From 622905ddfa7b45dfca350e13442892de3c1f48e9 Mon Sep 17 00:00:00 2001 From: Yann Ylavic Date: Mon, 27 Jun 2022 15:26:09 +0000 Subject: encoding: Better check inputs of apr_{encode,decode}_* functions. Check that the given sources can be encoded without overflowing. Return APR_EINVAL if the given "slen" is negative, APR_NOTFOUND if "dest" is not NULL and "src" is NULL, or APR_ENOSPC if "dest" is NULL and the source length (based on "slen" or APR_ENCODE_STRING) is too big to encode. * include/private/apr_encode_private.h(): Rename ENCODE_TO_ASCII() and ENCODE_TO_NATIVE() to respectively TO_ASCII() and TO_ENCODE(), and make them return an unsigned char. * encoding/apr_escape.c(): Use the new TO_ASCII() and TO_NATIVE(). * encoding/apr_encode.c(apr_encode_*, apr_decode_*): Forbid negative "slen" but APR_ENCODE_STRING, and use apr_size_t arithmetics to check for overflows when encoding. When "dest" is NULL, "src" can be NULL too. Better check for trailing '='s or base16's APR_ENCODE_COLON ':' separators. Rename ENCODE_TO_ASCII and ENCODE_TO_NATIVE to their new names, and remove casts to (unsigned char) now unnecessary. * include/apr_encode.h(): Update dox about acceptable inputs and returned errors. * test/testencode.c(): Tests for error conditions. git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1902281 13f79535-47bb-0310-9956-ffa450edef68 --- include/apr_encode.h | 407 +++++++++++++++++++++-------------- include/private/apr_encode_private.h | 21 +- 2 files changed, 257 insertions(+), 171 deletions(-) (limited to 'include') diff --git a/include/apr_encode.h b/include/apr_encode.h index 20fc932f6..8bae61f7b 100644 --- a/include/apr_encode.h +++ b/include/apr_encode.h @@ -146,35 +146,44 @@ extern "C" { /** * Convert text data to base64. - * @param dest The destination string, can be NULL. - * @param src The original string. + * @param dest The destination string, can be NULL to output in \c len the + * needed buffer length for encoding. + * @param src The original string, can be NULL if \c dest is NULL and \c slen + * is positive or nul. * @param slen The length of the original string, or APR_ENCODE_STRING if - * NUL terminated. + * the actual length should be computed based on NUL termination. * @param flags If APR_ENCODE_NONE, emit RFC4648 Base 64 Encoding. If * APR_ENCODE_NOPADDING, omit the = padding character. If APR_ENCODE_URL, * use RFC4648 Base 64 Encoding with URL and Filename Safe Alphabet. - * If APR_ENCODE_BASE64URL, use RFC7515 base64url Encoding. - * @param len If present and src is NULL, returns the maximum possible length - * of the destination string, including a zero pad. If present and src is - * not NULL, returns the number of characters actually written. - * @return APR_SUCCESS, or APR_NOTFOUND if the string was NULL. + * If APR_ENCODE_BASE64URL, use RFC7515 base64url Encoding. + * @param len If not NULL, outputs the length of the buffer needed for encoding + * (including the trailing NUL) if \c dest is NULL, or the actual length of + * the encoding (excluding the trailing NUL) if \c dest is not NULL. + * @return APR_SUCCESS, or APR_EINVAL if \c slen is not APR_ENCODE_STRING and + * negative, or APR_NOTFOUND if \c dest is not NULL and \c src is NULL, or + * APR_ENOSPC if \c dest is NULL and the source length (based on \c slen or + * APR_ENCODE_STRING) is too big to encode. */ APR_DECLARE(apr_status_t) apr_encode_base64(char *dest, const char *src, apr_ssize_t slen, int flags, apr_size_t * len); /** * Convert binary data to base64. - * @param dest The destination string, can be NULL. - * @param src The original buffer. + * @param dest The destination string, can be NULL to output in \c len the + * needed buffer length for encoding. + * @param src The original buffer, can be NULL if \c dest is NULL. * @param slen The length of the original buffer. * @param flags If APR_ENCODE_NONE, emit RFC4648 Base 64 Encoding. If * APR_ENCODE_NOPADDING, omit the = padding character. If APR_ENCODE_URL, * use RFC4648 Base 64 Encoding with URL and Filename Safe Alphabet. - * If APR_ENCODE_BASE64URL, use RFC7515 base64url Encoding. - * @param len If present and src is NULL, returns the maximum possible length - * of the destination string, including a zero pad. If present and src is - * not NULL, returns the number of characters actually written. - * @return APR_SUCCESS, or APR_NOTFOUND if the string was NULL. + * If APR_ENCODE_BASE64URL, use RFC7515 base64url Encoding. + * @param len If not NULL, outputs the length of the buffer needed for encoding + * (including the trailing NUL) if \c dest is NULL, or the actual length of + * the encoding (excluding the trailing NUL) if \c dest is not NULL. + * @return APR_SUCCESS, or APR_EINVAL if \c slen is negative, or APR_NOTFOUND + * if \c dest is not NULL and \c src is NULL, or APR_ENOSPC if \c dest is NULL + * and the source length (based on \c slen or APR_ENCODE_STRING) is too big to + * encode. */ APR_DECLARE(apr_status_t) apr_encode_base64_binary(char *dest, const unsigned char *src, apr_ssize_t slen, int flags, apr_size_t * len); @@ -184,15 +193,16 @@ APR_DECLARE(apr_status_t) apr_encode_base64_binary(char *dest, const unsigned ch * @param p Pool to allocate from. * @param src The original string. * @param slen The length of the original string, or APR_ENCODE_STRING if - * NUL terminated. + * the actual length should be computed based on NUL termination. * @param flags If APR_ENCODE_NONE, emit RFC4648 Base 64 Encoding. If * APR_ENCODE_NOPADDING, omit the = padding character. If APR_ENCODE_URL, * use RFC4648 Base 64 Encoding with URL and Filename Safe Alphabet. - * If APR_ENCODE_BASE64URL, use RFC7515 base64url Encoding. - * @param len If present, returns the number of characters written excluding - * the zero pad. - * @return A zero padded string allocated from the pool on success, or - * NULL if src was NULL. + * If APR_ENCODE_BASE64URL, use RFC7515 base64url Encoding. + * @param len If not NULL, outputs the length of the encoding (excluding the + * trailing NUL). + * @return A NUL terminated string allocated from the pool on success, + * or NULL if src is NULL or allocation failed or the encoding is not + * possible (see apr_encode_base64 errors). */ APR_DECLARE(const char *)apr_pencode_base64(apr_pool_t * p, const char *src, apr_ssize_t slen, int flags, apr_size_t * len)__attribute__((nonnull(1))); @@ -205,47 +215,62 @@ APR_DECLARE(const char *)apr_pencode_base64(apr_pool_t * p, const char *src, * @param flags If APR_ENCODE_NONE, emit RFC4648 Base 64 Encoding. If * APR_ENCODE_NOPADDING, omit the = padding character. If APR_ENCODE_URL, * use RFC4648 Base 64 Encoding with URL and Filename Safe Alphabet. - * If APR_ENCODE_BASE64URL, use RFC7515 base64url Encoding. - * @param len If present, returns the number of characters written excluding - * the zero pad. - * @return A zero padded string allocated from the pool on success, or - * NULL if src was NULL. + * If APR_ENCODE_BASE64URL, use RFC7515 base64url Encoding. + * @param len If not NULL, outputs the length of the encoding (excluding the + * trailing NUL). + * @return A NUL terminated string allocated from the pool on success, + * or NULL if src is NULL or allocation failed or the encoding is not + * possible (see apr_encode_base64_binary errors). */ APR_DECLARE(const char *)apr_pencode_base64_binary(apr_pool_t * p, const unsigned char *src, apr_ssize_t slen, int flags, apr_size_t * len)__attribute__((nonnull(1))); /** * Convert base64 or base64url with or without padding to text data. - * @param dest The destination string, can be NULL. - * @param src The original string. - * @param slen The length of the original string, or APR_ENCODE_STRING if - * NUL terminated. - * @param flags If APR_ENCODE_NONE, attempt to decode the full original buffer, + * @param dest The destination string, can be NULL to output in \c len the + * needed buffer length for decoding. + * @param src The base64 string, can be NULL if \c dest is NULL and \c slen + * is positive or nul. + * @param slen The length of the base64 string, or APR_ENCODE_STRING if + * the actual length should be computed based on NUL termination. + * @param flags If APR_ENCODE_NONE, attempt to decode the full base64 string, * and return NULL if any bad character is detected. If APR_ENCODE_RELAXED, * decode until the first non base64/base64url character. - * @param len If present and src is NULL, returns the maximum possible length - * of the destination string, including a zero pad. If present and src is - * not NULL, returns the number of characters actually written. - * @return APR_SUCCESS, or APR_NOTFOUND if the string was NULL, or APR_BADCH - * if a non hex character is present. + * @param len If not NULL, outputs the length of the buffer needed for decoding + * (including the trailing NUL) if \c dest is NULL, or the actual length of + * the decoding (excluding the trailing NUL) if \c dest is not NULL. + * @return APR_SUCCESS, or APR_EINVAL if \c slen is not APR_ENCODE_STRING and + * negative, or APR_NOTFOUND if \c dest is not NULL and \c src is NULL, or + * APR_ENOSPC if \c dest is NULL and the source length (based on \c slen or + * APR_ENCODE_STRING) is too big to decode, or APR_EINCOMPLETE if the source + * length (based on \c slen or APR_ENCODE_STRING) is invalid for a base64 + * encoding, or APR_BADCH if a non base64 character is present and + * APR_ENCODE_RELAXED is not specified. */ APR_DECLARE(apr_status_t) apr_decode_base64(char *dest, const char *src, apr_ssize_t slen, int flags, apr_size_t * len); /** * Convert base64 or base64url with or without padding to binary data. - * @param dest The destination buffer, can be NULL. - * @param src The original string. - * @param slen The length of the original string, or APR_ENCODE_STRING if - * NUL terminated. - * @param flags If APR_ENCODE_NONE, attempt to decode the full original buffer, + * @param dest The destination string, can be NULL to output in \c len the + * needed buffer length for decoding. + * @param src The base64 string, can be NULL if \c dest is NULL and \c slen + * is positive or nul. + * @param slen The length of the base64 string, or APR_ENCODE_STRING if + * the actual length should be computed based on NUL termination. + * @param flags If APR_ENCODE_NONE, attempt to decode the full base64 string, * and return NULL if any bad character is detected. If APR_ENCODE_RELAXED, * decode until the first non base64/base64url character. - * @param len If present and src is NULL, returns the maximum possible length - * of the destination buffer, including a zero pad. If present and src is - * not NULL, returns the number of characters actually written. - * @return APR_SUCCESS, or APR_NOTFOUND if the src was NULL, or APR_BADCH - * if a non base64 character is present. + * @param len If not NULL, outputs the length of the buffer needed for decoding + * (including the trailing NUL) if \c dest is NULL, or the actual length of + * the decoding (excluding the trailing NUL) if \c dest is not NULL. + * @return APR_SUCCESS, or APR_EINVAL if \c slen is not APR_ENCODE_STRING and + * negative, or APR_NOTFOUND if \c dest is not NULL and \c src is NULL, or + * APR_ENOSPC if \c dest is NULL and the source length (based on \c slen or + * APR_ENCODE_STRING) is too big to decode, or APR_EINCOMPLETE if the source + * length (based on \c slen or APR_ENCODE_STRING) is invalid for a base64 + * encoding, or APR_BADCH if a non base64 character is present and + * APR_ENCODE_RELAXED is not specified. */ APR_DECLARE(apr_status_t) apr_decode_base64_binary(unsigned char *dest, const char *src, apr_ssize_t slen, int flags, apr_size_t * len); @@ -255,15 +280,16 @@ APR_DECLARE(apr_status_t) apr_decode_base64_binary(unsigned char *dest, * return the results from a pool. * @param p Pool to allocate from. * @param src The base64 string to decode. - * @param slen The length of the base64 string, or APR_ENCODE_STRING if - * NUL terminated. + * @param slen The length of the original string, or APR_ENCODE_STRING if + * the actual length should be computed based on NUL termination. * @param flags If APR_ENCODE_NONE, attempt to decode the full original buffer, * and return NULL if any bad character is detected. If APR_ENCODE_RELAXED, * decode until the first non base64/base64url character. - * @param len If present, returns the number of characters written, excluding - * the zero padding. - * @return A string allocated from the pool containing the result with a zero - * pad. If src was NULL, or an error occurred, NULL is returned. + * @param len If not NULL, outputs the length of the decoding (excluding the + * trailing NUL). + * @return A NUL terminated string allocated from the pool on success, + * or NULL if src is NULL or allocation failed or the decoding is not + * possible (see apr_decode_base64_binary errors). */ APR_DECLARE(const char *)apr_pdecode_base64(apr_pool_t * p, const char *src, apr_ssize_t slen, int flags, apr_size_t * len) @@ -273,16 +299,17 @@ APR_DECLARE(const char *)apr_pdecode_base64(apr_pool_t * p, const char *src, * Convert base64 or base64url with or without padding to binary data, and * return the results from a pool. * @param p Pool to allocate from. - * @param src The original string. + * @param src The base64 string to decode. * @param slen The length of the original string, or APR_ENCODE_STRING if - * NUL terminated. + * the actual length should be computed based on NUL termination. * @param flags If APR_ENCODE_NONE, attempt to decode the full original buffer, * and return NULL if any bad character is detected. If APR_ENCODE_RELAXED, * decode until the first non base64/base64url character. - * @param len If present, returns the number of characters written, excluding - * the zero padding. - * @return A buffer allocated from the pool containing the result with a zero - * pad. If src was NULL, or an error occurred, NULL is returned. + * @param len If not NULL, outputs the length of the decoding (excluding the + * trailing NUL). + * @return A NUL terminated string allocated from the pool on success, + * or NULL if src is NULL or allocation failed or the decoding is not + * possible (see apr_decode_base64_binary errors). */ APR_DECLARE(const unsigned char *)apr_pdecode_base64_binary(apr_pool_t * p, const char *src, apr_ssize_t slen, int flags, apr_size_t * len) @@ -290,33 +317,42 @@ APR_DECLARE(const unsigned char *)apr_pdecode_base64_binary(apr_pool_t * p, /** * Convert text data to base32. - * @param dest The destination string, can be NULL. - * @param src The original string. + * @param dest The destination string, can be NULL to output in \c len the + * needed buffer length for encoding. + * @param src The original string, can be NULL if \c dest is NULL and \c slen + * is positive or nul. * @param slen The length of the original string, or APR_ENCODE_STRING if - * NUL terminated. + * the actual length should be computed based on NUL termination. * @param flags If APR_ENCODE_NONE, emit RFC4648 Base 32 Encoding. If * APR_ENCODE_NOPADDING, omit the = padding character. If APR_ENCODE_BASE32HEX, * use RFC4648 base32hex Encoding. - * @param len If present and src is NULL, returns the maximum possible length - * of the destination string, including a zero pad. If present and src is - * not NULL, returns the number of characters actually written. - * @return APR_SUCCESS, or APR_NOTFOUND if the string was NULL. + * @param len If not NULL, outputs the length of the buffer needed for encoding + * (including the trailing NUL) if \c dest is NULL, or the actual length of + * the encoding (excluding the trailing NUL) if \c dest is not NULL. + * @return APR_SUCCESS, or APR_EINVAL if \c slen is not APR_ENCODE_STRING and + * negative, or APR_NOTFOUND if \c dest is not NULL and \c src is NULL, or + * APR_ENOSPC if \c dest is NULL and the source length (based on \c slen or + * APR_ENCODE_STRING) is too big to encode. */ APR_DECLARE(apr_status_t) apr_encode_base32(char *dest, const char *src, apr_ssize_t slen, int flags, apr_size_t * len); /** * Convert binary data to base32. - * @param dest The destination string, can be NULL. - * @param src The original buffer. + * @param dest The destination string, can be NULL to output in \c len the + * needed buffer length for encoding. + * @param src The original buffer, can be NULL if \c dest is NULL. * @param slen The length of the original buffer. * @param flags If APR_ENCODE_NONE, emit RFC4648 Base 32 Encoding. If * APR_ENCODE_NOPADDING, omit the = padding character. If APR_ENCODE_BASE32HEX, * use RFC4648 base32hex Encoding. - * @param len If present and src is NULL, returns the maximum possible length - * of the destination string, including a zero pad. If present and src is - * not NULL, returns the number of characters actually written. - * @return APR_SUCCESS, or APR_NOTFOUND if the string was NULL. + * @param len If not NULL, outputs the length of the buffer needed for encoding + * (including the trailing NUL) if \c dest is NULL, or the actual length of + * the encoding (excluding the trailing NUL) if \c dest is not NULL. + * @return APR_SUCCESS, or APR_EINVAL if \c slen is negative, or APR_NOTFOUND + * if \c dest is not NULL and \c src is NULL, or APR_ENOSPC if \c dest is NULL + * and the source length (based on \c slen or APR_ENCODE_STRING) is too big to + * encode. */ APR_DECLARE(apr_status_t) apr_encode_base32_binary(char *dest, const unsigned char *src, apr_ssize_t slen, int flags, apr_size_t * len); @@ -326,14 +362,15 @@ APR_DECLARE(apr_status_t) apr_encode_base32_binary(char *dest, const unsigned ch * @param p Pool to allocate from. * @param src The original string. * @param slen The length of the original string, or APR_ENCODE_STRING if - * NUL terminated. + * the actual length should be computed based on NUL termination. * @param flags If APR_ENCODE_NONE, emit RFC4648 Base 32 Encoding. If * APR_ENCODE_NOPADDING, omit the = padding character. If APR_ENCODE_BASE32HEX, * use RFC4648 base32hex Encoding. - * @param len If present, returns the number of characters written excluding - * the zero pad. - * @return A zero padded string allocated from the pool on success, or - * NULL if src was NULL. + * @param len If not NULL, outputs the length of the encoding (excluding the + * trailing NUL). + * @return A NUL terminated string allocated from the pool on success, + * or NULL if src is NULL or allocation failed or the encoding is not + * possible (see apr_encode_base32 errors). */ APR_DECLARE(const char *)apr_pencode_base32(apr_pool_t * p, const char *src, apr_ssize_t slen, int flags, apr_size_t * len) @@ -346,11 +383,12 @@ APR_DECLARE(const char *)apr_pencode_base32(apr_pool_t * p, const char *src, * @param slen The length of the original buffer. * @param flags If APR_ENCODE_NONE, emit RFC4648 Base 32 Encoding. If * APR_ENCODE_NOPADDING, omit the = padding character. If APR_ENCODE_BASE32HEX, - * use RFC7515 base32hex Encoding. - * @param len If present, returns the number of characters written excluding - * the zero pad. - * @return A zero padded string allocated from the pool on success, or - * NULL if src was NULL. + * use RFC4648 base32hex Encoding. + * @param len If not NULL, outputs the length of the encoding (excluding the + * trailing NUL). + * @return A NUL terminated string allocated from the pool on success, + * or NULL if src is NULL or allocation failed or the encoding is not + * possible (see apr_encode_base32_binary errors). */ APR_DECLARE(const char *)apr_pencode_base32_binary(apr_pool_t * p, const unsigned char *src, apr_ssize_t slen, int flags, apr_size_t * len) @@ -358,34 +396,48 @@ APR_DECLARE(const char *)apr_pencode_base32_binary(apr_pool_t * p, const unsigne /** * Convert base32 or base32hex with or without padding to text data. - * @param dest The destination string, can be NULL. - * @param src The original string. - * @param slen The length of the original string, or APR_ENCODE_STRING if - * NUL terminated. + * @param dest The destination string, can be NULL to output in \c len the + * needed buffer length for decoding. + * @param src The base32 string, can be NULL if \c dest is NULL and \c slen + * is positive or nul. + * @param slen The length of the base32 string, or APR_ENCODE_STRING if + * the actual length should be computed based on NUL termination. * @param flags If APR_ENCODE_NONE, parse RFC4648 Base 32 Encoding. If * APR_ENCODE_BASE32HEX, use RFC4648 base32hex Encoding. - * @param len If present and src is NULL, returns the maximum possible length - * of the destination buffer, including a zero pad. If present and src is - * not NULL, returns the number of characters actually written. - * @return APR_SUCCESS, or APR_NOTFOUND if the string was NULL, or APR_BADCH - * if a non base32 character is present. + * @param len If not NULL, outputs the length of the buffer needed for decoding + * (including the trailing NUL) if \c dest is NULL, or the actual length of + * the decoding (excluding the trailing NUL) if \c dest is not NULL. + * @return APR_SUCCESS, or APR_EINVAL if \c slen is not APR_ENCODE_STRING and + * negative, or APR_NOTFOUND if \c dest is not NULL and \c src is NULL, or + * APR_ENOSPC if \c dest is NULL and the source length (based on \c slen or + * APR_ENCODE_STRING) is too big to decode, or APR_EINCOMPLETE if the source + * length (based on \c slen or APR_ENCODE_STRING) is invalid for a base32 + * encoding, or APR_BADCH if a non base32 character is present and + * APR_ENCODE_RELAXED is not specified. */ APR_DECLARE(apr_status_t) apr_decode_base32(char *dest, const char *src, apr_ssize_t slen, int flags, apr_size_t * len); /** * Convert base32 or base32hex with or without padding to binary data. - * @param dest The destination buffer, can be NULL. - * @param src The original string. - * @param slen The length of the original string, or APR_ENCODE_STRING if - * NUL terminated. + * @param dest The destination string, can be NULL to output in \c len the + * needed buffer length for decoding. + * @param src The base32 string, can be NULL if \c dest is NULL and \c slen + * is positive or nul. + * @param slen The length of the base32 string, or APR_ENCODE_STRING if + * the actual length should be computed based on NUL termination. * @param flags If APR_ENCODE_NONE, parse RFC4648 Base 32 Encoding. If * APR_ENCODE_BASE32HEX, use RFC4648 base32hex Encoding. - * @param len If present and src is NULL, returns the maximum possible length - * of the destination buffer, including a zero pad. If present and src is - * not NULL, returns the number of characters actually written. - * @return APR_SUCCESS, or APR_NOTFOUND if the src was NULL, or APR_BADCH - * if a non base32 character is present. + * @param len If not NULL, outputs the length of the buffer needed for decoding + * (including the trailing NUL) if \c dest is NULL, or the actual length of + * the decoding (excluding the trailing NUL) if \c dest is not NULL. + * @return APR_SUCCESS, or APR_EINVAL if \c slen is not APR_ENCODE_STRING and + * negative, or APR_NOTFOUND if \c dest is not NULL and \c src is NULL, or + * APR_ENOSPC if \c dest is NULL and the source length (based on \c slen or + * APR_ENCODE_STRING) is too big to decode, or APR_EINCOMPLETE if the source + * length (based on \c slen or APR_ENCODE_STRING) is invalid for a base32 + * encoding, or APR_BADCH if a non base32 character is present and + * APR_ENCODE_RELAXED is not specified. */ APR_DECLARE(apr_status_t) apr_decode_base32_binary(unsigned char *dest, const char *src, apr_ssize_t slen, int flags, apr_size_t * len); @@ -395,14 +447,15 @@ APR_DECLARE(apr_status_t) apr_decode_base32_binary(unsigned char *dest, * return the results from a pool. * @param p Pool to allocate from. * @param src The base32 string to decode. - * @param slen The length of the base32 string, or APR_ENCODE_STRING if - * NUL terminated. + * @param slen The length of the original string, or APR_ENCODE_STRING if + * the actual length should be computed based on NUL termination. * @param flags If APR_ENCODE_NONE, parse RFC4648 Base 32 Encoding. If * APR_ENCODE_BASE32HEX, use RFC4648 base32hex Encoding. - * @param len If present, returns the number of characters written, excluding - * the zero padding. - * @return A string allocated from the pool containing the result with a zero - * pad. If src was NULL, or an error occurred, NULL is returned. + * @param len If not NULL, outputs the length of the encoding (excluding the + * trailing NUL). + * @return A NUL terminated string allocated from the pool on success, + * or NULL if src is NULL or allocation failed or the decoding is not + * possible (see apr_decode_base32 errors). */ APR_DECLARE(const char *)apr_pdecode_base32(apr_pool_t * p, const char *src, apr_ssize_t slen, int flags, apr_size_t * len) @@ -412,15 +465,16 @@ APR_DECLARE(const char *)apr_pdecode_base32(apr_pool_t * p, const char *src, * Convert base32 or base32hex with or without padding to binary data, and * return the results from a pool. * @param p Pool to allocate from. - * @param src The original string. + * @param src The base32 string to decode. * @param slen The length of the original string, or APR_ENCODE_STRING if - * NUL terminated. + * the actual length should be computed based on NUL termination. * @param flags If APR_ENCODE_NONE, parse RFC4648 Base 32 Encoding. If * APR_ENCODE_BASE32HEX, use RFC4648 base32hex Encoding. - * @param len If present, returns the number of characters written, excluding - * the zero padding. - * @return A buffer allocated from the pool containing the result with a zero - * pad. If src was NULL, or an error occurred, NULL is returned. + * @param len If not NULL, outputs the length of the encoding (excluding the + * trailing NUL). + * @return A NUL terminated string allocated from the pool on success, + * or NULL if src is NULL or allocation failed or the decoding is not + * possible (see apr_decode_base32_binary errors). */ APR_DECLARE(const unsigned char *)apr_pdecode_base32_binary(apr_pool_t * p, const char *src, apr_ssize_t slen, int flags, apr_size_t * len) @@ -428,31 +482,40 @@ APR_DECLARE(const unsigned char *)apr_pdecode_base32_binary(apr_pool_t * p, /** * Convert text data to base16 (hex). - * @param dest The destination string, can be NULL. - * @param src The original string. + * @param dest The destination string, can be NULL to output in \c len the + * needed buffer length for encoding. + * @param src The original string, can be NULL if \c dest is NULL and \c slen + * is positive or nul. * @param slen The length of the original string, or APR_ENCODE_STRING if - * NUL terminated. + * the actual length should be computed based on NUL termination. * @param flags If APR_ENCODE_NONE, emit RFC4648 Base 16 Encoding. If * APR_ENCODE_COLON, separate each token with a colon. - * @param len If present and src is NULL, returns the maximum possible length - * of the destination buffer, including a zero pad. If present and src is - * not NULL, returns the number of characters actually written. - * @return APR_SUCCESS, or APR_NOTFOUND if the string was NULL. + * @param len If not NULL, outputs the length of the buffer needed for encoding + * (including the trailing NUL) if \c dest is NULL, or the actual length of + * the encoding (excluding the trailing NUL) if \c dest is not NULL. + * @return APR_SUCCESS, or APR_EINVAL if \c slen is not APR_ENCODE_STRING and + * negative, or APR_NOTFOUND if \c dest is not NULL and \c src is NULL, or + * APR_ENOSPC if \c dest is NULL and the source length (based on \c slen or + * APR_ENCODE_STRING) is too big to encode. */ APR_DECLARE(apr_status_t) apr_encode_base16(char *dest, const char *src, apr_ssize_t slen, int flags, apr_size_t * len); /** * Convert binary data to base16 (hex). - * @param dest The destination string, can be NULL. - * @param src The original buffer. + * @param dest The destination string, can be NULL to output in \c len the + * needed buffer length for encoding. + * @param src The original buffer, can be NULL if \c dest is NULL. * @param slen The length of the original buffer. * @param flags If APR_ENCODE_NONE, emit RFC4648 Base 16 Encoding. If * APR_ENCODE_COLON, separate each token with a colon. - * @param len If present and src is NULL, returns the maximum possible length - * of the destination buffer, including a zero pad. If present and src is - * not NULL, returns the number of characters actually written. - * @return APR_SUCCESS, or APR_NOTFOUND if the string was NULL. + * @param len If not NULL, outputs the length of the buffer needed for encoding + * (including the trailing NUL) if \c dest is NULL, or the actual length of + * the encoding (excluding the trailing NUL) if \c dest is not NULL. + * @return APR_SUCCESS, or APR_EINVAL if \c slen is negative, or APR_NOTFOUND + * if \c dest is not NULL and \c src is NULL, or APR_ENOSPC if \c dest is NULL + * and the source length (based on \c slen or APR_ENCODE_STRING) is too big to + * encode. */ APR_DECLARE(apr_status_t) apr_encode_base16_binary(char *dest, const unsigned char *src, apr_ssize_t slen, int flags, @@ -464,13 +527,14 @@ APR_DECLARE(apr_status_t) apr_encode_base16_binary(char *dest, * @param p Pool to allocate from. * @param src The original string. * @param slen The length of the original string, or APR_ENCODE_STRING if - * NUL terminated. + * the actual length should be computed based on NUL termination. * @param flags If APR_ENCODE_NONE, emit RFC4648 Base 16 Encoding. If * APR_ENCODE_COLON, separate each token with a colon. - * @param len If present, returns the number of characters written, excluding - * the zero padding. - * @return A string allocated from the pool containing the result with a zero - * pad. If src was NULL, or an error occurred, NULL is returned. + * @param len If not NULL, outputs the length of the encoding (excluding the + * trailing NUL). + * @return A NUL terminated string allocated from the pool on success, + * or NULL if src is NULL or allocation failed or the encoding is not + * possible (see apr_encode_base16 errors). */ APR_DECLARE(const char *)apr_pencode_base16(apr_pool_t * p, const char *src, apr_ssize_t slen, int flags, apr_size_t * len) @@ -484,10 +548,11 @@ APR_DECLARE(const char *)apr_pencode_base16(apr_pool_t * p, const char *src, * @param slen The length of the original buffer. * @param flags If APR_ENCODE_NONE, emit RFC4648 Base 16 Encoding. If * APR_ENCODE_COLON, separate each token with a colon. - * @param len If present, returns the number of characters written, excluding - * the zero padding. - * @return A string allocated from the pool containing the result with a zero - * pad. If src was NULL, or an error occurred, NULL is returned. + * @param len If not NULL, outputs the length of the encoding (excluding the + * trailing NUL). + * @return A NUL terminated string allocated from the pool on success, + * or NULL if src is NULL or allocation failed or the encoding is not + * possible (see apr_encode_base16_binary errors). */ APR_DECLARE(const char *)apr_pencode_base16_binary(apr_pool_t * p, const unsigned char *src, apr_ssize_t slen, @@ -495,34 +560,48 @@ APR_DECLARE(const char *)apr_pencode_base16_binary(apr_pool_t * p, /** * Convert base16 (hex) to text data. - * @param dest The destination string, can be NULL. - * @param src The original string. - * @param slen The length of the original string, or APR_ENCODE_STRING if - * NUL terminated. + * @param dest The destination string, can be NULL to output in \c len the + * needed buffer length for decoding. + * @param src The base16 string, can be NULL if \c dest is NULL and \c slen + * is positive or nul. + * @param slen The length of the base16 string, or APR_ENCODE_STRING if + * the actual length should be computed based on NUL termination. * @param flags If APR_ENCODE_NONE, parse RFC4648 Base 16 Encoding. If * APR_ENCODE_COLON, allow tokens to be separated with a colon. - * @param len If present and src is NULL, returns the maximum possible length - * of the destination buffer, including a zero pad. If present and src is - * not NULL, returns the number of characters actually written. - * @return APR_SUCCESS, or APR_NOTFOUND if the string was NULL, or APR_BADCH - * if a non hex character is present. A zero pad is appended to the buffer. + * @param len If not NULL, outputs the length of the buffer needed for decoding + * (including the trailing NUL) if \c dest is NULL, or the actual length of + * the decoding (excluding the trailing NUL) if \c dest is not NULL. + * @return APR_SUCCESS, or APR_EINVAL if \c slen is not APR_ENCODE_STRING and + * negative, or APR_NOTFOUND if \c dest is not NULL and \c src is NULL, or + * APR_ENOSPC if \c dest is NULL and the source length (based on \c slen or + * APR_ENCODE_STRING) is too big to decode, or APR_EINCOMPLETE if the source + * length (based on \c slen or APR_ENCODE_STRING) is invalid for a base16 + * encoding, or APR_BADCH if a non base16 character is present and + * APR_ENCODE_RELAXED is not specified. */ APR_DECLARE(apr_status_t) apr_decode_base16(char *dest, const char *src, apr_ssize_t slen, int flags, apr_size_t * len); /** * Convert base16 (hex) to binary data. - * @param dest The destination buffer, can be NULL. - * @param src The original string. - * @param slen The length of the original string, or APR_ENCODE_STRING if - * NUL terminated. + * @param dest The destination string, can be NULL to output in \c len the + * needed buffer length for decoding. + * @param src The base16 string, can be NULL if \c dest is NULL and \c slen + * is positive or nul. + * @param slen The length of the base16 string, or APR_ENCODE_STRING if + * the actual length should be computed based on NUL termination. * @param flags If APR_ENCODE_NONE, parse RFC4648 Base 16 Encoding. If * APR_ENCODE_COLON, allow tokens to be separated with a colon. - * @param len If present and src is NULL, returns the maximum possible length - * of the destination buffer, including a zero pad. If present and src is - * not NULL, returns the number of characters actually written. - * @return APR_SUCCESS, or APR_NOTFOUND if the string was NULL, or APR_BADCH - * if a non hex character is present. No zero pad is written to the buffer. + * @param len If not NULL, outputs the length of the buffer needed for decoding + * (including the trailing NUL) if \c dest is NULL, or the actual length of + * the decoding (excluding the trailing NUL) if \c dest is not NULL. + * @return APR_SUCCESS, or APR_EINVAL if \c slen is not APR_ENCODE_STRING and + * negative, or APR_NOTFOUND if \c dest is not NULL and \c src is NULL, or + * APR_ENOSPC if \c dest is NULL and the source length (based on \c slen or + * APR_ENCODE_STRING) is too big to decode, or APR_EINCOMPLETE if the source + * length (based on \c slen or APR_ENCODE_STRING) is invalid for a base16 + * encoding, or APR_BADCH if a non base16 character is present and + * APR_ENCODE_RELAXED is not specified. */ APR_DECLARE(apr_status_t) apr_decode_base16_binary(unsigned char *dest, const char *src, apr_ssize_t slen, int flags, apr_size_t * len); @@ -530,15 +609,16 @@ APR_DECLARE(apr_status_t) apr_decode_base16_binary(unsigned char *dest, /** * Convert base16 (hex) and return the results from a pool. * @param p Pool to allocate from. - * @param src The original string. + * @param src The base16 string to decode. * @param slen The length of the original string, or APR_ENCODE_STRING if - * NUL terminated. + * the actual length should be computed based on NUL termination. * @param flags If APR_ENCODE_NONE, parse RFC4648 Base 16 Encoding. If * APR_ENCODE_COLON, allow tokens to be separated with a colon. - * @param len If present, returns the number of characters written, excluding - * the zero padding. - * @return A buffer allocated from the pool containing the result with a zero - * pad. If src was NULL, or an error occurred, NULL is returned. + * @param len If not NULL, outputs the length of the encoding (excluding the + * trailing NUL). + * @return A NUL terminated string allocated from the pool on success, + * or NULL if src is NULL or allocation failed or the decoding is not + * possible (see apr_decode_base16 errors). */ APR_DECLARE(const char *)apr_pdecode_base16(apr_pool_t * p, const char *src, apr_ssize_t slen, int flags, apr_size_t * len) @@ -547,15 +627,16 @@ APR_DECLARE(const char *)apr_pdecode_base16(apr_pool_t * p, const char *src, /** * Convert base16 (hex) to binary data, and return the results from a pool. * @param p Pool to allocate from. - * @param src The original string. + * @param src The base16 string to decode. * @param slen The length of the original string, or APR_ENCODE_STRING if - * NUL terminated. + * the actual length should be computed based on NUL termination. * @param flags If APR_ENCODE_NONE, parse RFC4648 Base 16 Encoding. If * APR_ENCODE_COLON, allow tokens to be separated with a colon. - * @param len If present, returns the number of characters written, excluding - * the zero padding. - * @return A buffer allocated from the pool containing the result with a zero - * pad. If src was NULL, or an error occurred, NULL is returned. + * @param len If not NULL, outputs the length of the encoding (excluding the + * trailing NUL). + * @return A NUL terminated string allocated from the pool on success, + * or NULL if src is NULL or allocation failed or the decoding is not + * possible (see apr_decode_base16_binary errors). */ APR_DECLARE(const unsigned char *)apr_pdecode_base16_binary(apr_pool_t * p, const char *src, apr_ssize_t slen, int flags, apr_size_t * len) diff --git a/include/private/apr_encode_private.h b/include/private/apr_encode_private.h index 8db2e0166..93ce0a02d 100644 --- a/include/private/apr_encode_private.h +++ b/include/private/apr_encode_private.h @@ -34,7 +34,8 @@ extern "C" { */ #if APR_CHARSET_EBCDIC - static int convert_a2e[256] = { + +static unsigned char convert_a2e[256] = { 0x00, 0x01, 0x02, 0x03, 0x37, 0x2D, 0x2E, 0x2F, 0x16, 0x05, 0x15, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x3C, 0x3D, 0x32, 0x26, 0x18, 0x19, 0x3F, 0x27, 0x1C, 0x1D, 0x1E, 0x1F, 0x40, 0x5A, 0x7F, 0x7B, 0x5B, 0x6C, 0x50, 0x7D, 0x4D, 0x5D, 0x5C, 0x4E, 0x6B, 0x60, 0x4B, 0x61, @@ -52,7 +53,7 @@ extern "C" { 0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9C, 0x48, 0x54, 0x51, 0x52, 0x53, 0x58, 0x55, 0x56, 0x57, 0x8C, 0x49, 0xCD, 0xCE, 0xCB, 0xCF, 0xCC, 0xE1, 0x70, 0xDD, 0xDE, 0xDB, 0xDC, 0x8D, 0x8E, 0xDF}; - static int convert_e2a[256] = { +static unsigned char convert_e2a[256] = { 0x00, 0x01, 0x02, 0x03, 0x9C, 0x09, 0x86, 0x7F, 0x97, 0x8D, 0x8E, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x9D, 0x0A, 0x08, 0x87, 0x18, 0x19, 0x92, 0x8F, 0x1C, 0x1D, 0x1E, 0x1F, 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x17, 0x1B, 0x88, 0x89, 0x8A, 0x8B, 0x8C, 0x05, 0x06, 0x07, @@ -69,12 +70,16 @@ extern "C" { 0x7D, 0x4A, 0x4B, 0x4C, 0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0xB9, 0xFB, 0xFC, 0xF9, 0xFA, 0xFF, 0x5C, 0xF7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0xB2, 0xD4, 0xD6, 0xD2, 0xD3, 0xD5, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0xB3, 0xDB, 0xDC, 0xD9, 0xDA, 0x9F}; -#define decode ENCODE_TO_ASCII(ch) convert_e2a[(unsigned char)ch] -#define decode ENCODE_TO_NATIVE(ch) convert_a2e[(unsigned char)ch] -#else /* APR_CHARSET_EBCDIC */ -#define ENCODE_TO_ASCII(ch) (ch) -#define ENCODE_TO_NATIVE(ch) (ch) -#endif /* !APR_CHARSET_EBCDIC */ + +#define TO_ASCII(ch) (convert_e2a[(unsigned char)(ch)]) +#define TO_NATIVE(ch) (convert_a2e[(unsigned char)(ch)]) + +#else /* APR_CHARSET_EBCDIC */ + +#define TO_ASCII(ch) ((unsigned char)(ch)) +#define TO_NATIVE(ch) ((unsigned char)(ch)) + +#endif /* !APR_CHARSET_EBCDIC */ /** @} */ #ifdef __cplusplus -- cgit v1.2.1