending_eof, size_t target)
1849 log_debug ("iobuf-%d.%d: underflow: buffer size: %d; still buffered: %d => space for %d bytes\n",
1851 (int) a->d.size, (int) (a->d.len - a->d.start),
1852 (int) (a->d.size - (a->d.len - a->d.start)));
1854 if (a->use == IOBUF_INPUT_TEMP)
1855 /* By definition, there isn't more data to read into the
1859 assert (a->use == IOBUF_INPUT);
1863 /* If there is still some buffered data, then move it to the start
1864 of the buffer and try to fill the end of the buffer. (This is
1865 useful if we are called from iobuf_peek().) */
1866 assert (a->d.start <= a->d.len);
1867 a->d.len -= a->d.start;
1869 memmove (a->d.buf, &a->d.buf[a->d.start], a->d.len);
1872 if (a->d.len < target && a->filter_eof)
1873 /* The last time we tried to read from this filter, we got an EOF.
1874 We couldn't return the EOF, because there was buffered data.
1875 Since there is no longer any buffered data, return the
1879 log_debug ("iobuf-%d.%d: underflow: eof (pending eof)\n",
1881 if (! clear_pending_eof)
1885 /* A filter follows this one. Free this filter. */
1887 iobuf_t b = a->chain;
1889 log_debug ("iobuf-%d.%d: filter popped (pending EOF returned)\n",
1892 xfree (a->real_fname);
1893 memcpy (a, b, sizeof *a);
1898 a->filter_eof = 0; /* for the top level filter */
1899 return -1; /* return one(!) EOF */
1902 if (a->d.len == 0 && a->error)
1903 /* The last time we tried to read from this filter, we got an
1904 error. We couldn't return the error, because there was
1905 buffered data. Since there is no longer any buffered data,
1906 return the error. */
1909 log_debug ("iobuf-%d.%d: pending error (%s) returned\n",
1910 a->no, a->subno, gpg_strerror (a->error));
1914 if (a->filter && ! a->filter_eof && ! a->error)
1915 /* We have a filter function and the last time we tried to read we
1916 didn't get an EOF or an error. Try to fill the buffer. */
1918 /* Be careful to account for any buffered data. */
1919 len = a->d.size - a->d.len;
1921 if (a->e_d.preferred && a->d.len < IOBUF_ZEROCOPY_THRESHOLD_SIZE
1922 && (IOBUF_ZEROCOPY_THRESHOLD_SIZE - a->d.len) < len)
1925 log_debug ("iobuf-%d.%d: limit buffering as external drain is "
1926 "preferred\n", a->no, a->subno);
1927 len = IOBUF_ZEROCOPY_THRESHOLD_SIZE - a->d.len;
1931 /* There is no space for more data. Don't bother calling
1936 /* If no buffered data and drain buffer has been setup, and drain
1937 * buffer is largish, read data directly to drain buffer. */
1940 && a->e_d.len >= IOBUF_ZEROCOPY_THRESHOLD_SIZE)
1945 log_debug ("iobuf-%d.%d: underflow: A->FILTER (%lu bytes, to external drain)\n",
1946 a->no, a->subno, (ulong)len);
1948 rc = a->filter (a->filter_ov, IOBUFCTRL_UNDERFLOW, a->chain,
1956 log_debug ("iobuf-%d.%d: underflow: A->FILTER (%lu bytes)\n",
1957 a->no, a->subno, (ulong)len);
1959 rc = a->filter (a->filter_ov, IOBUFCTRL_UNDERFLOW, a->chain,
1960 &a->d.buf[a->d.len], &len);
1966 log_debug ("iobuf-%d.%d: A->FILTER() returned rc=%d (%s), read %lu bytes%s\n",
1968 rc, rc == 0 ? "ok" : rc == -1 ? "EOF" : gpg_strerror (rc),
1969 (ulong)(a->e_d.used ? a->e_d.used : len),
1970 a->e_d.used ? " (to external buffer)" : "");
1971 /* if( a->no == 1 ) */
1972 /* log_hexdump (" data:", a->d.buf, len); */
1977 size_t dummy_len = 0;
1979 /* Tell the filter to free itself */
1980 if ((rc = a->filter (a->filter_ov, IOBUFCTRL_FREE, a->chain,
1982 log_error ("IOBUFCTRL_FREE failed: %s\n", gpg_strerror (rc));
1984 /* Free everything except for the internal buffer. */
1985 if (a->filter_ov && a->filter_ov_owner)
1986 xfree (a->filter_ov);
1987 a->filter_ov = NULL;
1991 if (clear_pending_eof && a->d.len == 0 && a->e_d.used == 0
1993 /* We don't need to keep this filter around at all:
1996 - we have no buffered data
1997 - a filter follows this one.
1999 Unlink this filter. */
2001 iobuf_t b = a->chain;
2003 log_debug ("iobuf-%d.%d: pop in underflow (nothing buffered, got EOF)\n",
2006 xfree (a->real_fname);
2007 memcpy (a, b, sizeof *a);
2014 else if (a->d.len == 0 && a->e_d.used == 0)
2015 /* We can't unlink this filter (it is the only one in the
2016 pipeline), but we can immediately return EOF. */
2020 /* Record the error. */
2024 if (a->d.len == 0 && a->e_d.used == 0)
2025 /* There is no buffered data. Immediately return EOF. */
2030 assert (a->d.start <= a->d.len);
2031 if (a->e_d.used > 0)
2033 if (a->d.start < a->d.len)
2034 return a->d.buf[a->d.start++];
2042 filter_flush (iobuf_t a)
2044 int external_used = 0;
2052 if (a->use == IOBUF_OUTPUT_TEMP)
2053 { /* increase the temp buffer */
2054 size_t newsize = a->d.size + iobuf_buffer_size;
2057 log_debug ("increasing temp iobuf from %lu to %lu\n",
2058 (ulong) a->d.size, (ulong) newsize);
2060 a->d.buf = xrealloc (a->d.buf, newsize);
2061 a->d.size = newsize;
2064 else if (a->use != IOBUF_OUTPUT)
2065 log_bug ("flush on non-output iobuf\n");
2066 else if (!a->filter)
2067 log_bug ("filter_flush: no filter\n");
2069 if (a->d.len == 0 && a->e_d.buf && a->e_d.len > 0)
2071 src_buf = a->e_d.buf;
2072 src_len = a->e_d.len;
2083 rc = a->filter (a->filter_ov, IOBUFCTRL_FLUSH, a->chain, src_buf, &len);
2084 if (!rc && len != src_len)
2086 log_info ("filter_flush did not write all!\n");
2087 rc = GPG_ERR_INTERNAL;
2100 iobuf_readbyte (iobuf_t a)
2104 if (a->use == IOBUF_OUTPUT || a->use == IOBUF_OUTPUT_TEMP)
2106 log_bug ("iobuf_readbyte called on a non-INPUT pipeline!\n");
2110 assert (a->d.start <= a->d.len);
2112 if (a->nlimit && a->nbytes >= a->nlimit)
2113 return -1; /* forced EOF */
2115 if (a->d.start < a->d.len)
2117 c = a->d.buf[a->d.start++];
2119 else if ((c = underflow (a, 1)) == -1)
2120 return -1; /* EOF */
2122 assert (a->d.start <= a->d.len);
2124 /* Note: if underflow doesn't return EOF, then it returns the first
2125 byte that was read and advances a->d.start appropriately. */
2133 iobuf_read (iobuf_t a, void *buffer, unsigned int buflen)
2135 unsigned char *buf = (unsigned char *)buffer;
2138 if (a->use == IOBUF_OUTPUT || a->use == IOBUF_OUTPUT_TEMP)
2140 log_bug ("iobuf_read called on a non-INPUT pipeline!\n");
2146 /* Handle special cases. */
2147 for (n = 0; n < buflen; n++)
2149 if ((c = iobuf_readbyte (a)) == -1)
2152 return -1; /* eof */
2168 /* Hint for how full to fill iobuf internal drain buffer. */
2169 a->e_d.preferred = (a->use != IOBUF_INPUT_TEMP)
2170 && (buf && buflen >= IOBUF_ZEROCOPY_THRESHOLD_SIZE);
2175 if (n < buflen && a->d.start < a->d.len)
2176 /* Drain the buffer. */
2178 unsigned size = a->d.len - a->d.start;
2179 if (size > buflen - n)
2182 memcpy (buf, a->d.buf + a->d.start, size);
2189 /* Draining the internal buffer didn't fill BUFFER. Call
2190 underflow to read more data into the filter's internal
2193 if (a->use != IOBUF_INPUT_TEMP && buf && n < buflen)
2195 /* Setup external drain buffer for faster moving of data
2196 * (avoid memcpy). */
2198 a->e_d.len = (buflen - n) / IOBUF_ZEROCOPY_THRESHOLD_SIZE
2199 * IOBUF_ZEROCOPY_THRESHOLD_SIZE;
2200 if (a->e_d.len == 0)
2202 if (a->e_d.buf && DBG_IOBUF)
2203 log_debug ("iobuf-%d.%d: reading to external buffer, %lu bytes\n",
2204 a->no, a->subno, (ulong)a->e_d.len);
2207 if ((c = underflow (a, 1)) == -1)
2208 /* EOF. If we managed to read something, don't return EOF
2214 return n ? n : -1 /*EOF*/;
2217 if (a->e_d.buf && a->e_d.used > 0)
2219 /* Drain buffer was used, 'c' only contains return code
2243 iobuf_peek (iobuf_t a, byte * buf, unsigned buflen)
2247 assert (buflen > 0);
2248 assert (a->use == IOBUF_INPUT || a->use == IOBUF_INPUT_TEMP);
2250 if (buflen > a->d.size)
2251 /* We can't peek more than we can buffer. */
2254 /* Try to fill the internal buffer with enough data to satisfy the
2256 while (buflen > a->d.len - a->d.start)
2258 if (underflow_target (a, 0, buflen) == -1)
2259 /* EOF. We can't read any more. */
2262 /* Underflow consumes the first character (it's the return
2263 value). unget() it by resetting the "file position". */
2264 assert (a->d.start == 1);
2268 n = a->d.len - a->d.start;
2276 memcpy (buf, &a->d.buf[a->d.start], n);
2285 iobuf_writebyte (iobuf_t a, unsigned int c)
2289 if (a->use == IOBUF_INPUT || a->use == IOBUF_INPUT_TEMP)
2291 log_bug ("iobuf_writebyte called on an input pipeline!\n");
2295 if (a->d.len == a->d.size)
2296 if ((rc=filter_flush (a)))
2299 assert (a->d.len < a->d.size);
2300 a->d.buf[a->d.len++] = c;
2306 iobuf_write (iobuf_t a, const void *buffer, unsigned int buflen)
2308 const unsigned char *buf = (const unsigned char *)buffer;
2311 if (a->use == IOBUF_INPUT || a->use == IOBUF_INPUT_TEMP)
2313 log_bug ("iobuf_write called on an input pipeline!\n");
2320 /* Hint for how full to fill iobuf internal drain buffer. */
2321 a->e_d.preferred = (a->use != IOBUF_OUTPUT_TEMP)
2322 && (buflen >= IOBUF_ZEROCOPY_THRESHOLD_SIZE);
2326 if ((a->use != IOBUF_OUTPUT_TEMP)
2327 && a->d.len == 0 && buflen >= IOBUF_ZEROCOPY_THRESHOLD_SIZE)
2329 /* Setup external drain buffer for faster moving of data
2330 * (avoid memcpy). */
2331 a->e_d.buf = (byte *)buf;
2332 a->e_d.len = buflen / IOBUF_ZEROCOPY_THRESHOLD_SIZE
2333 * IOBUF_ZEROCOPY_THRESHOLD_SIZE;
2334 if (a->e_d.len == 0)
2336 if (a->e_d.buf && DBG_IOBUF)
2337 log_debug ("iobuf-%d.%d: writing from external buffer, %lu bytes\n",
2338 a->no, a->subno, (ulong)a->e_d.len);
2341 if (a->e_d.buf == NULL && buflen && a->d.len < a->d.size)
2345 if (a->e_d.preferred && a->d.len < IOBUF_ZEROCOPY_THRESHOLD_SIZE)
2346 size = IOBUF_ZEROCOPY_THRESHOLD_SIZE - a->d.len;
2348 size = a->d.size - a->d.len;
2352 memcpy (a->d.buf + a->d.len, buf, size);
2360 rc = filter_flush (a);
2369 if (a->e_d.buf && a->e_d.used > 0)
2372 buflen -= a->e_d.used;
2384 iobuf_writestr (iobuf_t a, const char *buf)
2386 if (a->use == IOBUF_INPUT || a->use == IOBUF_INPUT_TEMP)
2388 log_bug ("iobuf_writestr called on an input pipeline!\n");
2392 return iobuf_write (a, buf, strlen (buf));
2398 iobuf_write_temp (iobuf_t dest, iobuf_t source)
2400 assert (source->use == IOBUF_OUTPUT || source->use == IOBUF_OUTPUT_TEMP);
2401 assert (dest->use == IOBUF_OUTPUT || dest->use == IOBUF_OUTPUT_TEMP);
2403 iobuf_flush_temp (source);
2404 return iobuf_write (dest, source->d.buf, source->d.len);
2408 iobuf_temp_to_buffer (iobuf_t a, byte * buffer, size_t buflen)
2410 byte desc[MAX_IOBUF_DESC];
2415 int rc = filter_flush (a);
2417 log_bug ("Flushing iobuf %d.%d (%s) from iobuf_temp_to_buffer failed. Ignoring.\n",
2418 a->no, a->subno, iobuf_desc (a, desc));
2427 memcpy (buffer, a->d.buf, n);
2431 /* Copies the data from the input iobuf SOURCE to the output iobuf
2432 DEST until either an error is encountered or EOF is reached.
2433 Returns the number of bytes copies or (size_t)(-1) on error. */
2435 iobuf_copy (iobuf_t dest, iobuf_t source)
2441 size_t max_read = 0;
2444 log_assert (source->use == IOBUF_INPUT || source->use == IOBUF_INPUT_TEMP);
2445 log_assert (dest->use == IOBUF_OUTPUT || source->use == IOBUF_OUTPUT_TEMP);
2447 if (iobuf_error (dest))
2448 return (size_t)(-1);
2450 /* Use iobuf buffer size for temporary buffer. */
2451 temp_size = iobuf_set_buffer_size(0) * 1024;
2453 temp = xmalloc (temp_size);
2456 nread = iobuf_read (source, temp, temp_size);
2461 if (nread > max_read)
2464 err = iobuf_write (dest, temp, nread);
2470 /* Burn the buffer. */
2472 wipememory (temp, max_read);
2480 iobuf_flush_temp (iobuf_t temp)
2482 if (temp->use == IOBUF_INPUT || temp->use == IOBUF_INPUT_TEMP)
2483 log_bug ("iobuf_flush_temp called on an input pipeline!\n");
2485 iobuf_pop_filter (temp, temp->filter, NULL);
2490 iobuf_set_limit (iobuf_t a, off_t nlimit)
2497 a->ntotal += a->nbytes;
2504 iobuf_get_filelength (iobuf_t a, int *overflow)
2509 /* Hmmm: file_filter may have already been removed */
2510 for ( ; a->chain; a = a->chain )
2513 if (a->filter != file_filter)
2517 file_filter_ctx_t *b = a->filter_ov;
2518 gnupg_fd_t fp = b->fp;
2520 #if defined(HAVE_W32_SYSTEM)
2522 static int (* __stdcall get_file_size_ex) (void *handle,
2523 LARGE_INTEGER *r_size);
2524 static int get_file_size_ex_initialized;
2526 if (!get_file_size_ex_initialized)
2530 handle = dlopen ("kernel32.dll", RTLD_LAZY);
2533 get_file_size_ex = dlsym (handle, "GetFileSizeEx");
2534 if (!get_file_size_ex)
2537 get_file_size_ex_initialized = 1;
2540 if (get_file_size_ex)
2542 /* This is a newer system with GetFileSizeEx; we use this
2543 then because it seem that GetFileSize won't return a
2544 proper error in case a file is larger than 4GB. */
2545 LARGE_INTEGER exsize;
2547 if (get_file_size_ex (fp, &exsize))
2549 if (!exsize.u.HighPart)
2550 return exsize.u.LowPart;
2558 if ((size=GetFileSize (fp, NULL)) != 0xffffffff)
2561 log_error ("GetFileSize for handle %p failed: %s\n",
2562 fp, w32_strerror (-1));
2563 #else /*!HAVE_W32_SYSTEM*/
2567 if ( !fstat (fp, &st) )
2569 log_error("fstat() failed: %s\n", strerror(errno) );
2571 #endif /*!HAVE_W32_SYSTEM*/
2579 iobuf_get_fd (iobuf_t a)
2581 for (; a->chain; a = a->chain)
2584 if (a->filter != file_filter)
2588 file_filter_ctx_t *b = a->filter_ov;
2589 gnupg_fd_t fp = b->fp;
2597 iobuf_tell (iobuf_t a)
2599 return a->ntotal + a->nbytes;
2603 #if !defined(HAVE_FSEEKO) && !defined(fseeko)
2605 #ifdef HAVE_LIMITS_H
2606 # include <limits.h>
2609 # define LONG_MAX ((long) ((unsigned long) -1 >> 1))
2612 # define LONG_MIN (-1 - LONG_MAX)
2616 * A substitute for fseeko, for hosts that don't have it.
2619 fseeko (FILE * stream, off_t newpos, int whence)
2621 while (newpos != (long) newpos)
2623 long pos = newpos < 0 ? LONG_MIN : LONG_MAX;
2624 if (fseek (stream, pos, whence) != 0)
2629 return fseek (stream, (long) newpos, whence);
2634 iobuf_seek (iobuf_t a, off_t newpos)
2636 file_filter_ctx_t *b = NULL;
2638 if (a->use == IOBUF_OUTPUT || a->use == IOBUF_INPUT)
2640 /* Find the last filter in the pipeline. */
2641 for (; a->chain; a = a->chain)
2644 if (a->filter != file_filter)
2649 #ifdef HAVE_W32_SYSTEM
2650 if (SetFilePointer (b->fp, newpos, NULL, FILE_BEGIN) == 0xffffffff)
2652 log_error ("SetFilePointer failed on handle %p: ec=%d\n",
2653 b->fp, (int) GetLastError ());
2657 if (lseek (b->fp, newpos, SEEK_SET) == (off_t) - 1)
2659 log_error ("can't lseek: %s\n", strerror (errno));
2663 /* Discard the buffer it is not a temp stream. */
2673 /* It is impossible for A->CHAIN to be non-NULL. If A is an INPUT
2674 or OUTPUT buffer, then we find the last filter, which is defined
2675 as A->CHAIN being NULL. If A is a TEMP filter, then A must be
2676 the only filter in the pipe: when iobuf_push_filter adds a filter
2677 to the front of a pipeline, it sets the new filter to be an
2678 OUTPUT filter if the pipeline is an OUTPUT or TEMP pipeline and
2679 to be an INPUT filter if the pipeline is an INPUT pipeline.
2680 Thus, only the last filter in a TEMP pipeline can be a */
2682 /* remove filters, but the last */
2684 log_debug ("iobuf_pop_filter called in iobuf_seek - please report\n");
2686 iobuf_pop_filter (a, a->filter, NULL);
2693 iobuf_get_real_fname (iobuf_t a)
2696 return a->real_fname;
2698 /* the old solution */
2699 for (; a; a = a->chain)
2700 if (!a->chain && a->filter == file_filter)
2702 file_filter_ctx_t *b = a->filter_ov;
2703 return b->print_only_name ? NULL : b->fname;
2710 iobuf_get_fname (iobuf_t a)
2712 for (; a; a = a->chain)
2713 if (!a->chain && a->filter == file_filter)
2715 file_filter_ctx_t *b = a->filter_ov;
2722 iobuf_get_fname_nonnull (iobuf_t a)
2726 fname = iobuf_get_fname (a);
2727 return fname? fname : "[?]";
2732 * Enable or disable partial body length mode (RFC 4880 4.2.2.4).
2734 * If LEN is 0, this disables partial block mode by popping the
2735 * partial body length filter, which must be the most recently
2738 * If LEN is non-zero, it pushes a partial body length filter. If
2739 * this is a read filter, LEN must be the length byte from the first
2740 * chunk and A should be position just after this first partial body
2744 iobuf_set_partial_body_length_mode (iobuf_t a, size_t len)
2747 /* Disable partial body length mode. */
2749 if (a->use == IOBUF_INPUT)
2750 log_debug ("iobuf_pop_filter called in set_partial_block_mode"
2751 " - please report\n");
2753 log_assert (a->filter == block_filter);
2754 iobuf_pop_filter (a, block_filter, NULL);
2757 /* Enabled partial body length mode. */
2759 block_filter_ctx_t *ctx = xcalloc (1, sizeof *ctx);
2764 iobuf_push_filter (a, block_filter, ctx);
2771 iobuf_read_line (iobuf_t a, byte ** addr_of_buffer,
2772 unsigned *length_of_buffer, unsigned *max_length)
2775 char *buffer = (char *)*addr_of_buffer;
2776 unsigned length = *length_of_buffer;
2777 unsigned nbytes = 0;
2778 unsigned maxlen = *max_length;
2781 /* The code assumes that we have space for at least a newline and a
2782 NUL character in the buffer. This requires at least 2 bytes. We
2783 don't complicate the code by handling the stupid corner case, but
2784 simply assert that it can't happen. */
2785 assert (!buffer || length >= 2 || maxlen >= 2);
2787 if (!buffer || length <= 1)
2788 /* must allocate a new buffer */
2790 length = 256 <= maxlen ? 256 : maxlen;
2791 buffer = xrealloc (buffer, length);
2792 *addr_of_buffer = (unsigned char *)buffer;
2793 *length_of_buffer = length;
2799 if (!a->nofast && a->d.start < a->d.len && nbytes < length - 1)
2800 /* Fast path for finding '\n' by using standard C library's optimized
2803 unsigned size = a->d.len - a->d.start;
2806 if (size > length - 1 - nbytes)
2807 size = length - 1 - nbytes;
2809 newline_pos = memchr (a->d.buf + a->d.start, '\n', size);
2812 /* Found newline, copy buffer and return. */
2813 size = (newline_pos - (a->d.buf + a->d.start)) + 1;
2814 memcpy (p, a->d.buf + a->d.start, size);
2823 /* No newline, copy buffer and continue. */
2824 memcpy (p, a->d.buf + a->d.start, size);
2833 c = iobuf_readbyte (a);
2842 if (nbytes == length - 1)
2843 /* We don't have enough space to add a \n and a \0. Increase
2846 if (length == maxlen)
2847 /* We reached the buffer's size limit! */
2849 /* Skip the rest of the line. */
2850 while ((c = iobuf_get (a)) != -1 && c != '\n')
2853 /* p is pointing at the last byte in the buffer. We
2854 always terminate the line with "\n\0" so overwrite
2855 the previous byte with a \n. */
2856 assert (p > buffer);
2859 /* Indicate truncation. */
2864 length += length < 1024 ? 256 : 1024;
2865 if (length > maxlen)
2868 buffer = xrealloc (buffer, length);
2869 *addr_of_buffer = (unsigned char *)buffer;
2870 *length_of_buffer = length;
2871 p = buffer + nbytes;
2874 /* Add the terminating NUL. */
2877 /* Return the number of characters written to the buffer including
2878 the newline, but not including the terminating NUL. */
2883 translate_file_handle (int fd, int for_write)
2885 #if defined(HAVE_W32_SYSTEM)
2892 x = (int) GetStdHandle (STD_INPUT_HANDLE);
2894 x = (int) GetStdHandle (STD_OUTPUT_HANDLE);
2896 x = (int) GetStdHandle (STD_ERROR_HANDLE);
2901 log_debug ("GetStdHandle(%d) failed: ec=%d\n",
2902 fd, (int) GetLastError ());
2914 iobuf_skip_rest (iobuf_t a, unsigned long n, int partial)
2920 if (a->nofast || a->d.start >= a->d.len)
2922 if (iobuf_readbyte (a) == -1)
2929 unsigned long count = a->d.len - a->d.start;
2931 a->d.start = a->d.len;
2937 unsigned long remaining = n;
2938 while (remaining > 0)
2940 if (a->nofast || a->d.start >= a->d.len)
2942 if (iobuf_readbyte (a) == -1)
2950 unsigned long count = a->d.len - a->d.start;
2951 if (count > remaining)
2956 a->d.start += count;