Problem: zmq_z85_decode does not validate its input (#2322)

* Problem: zmq_z85_decode does not validate its input Solution: added checks for invalid characters and overflows * Added tests, added further check for range overflow, removed (multiple) calls to strlen * Problem: gcc fails to build Solution: added missing include directive * Added VS2015 test_utils_z85 project * Fixed indentation and copyright notice * Resolved garbage from merge * Revert "Added VS2015 test_utils_z85 project" This reverts commit c58b3c664c. * Problem: test calls zmq_z85_decode with a NULL dest Solution: call zmq_z85_decode with a properly sized buffer * Problem: tests for zmq_z85_* scattered over two files Solution: merged files * Removed reference to removed test file from CMakeLists.txt * Problem: Missing include directive to stdint.h Solution: Added include directive * Define __STDC_LIMIT_MACROS before including stdint.h * Problem: Wrong variable is checked for invalid character marker Solution: Use correct variable
2025-10-27 11:06:52 +01:00 · 2017-01-25 15:28:03 +01:00
parent 673bb506cf
commit c6c21cf197
2 changed files with 113 additions and 22 deletions
--- a/src/zmq_utils.cpp
+++ b/src/zmq_utils.cpp
@@ -27,6 +27,8 @@
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

+#define __STDC_LIMIT_MACROS 
+
 #include "precompiled.hpp"
 #include "macros.hpp"

@@ -36,6 +38,7 @@
 #include "atomic_counter.hpp"
 #include "atomic_ptr.hpp"
 #include <assert.h>
+#include <stdint.h>

 #if !defined ZMQ_HAVE_WINDOWS
 #include <unistd.h>
@@ -97,19 +100,20 @@ static char encoder [85 + 1] = {

 //  Maps base 85 to base 256
 //  We chop off lower 32 and higher 128 ranges
+//  0xFF denotes invalid characters within this range
 static uint8_t decoder [96] = {
-    0x00, 0x44, 0x00, 0x54, 0x53, 0x52, 0x48, 0x00,
-    0x4B, 0x4C, 0x46, 0x41, 0x00, 0x3F, 0x3E, 0x45,
-    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-    0x08, 0x09, 0x40, 0x00, 0x49, 0x42, 0x4A, 0x47,
-    0x51, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A,
-    0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32,
-    0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A,
-    0x3B, 0x3C, 0x3D, 0x4D, 0x00, 0x4E, 0x43, 0x00,
-    0x00, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10,
-    0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
-    0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20,
-    0x21, 0x22, 0x23, 0x4F, 0x00, 0x50, 0x00, 0x00
+    0xFF, 0x44, 0xFF, 0x54, 0x53, 0x52, 0x48, 0xFF, 
+    0x4B, 0x4C, 0x46, 0x41, 0xFF, 0x3F, 0x3E, 0x45, 
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 
+    0x08, 0x09, 0x40, 0xFF, 0x49, 0x42, 0x4A, 0x47, 
+    0x51, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 
+    0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 
+    0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 
+    0x3B, 0x3C, 0x3D, 0x4D, 0xFF, 0x4E, 0x43, 0xFF, 
+    0xFF, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 
+    0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 
+    0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 
+    0x21, 0x22, 0x23, 0x4F, 0xFF, 0x50, 0xFF, 0xFF
 };

 //  --------------------------------------------------------------------------
@@ -154,17 +158,27 @@ char *zmq_z85_encode (char *dest, const uint8_t *data, size_t size)

 uint8_t *zmq_z85_decode (uint8_t *dest, const char *string)
 {
-    if (strlen (string) % 5 != 0) {
-        errno = EINVAL;
-        return NULL;
-    }
    unsigned int byte_nbr = 0;
    unsigned int char_nbr = 0;
-    size_t string_len = strlen (string);
    uint32_t value = 0;
-    while (char_nbr < string_len) {
+    while (string[char_nbr]) {
        //  Accumulate value in base 85
-        value = value * 85 + decoder [(uint8_t) string [char_nbr++] - 32];
+        if (UINT32_MAX / 85 < value) {
+            //  Invalid z85 encoding, represented value exceeds 0xffffffff
+            goto error_inval;
+        }
+        value *= 85;
+        uint8_t index = string [char_nbr++] - 32;
+        if (index >= sizeof(decoder)) {
+            //  Invalid z85 encoding, character outside range
+            goto error_inval;
+        }
+        uint32_t summand = decoder [index];
+        if (summand == 0xFF || summand > (UINT32_MAX - value)) {
+            //  Invalid z85 encoding, invalid character or represented value exceeds 0xffffffff
+            goto error_inval;
+        }
+        value += summand;
        if (char_nbr % 5 == 0) {
            //  Output value in base 256
            unsigned int divisor = 256 * 256 * 256;
@@ -175,8 +189,15 @@ uint8_t *zmq_z85_decode (uint8_t *dest, const char *string)
            value = 0;
        }
    }
+    if (char_nbr % 5 != 0) {
+        goto error_inval;
+    }
    assert (byte_nbr == strlen (string) * 4 / 5);
    return dest;
+
+error_inval:
+    errno = EINVAL;
+    return NULL;
 }

 //  --------------------------------------------------------------------------