===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/sftp-server.c,v
retrieving revision 1.30
retrieving revision 1.30.2.2
diff -u -r1.30 -r1.30.2.2
--- src/usr.bin/ssh/sftp-server.c	2001/07/31 12:42:50	1.30
+++ src/usr.bin/ssh/sftp-server.c	2002/06/22 07:23:17	1.30.2.2
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
+ * Copyright (c) 2000, 2001, 2002 Markus Friedl.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -22,7 +22,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: sftp-server.c,v 1.30 2001/07/31 12:42:50 jakob Exp $");
+RCSID("$OpenBSD: sftp-server.c,v 1.30.2.2 2002/06/22 07:23:17 miod Exp $");
 
 #include "buffer.h"
 #include "bufaux.h"
@@ -138,7 +138,7 @@
 {
 	int i;
 
-	for(i = 0; i < sizeof(handles)/sizeof(Handle); i++)
+	for (i = 0; i < sizeof(handles)/sizeof(Handle); i++)
 		handles[i].use = HANDLE_UNUSED;
 }
 
@@ -147,7 +147,7 @@
 {
 	int i;
 
-	for(i = 0; i < sizeof(handles)/sizeof(Handle); i++) {
+	for (i = 0; i < sizeof(handles)/sizeof(Handle); i++) {
 		if (handles[i].use == HANDLE_UNUSED) {
 			handles[i].use = use;
 			handles[i].dirp = dirp;
@@ -362,7 +362,7 @@
 {
 	Buffer msg;
 
-	version = buffer_get_int(&iqueue);
+	version = get_int();
 	TRACE("client version %d", version);
 	buffer_init(&msg);
 	buffer_put_char(&msg, SSH2_FXP_VERSION);
@@ -583,6 +583,11 @@
 	name = get_string(NULL);
 	a = get_attrib();
 	TRACE("setstat id %d name %s", id, name);
+	if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {
+		ret = truncate(name, a->size);
+		if (ret == -1)
+			status = errno_to_portable(errno);
+	}
 	if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
 		ret = chmod(name, a->perm & 0777);
 		if (ret == -1)
@@ -618,6 +623,11 @@
 	if (fd < 0) {
 		status = SSH2_FX_FAILURE;
 	} else {
+		if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {
+			ret = ftruncate(fd, a->size);
+			if (ret == -1)
+				status = errno_to_portable(errno);
+		}
 		if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
 			ret = fchmod(fd, a->perm & 0777);
 			if (ret == -1)
@@ -751,7 +761,7 @@
 		}
 		if (count > 0) {
 			send_names(id, count, stats);
-			for(i = 0; i < count; i++) {
+			for (i = 0; i < count; i++) {
 				xfree(stats[i].name);
 				xfree(stats[i].long_name);
 			}
@@ -877,7 +887,7 @@
 		send_status(id, errno_to_portable(errno));
 	else {
 		Stat s;
-		
+
 		link[len] = '\0';
 		attrib_clear(&s.attrib);
 		s.name = s.long_name = link;
@@ -926,20 +936,24 @@
 process(void)
 {
 	u_int msg_len;
+	u_int buf_len;
+	u_int consumed;
 	u_int type;
 	u_char *cp;
 
-	if (buffer_len(&iqueue) < 5)
+	buf_len = buffer_len(&iqueue);
+	if (buf_len < 5)
 		return;		/* Incomplete message. */
-	cp = (u_char *) buffer_ptr(&iqueue);
+	cp = buffer_ptr(&iqueue);
 	msg_len = GET_32BIT(cp);
 	if (msg_len > 256 * 1024) {
 		error("bad message ");
 		exit(11);
 	}
-	if (buffer_len(&iqueue) < msg_len + 4)
+	if (buf_len < msg_len + 4)
 		return;
 	buffer_consume(&iqueue, 4);
+	buf_len -= 4;
 	type = buffer_get_char(&iqueue);
 	switch (type) {
 	case SSH2_FXP_INIT:
@@ -1006,6 +1020,14 @@
 		error("Unknown message %d", type);
 		break;
 	}
+	/* discard the remaining bytes from the current packet */
+	if (buf_len < buffer_len(&iqueue))
+		fatal("iqueue grows");
+	consumed = buf_len - buffer_len(&iqueue);
+	if (msg_len < consumed)
+		fatal("msg_len %d < consumed %d", msg_len, consumed);
+	if (msg_len > consumed)
+		buffer_consume(&iqueue, msg_len - consumed);
 }
 
 int