From 7423408cd33e4bab71b1ee5bef4dadd0eb05e7cd Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Tue, 19 Sep 2017 18:45:23 +0200 Subject: [PATCH] Make the behavior of hex2bin() consistent with base642bin() Return -1 on incomplete sequences and on complete sequences with trailing, non-ignored characters if no pointers to store the last parsed byte has been provided --- src/libsodium/sodium/codecs.c | 20 +++++++++---- test/default/sodium_utils.c | 55 ++++++++++++++++++++++++++--------- test/default/sodium_utils.exp | 1 + 3 files changed, 57 insertions(+), 19 deletions(-) diff --git a/src/libsodium/sodium/codecs.c b/src/libsodium/sodium/codecs.c index bea0b919..52570e1c 100644 --- a/src/libsodium/sodium/codecs.c +++ b/src/libsodium/sodium/codecs.c @@ -82,13 +82,18 @@ sodium_hex2bin(unsigned char *const bin, const size_t bin_maxlen, } if (state != 0U) { hex_pos--; - } - if (hex_end != NULL) { - *hex_end = &hex[hex_pos]; + errno = EINVAL; + ret = -1; } if (ret != 0) { bin_pos = (size_t) 0U; } + if (hex_end != NULL) { + *hex_end = &hex[hex_pos]; + } else if (hex_pos != hex_len) { + errno = EINVAL; + ret = -1; + } if (bin_len != NULL) { *bin_len = bin_pos; } @@ -303,11 +308,14 @@ sodium_base642bin(unsigned char * const bin, const size_t bin_maxlen, b64_pos++; } } + if (b64_end != NULL) { + *b64_end = &b64[b64_pos]; + } else if (b64_pos != b64_len) { + errno = EINVAL; + ret = -1; + } if (bin_len != NULL) { *bin_len = bin_pos; } - if (b64_end != NULL) { - *b64_end = &b64[b64_pos]; - } return ret; } diff --git a/test/default/sodium_utils.c b/test/default/sodium_utils.c index 05641883..0eafd60c 100644 --- a/test/default/sodium_utils.c +++ b/test/default/sodium_utils.c @@ -68,19 +68,38 @@ main(void) printf("dt3: %ld\n", (long) (hex_end - hex)); hex = "de:ad:be:eff"; - if (sodium_hex2bin(buf1, sizeof buf1, hex, 12U, ":", &bin_len, &hex_end) != - 0) { + if (sodium_hex2bin(buf1, sizeof buf1, hex, 12U, ":", + &bin_len, &hex_end) != -1) { printf("sodium_hex2bin() with an odd input length\n"); } printf("dt4: %ld\n", (long) (hex_end - hex)); hex = "de:ad:be:eff"; - if (sodium_hex2bin(buf1, sizeof buf1, hex, 13U, ":", &bin_len, &hex_end) != - 0) { - printf("sodium_hex2bin() with an odd input length\n"); + if (sodium_hex2bin(buf1, sizeof buf1, hex, 13U, ":", + &bin_len, &hex_end) != -1) { + printf("sodium_hex2bin() with an odd input length (2)\n"); } printf("dt5: %ld\n", (long) (hex_end - hex)); + hex = "de:ad:be:eff"; + if (sodium_hex2bin(buf1, sizeof buf1, hex, 12U, ":", + &bin_len, NULL) != -1) { + printf("sodium_hex2bin() with an odd input length and no end pointer\n"); + } + + hex = "de:ad:be:ef*"; + if (sodium_hex2bin(buf1, sizeof buf1, hex, 12U, ":", + &bin_len, &hex_end) != 0) { + printf("sodium_hex2bin() with an extra character and an end pointer\n"); + } + printf("dt6: %ld\n", (long) (hex_end - hex)); + + hex = "de:ad:be:ef*"; + if (sodium_hex2bin(buf1, sizeof buf1, hex, 12U, ":", + &bin_len, NULL) != -1) { + printf("sodium_hex2bin() with an extra character and no end pointer\n"); + } + printf("%s\n", sodium_bin2base64(buf3, 31U, (const unsigned char *) "\xfb\xf0\xf1" "0123456789ABCDEFab", 21U, sodium_base64_VARIANT_ORIGINAL)); @@ -134,23 +153,33 @@ main(void) assert(*b64_end == 0); memset(buf1, '*', sizeof buf1); - sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), NULL, &bin_len, - &b64_end, sodium_base64_VARIANT_ORIGINAL); + assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), NULL, &bin_len, + &b64_end, sodium_base64_VARIANT_ORIGINAL) == 0); buf1[bin_len] = 0; printf("[%s]\n", (const char *) buf1); printf("[%s]\n", b64_end); assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), NULL, NULL, - NULL, sodium_base64_VARIANT_ORIGINAL) == 0); + &b64_end, sodium_base64_VARIANT_ORIGINAL) == 0); + assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), NULL, NULL, + &b64_end, sodium_base64_VARIANT_ORIGINAL_NO_PADDING) == 0); + assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), " \r\n", NULL, + &b64_end, sodium_base64_VARIANT_ORIGINAL_NO_PADDING) == 0); + assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), NULL, NULL, + &b64_end, sodium_base64_VARIANT_URLSAFE_NO_PADDING) == 0); + assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), " \r\n", NULL, + &b64_end, sodium_base64_VARIANT_URLSAFE_NO_PADDING) == 0); assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), NULL, NULL, - NULL, sodium_base64_VARIANT_ORIGINAL_NO_PADDING) == 0); - assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), " \r\n", NULL, - NULL, sodium_base64_VARIANT_ORIGINAL_NO_PADDING) == 0); + NULL, sodium_base64_VARIANT_ORIGINAL) == -1); assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), NULL, NULL, - NULL, sodium_base64_VARIANT_URLSAFE_NO_PADDING) == 0); + NULL, sodium_base64_VARIANT_ORIGINAL_NO_PADDING) == -1); assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), " \r\n", NULL, - NULL, sodium_base64_VARIANT_URLSAFE_NO_PADDING) == 0); + NULL, sodium_base64_VARIANT_ORIGINAL_NO_PADDING) == -1); + assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), NULL, NULL, + NULL, sodium_base64_VARIANT_URLSAFE_NO_PADDING) == -1); + assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), " \r\n", NULL, + NULL, sodium_base64_VARIANT_URLSAFE_NO_PADDING) == -1); assert(sodium_base642bin(NULL, (size_t) 10U, "a=", (size_t) 2U, NULL, NULL, NULL, sodium_base64_VARIANT_URLSAFE) == -1); diff --git a/test/default/sodium_utils.exp b/test/default/sodium_utils.exp index 233dc687..58d054e0 100644 --- a/test/default/sodium_utils.exp +++ b/test/default/sodium_utils.exp @@ -11,6 +11,7 @@ dt2: 2 dt3: 11 dt4: 11 dt5: 11 +dt6: 11 +/DxMDEyMzQ1Njc4OUFCQ0RFRmFi +/DxMDEyMzQ1Njc4OUFCQ0RFRmFiYw -_DxMDEyMzQ1Njc4OUFCQ0RFRmFi