mirror/libowfat
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

try to catch malicious input in textcode fmt_* functions

Browse Source
This commit is contained in:
leitner 2007-06-28 21:00:40 +00:00
parent 1b17f47def
commit e0a6a1cb84
12 changed files with 21 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGES
View File

@ -7,6 +7,7 @@
fmt_ip6 compresses at best spot, not at first spot (Nikola Vladov)
use inttypes.h to declare ints in uint*.h
escape more in fmt_ldapescape
try to catch malicious input in textcode fmt_* functions
0.25:
array_allocate no longer truncates the array

4
textcode/fmt_base64.c
View File

@ -5,8 +5,8 @@
size_t fmt_base64(char* dest,const char* src,size_t len) {
register const unsigned char* s=(const unsigned char*) src;
unsigned short bits=0,temp=0;
unsigned long written=0,i;
if (!dest) return ((len+2)/3)*4;
size_t written=0,i;
if (!dest) return (len>((size_t)-1)/2)?(size_t)-1:((len+2)/3)*4;
for (i=0; i<len; ++i) {
temp<<=8; temp+=s[i]; bits+=8;
while (bits>6) {

2
textcode/fmt_cescape.c
View File

@ -41,6 +41,8 @@ size_t fmt_cescape2(char* dest,const char* src,size_t len,const char* escapeme)
}
break;
}
/* in case someone gives us malicious input */
if (written>((size_t)-1)/2) return (size_t)-1;
}
return written;
}

1
textcode/fmt_hexdump.c
View File

@ -6,6 +6,7 @@
size_t fmt_hexdump(char* dest,const char* src,size_t len) {
register const unsigned char* s=(const unsigned char*) src;
size_t written=0,i;
if (!dest) return (len>((size_t)-1)/2)?(size_t)-1:len*2;
for (i=0; i<len; ++i) {
dest[written]=fmt_tohex(s[i]>>4);
dest[written+1]=fmt_tohex(s[i]&15);

2
textcode/fmt_html.c
View File

@ -19,6 +19,8 @@ size_t fmt_html(char* dest,const char* src,size_t len) {
break;
default: if (dest) dest[written]=s[i]; ++written; break;
}
/* in case someone gives us malicious input */
if (written>((size_t)-1)/2) return (size_t)-1;
}
return written;
}

2
textcode/fmt_ldapescape.c
View File

@ -18,6 +18,8 @@ size_t fmt_ldapescape(char* dest,const char* src,size_t len) {
} else {
if (dest) dest[written]=s[i]; ++written;
}
/* in case someone gives us malicious input */
if (written>((size_t)-1)/2) return (size_t)-1;
}
return written;
}

2
textcode/fmt_quotedprintable.c
View File

@ -17,6 +17,8 @@ size_t fmt_quotedprintable2(char* dest,const char* src,size_t len,const char* es
} else {
if (dest) dest[written]=s[i]; ++written;
}
/* in case someone gives us malicious input */
if (written>((size_t)-1)/2) return (size_t)-1;
}
return written;
}

3
textcode/fmt_to_array.c
View File

@ -4,7 +4,8 @@
void fmt_to_array(size_t (*func)(char*,const char*,size_t),
array* a,const char* src,size_t len) {
size_t needed=func(0,src,len);
if (array_allocate(a,1,array_bytes(a)+needed-1)) {
if (array_bytes(a)+needed>needed &&
array_allocate(a,1,array_bytes(a)+needed-1)) {
char* x=((char*)array_start(a))+array_bytes(a)-needed;
func(x,src,len);
} else

3
textcode/fmt_tofrom_array.c
View File

@ -7,7 +7,8 @@ void fmt_tofrom_array(size_t (*func)(char*,const char*,size_t),
char* x;
if (array_failed(dest) || array_failed(src)) { array_fail(dest); return; }
needed=func(0,array_start(src),array_bytes(src));
if (array_allocate(dest,1,array_bytes(dest)+needed-1)) {
if (array_bytes(dest)+needed>needed &&
array_allocate(dest,1,array_bytes(dest)+needed-1)) {
x=((char*)array_start(dest))+array_bytes(dest)-needed;
func(x,array_start(src),array_bytes(src));
} else

2
textcode/fmt_urlencoded.c
View File

@ -25,6 +25,8 @@ size_t fmt_urlencoded2(char* dest,const char* src,size_t len,const char* escapem
} else {
if (dest) dest[written]=s[i]; ++written;
}
/* in case someone gives us malicious input */
if (written>((size_t)-1)/2) return (size_t)-1;
}
return written;
}

1
textcode/fmt_uuencoded.c
View File

@ -11,6 +11,7 @@ size_t fmt_uuencoded(char* dest,const char* src,size_t len) {
register const unsigned char* s=(const unsigned char*) src;
const char* orig=dest;
size_t tmp;
if (!dest) return len>((size_t)-1)/2?(size_t)-1:(len+2)/3*4;
while (len) {
{
register unsigned int diff;

2
textcode/fmt_yenc.c
View File

@ -33,6 +33,8 @@ dontescape:
if (dest) dest[written]='\n'; ++written; linelen=0;
}
}
/* in case someone gives us malicious input */
if (written>((size_t)-1)/2) return (size_t)-1;
}
if (linelen) {
if (dest) dest[written]='\n'; ++written; linelen=0;