X-Git-Url: https://git.stg.codes/stg.git/blobdiff_plain/b27841d687ec9e84983340b5581376dfb24010ea..b2b89723a2427bba8290bd6967a1ab39cbb630be:/libs/smux/per_support.c

diff --git a/libs/smux/per_support.c b/libs/smux/per_support.c
index 14b4c4c7..8f4d4604 100644
--- a/libs/smux/per_support.c
+++ b/libs/smux/per_support.c
@@ -1,190 +1,46 @@
 /*
- * Copyright (c) 2005-2014 Lev Walkin <vlm@lionet.info>.
- * All rights reserved.
+ * Copyright (c) 2005-2017 Lev Walkin <vlm@lionet.info>. All rights reserved.
  * Redistribution and modifications are permitted subject to BSD license.
  */
 #include <asn_system.h>
 #include <asn_internal.h>
 #include <per_support.h>
 
-char *
-per_data_string(asn_per_data_t *pd) {
-	static char buf[2][32];
-	static int n;
-	n = (n+1) % 2;
-	snprintf(buf[n], sizeof(buf[n]),
-		"{m=%ld span %+ld[%d..%d] (%d)}",
-		(long)pd->moved,
-		(((long)pd->buffer) & 0xf),
-		(int)pd->nboff, (int)pd->nbits,
-		(int)(pd->nbits - pd->nboff));
-	return buf[n];
-}
-
-void
-per_get_undo(asn_per_data_t *pd, int nbits) {
-	if((ssize_t)pd->nboff < nbits) {
-		assert((ssize_t)pd->nboff < nbits);
-	} else {
-		pd->nboff -= nbits;
-		pd->moved -= nbits;
-	}
-}
-
-/*
- * Extract a small number of bits (<= 31) from the specified PER data pointer.
- */
-int32_t
-per_get_few_bits(asn_per_data_t *pd, int nbits) {
-	size_t off;	/* Next after last bit offset */
-	ssize_t nleft;	/* Number of bits left in this stream */
-	uint32_t accum;
-	const uint8_t *buf;
-
-	if(nbits < 0)
-		return -1;
-
-	nleft = pd->nbits - pd->nboff;
-	if(nbits > nleft) {
-		int32_t tailv, vhead;
-		if(!pd->refill || nbits > 31) return -1;
-		/* Accumulate unused bytes before refill */
-		ASN_DEBUG("Obtain the rest %d bits (want %d)",
-			(int)nleft, (int)nbits);
-		tailv = per_get_few_bits(pd, nleft);
-		if(tailv < 0) return -1;
-		/* Refill (replace pd contents with new data) */
-		if(pd->refill(pd))
-			return -1;
-		nbits -= nleft;
-		vhead = per_get_few_bits(pd, nbits);
-		/* Combine the rest of previous pd with the head of new one */
-		tailv = (tailv << nbits) | vhead;  /* Could == -1 */
-		return tailv;
-	}
-
-	/*
-	 * Normalize position indicator.
-	 */
-	if(pd->nboff >= 8) {
-		pd->buffer += (pd->nboff >> 3);
-		pd->nbits  -= (pd->nboff & ~0x07);
-		pd->nboff  &= 0x07;
-	}
-	pd->moved += nbits;
-	pd->nboff += nbits;
-	off = pd->nboff;
-	buf = pd->buffer;
-
-	/*
-	 * Extract specified number of bits.
-	 */
-	if(off <= 8)
-		accum = nbits ? (buf[0]) >> (8 - off) : 0;
-	else if(off <= 16)
-		accum = ((buf[0] << 8) + buf[1]) >> (16 - off);
-	else if(off <= 24)
-		accum = ((buf[0] << 16) + (buf[1] << 8) + buf[2]) >> (24 - off);
-	else if(off <= 31)
-		accum = ((buf[0] << 24) + (buf[1] << 16)
-			+ (buf[2] << 8) + (buf[3])) >> (32 - off);
-	else if(nbits <= 31) {
-		asn_per_data_t tpd = *pd;
-		/* Here are we with our 31-bits limit plus 1..7 bits offset. */
-		per_get_undo(&tpd, nbits);
-		/* The number of available bits in the stream allow
-		 * for the following operations to take place without
-		 * invoking the ->refill() function */
-		accum  = per_get_few_bits(&tpd, nbits - 24) << 24;
-		accum |= per_get_few_bits(&tpd, 24);
-	} else {
-		per_get_undo(pd, nbits);
-		return -1;
-	}
-
-	accum &= (((uint32_t)1 << nbits) - 1);
-
-	ASN_DEBUG("  [PER got %2d<=%2d bits => span %d %+ld[%d..%d]:%02x (%d) => 0x%x]",
-		(int)nbits, (int)nleft,
-		(int)pd->moved,
-		(((long)pd->buffer) & 0xf),
-		(int)pd->nboff, (int)pd->nbits,
-		((pd->buffer != NULL)?pd->buffer[0]:0),
-		(int)(pd->nbits - pd->nboff),
-		(int)accum);
-
-	return accum;
-}
-
 /*
- * Extract a large number of bits from the specified PER data pointer.
- */
-int
-per_get_many_bits(asn_per_data_t *pd, uint8_t *dst, int alright, int nbits) {
-	int32_t value;
-
-	if(alright && (nbits & 7)) {
-		/* Perform right alignment of a first few bits */
-		value = per_get_few_bits(pd, nbits & 0x07);
-		if(value < 0) return -1;
-		*dst++ = value;	/* value is already right-aligned */
-		nbits &= ~7;
-	}
-
-	while(nbits) {
-		if(nbits >= 24) {
-			value = per_get_few_bits(pd, 24);
-			if(value < 0) return -1;
-			*(dst++) = value >> 16;
-			*(dst++) = value >> 8;
-			*(dst++) = value;
-			nbits -= 24;
-		} else {
-			value = per_get_few_bits(pd, nbits);
-			if(value < 0) return -1;
-			if(nbits & 7) {	/* implies left alignment */
-				value <<= 8 - (nbits & 7),
-				nbits += 8 - (nbits & 7);
-				if(nbits > 24)
-					*dst++ = value >> 24;
-			}
-			if(nbits > 16)
-				*dst++ = value >> 16;
-			if(nbits > 8)
-				*dst++ = value >> 8;
-			*dst++ = value;
-			break;
-		}
-	}
-
-	return 0;
-}
-
-/*
- * Get the length "n" from the stream.
+ * X.691-201508 #10.9 General rules for encoding a length determinant.
+ * Get the optionally constrained length "n" from the stream.
  */
 ssize_t
-uper_get_length(asn_per_data_t *pd, int ebits, int *repeat) {
-	ssize_t value;
+uper_get_length(asn_per_data_t *pd, int ebits, size_t lower_bound,
+                int *repeat) {
+    ssize_t value;
 
-	*repeat = 0;
+    *repeat = 0;
 
-	if(ebits >= 0) return per_get_few_bits(pd, ebits);
+    /* #11.9.4.1 Encoding if constrained (according to effective bits) */
+    if(ebits >= 0 && ebits <= 16) {
+        value = per_get_few_bits(pd, ebits);
+        if(value >= 0) value += lower_bound;
+        return value;
+    }
 
 	value = per_get_few_bits(pd, 8);
-	if(value < 0) return -1;
-	if((value & 128) == 0)	/* #10.9.3.6 */
-		return (value & 0x7F);
-	if((value & 64) == 0) {	/* #10.9.3.7 */
-		value = ((value & 63) << 8) | per_get_few_bits(pd, 8);
-		if(value < 0) return -1;
-		return value;
-	}
-	value &= 63;	/* this is "m" from X.691, #10.9.3.8 */
-	if(value < 1 || value > 4)
-		return -1;
-	*repeat = 1;
-	return (16384 * value);
+    if((value & 0x80) == 0) { /* #11.9.3.6 */
+        return (value & 0x7F);
+    } else if((value & 0x40) == 0) { /* #11.9.3.7 */
+        /* bit 8 ... set to 1 and bit 7 ... set to zero */
+        value = ((value & 0x3f) << 8) | per_get_few_bits(pd, 8);
+        return value; /* potential -1 from per_get_few_bits passes through. */
+    } else if(value < 0) {
+        ASN_DEBUG("END of stream reached for PER");
+        return -1;
+    }
+    value &= 0x3f; /* this is "m" from X.691, #11.9.3.8 */
+    if(value < 1 || value > 4) {
+        return -1; /* Prohibited by #11.9.3.8 */
+    }
+    *repeat = 1;
+    return (16384 * value);
 }
 
 /*
@@ -205,7 +61,7 @@ uper_get_nslength(asn_per_data_t *pd) {
 		return length;
 	} else {
 		int repeat;
-		length = uper_get_length(pd, -1, &repeat);
+		length = uper_get_length(pd, -1, 0, &repeat);
 		if(length >= 0 && !repeat) return length;
 		return -1; /* Error, or do not support >16K extensions */
 	}
@@ -291,171 +147,48 @@ int uper_get_constrained_whole_number(asn_per_data_t *pd, unsigned long *out_val
 
 
 /* X.691-2008/11, #11.5.6 -> #11.3 */
-int uper_put_constrained_whole_number_s(asn_per_outp_t *po, long v, int nbits) {
-	/*
-	 * Assume signed number can be safely coerced into
-	 * unsigned of the same range.
-	 * The following testing code will likely be optimized out
-	 * by compiler if it is true.
-	 */
-	unsigned long uvalue1 = ULONG_MAX;
-	         long svalue  = uvalue1;
-	unsigned long uvalue2 = svalue;
-	assert(uvalue1 == uvalue2);
-	return uper_put_constrained_whole_number_u(po, v, nbits);
-}
-
-int uper_put_constrained_whole_number_u(asn_per_outp_t *po, unsigned long v, int nbits) {
-	if(nbits <= 31) {
-		return per_put_few_bits(po, v, nbits);
-	} else {
-		/* Put higher portion first, followed by lower 31-bit */
-		if(uper_put_constrained_whole_number_u(po, v >> 31, nbits - 31))
-			return -1;
-		return per_put_few_bits(po, v, 31);
-	}
-}
-
-/*
- * Put a small number of bits (<= 31).
- */
 int
-per_put_few_bits(asn_per_outp_t *po, uint32_t bits, int obits) {
-	size_t off;	/* Next after last bit offset */
-	size_t omsk;	/* Existing last byte meaningful bits mask */
-	uint8_t *buf;
-
-	if(obits <= 0 || obits >= 32) return obits ? -1 : 0;
-
-	ASN_DEBUG("[PER put %d bits %x to %p+%d bits]",
-			obits, (int)bits, po->buffer, (int)po->nboff);
-
-	/*
-	 * Normalize position indicator.
-	 */
-	if(po->nboff >= 8) {
-		po->buffer += (po->nboff >> 3);
-		po->nbits  -= (po->nboff & ~0x07);
-		po->nboff  &= 0x07;
-	}
-
-	/*
-	 * Flush whole-bytes output, if necessary.
-	 */
-	if(po->nboff + obits > po->nbits) {
-		int complete_bytes = (po->buffer - po->tmpspace);
-		ASN_DEBUG("[PER output %ld complete + %ld]",
-			(long)complete_bytes, (long)po->flushed_bytes);
-		if(po->outper(po->tmpspace, complete_bytes, po->op_key) < 0)
-			return -1;
-		if(po->nboff)
-			po->tmpspace[0] = po->buffer[0];
-		po->buffer = po->tmpspace;
-		po->nbits = 8 * sizeof(po->tmpspace);
-		po->flushed_bytes += complete_bytes;
-	}
-
-	/*
-	 * Now, due to sizeof(tmpspace), we are guaranteed large enough space.
-	 */
-	buf = po->buffer;
-	omsk = ~((1 << (8 - po->nboff)) - 1);
-	off = (po->nboff + obits);
-
-	/* Clear data of debris before meaningful bits */
-	bits &= (((uint32_t)1 << obits) - 1);
-
-	ASN_DEBUG("[PER out %d %u/%x (t=%d,o=%d) %x&%x=%x]", obits,
-		(int)bits, (int)bits,
-		(int)po->nboff, (int)off,
-		buf[0], (int)(omsk&0xff),
-		(int)(buf[0] & omsk));
-
-	if(off <= 8)	/* Completely within 1 byte */
-		po->nboff = off,
-		bits <<= (8 - off),
-		buf[0] = (buf[0] & omsk) | bits;
-	else if(off <= 16)
-		po->nboff = off,
-		bits <<= (16 - off),
-		buf[0] = (buf[0] & omsk) | (bits >> 8),
-		buf[1] = bits;
-	else if(off <= 24)
-		po->nboff = off,
-		bits <<= (24 - off),
-		buf[0] = (buf[0] & omsk) | (bits >> 16),
-		buf[1] = bits >> 8,
-		buf[2] = bits;
-	else if(off <= 31)
-		po->nboff = off,
-		bits <<= (32 - off),
-		buf[0] = (buf[0] & omsk) | (bits >> 24),
-		buf[1] = bits >> 16,
-		buf[2] = bits >> 8,
-		buf[3] = bits;
-	else {
-		per_put_few_bits(po, bits >> (obits - 24), 24);
-		per_put_few_bits(po, bits, obits - 24);
-	}
-
-	ASN_DEBUG("[PER out %u/%x => %02x buf+%ld]",
-		(int)bits, (int)bits, buf[0],
-		(long)(po->buffer - po->tmpspace));
-
-	return 0;
-}
-
-
-/*
- * Output a large number of bits.
- */
-int
-per_put_many_bits(asn_per_outp_t *po, const uint8_t *src, int nbits) {
-
-	while(nbits) {
-		uint32_t value;
-
-		if(nbits >= 24) {
-			value = (src[0] << 16) | (src[1] << 8) | src[2];
-			src += 3;
-			nbits -= 24;
-			if(per_put_few_bits(po, value, 24))
-				return -1;
-		} else {
-			value = src[0];
-			if(nbits > 8)
-				value = (value << 8) | src[1];
-			if(nbits > 16)
-				value = (value << 8) | src[2];
-			if(nbits & 0x07)
-				value >>= (8 - (nbits & 0x07));
-			if(per_put_few_bits(po, value, nbits))
-				return -1;
-			break;
-		}
-	}
-
-	return 0;
+uper_put_constrained_whole_number_u(asn_per_outp_t *po, unsigned long v,
+                                    int nbits) {
+    if(nbits <= 31) {
+        return per_put_few_bits(po, v, nbits);
+    } else {
+        /* Put higher portion first, followed by lower 31-bit */
+        if(uper_put_constrained_whole_number_u(po, v >> 31, nbits - 31))
+            return -1;
+        return per_put_few_bits(po, v, 31);
+    }
 }
 
 /*
+ * X.691 (08/2015) #11.9 "General rules for encoding a length determinant"
  * Put the length "n" (or part of it) into the stream.
  */
 ssize_t
-uper_put_length(asn_per_outp_t *po, size_t length) {
-
-	if(length <= 127)	/* #10.9.3.6 */
-		return per_put_few_bits(po, length, 8)
-			? -1 : (ssize_t)length;
-	else if(length < 16384)	/* #10.9.3.7 */
-		return per_put_few_bits(po, length|0x8000, 16)
-			? -1 : (ssize_t)length;
-
-	length >>= 14;
-	if(length > 4) length = 4;
+uper_put_length(asn_per_outp_t *po, size_t length, int *need_eom) {
+    int dummy = 0;
+    if(!need_eom) need_eom = &dummy;
+
+    if(length <= 127) {	/* #11.9.3.6 */
+        *need_eom = 0;
+        return per_put_few_bits(po, length, 8)
+            ? -1 : (ssize_t)length;
+    } else if(length < 16384) { /* #10.9.3.7 */
+        *need_eom = 0;
+        return per_put_few_bits(po, length|0x8000, 16)
+            ? -1 : (ssize_t)length;
+    }
+
+    *need_eom = 0 == (length & 16383);
+    length >>= 14;
+    if(length > 4) {
+        *need_eom = 0;
+        length = 4;
+    }
+
+    return per_put_few_bits(po, 0xC0 | length, 8)
+            ? -1 : (ssize_t)(length << 14);
 
-	return per_put_few_bits(po, 0xC0 | length, 8)
-			? -1 : (ssize_t)(length << 14);
 }
 
 
@@ -466,18 +199,97 @@ uper_put_length(asn_per_outp_t *po, size_t length) {
  */
 int
 uper_put_nslength(asn_per_outp_t *po, size_t length) {
+    if(length <= 64) {
+        /* #11.9.3.4 */
+        if(length == 0) return -1;
+        return per_put_few_bits(po, length - 1, 7) ? -1 : 0;
+    } else {
+        int need_eom = 0;
+        if(uper_put_length(po, length, &need_eom) != (ssize_t)length
+           || need_eom) {
+            /* This might happen in case of >16K extensions */
+            return -1;
+        }
+    }
+
+    return 0;
+}
 
-	if(length <= 64) {
-		/* #10.9.3.4 */
-		if(length == 0) return -1;
-		return per_put_few_bits(po, length-1, 7) ? -1 : 0;
-	} else {
-		if(uper_put_length(po, length) != (ssize_t)length) {
-			/* This might happen in case of >16K extensions */
-			return -1;
-		}
-	}
+static int
+per__long_range(long lb, long ub, unsigned long *range_r) {
+    unsigned long bounds_range;
+    if((ub < 0) == (lb < 0)) {
+        bounds_range = ub - lb;
+    } else if(lb < 0) {
+        assert(ub >= 0);
+        bounds_range = 1 + ((unsigned long)ub + (unsigned long)-(lb + 1));
+    } else {
+        assert(!"Unreachable");
+        return -1;
+    }
+    *range_r = bounds_range;
+    return 0;
+}
 
-	return 0;
+int
+per_long_range_rebase(long v, long lb, long ub, unsigned long *output) {
+    unsigned long range;
+
+    assert(lb <= ub);
+
+    if(v < lb || v > ub || per__long_range(lb, ub, &range) < 0) {
+        /* Range error. */
+        return -1;
+    }
+
+    /*
+     * Fundamentally what we're doing is returning (v-lb).
+     * However, this triggers undefined behavior when the word width
+     * of signed (v) is the same as the size of unsigned (*output).
+     * In practice, it triggers the UndefinedSanitizer. Therefore we shall
+     * compute the ranges accurately to avoid C's undefined behavior.
+     */
+    if((v < 0) == (lb < 0)) {
+        *output = v-lb;
+        return 0;
+    } else if(v < 0) {
+        unsigned long rebased = 1 + (unsigned long)-(v+1) + (unsigned long)lb;
+        assert(rebased <= range);   /* By construction */
+        *output = rebased;
+        return 0;
+    } else if(lb < 0) {
+        unsigned long rebased = 1 + (unsigned long)-(lb+1) + (unsigned long)v;
+        assert(rebased <= range);   /* By construction */
+        *output = rebased;
+        return 0;
+    } else {
+        assert(!"Unreachable");
+        return -1;
+    }
 }
 
+int
+per_long_range_unrebase(unsigned long inp, long lb, long ub, long *outp) {
+    unsigned long range;
+
+    if(per__long_range(lb, ub, &range) != 0) {
+        return -1;
+    }
+
+    if(inp > range) {
+        /*
+         * We can encode something in the given number of bits that technically
+         * exceeds the range. This is an avenue for security errors,
+         * so we don't allow that.
+         */
+        return -1;
+    }
+
+    if(inp <= LONG_MAX) {
+        *outp = (long)inp + lb;
+    } else {
+        *outp = (lb + LONG_MAX + 1) + (long)((inp - LONG_MAX) - 1);
+    }
+
+    return 0;
+}