diff options
-rw-r--r-- | bin/gensquashfs/src/sort_by_file.c | 28 | ||||
-rw-r--r-- | include/util/parse.h | 6 | ||||
-rw-r--r-- | lib/common/src/parse_size.c | 42 | ||||
-rw-r--r-- | lib/tar/src/pax_header.c | 60 | ||||
-rw-r--r-- | lib/util/Makemodule.am | 8 | ||||
-rw-r--r-- | lib/util/src/parse_int.c | 89 | ||||
-rw-r--r-- | lib/util/test/parse_int.c | 78 |
7 files changed, 224 insertions, 87 deletions
diff --git a/bin/gensquashfs/src/sort_by_file.c b/bin/gensquashfs/src/sort_by_file.c index f543767..1ca5aa7 100644 --- a/bin/gensquashfs/src/sort_by_file.c +++ b/bin/gensquashfs/src/sort_by_file.c @@ -9,27 +9,14 @@ static int decode_priority(const char *filename, size_t line_no, char *line, sqfs_s64 *priority) { - bool negative = false; - size_t i = 0; + size_t i; + int ret; - if (line[0] == '-') { - negative = true; - i = 1; - } - - if (!isdigit(line[i])) + ret = parse_int(line, strlen(line), &i, 0, 0, priority); + if (ret == SQFS_ERROR_CORRUPTED) goto fail_number; - - *priority = 0; - - for (; isdigit(line[i]); ++i) { - sqfs_s64 x = line[i] - '0'; - - if ((*priority) >= ((0x7FFFFFFFFFFFFFFFL - x) / 10L)) - goto fail_ov; - - (*priority) = (*priority) * 10 + x; - } + if (ret != 0) + goto fail_ov; if (!isspace(line[i])) goto fail_filename; @@ -40,9 +27,6 @@ static int decode_priority(const char *filename, size_t line_no, if (line[i] == '\0') goto fail_filename; - if (negative) - (*priority) = -(*priority); - memmove(line, line + i, strlen(line + i) + 1); return 0; fail_number: diff --git a/include/util/parse.h b/include/util/parse.h index e132d6b..20b4cb7 100644 --- a/include/util/parse.h +++ b/include/util/parse.h @@ -66,6 +66,12 @@ SQFS_INTERNAL void trim(char *buffer); SQFS_INTERNAL int istream_get_line(sqfs_istream_t *strm, char **out, size_t *line_num, int flags); +SQFS_INTERNAL int parse_int(const char *in, size_t len, size_t *diff, + sqfs_s64 vmin, sqfs_s64 vmax, sqfs_s64 *out); + +SQFS_INTERNAL int parse_uint(const char *in, size_t len, size_t *diff, + sqfs_u64 vmin, sqfs_u64 vmax, sqfs_u64 *out); + /** * @brief Split a line of special character separated tokens * diff --git a/lib/common/src/parse_size.c b/lib/common/src/parse_size.c index 3e79a19..d240d19 100644 --- a/lib/common/src/parse_size.c +++ b/lib/common/src/parse_size.c @@ -5,6 +5,7 @@ * Copyright (C) 2019 David Oberhollenzer <goliath@infraroot.at> */ #include "common.h" +#include "util/parse.h" #include <ctype.h> #include <limits.h> @@ -12,49 +13,45 @@ int parse_size(const char *what, size_t *out, const char *str, size_t reference) { - const char *in = str; - size_t acc = 0, x; + sqfs_u64 val; + size_t diff; + int ret; - if (!isdigit(*in)) + ret = parse_uint(str, -1, &diff, 0, SIZE_MAX, &val); + if (ret == SQFS_ERROR_OVERFLOW) + goto fail_ov; + if (ret != 0) goto fail_nan; - while (isdigit(*in)) { - x = *(in++) - '0'; + *out = val; - if (SZ_MUL_OV(acc, 10, &acc)) - goto fail_ov; - - if (SZ_ADD_OV(acc, x, &acc)) - goto fail_ov; - } - - switch (*in) { + switch (str[diff]) { case 'k': case 'K': - if (SZ_MUL_OV(acc, 1024, &acc)) + if (SZ_MUL_OV(*out, 1024, out)) goto fail_ov; - ++in; + ++diff; break; case 'm': case 'M': - if (SZ_MUL_OV(acc, 1048576, &acc)) + if (SZ_MUL_OV(*out, 1048576, out)) goto fail_ov; - ++in; + ++diff; break; case 'g': case 'G': - if (SZ_MUL_OV(acc, 1073741824, &acc)) + if (SZ_MUL_OV(*out, 1073741824, out)) goto fail_ov; - ++in; + ++diff; break; case '%': if (reference == 0) goto fail_suffix; - if (SZ_MUL_OV(acc, reference, &acc)) + if (SZ_MUL_OV(*out, reference, out)) goto fail_ov; - acc /= 100; + *out /= 100; break; case '\0': break; @@ -62,10 +59,9 @@ int parse_size(const char *what, size_t *out, const char *str, goto fail_suffix; } - if (*in != '\0') + if (str[diff] != '\0') goto fail_suffix; - *out = acc; return 0; fail_nan: fprintf(stderr, "%s: '%s' is not a number.\n", what, str); diff --git a/lib/tar/src/pax_header.c b/lib/tar/src/pax_header.c index 5ed9c4b..997880e 100644 --- a/lib/tar/src/pax_header.c +++ b/lib/tar/src/pax_header.c @@ -8,27 +8,11 @@ #include "internal.h" #include "sqfs/xattr.h" +#include "util/parse.h" #include <ctype.h> #include <string.h> #include <stdlib.h> -static int pax_read_decimal(const char *str, sqfs_u64 *out) -{ - sqfs_u64 result = 0; - - while (*str >= '0' && *str <= '9') { - if (result > 0xFFFFFFFFFFFFFFFFUL / 10) { - fputs("numeric overflow parsing pax header\n", stderr); - return -1; - } - - result = (result * 10) + (*(str++) - '0'); - } - - *out = result; - return 0; -} - static void urldecode(char *str) { unsigned char *out = (unsigned char *)str; @@ -95,6 +79,7 @@ static int pax_slink(tar_header_decoded_t *out, char *path) static int pax_sparse_map(tar_header_decoded_t *out, const char *line) { sparse_map_t *last = NULL, *list = NULL, *ent = NULL; + size_t diff; free_sparse_list(out->sparse); out->sparse = NULL; @@ -104,20 +89,17 @@ static int pax_sparse_map(tar_header_decoded_t *out, const char *line) if (ent == NULL) goto fail_errno; - if (pax_read_decimal(line, &ent->offset)) + if (parse_uint(line, -1, &diff, 0, 0, &ent->offset)) goto fail_format; - while (isdigit(*line)) - ++line; - - if (*(line++) != ',') + if (line[diff] != ',') goto fail_format; - if (pax_read_decimal(line, &ent->count)) + line += diff + 1; + if (parse_uint(line, -1, &diff, 0, 0, &ent->count)) goto fail_format; - while (isdigit(*line)) - ++line; + line += diff; if (last == NULL) { list = last = ent; @@ -242,23 +224,17 @@ static int apply_handler(tar_header_decoded_t *out, sqfs_xattr_t *xattr; sqfs_s64 s64val; sqfs_u64 uval; + size_t diff; char *copy; switch (field->type) { case PAX_TYPE_SINT: - if (value[0] == '-') { - if (pax_read_decimal(value + 1, &uval)) - return -1; - s64val = -((sqfs_s64)uval); - } else { - if (pax_read_decimal(value, &uval)) - return -1; - s64val = (sqfs_s64)uval; - } + if (parse_int(value, -1, &diff, 0, 0, &s64val)) + goto fail_numeric; return field->cb.sint(out, s64val); case PAX_TYPE_UINT: - if (pax_read_decimal(value, &uval)) - return -1; + if (parse_uint(value, -1, &diff, 0, 0, &uval)) + goto fail_numeric; return field->cb.uint(out, uval); case PAX_TYPE_CONST_STRING: return field->cb.cstr(out, value); @@ -291,6 +267,9 @@ static int apply_handler(tar_header_decoded_t *out, } return 0; +fail_numeric: + fputs("Malformed decimal value in pax header\n", stderr); + return -1; } int read_pax_header(sqfs_istream_t *fp, sqfs_u64 entsize, @@ -300,6 +279,7 @@ int read_pax_header(sqfs_istream_t *fp, sqfs_u64 entsize, sparse_map_t *sparse_last = NULL, *sparse; sqfs_u64 offset = 0, num_bytes = 0; const struct pax_handler_t *field; + size_t diff; long len; buffer = record_to_memory(fp, entsize); @@ -345,11 +325,11 @@ int read_pax_header(sqfs_istream_t *fp, sqfs_u64 entsize, *set_by_pax |= field->flag; } else if (!strcmp(key, "GNU.sparse.offset")) { - if (pax_read_decimal(value, &offset)) - goto fail; + if (parse_uint(value, -1, &diff, 0, 0, &offset)) + goto fail_malformed; } else if (!strcmp(key, "GNU.sparse.numbytes")) { - if (pax_read_decimal(value, &num_bytes)) - goto fail; + if (parse_uint(value, -1, &diff, 0, 0, &num_bytes)) + goto fail_malformed; sparse = calloc(1, sizeof(*sparse)); if (sparse == NULL) goto fail_errno; diff --git a/lib/util/Makemodule.am b/lib/util/Makemodule.am index 6386066..9b2065a 100644 --- a/lib/util/Makemodule.am +++ b/lib/util/Makemodule.am @@ -9,7 +9,8 @@ libutil_a_SOURCES = include/util/util.h include/util/str_table.h \ lib/util/src/canonicalize_name.c lib/util/src/filename_sane.c \ lib/util/src/source_date_epoch.c lib/util/src/file_cmp.c \ lib/util/src/hex_decode.c lib/util/src/base64_decode.c \ - lib/util/src/get_line.c lib/util/src/split_line.c + lib/util/src/get_line.c lib/util/src/split_line.c \ + lib/util/src/parse_int.c libutil_a_CFLAGS = $(AM_CFLAGS) libutil_a_CPPFLAGS = $(AM_CPPFLAGS) @@ -83,11 +84,14 @@ test_get_line_LDADD = libutil.a libio.a libcompat.a test_split_line_SOURCES = lib/util/test/split_line.c test_split_line_LDADD = libutil.a libcompat.a +test_parse_int_SOURCES = lib/util/test/parse_int.c +test_parse_int_LDADD = libutil.a libcompat.a + LIBUTIL_TESTS = \ test_str_table test_rbtree test_xxhash test_threadpool test_ismemzero \ test_canonicalize_name test_filename_sane test_filename_sane_w32 \ test_sdate_epoch test_hex_decode test_base64_decode test_get_line \ - test_split_line + test_split_line test_parse_int check_PROGRAMS += $(LIBUTIL_TESTS) TESTS += $(LIBUTIL_TESTS) diff --git a/lib/util/src/parse_int.c b/lib/util/src/parse_int.c new file mode 100644 index 0000000..1bca528 --- /dev/null +++ b/lib/util/src/parse_int.c @@ -0,0 +1,89 @@ +/* SPDX-License-Identifier: LGPL-3.0-or-later */ +/* + * alloc.c + * + * Copyright (C) 2019 David Oberhollenzer <goliath@infraroot.at> + */ +#include "config.h" + +#include "util/parse.h" +#include "sqfs/error.h" + +#include <ctype.h> + +int parse_uint(const char *in, size_t len, size_t *diff, + sqfs_u64 vmin, sqfs_u64 vmax, sqfs_u64 *out) +{ + /* init result */ + if (diff != NULL) + *diff = 0; + *out = 0; + + /* sequence has at least 1 digit */ + if (len == 0 || !isdigit(*in)) + return SQFS_ERROR_CORRUPTED; + + /* parse sequence */ + while (len > 0 && isdigit(*in)) { + sqfs_u64 x = *(in++) - '0'; + --len; + + if (diff != NULL) + ++(*diff); + + if ((*out) >= (0xFFFFFFFFFFFFFFFFULL / 10ULL)) + return SQFS_ERROR_OVERFLOW; + + (*out) *= 10; + + if ((*out) > (0xFFFFFFFFFFFFFFFFULL - x)) + return SQFS_ERROR_OVERFLOW; + + (*out) += x; + } + + /* range check */ + if ((vmin != vmax) && ((*out < vmin) || (*out > vmax))) + return SQFS_ERROR_OUT_OF_BOUNDS; + + /* if diff is not used, entire must have been processed */ + if (diff == NULL && (len > 0 && *in != '\0')) + return SQFS_ERROR_CORRUPTED; + + return 0; +} + + +int parse_int(const char *in, size_t len, size_t *diff, + sqfs_s64 vmin, sqfs_s64 vmax, sqfs_s64 *out) +{ + bool negative = false; + sqfs_u64 temp; + int ret; + + if (len > 0 && *in == '-') { + ++in; + --len; + negative = true; + } + + ret = parse_uint(in, len, diff, 0, 0, &temp); + if (ret) + return ret; + + if (temp >= 0x7FFFFFFFFFFFFFFFULL) + return SQFS_ERROR_OVERFLOW; + + if (negative) { + if (diff != NULL) + (*diff) += 1; + *out = -((sqfs_s64)temp); + } else { + *out = (sqfs_s64)temp; + } + + if (vmin != vmax && ((*out < vmin) || (*out > vmax))) + return SQFS_ERROR_OUT_OF_BOUNDS; + + return 0; +} diff --git a/lib/util/test/parse_int.c b/lib/util/test/parse_int.c new file mode 100644 index 0000000..2bd5a7c --- /dev/null +++ b/lib/util/test/parse_int.c @@ -0,0 +1,78 @@ +/* SPDX-License-Identifier: GPL-3.0-or-later */ +/* + * parse_int.c + * + * Copyright (C) 2019 David Oberhollenzer <goliath@infraroot.at> + */ +#include "config.h" +#include "util/parse.h" +#include "util/test.h" +#include "sqfs/error.h" + +int main(int argc, char **argv) +{ + sqfs_s64 s_out; + sqfs_u64 out; + size_t diff; + int ret; + (void)argc; (void)argv; + + /* must begin with a digit */ + ret = parse_uint("a1234", -1, &diff, 0, 0, &out); + TEST_EQUAL_I(ret, SQFS_ERROR_CORRUPTED); + + /* can end with a non-digit... */ + ret = parse_uint("1234a", -1, &diff, 0, 0, &out); + TEST_EQUAL_I(ret, 0); + TEST_EQUAL_UI(out, 1234); + TEST_EQUAL_UI(diff, 4); + + /* ...unless diff is NULL */ + ret = parse_uint("1234a", -1, NULL, 0, 0, &out); + TEST_EQUAL_I(ret, SQFS_ERROR_CORRUPTED); + + /* numeric overflow is cought */ + ret = parse_uint("18446744073709551616", -1, NULL, 0, 0, &out); + TEST_EQUAL_I(ret, SQFS_ERROR_OVERFLOW); + + /* buffer length is adherered to */ + ret = parse_uint("18446744073709551616", 5, NULL, 0, 0, &out); + TEST_EQUAL_I(ret, 0); + TEST_EQUAL_UI(out, 18446); + + ret = parse_uint("18446744073709551616", 5, &diff, 0, 0, &out); + TEST_EQUAL_I(ret, 0); + TEST_EQUAL_UI(diff, 5); + TEST_EQUAL_UI(out, 18446); + + /* if vmin/vmax differ, check the range */ + ret = parse_uint("1234", -1, NULL, 0, 1000, &out); + TEST_EQUAL_I(ret, SQFS_ERROR_OUT_OF_BOUNDS); + + ret = parse_uint("1234", -1, NULL, 0, 2000, &out); + TEST_EQUAL_I(ret, 0); + TEST_EQUAL_UI(out, 1234); + + ret = parse_uint("1234", -1, NULL, 2000, 3000, &out); + TEST_EQUAL_I(ret, SQFS_ERROR_OUT_OF_BOUNDS); + + /* int version accepts '-' prefix */ + ret = parse_int("1234", -1, NULL, 0, 0, &s_out); + TEST_EQUAL_I(ret, 0); + TEST_EQUAL_I(s_out, 1234); + + ret = parse_int("-1234", -1, NULL, 0, 0, &s_out); + TEST_EQUAL_I(ret, 0); + TEST_EQUAL_I(s_out, -1234); + + ret = parse_int("- 1234", -1, NULL, 0, 0, &s_out); + TEST_EQUAL_I(ret, SQFS_ERROR_CORRUPTED); + + ret = parse_int("+1234", -1, NULL, 0, 0, &s_out); + TEST_EQUAL_I(ret, SQFS_ERROR_CORRUPTED); + + ret = parse_int("-1234", -1, NULL, -1000, 1000, &s_out); + TEST_EQUAL_I(ret, SQFS_ERROR_OUT_OF_BOUNDS); + + return EXIT_SUCCESS; +} |