try to catch malicious input in textcode fmt_* functions

17 years ago · e0a6a1cb84
parent 1b17f47def
commit e0a6a1cb84
12 changed files with 21 additions and 4 deletions
--- a/1
+++ b/1
@ -7,6 +7,7 @@
  fmt_ip6 compresses at best spot, not at first spot (Nikola Vladov)
  use inttypes.h to declare ints in uint*.h
  escape more in fmt_ldapescape
+  try to catch malicious input in textcode fmt_* functions

 0.25:
  array_allocate no longer truncates the array
--- a/textcode/fmt_base64.c
+++ b/textcode/fmt_base64.c
@ -5,8 +5,8 @@
 size_t fmt_base64(char* dest,const char* src,size_t len) {
  register const unsigned char* s=(const unsigned char*) src;
  unsigned short bits=0,temp=0;
-  unsigned long written=0,i;
-  if (!dest) return ((len+2)/3)*4;
+  size_t written=0,i;
+  if (!dest) return (len>((size_t)-1)/2)?(size_t)-1:((len+2)/3)*4;
  for (i=0; i<len; ++i) {
    temp<<=8; temp+=s[i]; bits+=8;
    while (bits>6) {
--- a/textcode/fmt_cescape.c
+++ b/textcode/fmt_cescape.c
@ -41,6 +41,8 @@ size_t fmt_cescape2(char* dest,const char* src,size_t len,const char* escapeme)
 	}
 	break;
    }
+    /* in case someone gives us malicious input */
+    if (written>((size_t)-1)/2) return (size_t)-1;
  }
  return written;
 }
--- a/textcode/fmt_hexdump.c
+++ b/textcode/fmt_hexdump.c
@ -6,6 +6,7 @@
 size_t fmt_hexdump(char* dest,const char* src,size_t len) {
  register const unsigned char* s=(const unsigned char*) src;
  size_t written=0,i;
+  if (!dest) return (len>((size_t)-1)/2)?(size_t)-1:len*2;
  for (i=0; i<len; ++i) {
    dest[written]=fmt_tohex(s[i]>>4);
    dest[written+1]=fmt_tohex(s[i]&15);
--- a/textcode/fmt_html.c
+++ b/textcode/fmt_html.c
@ -19,6 +19,8 @@ size_t fmt_html(char* dest,const char* src,size_t len) {
 	break;
    default: if (dest) dest[written]=s[i]; ++written; break;
    }
+    /* in case someone gives us malicious input */
+    if (written>((size_t)-1)/2) return (size_t)-1;
  }
  return written;
 }
--- a/textcode/fmt_ldapescape.c
+++ b/textcode/fmt_ldapescape.c
@ -18,6 +18,8 @@ size_t fmt_ldapescape(char* dest,const char* src,size_t len) {
    } else {
      if (dest) dest[written]=s[i]; ++written;
    }
+    /* in case someone gives us malicious input */
+    if (written>((size_t)-1)/2) return (size_t)-1;
  }
  return written;
 }
--- a/textcode/fmt_quotedprintable.c
+++ b/textcode/fmt_quotedprintable.c
@ -17,6 +17,8 @@ size_t fmt_quotedprintable2(char* dest,const char* src,size_t len,const char* es
    } else {
      if (dest) dest[written]=s[i]; ++written;
    }
+    /* in case someone gives us malicious input */
+    if (written>((size_t)-1)/2) return (size_t)-1;
  }
  return written;
 }
--- a/textcode/fmt_to_array.c
+++ b/textcode/fmt_to_array.c
@ -4,7 +4,8 @@
 void fmt_to_array(size_t (*func)(char*,const char*,size_t),
 		  array* a,const char* src,size_t len) {
  size_t needed=func(0,src,len);
-  if (array_allocate(a,1,array_bytes(a)+needed-1)) {
+  if (array_bytes(a)+needed>needed &&
+      array_allocate(a,1,array_bytes(a)+needed-1)) {
    char* x=((char*)array_start(a))+array_bytes(a)-needed;
    func(x,src,len);
  } else
--- a/textcode/fmt_tofrom_array.c
+++ b/textcode/fmt_tofrom_array.c
@ -7,7 +7,8 @@ void fmt_tofrom_array(size_t (*func)(char*,const char*,size_t),
  char* x;
  if (array_failed(dest) || array_failed(src)) { array_fail(dest); return; }
  needed=func(0,array_start(src),array_bytes(src));
-  if (array_allocate(dest,1,array_bytes(dest)+needed-1)) {
+  if (array_bytes(dest)+needed>needed &&
+      array_allocate(dest,1,array_bytes(dest)+needed-1)) {
    x=((char*)array_start(dest))+array_bytes(dest)-needed;
    func(x,array_start(src),array_bytes(src));
  } else
--- a/textcode/fmt_urlencoded.c
+++ b/textcode/fmt_urlencoded.c
@ -25,6 +25,8 @@ size_t fmt_urlencoded2(char* dest,const char* src,size_t len,const char* escapem
    } else {
      if (dest) dest[written]=s[i]; ++written;
    }
+    /* in case someone gives us malicious input */
+    if (written>((size_t)-1)/2) return (size_t)-1;
  }
  return written;
 }
--- a/textcode/fmt_uuencoded.c
+++ b/textcode/fmt_uuencoded.c
@ -11,6 +11,7 @@ size_t fmt_uuencoded(char* dest,const char* src,size_t len) {
  register const unsigned char* s=(const unsigned char*) src;
  const char* orig=dest;
  size_t tmp;
+  if (!dest) return len>((size_t)-1)/2?(size_t)-1:(len+2)/3*4;
  while (len) {
    {
      register unsigned int diff;
--- a/textcode/fmt_yenc.c
+++ b/textcode/fmt_yenc.c
@ -33,6 +33,8 @@ dontescape:
 	if (dest) dest[written]='\n'; ++written; linelen=0;
      }
    }
+    /* in case someone gives us malicious input */
+    if (written>((size_t)-1)/2) return (size_t)-1;
  }
  if (linelen) {
    if (dest) dest[written]='\n'; ++written; linelen=0;