diff options
-rw-r--r-- | bin/gensquashfs/filemap_xattr.c | 86 | ||||
-rw-r--r-- | include/util/util.h | 3 | ||||
-rw-r--r-- | lib/tar/pax_header.c | 62 | ||||
-rw-r--r-- | lib/util/Makemodule.am | 1 | ||||
-rw-r--r-- | lib/util/base64_decode.c | 103 | ||||
-rw-r--r-- | tests/libutil/Makemodule.am | 5 | ||||
-rw-r--r-- | tests/libutil/base64_decode.c | 74 |
7 files changed, 202 insertions, 132 deletions
diff --git a/bin/gensquashfs/filemap_xattr.c b/bin/gensquashfs/filemap_xattr.c index 059ce81..0b73d36 100644 --- a/bin/gensquashfs/filemap_xattr.c +++ b/bin/gensquashfs/filemap_xattr.c @@ -11,25 +11,6 @@ #define NEW_FILE_START "# file: " // Taken from attr-2.5.1/tools/setfattr.c -static int -base64_digit(char c) { - if (c >= 'A' && c <= 'Z') - return c - 'A'; - else if (c >= 'a' && c <= 'z') - return 26 + c - 'a'; - else if (c >= '0' && c <= '9') - return 52 + c - '0'; - else if (c == '+') - return 62; - else if (c == '/') - return 63; - else if (c == '=') - return -2; - else - return -1; -} - -// Taken from attr-2.5.1/tools/setfattr.c static char * decode(const char *value, size_t *size) { char *decoded = NULL; @@ -50,71 +31,20 @@ decode(const char *value, size_t *size) { return NULL; } } else if (value[0] == '0' && (value[1] == 's' || value[1] == 'S')) { - const char *v = value + 2, *end = value + *size; - int d0, d1, d2, d3; - char *d; + size_t input_len = *size - 2; - decoded = realloc(decoded, *size / 4 * 3); + *size = (input_len / 4) * 3; + + decoded = realloc(decoded, *size); if (decoded == NULL) { return NULL; } - d = decoded; - for (;;) { - while (v < end && isspace(*v)) - v++; - if (v == end) { - d0 = d1 = d2 = d3 = -2; - break; - } - if (v + 4 > end) { - bad_base64_encoding: - free(decoded); - fprintf(stderr, "bad input encoding\n"); - return NULL; - } - d0 = base64_digit(*v++); - d1 = base64_digit(*v++); - d2 = base64_digit(*v++); - d3 = base64_digit(*v++); - if (d0 < 0 || d1 < 0 || d2 < 0 || d3 < 0) - break; - *d++ = (char)((d0 << 2) | (d1 >> 4)); - *d++ = (char)((d1 << 4) | (d2 >> 2)); - *d++ = (char)((d2 << 6) | d3); - } - if (d0 == -2) { - if (d1 != -2 || d2 != -2 || d3 != -2) - goto bad_base64_encoding; - goto base64_end; - } - if (d0 == -1 || d1 < 0 || d2 == -1 || d3 == -1) - goto bad_base64_encoding; - *d++ = (char)((d0 << 2) | (d1 >> 4)); - if (d2 != -2) - *d++ = (char)((d1 << 4) | (d2 >> 2)); - else { - if (d1 & 0x0F || d3 != -2) - goto bad_base64_encoding; - goto base64_end; - } - if (d3 != -2) - *d++ = (char)((d2 << 6) | d3); - else if (d2 & 0x03) - goto bad_base64_encoding; - base64_end: - while (v < end && isspace(*v)) - v++; - if (v + 4 <= end && *v == '=') { - if (*++v != '=' || *++v != '=' || *++v != '=') - goto bad_base64_encoding; - v++; + if (base64_decode(value + 2, input_len, decoded, size)) { + free(decoded); + fprintf(stderr, "bad input encoding\n"); + return NULL; } - while (v < end && isspace(*v)) - v++; - if (v < end) - goto bad_base64_encoding; - *size = d - decoded; } else { const char *v = value, *end = value + *size; char *d; diff --git a/include/util/util.h b/include/util/util.h index 787580c..cd32887 100644 --- a/include/util/util.h +++ b/include/util/util.h @@ -80,4 +80,7 @@ SQFS_INTERNAL int check_file_range_equal(sqfs_file_t *file, void *scratch, SQFS_INTERNAL int hex_decode(const char *in, size_t in_sz, sqfs_u8 *out, size_t out_sz); +SQFS_INTERNAL int base64_decode(const char *in, size_t in_len, + sqfs_u8 *out, size_t *out_len); + #endif /* SQFS_UTIL_H */ diff --git a/lib/tar/pax_header.c b/lib/tar/pax_header.c index cc2f2b0..b61aab6 100644 --- a/lib/tar/pax_header.c +++ b/lib/tar/pax_header.c @@ -11,56 +11,6 @@ #include <string.h> #include <stdlib.h> -static sqfs_u8 base64_convert(char in) -{ - if (isupper(in)) - return in - 'A'; - if (islower(in)) - return in - 'a' + 26; - if (isdigit(in)) - return in - '0' + 52; - if (in == '+') - return 62; - if (in == '/' || in == '-') - return 63; - return 0; -} - -static size_t base64_decode(sqfs_u8 *out, const char *in, size_t len) -{ - sqfs_u8 *start = out; - - while (len > 0) { - unsigned int diff = 0, value = 0; - - while (diff < 4 && len > 0) { - if (*in == '=' || *in == '_' || *in == '\0') { - len = 0; - } else { - value = (value << 6) | base64_convert(*(in++)); - --len; - ++diff; - } - } - - if (diff < 2) - break; - - value <<= 6 * (4 - diff); - - switch (diff) { - case 4: out[2] = value & 0xff; /* fall-through */ - case 3: out[1] = (value >> 8) & 0xff; /* fall-through */ - default: out[0] = (value >> 16) & 0xff; - } - - out += (diff * 3) / 4; - } - - *out = '\0'; - return out - start; -} - static int pax_read_decimal(const char *str, sqfs_u64 *out) { sqfs_u64 result = 0; @@ -201,10 +151,16 @@ static int pax_xattr_schily(tar_header_decoded_t *out, static int pax_xattr_libarchive(tar_header_decoded_t *out, tar_xattr_t *xattr) { + int ret; + + ret = base64_decode((const char *)xattr->value, xattr->value_len, + xattr->value, &xattr->value_len); + if (ret) + return -1; + urldecode(xattr->key); - xattr->value_len = base64_decode(xattr->value, - (const char *)xattr->value, - xattr->value_len); + + xattr->value[xattr->value_len] = '\0'; xattr->next = out->xattr; out->xattr = xattr; return 0; diff --git a/lib/util/Makemodule.am b/lib/util/Makemodule.am index 4f1f0da..ec38b7a 100644 --- a/lib/util/Makemodule.am +++ b/lib/util/Makemodule.am @@ -15,6 +15,7 @@ libutil_a_SOURCES += lib/util/filename_sane.c libutil_a_SOURCES += lib/util/source_date_epoch.c libutil_a_SOURCES += lib/util/file_cmp.c libutil_a_SOURCES += lib/util/hex_decode.c +libutil_a_SOURCES += lib/util/base64_decode.c libutil_a_CFLAGS = $(AM_CFLAGS) libutil_a_CPPFLAGS = $(AM_CPPFLAGS) diff --git a/lib/util/base64_decode.c b/lib/util/base64_decode.c new file mode 100644 index 0000000..b1cf5b6 --- /dev/null +++ b/lib/util/base64_decode.c @@ -0,0 +1,103 @@ +/* SPDX-License-Identifier: GPL-3.0-or-later */ +/* + * base64_decode.c + * + * Copyright (C) 2022 David Oberhollenzer <goliath@infraroot.at> + */ +#include "config.h" +#include "util/util.h" +#include "util/test.h" + +#include <ctype.h> + +static int base64_digit(int c) +{ + if (isupper(c)) + return c - 'A'; + if (islower(c)) + return c - 'a' + 26; + if (isdigit(c)) + return c - '0' + 52; + if (c == '+') + return 62; + if (c == '/' || c == '-') + return 63; + return -1; +} + +int base64_decode(const char *in, size_t in_len, sqfs_u8 *out, size_t *out_len) +{ + int i1, i2, i3, i4; + size_t count = 0; + + while (in_len >= 4) { + i1 = base64_digit(*(in++)); + i2 = base64_digit(*(in++)); + i3 = *(in++); + i4 = *(in++); + in_len -= 4; + + if (i1 < 0 || i2 < 0 || count >= *out_len) + goto fail; + + out[count++] = (i1 << 2) | (i2 >> 4); + + if (i3 == '=' || i3 == '_') { + if ((i4 != '=' && i4 != '_') || in_len > 0) + goto fail; + break; + } + + i3 = base64_digit(i3); + if (i3 < 0 || count >= *out_len) + goto fail; + + out[count++] = ((i2 & 0x0F) << 4) | (i3 >> 2); + + if (i4 == '=' || i4 == '_') { + if (in_len > 0) + goto fail; + break; + } + + i4 = base64_digit(i4); + if (i4 < 0 || count >= *out_len) + goto fail; + + out[count++] = ((i3 & 0x3) << 6) | i4; + } + + /* libarchive has this bizarre bastardization of truncated base64 */ + if (in_len > 0) { + if (in_len == 1) + goto fail; + + i1 = base64_digit(*(in++)); + i2 = base64_digit(*(in++)); + in_len -= 2; + + if (i1 < 0 || i2 < 0 || count >= *out_len) + goto fail; + + out[count++] = (i1 << 2) | (i2 >> 4); + + if (in_len > 0) { + i3 = *(in++); + --in_len; + + if (i3 != '=' && i3 != '_') { + i3 = base64_digit(i3); + if (i3 < 0 || count >= *out_len) + goto fail; + + out[count++] = ((i2 & 0x0F) << 4) | (i3 >> 2); + } + } + } + + *out_len = count; + return 0; +fail: + *out_len = 0; + return -1; +} diff --git a/tests/libutil/Makemodule.am b/tests/libutil/Makemodule.am index 5a69de4..724af50 100644 --- a/tests/libutil/Makemodule.am +++ b/tests/libutil/Makemodule.am @@ -33,10 +33,13 @@ test_sdate_epoch_LDADD = libutil.a libcompat.a test_hex_decode_SOURCES = tests/libutil/hex_decode.c test_hex_decode_LDADD = libutil.a libcompat.a +test_base64_decode_SOURCES = tests/libutil/base64_decode.c +test_base64_decode_LDADD = libutil.a libcompat.a + LIBUTIL_TESTS = \ test_str_table test_rbtree test_xxhash test_threadpool test_ismemzero \ test_canonicalize_name test_filename_sane test_filename_sane_w32 \ - test_sdate_epoch test_hex_decode + test_sdate_epoch test_hex_decode test_base64_decode check_PROGRAMS += $(LIBUTIL_TESTS) TESTS += $(LIBUTIL_TESTS) diff --git a/tests/libutil/base64_decode.c b/tests/libutil/base64_decode.c new file mode 100644 index 0000000..8f22a86 --- /dev/null +++ b/tests/libutil/base64_decode.c @@ -0,0 +1,74 @@ +/* SPDX-License-Identifier: GPL-3.0-or-later */ +/* + * base64_decode.c + * + * Copyright (C) 2022 David Oberhollenzer <goliath@infraroot.at> + */ +#include "config.h" +#include "util/util.h" +#include "util/test.h" + +static const struct { + int result; + const char *in; + const char *out; +} test_vec[] = { + { 0, "", "" }, + { 0, "Zg", "f" }, + { 0, "Zg==", "f" }, + { 0, "Zm8=", "fo" }, + { 0, "Zm9v", "foo" }, + { 0, "Zm9vYg==", "foob" }, + { 0, "Zm9vYmE=", "fooba" }, + { 0, "Zm9vYmFy", "foobar" }, + { 0, "TGV0J3MgYWxsIGxvdmUgTGFpbiEK", "Let's all love Lain!\n" }, + { -1, "Zg==X", "XX" }, +}; + +int main(int argc, char **argv) +{ + sqfs_u8 buffer[256]; + size_t i, j; + (void)argc; (void)argv; + + for (i = 0; i < sizeof(test_vec) / sizeof(test_vec[0]); ++i) { + const size_t in_len = strlen(test_vec[i].in); + const size_t out_len = strlen(test_vec[i].out); + size_t real_out; + int ret; + + /* initialize the buffer */ + for (j = 0; j < sizeof(buffer); ++j) { + buffer[j] = (j % 2) ? 0xAA : 0x55; + } + + /* convert */ + real_out = sizeof(buffer); + ret = base64_decode(test_vec[i].in, in_len, buffer, &real_out); + + /* make sure pattern is un-touched after expected offset */ + j = (in_len / 4) * 3; + if (in_len % 4) + j += 3; + + for (; j < sizeof(buffer); ++j) { + TEST_ASSERT(buffer[j] == ((j % 2) ? 0xAA : 0x55)); + } + + /* check result */ + if (test_vec[i].result == 0) { + TEST_ASSERT(ret == 0); + TEST_EQUAL_UI(real_out, out_len); + ret = memcmp(buffer, test_vec[i].out, out_len); + TEST_ASSERT(ret == 0); + } else { + TEST_ASSERT(ret != 0); + TEST_EQUAL_UI(real_out, 0); + } + + fprintf(stderr, "CASE %lu OK\n", (unsigned long)i); + } + + return EXIT_SUCCESS; +} + |