diff options
Diffstat (limited to 'apps/systemlib/bson/tinybson.c')
-rw-r--r-- | apps/systemlib/bson/tinybson.c | 88 |
1 files changed, 65 insertions, 23 deletions
diff --git a/apps/systemlib/bson/tinybson.c b/apps/systemlib/bson/tinybson.c index a28217fc4..e1a9324a2 100644 --- a/apps/systemlib/bson/tinybson.c +++ b/apps/systemlib/bson/tinybson.c @@ -50,7 +50,7 @@ # define debug(fmt, args...) do { } while(0) #endif -#define CODER_CHECK(_c) do { if (_c->dead) return -1; } while(0) +#define CODER_CHECK(_c) do { if (_c->dead) { debug("coder dead"); return -1; }} while(0) #define CODER_KILL(_c, _reason) do { debug("killed: %s", _reason); _c->dead = true; return -1; } while(0) static int @@ -58,17 +58,20 @@ read_x(bson_decoder_t decoder, void *p, size_t s) { CODER_CHECK(decoder); - if (decoder->fd > 0) + if (decoder->fd > -1) return (read(decoder->fd, p, s) == (int)s) ? 0 : -1; if (decoder->buf != NULL) { - unsigned newpos = decoder->bufpos + s; - if (newpos <= decoder->bufsize) { - memcpy(p, (decoder->buf + decoder->bufpos), s); - decoder->bufpos = newpos; - return 0; - } + /* staged operations to avoid integer overflow for corrupt data */ + if (s >= decoder->bufsize) + CODER_KILL(decoder, "buffer too small for read"); + if ((decoder->bufsize - s) < decoder->bufpos) + CODER_KILL(decoder, "not enough data for read"); + memcpy(p, (decoder->buf + decoder->bufpos), s); + decoder->bufpos += s; + return 0; } + debug("no source"); return -1; } @@ -85,6 +88,12 @@ read_int32(bson_decoder_t decoder, int32_t *i) } static int +read_int64(bson_decoder_t decoder, int64_t *i) +{ + return read_x(decoder, i, sizeof(*i)); +} + +static int read_double(bson_decoder_t decoder, double *d) { return read_x(decoder, d, sizeof(*d)); @@ -106,7 +115,7 @@ bson_decoder_init_file(bson_decoder_t decoder, int fd, bson_decoder_callback cal /* read and discard document size */ if (read_int32(decoder, &junk)) - CODER_KILL(decoder, "failed reading length"); + CODER_KILL(decoder, "failed discarding length"); /* ready for decoding */ return 0; @@ -117,6 +126,10 @@ bson_decoder_init_buf(bson_decoder_t decoder, void *buf, unsigned bufsize, bson_ { int32_t len; + /* argument sanity */ + if ((buf == NULL) || (bufsize < 5) || (callback == NULL)) + return -1; + decoder->fd = -1; decoder->buf = (uint8_t *)buf; decoder->dead = false; @@ -142,6 +155,7 @@ int bson_decoder_next(bson_decoder_t decoder) { int8_t tbyte; + int32_t tint; unsigned nlen; CODER_CHECK(decoder); @@ -180,7 +194,9 @@ bson_decoder_next(bson_decoder_t decoder) debug("got type byte 0x%02x", decoder->node.type); /* EOO is special; it has no name/data following */ - if (decoder->node.type != BSON_EOO) { + if (decoder->node.type == BSON_EOO) { + decoder->node.name[0] = '\0'; + } else { /* get the node name */ nlen = 0; @@ -207,8 +223,14 @@ bson_decoder_next(bson_decoder_t decoder) decoder->node.b = (tbyte != 0); break; - case BSON_INT: - if (read_int32(decoder, &decoder->node.i)) + case BSON_INT32: + if (read_int32(decoder, &tint)) + CODER_KILL(decoder, "read error on BSON_INT"); + decoder->node.i = tint; + break; + + case BSON_INT64: + if (read_int64(decoder, &decoder->node.i)) CODER_KILL(decoder, "read error on BSON_INT"); break; @@ -222,7 +244,6 @@ bson_decoder_next(bson_decoder_t decoder) case BSON_STRING: if (read_int32(decoder, &decoder->pending)) CODER_KILL(decoder, "read error on BSON_STRING length"); - break; case BSON_BINDATA: @@ -282,15 +303,18 @@ write_x(bson_encoder_t encoder, const void *p, size_t s) if (!encoder->realloc_ok) CODER_KILL(encoder, "fixed-size buffer overflow"); - int8_t *newbuf = realloc(encoder->buf, encoder->bufsize + BSON_BUF_INCREMENT); + uint8_t *newbuf = realloc(encoder->buf, encoder->bufsize + BSON_BUF_INCREMENT); if (newbuf == NULL) CODER_KILL(encoder, "could not grow buffer"); + encoder->buf = newbuf; encoder->bufsize += BSON_BUF_INCREMENT; + debug("allocated %d bytes", BSON_BUF_INCREMENT); } memcpy(encoder->buf + encoder->bufpos, p, s); encoder->bufpos += s; + debug("appended %d bytes", s); return 0; } @@ -308,6 +332,12 @@ write_int32(bson_encoder_t encoder, int32_t i) } static int +write_int64(bson_encoder_t encoder, int64_t i) +{ + return write_x(encoder, &i, sizeof(i)); +} + +static int write_double(bson_encoder_t encoder, double d) { return write_x(encoder, &d, sizeof(d)); @@ -319,7 +349,7 @@ write_name(bson_encoder_t encoder, const char *name) size_t len = strlen(name); if (len > BSON_MAXNAME) - return -1; + CODER_KILL(encoder, "node name too long"); return write_x(encoder, name, len + 1); } @@ -401,7 +431,7 @@ int bson_encoder_append_bool(bson_encoder_t encoder, const char *name, bool valu { CODER_CHECK(encoder); - if (write_int8(encoder, BSON_INT) || + if (write_int8(encoder, BSON_BOOL) || write_name(encoder, name) || write_int8(encoder, value ? 1 : 0)) CODER_KILL(encoder, "write error on BSON_BOOL"); @@ -410,13 +440,25 @@ int bson_encoder_append_bool(bson_encoder_t encoder, const char *name, bool valu } int -bson_encoder_append_int(bson_encoder_t encoder, const char *name, int32_t value) +bson_encoder_append_int(bson_encoder_t encoder, const char *name, int64_t value) { + bool result; + CODER_CHECK(encoder); - if (write_int8(encoder, BSON_INT) || - write_name(encoder, name) || - write_int32(encoder, value)) + /* use the smallest encoding that will hold the value */ + if (value == (int32_t)value) { + debug("encoding %lld as int32", value); + result = write_int8(encoder, BSON_INT32) || + write_name(encoder, name) || + write_int32(encoder, value); + } else { + debug("encoding %lld as int64", value); + result = write_int8(encoder, BSON_INT64) || + write_name(encoder, name) || + write_int64(encoder, value); + } + if (result) CODER_KILL(encoder, "write error on BSON_INT"); return 0; @@ -443,12 +485,12 @@ bson_encoder_append_string(bson_encoder_t encoder, const char *name, const char CODER_CHECK(encoder); - len = strlen(string); + len = strlen(string) + 1; /* include trailing nul */ - if (write_int8(encoder, BSON_DOUBLE) || + if (write_int8(encoder, BSON_STRING) || write_name(encoder, name) || write_int32(encoder, len) || - write_x(encoder, name, len + 1)) + write_x(encoder, string, len)) CODER_KILL(encoder, "write error on BSON_STRING"); return 0; |