upstream: add a sshbuf_get_nulterminated_string() function to pull a

djmdjm · djmdjm · commit dec6334aaf6f · 2025-11-21T12:56:27.000+11:00
\0- terminated string from a sshbuf. Intended to be used to improve parsing
of SOCKS headers for dynamic forwarding.

ok deraadt; feedback Tim van der Molen

OpenBSD-Commit-ID: cf93d6db4730f7518d5269c279e16b172b484b36
diff --git a/sshbuf-getput-basic.c b/sshbuf-getput-basic.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sshbuf-getput-basic.c,v 1.13 2022/05/25 06:03:44 djm Exp $	*/
+/*	$OpenBSD: sshbuf-getput-basic.c,v 1.14 2025/11/21 01:29:06 djm Exp $	*/
 /*
  * Copyright (c) 2011 Damien Miller
  *
@@ -629,3 +629,41 @@ sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf,
 	}
 	return 0;
 }
+
+int
+sshbuf_get_nulterminated_string(struct sshbuf *buf, size_t maxlen,
+    char **valp, size_t *lenp)
+{
+	const u_char zero = 0;
+	char *val = NULL;
+	size_t len = 0;
+	int r;
+
+	if (valp != NULL)
+		*valp = NULL;
+	if (lenp != NULL)
+		*lenp = 0;
+	if ((r = sshbuf_find(buf, 0, &zero, sizeof(zero), &len)) != 0) {
+		if (r == SSH_ERR_INVALID_FORMAT && sshbuf_len(buf) < maxlen)
+			return SSH_ERR_MESSAGE_INCOMPLETE;
+		return r;
+	}
+	if (len > maxlen)
+		return SSH_ERR_INVALID_FORMAT;
+	/* can strdup() because it's definitely nul-terminated */
+	if ((val = strdup(sshbuf_ptr(buf))) == NULL)
+		return SSH_ERR_ALLOC_FAIL;
+	if ((r = sshbuf_consume(buf, len + 1)) != 0)
+		goto out;
+	/* success */
+	r = 0;
+	if (valp != NULL) {
+		*valp = val;
+		val = NULL;
+	}
+	if (lenp != NULL)
+		*lenp = len;
+ out:
+	free(val);
+	return r;
+}
diff --git a/sshbuf.h b/sshbuf.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sshbuf.h,v 1.32 2025/09/02 09:41:23 djm Exp $	*/
+/*	$OpenBSD: sshbuf.h,v 1.33 2025/11/21 01:29:06 djm Exp $	*/
 /*
  * Copyright (c) 2011 Damien Miller
  *
@@ -229,6 +229,10 @@ int	sshbuf_put_ec_pkey(struct sshbuf *buf, EVP_PKEY *pkey);
 # endif /* OPENSSL_HAS_ECC */
 #endif /* WITH_OPENSSL */
 
+/* Functions to extract or store various non-SSH wire encoded values */
+int	sshbuf_get_nulterminated_string(struct sshbuf *buf, size_t maxlen,
+	    char **valp, size_t *lenp);
+
 /* Dump the contents of the buffer in a human-readable format */
 void	sshbuf_dump(const struct sshbuf *buf, FILE *f);
 
