Commit c6c21cf1 authored by sigiesec's avatar sigiesec Committed by Luca Boccassi

Problem: zmq_z85_decode does not validate its input (#2322)

* Problem: zmq_z85_decode does not validate its input
Solution: added checks for invalid characters and overflows

* Added tests, added further check for range overflow, removed (multiple) calls to strlen

* Problem: gcc fails to build
Solution: added missing include directive

* Added VS2015 test_utils_z85 project

* Fixed indentation and copyright notice

* Resolved garbage from merge

* Revert "Added VS2015 test_utils_z85 project"

This reverts commit c58b3c664c144326e77135aa1184b6f0dee11143.

* Problem: test calls zmq_z85_decode with a NULL dest
Solution: call zmq_z85_decode with a properly sized buffer

* Problem: tests for zmq_z85_* scattered over two files
Solution: merged files

* Removed reference to removed test file from CMakeLists.txt

* Problem: Missing include directive to stdint.h
Solution: Added include directive

* Define __STDC_LIMIT_MACROS before including stdint.h

* Problem: Wrong variable is checked for invalid character marker
Solution: Use correct variable
parent 673bb506
...@@ -27,6 +27,8 @@ ...@@ -27,6 +27,8 @@
along with this program. If not, see <http://www.gnu.org/licenses/>. along with this program. If not, see <http://www.gnu.org/licenses/>.
*/ */
#define __STDC_LIMIT_MACROS
#include "precompiled.hpp" #include "precompiled.hpp"
#include "macros.hpp" #include "macros.hpp"
...@@ -36,6 +38,7 @@ ...@@ -36,6 +38,7 @@
#include "atomic_counter.hpp" #include "atomic_counter.hpp"
#include "atomic_ptr.hpp" #include "atomic_ptr.hpp"
#include <assert.h> #include <assert.h>
#include <stdint.h>
#if !defined ZMQ_HAVE_WINDOWS #if !defined ZMQ_HAVE_WINDOWS
#include <unistd.h> #include <unistd.h>
...@@ -97,19 +100,20 @@ static char encoder [85 + 1] = { ...@@ -97,19 +100,20 @@ static char encoder [85 + 1] = {
// Maps base 85 to base 256 // Maps base 85 to base 256
// We chop off lower 32 and higher 128 ranges // We chop off lower 32 and higher 128 ranges
// 0xFF denotes invalid characters within this range
static uint8_t decoder [96] = { static uint8_t decoder [96] = {
0x00, 0x44, 0x00, 0x54, 0x53, 0x52, 0x48, 0x00, 0xFF, 0x44, 0xFF, 0x54, 0x53, 0x52, 0x48, 0xFF,
0x4B, 0x4C, 0x46, 0x41, 0x00, 0x3F, 0x3E, 0x45, 0x4B, 0x4C, 0x46, 0x41, 0xFF, 0x3F, 0x3E, 0x45,
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x40, 0x00, 0x49, 0x42, 0x4A, 0x47, 0x08, 0x09, 0x40, 0xFF, 0x49, 0x42, 0x4A, 0x47,
0x51, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x51, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A,
0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32,
0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A,
0x3B, 0x3C, 0x3D, 0x4D, 0x00, 0x4E, 0x43, 0x00, 0x3B, 0x3C, 0x3D, 0x4D, 0xFF, 0x4E, 0x43, 0xFF,
0x00, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0xFF, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10,
0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20,
0x21, 0x22, 0x23, 0x4F, 0x00, 0x50, 0x00, 0x00 0x21, 0x22, 0x23, 0x4F, 0xFF, 0x50, 0xFF, 0xFF
}; };
// -------------------------------------------------------------------------- // --------------------------------------------------------------------------
...@@ -154,17 +158,27 @@ char *zmq_z85_encode (char *dest, const uint8_t *data, size_t size) ...@@ -154,17 +158,27 @@ char *zmq_z85_encode (char *dest, const uint8_t *data, size_t size)
uint8_t *zmq_z85_decode (uint8_t *dest, const char *string) uint8_t *zmq_z85_decode (uint8_t *dest, const char *string)
{ {
if (strlen (string) % 5 != 0) {
errno = EINVAL;
return NULL;
}
unsigned int byte_nbr = 0; unsigned int byte_nbr = 0;
unsigned int char_nbr = 0; unsigned int char_nbr = 0;
size_t string_len = strlen (string);
uint32_t value = 0; uint32_t value = 0;
while (char_nbr < string_len) { while (string[char_nbr]) {
// Accumulate value in base 85 // Accumulate value in base 85
value = value * 85 + decoder [(uint8_t) string [char_nbr++] - 32]; if (UINT32_MAX / 85 < value) {
// Invalid z85 encoding, represented value exceeds 0xffffffff
goto error_inval;
}
value *= 85;
uint8_t index = string [char_nbr++] - 32;
if (index >= sizeof(decoder)) {
// Invalid z85 encoding, character outside range
goto error_inval;
}
uint32_t summand = decoder [index];
if (summand == 0xFF || summand > (UINT32_MAX - value)) {
// Invalid z85 encoding, invalid character or represented value exceeds 0xffffffff
goto error_inval;
}
value += summand;
if (char_nbr % 5 == 0) { if (char_nbr % 5 == 0) {
// Output value in base 256 // Output value in base 256
unsigned int divisor = 256 * 256 * 256; unsigned int divisor = 256 * 256 * 256;
...@@ -175,8 +189,15 @@ uint8_t *zmq_z85_decode (uint8_t *dest, const char *string) ...@@ -175,8 +189,15 @@ uint8_t *zmq_z85_decode (uint8_t *dest, const char *string)
value = 0; value = 0;
} }
} }
if (char_nbr % 5 != 0) {
goto error_inval;
}
assert (byte_nbr == strlen (string) * 4 / 5); assert (byte_nbr == strlen (string) * 4 / 5);
return dest; return dest;
error_inval:
errno = EINVAL;
return NULL;
} }
// -------------------------------------------------------------------------- // --------------------------------------------------------------------------
......
...@@ -70,14 +70,51 @@ void test__zmq_z85_decode__valid__success () ...@@ -70,14 +70,51 @@ void test__zmq_z85_decode__valid__success ()
assert (memcmp (out_decoded, expected, size) == 0); assert (memcmp (out_decoded, expected, size) == 0);
} }
// String length must be evenly divisible by 5 or must fail with EINVAL. // Invalid input data must fail with EINVAL.
void test__zmq_z85_decode__invalid__failure (const char *encoded) template<size_t SIZE>
void test__zmq_z85_decode__invalid__failure (const char (&encoded)[SIZE])
{ {
uint8_t decoded[SIZE * 4 / 5 + 1];
errno = 0; errno = 0;
assert (zmq_z85_decode(NULL, encoded) == NULL); assert (zmq_z85_decode(decoded, encoded) == NULL);
assert (zmq_errno () == EINVAL); assert (zmq_errno () == EINVAL);
} }
// call zmq_z85_encode, then zmq_z85_decode, and compare the results with the original
template<size_t SIZE>
void test__zmq_z85_encode__zmq_z85_decode__roundtrip(const uint8_t (&test_data)[SIZE])
{
char test_data_z85[SIZE * 5 / 4 + 1];
char *res1 = zmq_z85_encode(test_data_z85, test_data, SIZE);
assert(res1 != NULL);
uint8_t test_data_decoded[SIZE];
uint8_t *res2 = zmq_z85_decode(test_data_decoded, test_data_z85);
assert(res2 != NULL);
int res3 = memcmp(test_data, test_data_decoded, SIZE);
assert(res3 == 0);
}
// call zmq_z85_encode, then zmq_z85_decode, and compare the results with the original
template<size_t SIZE>
void test__zmq_z85_decode__zmq_z85_encode__roundtrip(const char (&test_data)[SIZE])
{
const size_t decoded_size = (SIZE - 1) * 4 / 5;
uint8_t test_data_decoded[decoded_size];
uint8_t *res1 = zmq_z85_decode(test_data_decoded, test_data);
assert(res1 != NULL);
char test_data_z85[SIZE];
char *res2 = zmq_z85_encode(test_data_z85, test_data_decoded, decoded_size);
assert(res2 != NULL);
int res3 = memcmp(test_data, test_data_z85, SIZE);
assert(res3 == 0);
}
int main (void) int main (void)
{ {
test__zmq_z85_encode__valid__success (); test__zmq_z85_encode__valid__success ();
...@@ -85,8 +122,41 @@ int main (void) ...@@ -85,8 +122,41 @@ int main (void)
test__zmq_z85_encode__invalid__failure (42); test__zmq_z85_encode__invalid__failure (42);
test__zmq_z85_decode__valid__success (); test__zmq_z85_decode__valid__success ();
// String length must be evenly divisible by 5 or must fail with EINVAL.
test__zmq_z85_decode__invalid__failure ("01234567"); test__zmq_z85_decode__invalid__failure ("01234567");
test__zmq_z85_decode__invalid__failure ("0"); test__zmq_z85_decode__invalid__failure ("0");
// decode invalid data with the maximum representable value
test__zmq_z85_decode__invalid__failure ("#####");
// decode invalid data with the minimum value beyond the limit
// "%nSc0" is 0xffffffff
test__zmq_z85_decode__invalid__failure ("%nSc1");
// decode invalid data with an invalid character in the range of valid
// characters
test__zmq_z85_decode__invalid__failure ("####\0047");
// decode invalid data with an invalid character just below the range of valid
// characters
test__zmq_z85_decode__invalid__failure ("####\0200");
// decode invalid data with an invalid character just above the range of valid
// characters
test__zmq_z85_decode__invalid__failure ("####\0037");
// round-trip encoding and decoding with minimum value
{
const uint8_t test_data[] = {0x00, 0x00, 0x00, 0x00};
test__zmq_z85_encode__zmq_z85_decode__roundtrip(test_data);
}
// round-trip encoding and decoding with maximum value
{
const uint8_t test_data[] = {0xff, 0xff, 0xff, 0xff};
test__zmq_z85_encode__zmq_z85_decode__roundtrip(test_data);
}
test__zmq_z85_decode__zmq_z85_encode__roundtrip("r^/rM9M=rMToK)63O8dCvd9D<PY<7iGlC+{BiSnG");
return 0; return 0;
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment