From df593680b8adf2ab6924ff38acbeb7b42977c9a0 Mon Sep 17 00:00:00 2001 From: Mattias Andrée Date: Thu, 6 Jan 2022 00:51:14 +0100 Subject: libblake_decode_hex: verify input MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Mattias Andrée --- libblake.h | 2 +- libblake_decode_hex.c | 10 +++++++++- test.c | 9 +++++---- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/libblake.h b/libblake.h index 9f8f3d7..7d818fc 100644 --- a/libblake.h +++ b/libblake.h @@ -12,7 +12,7 @@ #endif void libblake_encode_hex(const void *data, size_t n, char out[/* static n * 2 + 1 */], int uppercase); -size_t libblake_decode_hex(const char *data, size_t n, void *out); +size_t libblake_decode_hex(const char *data, size_t n, void *out, int *validp); #define LIBBLAKE_BLAKE224_OUTPUT_SIZE (224 / 8) #define LIBBLAKE_BLAKE256_OUTPUT_SIZE (256 / 8) diff --git a/libblake_decode_hex.c b/libblake_decode_hex.c index 4243d82..afdc31c 100644 --- a/libblake_decode_hex.c +++ b/libblake_decode_hex.c @@ -2,19 +2,24 @@ #include "common.h" size_t -libblake_decode_hex(const char *data, size_t n, void *out_) +libblake_decode_hex(const char *data, size_t n, void *out_, int *validp) { unsigned char *out = out_, value; size_t i, j = 0; int odd = 0; + *validp = 1; + if (!out) { for (i = 0; i < n && data[i]; i++) { if (isxdigit(data[i])) { j += (size_t)odd; odd ^= 1; + } else if (isgraph(data[i])) { + *validp = 0; } } + *validp &= !odd; return j; } @@ -28,8 +33,11 @@ libblake_decode_hex(const char *data, size_t n, void *out_) out[j++] |= value; odd = 0; } + } else if (isgraph(data[i])) { + *validp = 0; } } + *validp &= !odd; return j; } diff --git a/test.c b/test.c index 2b0b960..890b710 100644 --- a/test.c +++ b/test.c @@ -15,6 +15,7 @@ check_hex(int uppercase, const char *hex, const unsigned char *bin, size_t n) { unsigned char buf_bin[512]; char buf_hex[1025]; + int valid = 0; memset(buf_bin, 0, sizeof(buf_bin)); memset(buf_hex, 0, sizeof(buf_hex)); buf_hex[2 * n] = 1; @@ -23,8 +24,8 @@ check_hex(int uppercase, const char *hex, const unsigned char *bin, size_t n) fprintf(stderr, "libblake_encode_hex with uppercase=%i failed\n", uppercase); exit(1); } - if (libblake_decode_hex(hex, SIZE_MAX, NULL) != n || - libblake_decode_hex(hex, SIZE_MAX, buf_bin) != n || + if (libblake_decode_hex(hex, SIZE_MAX, NULL, &valid) != n || !valid || + libblake_decode_hex(hex, SIZE_MAX, buf_bin, &valid) != n || !valid || memcmp(buf_bin, bin, n)) { fprintf(stderr, "libblake_decode_hex failed\n"); exit(1); @@ -76,7 +77,7 @@ digest_blake1(int length, const void *msg, size_t msglen, size_t bits) #if 0 # define CHECK_BLAKE1_HEX(LENGTH, MSG, EXPECTED)\ - failed |= !check_blake1_(LENGTH, "0x"MSG, buf, libblake_decode_hex(MSG, SIZE_MAX, buf), 0, EXPECTED) + failed |= !check_blake1_(LENGTH, "0x"MSG, buf, libblake_decode_hex(MSG, SIZE_MAX, buf, &(int){0}), 0, EXPECTED) # define CHECK_BLAKE224_HEX(MSG, EXPECTED) CHECK_BLAKE1_HEX(224, MSG, EXPECTED) # define CHECK_BLAKE256_HEX(MSG, EXPECTED) CHECK_BLAKE1_HEX(256, MSG, EXPECTED) # define CHECK_BLAKE384_HEX(MSG, EXPECTED) CHECK_BLAKE1_HEX(384, MSG, EXPECTED) @@ -84,7 +85,7 @@ digest_blake1(int length, const void *msg, size_t msglen, size_t bits) #endif #define CHECK_BLAKE1_BITS(LENGTH, MSG, BITS, EXPECTED)\ - failed |= !check_blake1_(LENGTH, "0x"MSG, buf, libblake_decode_hex(MSG, SIZE_MAX, buf), BITS, EXPECTED) + failed |= !check_blake1_(LENGTH, "0x"MSG, buf, libblake_decode_hex(MSG, SIZE_MAX, buf, &(int){0}), BITS, EXPECTED) #define CHECK_BLAKE224_BITS(MSG, BITS, EXPECTED) CHECK_BLAKE1_BITS(224, MSG, BITS, EXPECTED) #define CHECK_BLAKE256_BITS(MSG, BITS, EXPECTED) CHECK_BLAKE1_BITS(256, MSG, BITS, EXPECTED) #define CHECK_BLAKE384_BITS(MSG, BITS, EXPECTED) CHECK_BLAKE1_BITS(384, MSG, BITS, EXPECTED) -- cgit v1.2.3-70-g09d2