try to catch malicious input in textcode fmt_* functions

master
leitner 18 years ago
parent 1b17f47def
commit e0a6a1cb84

@ -7,6 +7,7 @@
fmt_ip6 compresses at best spot, not at first spot (Nikola Vladov) fmt_ip6 compresses at best spot, not at first spot (Nikola Vladov)
use inttypes.h to declare ints in uint*.h use inttypes.h to declare ints in uint*.h
escape more in fmt_ldapescape escape more in fmt_ldapescape
try to catch malicious input in textcode fmt_* functions
0.25: 0.25:
array_allocate no longer truncates the array array_allocate no longer truncates the array

@ -5,8 +5,8 @@
size_t fmt_base64(char* dest,const char* src,size_t len) { size_t fmt_base64(char* dest,const char* src,size_t len) {
register const unsigned char* s=(const unsigned char*) src; register const unsigned char* s=(const unsigned char*) src;
unsigned short bits=0,temp=0; unsigned short bits=0,temp=0;
unsigned long written=0,i; size_t written=0,i;
if (!dest) return ((len+2)/3)*4; if (!dest) return (len>((size_t)-1)/2)?(size_t)-1:((len+2)/3)*4;
for (i=0; i<len; ++i) { for (i=0; i<len; ++i) {
temp<<=8; temp+=s[i]; bits+=8; temp<<=8; temp+=s[i]; bits+=8;
while (bits>6) { while (bits>6) {

@ -41,6 +41,8 @@ size_t fmt_cescape2(char* dest,const char* src,size_t len,const char* escapeme)
} }
break; break;
} }
/* in case someone gives us malicious input */
if (written>((size_t)-1)/2) return (size_t)-1;
} }
return written; return written;
} }

@ -6,6 +6,7 @@
size_t fmt_hexdump(char* dest,const char* src,size_t len) { size_t fmt_hexdump(char* dest,const char* src,size_t len) {
register const unsigned char* s=(const unsigned char*) src; register const unsigned char* s=(const unsigned char*) src;
size_t written=0,i; size_t written=0,i;
if (!dest) return (len>((size_t)-1)/2)?(size_t)-1:len*2;
for (i=0; i<len; ++i) { for (i=0; i<len; ++i) {
dest[written]=fmt_tohex(s[i]>>4); dest[written]=fmt_tohex(s[i]>>4);
dest[written+1]=fmt_tohex(s[i]&15); dest[written+1]=fmt_tohex(s[i]&15);

@ -19,6 +19,8 @@ size_t fmt_html(char* dest,const char* src,size_t len) {
break; break;
default: if (dest) dest[written]=s[i]; ++written; break; default: if (dest) dest[written]=s[i]; ++written; break;
} }
/* in case someone gives us malicious input */
if (written>((size_t)-1)/2) return (size_t)-1;
} }
return written; return written;
} }

@ -18,6 +18,8 @@ size_t fmt_ldapescape(char* dest,const char* src,size_t len) {
} else { } else {
if (dest) dest[written]=s[i]; ++written; if (dest) dest[written]=s[i]; ++written;
} }
/* in case someone gives us malicious input */
if (written>((size_t)-1)/2) return (size_t)-1;
} }
return written; return written;
} }

@ -17,6 +17,8 @@ size_t fmt_quotedprintable2(char* dest,const char* src,size_t len,const char* es
} else { } else {
if (dest) dest[written]=s[i]; ++written; if (dest) dest[written]=s[i]; ++written;
} }
/* in case someone gives us malicious input */
if (written>((size_t)-1)/2) return (size_t)-1;
} }
return written; return written;
} }

@ -4,7 +4,8 @@
void fmt_to_array(size_t (*func)(char*,const char*,size_t), void fmt_to_array(size_t (*func)(char*,const char*,size_t),
array* a,const char* src,size_t len) { array* a,const char* src,size_t len) {
size_t needed=func(0,src,len); size_t needed=func(0,src,len);
if (array_allocate(a,1,array_bytes(a)+needed-1)) { if (array_bytes(a)+needed>needed &&
array_allocate(a,1,array_bytes(a)+needed-1)) {
char* x=((char*)array_start(a))+array_bytes(a)-needed; char* x=((char*)array_start(a))+array_bytes(a)-needed;
func(x,src,len); func(x,src,len);
} else } else

@ -7,7 +7,8 @@ void fmt_tofrom_array(size_t (*func)(char*,const char*,size_t),
char* x; char* x;
if (array_failed(dest) || array_failed(src)) { array_fail(dest); return; } if (array_failed(dest) || array_failed(src)) { array_fail(dest); return; }
needed=func(0,array_start(src),array_bytes(src)); needed=func(0,array_start(src),array_bytes(src));
if (array_allocate(dest,1,array_bytes(dest)+needed-1)) { if (array_bytes(dest)+needed>needed &&
array_allocate(dest,1,array_bytes(dest)+needed-1)) {
x=((char*)array_start(dest))+array_bytes(dest)-needed; x=((char*)array_start(dest))+array_bytes(dest)-needed;
func(x,array_start(src),array_bytes(src)); func(x,array_start(src),array_bytes(src));
} else } else

@ -25,6 +25,8 @@ size_t fmt_urlencoded2(char* dest,const char* src,size_t len,const char* escapem
} else { } else {
if (dest) dest[written]=s[i]; ++written; if (dest) dest[written]=s[i]; ++written;
} }
/* in case someone gives us malicious input */
if (written>((size_t)-1)/2) return (size_t)-1;
} }
return written; return written;
} }

@ -11,6 +11,7 @@ size_t fmt_uuencoded(char* dest,const char* src,size_t len) {
register const unsigned char* s=(const unsigned char*) src; register const unsigned char* s=(const unsigned char*) src;
const char* orig=dest; const char* orig=dest;
size_t tmp; size_t tmp;
if (!dest) return len>((size_t)-1)/2?(size_t)-1:(len+2)/3*4;
while (len) { while (len) {
{ {
register unsigned int diff; register unsigned int diff;

@ -33,6 +33,8 @@ dontescape:
if (dest) dest[written]='\n'; ++written; linelen=0; if (dest) dest[written]='\n'; ++written; linelen=0;
} }
} }
/* in case someone gives us malicious input */
if (written>((size_t)-1)/2) return (size_t)-1;
} }
if (linelen) { if (linelen) {
if (dest) dest[written]='\n'; ++written; linelen=0; if (dest) dest[written]='\n'; ++written; linelen=0;

Loading…
Cancel
Save