From 1b17f47defffdc56a7644860707892f4c05697ae Mon Sep 17 00:00:00 2001 From: leitner Date: Thu, 28 Jun 2007 20:01:05 +0000 Subject: [PATCH] escape more in fmt_ldapescape --- CHANGES | 1 + rangecheck.h | 19 +++++++++++++++++++ test/range.c | 20 ++++++++++++++++++++ textcode/fmt_ldapescape.c | 3 ++- 4 files changed, 42 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index b4cf312..c445e6e 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,7 @@ add some int overflow check macros to rangecheck.h fmt_ip6 compresses at best spot, not at first spot (Nikola Vladov) use inttypes.h to declare ints in uint*.h + escape more in fmt_ldapescape 0.25: array_allocate no longer truncates the array diff --git a/rangecheck.h b/rangecheck.h index 31bb0cb..f2dd85b 100644 --- a/rangecheck.h +++ b/rangecheck.h @@ -25,6 +25,13 @@ __static inline int range_ptrinbuf(const void* buf,size_t len,const void* ptr) { a very large number. */ } +/* same thing, but the buffer is specified by a pointer to the first + * byte (Min) and a pointer after the last byte (Max). */ +__static inline int range_ptrinbuf2(const void* Min,const void* Max,const void* ptr) { + return (Min && ptr>=Min && ptr=(uintptr_t)buf); } +/* same thing but buffer is given as pointer to first byte (Min) and + * pointer beyond last byte (Max). Again, an 0-size buffer is valid. */ +__static inline int range_validbuf2(const void* Min,const void* Max) { + return (Min && Max>=Min); +} + /* is buf2[0..len2-1] inside buf1[0..len-1]? */ __static inline int range_bufinbuf(const void* buf1,size_t len1,const void* buf2,size_t len2) { return range_validbuf(buf1,len1) && @@ -68,6 +81,12 @@ int range_str4inbuf(const void* buf,size_t len,const void* stringstart); * So I decided to add some integer overflow protection functionality * here for addition and subtraction, too. */ +/* usage: + * if (add_of(dest,a,b)) return EINVAL; // dest=a+b; + * if (sub_of(dest,a,b)) return EINVAL; // dest=a-b; + * if (assign(dest,some_int)) return EINVAL; // dest=some_int; + */ + /* two important assumptions: * 1. the platform is using two's complement * 2. there are 8 bits in a byte diff --git a/test/range.c b/test/range.c index ba4cca9..cec53e1 100644 --- a/test/range.c +++ b/test/range.c @@ -129,6 +129,18 @@ void check_rangeptrbuf() { assert(range_str4inbuf(y,sizeof(y),y+5)==1); assert(range_str4inbuf(y,sizeof(y),y+6)==0); } + + assert(range_ptrinbuf2(buf,buf+sizeof(buf),buf)); + assert(range_ptrinbuf2(buf+sizeof(buf),buf,buf)==0); + assert(range_ptrinbuf2(buf,buf+sizeof(buf),buf+sizeof(buf)-1)); + assert(range_ptrinbuf2(buf,buf+sizeof(buf),buf+sizeof(buf))==0); + assert(range_ptrinbuf2(buf,buf,buf)==0); + assert(range_ptrinbuf2(0,buf+100,buf)==0); + + assert(range_validbuf2(buf,buf+100)); + assert(range_validbuf2(buf,buf-1)==0); + assert(range_validbuf2(buf,buf)); + assert(range_validbuf2(NULL,buf+100)==0); } void check_intof() { @@ -190,6 +202,14 @@ void check_intof() { a=0; assert(sub_of(a,INT_MAX,10)==0 && a==INT_MAX-10); } + { + unsigned long long a; + /* caveat emptor: */ + a=0; assert(add_of(a,0xfffffff0,0x10)==1); + /* this does NOT work and set a to 0x100000000, just like + * a=0xfffffff0+0x10 sets a to 0 in C! */ + } + } int main() { diff --git a/textcode/fmt_ldapescape.c b/textcode/fmt_ldapescape.c index 996ae3a..e794b76 100644 --- a/textcode/fmt_ldapescape.c +++ b/textcode/fmt_ldapescape.c @@ -7,7 +7,8 @@ size_t fmt_ldapescape(char* dest,const char* src,size_t len) { register const unsigned char* s=(const unsigned char*) src; size_t written=0,i; for (i=0; i>4);