[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CVS gsasl/lib/gl
From: |
gsasl-commit |
Subject: |
CVS gsasl/lib/gl |
Date: |
Sat, 27 Nov 2004 03:13:13 +0100 |
Update of /home/cvs/gsasl/lib/gl
In directory dopio:/tmp/cvs-serv4145/gl
Modified Files:
Makefile.am base64.c
Added Files:
xsize.h
Log Message:
Add.
--- /home/cvs/gsasl/lib/gl/Makefile.am 2004/11/26 00:38:22 1.12
+++ /home/cvs/gsasl/lib/gl/Makefile.am 2004/11/27 02:13:12 1.13
@@ -9,7 +9,7 @@
#
# Generated by gnulib-tool.
# Invoked as: gnulib-tool --import
-# Reproduce by: gnulib-tool --import --dir=. --lib=libgl --source-base=gl
--m4-base=gl/m4 --libtool --lgpl base64 dummy gettext stdbool strdup
+# Reproduce by: gnulib-tool --import --dir=. --lib=libgl --source-base=gl
--m4-base=gl/m4 --libtool --lgpl base64 dummy gettext stdbool strdup xsize
AUTOMAKE_OPTIONS = 1.5 gnits no-dependencies
@@ -64,5 +64,11 @@
## end gnulib module strdup
+## begin gnulib module xsize
+
+libgl_la_SOURCES += xsize.h
+
+## end gnulib module xsize
+
# Makefile.am ends here
--- /home/cvs/gsasl/lib/gl/base64.c 2004/11/26 00:57:42 1.2
+++ /home/cvs/gsasl/lib/gl/base64.c 2004/11/27 02:13:12 1.3
@@ -18,12 +18,22 @@
/* Portions adapted from GNU MailUtils, by Simon Josefsson. For more
information, see RFC 3548 <http://www.ietf.org/rfc/rfc3548.txt>. */
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
/* Get malloc. */
#include <stdlib.h>
+/* Get size_overflow_p etc. */
+#include "xsize.h"
+
/* Get prototype. */
#include "base64.h"
+/* C89 compliant way to cast 'const char *' to 'const unsigned char *'. */
+static inline const unsigned char *to_cucharp (const char *ch) { return ch; }
+
/* Base64 encode IN array of size INLEN into OUT array of size OUTLEN.
If OUTLEN is less than BASE64_LENGTH(INLEN), write as many bytes as
possible. If OUTLEN is larger than BASE64_LENGTH(INLEN), also zero
@@ -31,24 +41,25 @@
void
base64_encode (const char *in, size_t inlen, char *out, size_t outlen)
{
- const char *b64 =
+ const char b64[64] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
- const unsigned char *iptr = (const unsigned char *) in;
- unsigned char *optr = (unsigned char *) out;
+ const unsigned char *iptr = to_cucharp (in);
while (inlen && outlen)
{
- *optr++ = b64[iptr[0] >> 2];
+ *out++ = b64[iptr[0] >> 2];
if (!--outlen)
break;
- *optr++ = b64[((iptr[0] << 4) + (--inlen ? (iptr[1] >> 4) : 0)) & 0x3f];
+ *out++ = b64[((iptr[0] << 4) + (--inlen ? (iptr[1] >> 4) : 0)) & 0x3f];
if (!--outlen)
break;
- *optr++ = inlen ? b64[((iptr[1] << 2) +
- (--inlen ? (iptr[2] >> 6) : 0)) & 0x3f] : '=';
+ *out++ =
+ (inlen
+ ? b64[((iptr[1] << 2) + (--inlen ? (iptr[2] >> 6) : 0)) & 0x3f]
+ : '=');
if (!--outlen)
break;
- *optr++ = inlen ? b64[iptr[2] & 0x3f] : '=';
+ *out++ = inlen ? b64[iptr[2] & 0x3f] : '=';
if (!--outlen)
break;
if (inlen)
@@ -57,7 +68,7 @@
}
if (outlen)
- *optr = '\0';
+ *out = '\0';
}
/* Allocate a buffer and store zero terminated base64 encoded data
@@ -65,22 +76,26 @@
the length of the encoded data, excluding the terminating zero. On
return, the OUT variable will hold a pointer to newly allocated
memory that must be deallocated by the caller, or NULL on memory
- allocation failure. */
+ allocation failure. If output length would overflow, SIZE_MAX is
+ returned and OUT is undefined. */
size_t
base64_encode_alloc (const char *in, size_t inlen, char **out)
{
- size_t outlen;
+ size_t outlen = xsum (1, xtimes (xmax (inlen, inlen + 2) / 3, 4));
- outlen = BASE64_LENGTH (inlen);
- *out = malloc (outlen + 1);
- if (!*out)
- return outlen;
+ if (size_overflow_p (outlen))
+ return SIZE_MAX;
- base64_encode (in, inlen, *out, outlen + 1);
+ *out = malloc (outlen);
+ if (*out)
+ base64_encode (in, inlen, *out, outlen);
- return outlen;
+ return outlen - 1;
}
+/* C89 compliant way to cast 'char *' to 'unsigned char *'. */
+static inline unsigned char *to_ucharp (char *ch) { return ch; }
+
/* Decode base64 encoded input array IN of length INLEN to output
array OUT that can hold *OUTLEN bytes. Return true if decoding was
successful, false otherwise. If *OUTLEN is too small, as many
@@ -109,8 +124,8 @@
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1
};
- const unsigned char *iptr = (const unsigned char *) in;
- unsigned char *optr = (unsigned char *) out;
+ const unsigned char *iptr = to_cucharp (in);
+ unsigned char *optr = to_ucharp (out);
size_t len = *outlen;
*outlen = 0;
@@ -182,16 +197,24 @@
/* Allocate an output buffer OUT, and decode the base64 encoded data
stored in IN of size INLEN. On return, the actual size of the
decoded data is stored in *OUTLEN. The function return true if
- decoding was successful, or false on memory allocation or decoding
- errors. */
+ decoding was successful, or false on memory allocation, integer
+ overflow or decoding errors. */
bool
base64_decode_alloc (const char *in, size_t inlen, char **out,
size_t * outlen)
{
- *outlen = 3 * inlen / 4; /* FIXME: May allocate one 1 or 2 bytes too
- much, depending on input. */
+
+ size_t len = xtimes (inlen, 3);
+
+ if (size_overflow_p (len))
+ return false;
+
+ *outlen = len / 4; /* FIXME: May allocate one 1 or 2 bytes too
+ much, depending on input. */
+
*out = malloc (*outlen);
if (!*out)
return false;
+
return base64_decode (in, inlen, *out, outlen);
}
--- /home/cvs/gsasl/lib/gl/xsize.h 2004/11/27 02:13:13 NONE
+++ /home/cvs/gsasl/lib/gl/xsize.h 2004/11/27 02:13:13 1.1
/* xsize.h -- Checked size_t computations.
Copyright (C) 2003 Free Software Foundation, Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 2.1, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with this program; if not, write to the Free Software Foundation,
Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */
#ifndef _XSIZE_H
#define _XSIZE_H
/* Get size_t. */
#include <stddef.h>
/* Get SIZE_MAX. */
#include <limits.h>
#if HAVE_STDINT_H
# include <stdint.h>
#endif
/* The size of memory objects is often computed through expressions of
type size_t. Example:
void* p = malloc (header_size + n * element_size).
These computations can lead to overflow. When this happens, malloc()
returns a piece of memory that is way too small, and the program then
crashes while attempting to fill the memory.
To avoid this, the functions and macros in this file check for overflow.
The convention is that SIZE_MAX represents overflow.
malloc (SIZE_MAX) is not guaranteed to fail -- think of a malloc
implementation that uses mmap --, it's recommended to use size_overflow_p()
or size_in_bounds_p() before invoking malloc().
The example thus becomes:
size_t size = xsum (header_size, xtimes (n, element_size));
void *p = (size_in_bounds_p (size) ? malloc (size) : NULL);
*/
/* Convert an arbitrary value >= 0 to type size_t. */
#define xcast_size_t(N) \
((N) <= SIZE_MAX ? (size_t) (N) : SIZE_MAX)
/* Sum of two sizes, with overflow check. */
static inline size_t
#if __GNUC__ >= 3
__attribute__ ((__pure__))
#endif
xsum (size_t size1, size_t size2)
{
size_t sum = size1 + size2;
return (sum >= size1 ? sum : SIZE_MAX);
}
/* Sum of three sizes, with overflow check. */
static inline size_t
#if __GNUC__ >= 3
__attribute__ ((__pure__))
#endif
xsum3 (size_t size1, size_t size2, size_t size3)
{
return xsum (xsum (size1, size2), size3);
}
/* Sum of four sizes, with overflow check. */
static inline size_t
#if __GNUC__ >= 3
__attribute__ ((__pure__))
#endif
xsum4 (size_t size1, size_t size2, size_t size3, size_t size4)
{
return xsum (xsum (xsum (size1, size2), size3), size4);
}
/* Maximum of two sizes, with overflow check. */
static inline size_t
#if __GNUC__ >= 3
__attribute__ ((__pure__))
#endif
xmax (size_t size1, size_t size2)
{
/* No explicit check is needed here, because for any n:
max (SIZE_MAX, n) == SIZE_MAX and max (n, SIZE_MAX) == SIZE_MAX. */
return (size1 >= size2 ? size1 : size2);
}
/* Multiplication of a count with an element size, with overflow check.
The count must be >= 0 and the element size must be > 0.
This is a macro, not an inline function, so that it works correctly even
when N is of a wider tupe and N > SIZE_MAX. */
#define xtimes(N, ELSIZE) \
((N) <= SIZE_MAX / (ELSIZE) ? (size_t) (N) * (ELSIZE) : SIZE_MAX)
/* Check for overflow. */
#define size_overflow_p(SIZE) \
((SIZE) == SIZE_MAX)
/* Check against overflow. */
#define size_in_bounds_p(SIZE) \
((SIZE) != SIZE_MAX)
#endif /* _XSIZE_H */
- CVS gsasl/lib/gl, gsasl-commit, 2004/11/25
- CVS gsasl/lib/gl, gsasl-commit, 2004/11/25
- CVS gsasl/lib/gl,
gsasl-commit <=
- CVS gsasl/lib/gl, gsasl-commit, 2004/11/27
- CVS gsasl/lib/gl, gsasl-commit, 2004/11/27
- CVS gsasl/lib/gl, gsasl-commit, 2004/11/28
- CVS gsasl/lib/gl, gsasl-commit, 2004/11/28
- CVS gsasl/lib/gl, gsasl-commit, 2004/11/29
- CVS gsasl/lib/gl, gsasl-commit, 2004/11/29
- CVS gsasl/lib/gl, gsasl-commit, 2004/11/30
- CVS gsasl/lib/gl, gsasl-commit, 2004/11/30