From da36873b7662484f9478fd3d4b10f7a1937c083c Mon Sep 17 00:00:00 2001
From: leitner <leitner>
Date: Tue, 15 Apr 2014 20:40:01 +0000
Subject: [PATCH] mmap_read now returns const char*, remove warnings reject
 non-minimal encodings for lengths and tags catch too-large-value overflows in
 tags

---
 acl.c             | 15 ++++++++++-----
 addindex.c        |  6 +++---
 asn1dump.c        |  2 +-
 dumpacls.c        |  2 +-
 dumpidx.c         | 10 +++++-----
 idx2ldif.c        |  4 ++--
 scan_asn1length.c | 44 +++++++++++++++++++++++---------------------
 scan_asn1tagint.c |  3 ++-
 t2.c              |  2 +-
 tinyldap.c        | 22 +++++++++++-----------
 10 files changed, 59 insertions(+), 51 deletions(-)

diff --git a/acl.c b/acl.c
index dc630fa..1e46483 100644
--- a/acl.c
+++ b/acl.c
@@ -273,7 +273,7 @@ int marshalfilter(stralloc* x,struct assertion* a) {
   }
 }
 
-int marshal(char* map,size_t filelen,const char* filename) {
+int marshal(const char* map,size_t filelen,const char* filename) {
   size_t filters,acls,i,j,k;
   size_t filter_offset; //,acl_offset;
   struct acl* a;
@@ -358,7 +358,7 @@ nomem:
 	  int found=0;
 	  for (j=0; j<attribute_count; ++j) {
 	    if (!strcmp(map+uint32_read(map+attrtab+j*4),a->attrs[k])) {
-	      a->attrs[k]=map+uint32_read(map+attrtab+j*4);
+	      a->attrs[k]=(char*)map+uint32_read(map+attrtab+j*4);
 	      found=1;
 	      break;
 	    }
@@ -369,7 +369,7 @@ nomem:
 	    * the address where mmap mapped the file. */
 	    char* tmp=a->attrs[k];
   //	  buffer_putmflush(buffer_1,"adding attribute ",a->attrs[k],"\n");
-	    a->attrs[k]=map+filelen+
+	    a->attrs[k]=(char*)map+filelen+
 			2*4+		/* index_type and next */
 			(filters+2)*4+	/* filters_count plus (filter_count+1)*uint32 */
 			x.len;
@@ -489,11 +489,16 @@ shortwrite:
 int main(int argc,char* argv[]) {
   size_t filelen;
   char* filename=argc>1?argv[1]:"data";
-  char* map=mmap_read(filename,&filelen);
+  const char* map=mmap_read(filename,&filelen);
+
+  if (!map) {
+    buffer_putmflush(buffer_2,"Could not open ",filename,"\n");
+    return 0;
+  }
 
   if (filelen<5*4 || uint32_read(map)!=0xfefe1da9) {
     buffer_putsflush(buffer_2,"not a valid tinyldap data file!\n");
-    exit(0);
+    return 0;
   }
 
   if (readacls("acls")==-1) die(1,"readacls failed");
diff --git a/addindex.c b/addindex.c
index 37b5367..75ca4c4 100644
--- a/addindex.c
+++ b/addindex.c
@@ -89,7 +89,7 @@ int main(int argc,char* argv[]) {
     if (strchr(argv[3],'f')) fastindex=1;
     if (strchr(argv[3],'h')) mode=HASHTABLE;
   }
-  map=mmap_read(filename,&filelen);
+  map=(char*)mmap_read(filename,&filelen);
   if (!map)
     diesys(111,"Could not open \"",filename,"\"");
   uint32_unpack(map,&magic);
@@ -102,7 +102,7 @@ int main(int argc,char* argv[]) {
 
   {
     unsigned int i;
-    char* x=map+5*4+size_of_string_table;
+    const char* x=map+5*4+size_of_string_table;
     wanted=casesensitive=dn=objectClass=0;
     for (i=0; i<attribute_count; ++i) {
       uint32 j;
@@ -127,7 +127,7 @@ int main(int argc,char* argv[]) {
 
   if (mode==SORTEDTABLE) {
     uint32 i,counted=0;
-    char* x=map+5*4+size_of_string_table+attribute_count*8;
+    const char* x=map+5*4+size_of_string_table+attribute_count*8;
     for (i=0; i<record_count; ++i) {
       uint32 j,k;
       uint32_unpack(x,&j);
diff --git a/asn1dump.c b/asn1dump.c
index 2ec2b11..3db1b45 100644
--- a/asn1dump.c
+++ b/asn1dump.c
@@ -8,7 +8,7 @@
 #include "printasn1.c"
 
 int main(int argc,char* argv[]) {
-  char* buf;
+  const char* buf;
   size_t l;
 
   if (argc<2) {
diff --git a/dumpacls.c b/dumpacls.c
index 88c58ed..efeaeaa 100644
--- a/dumpacls.c
+++ b/dumpacls.c
@@ -10,7 +10,7 @@
 int main(int argc,char* argv[]) {
   unsigned long filelen;
   char* fn=argc<2?"data":argv[1];
-  char* map=mmap_read(fn,&filelen);
+  const char* map=mmap_read(fn,&filelen);
   uint32 magic,attribute_count,record_count,indices_offset,size_of_string_table,acl_ofs;
   if (!map) {
     buffer_puts(buffer_2,"could not open `");
diff --git a/dumpidx.c b/dumpidx.c
index 5c3a2f5..d9e1467 100644
--- a/dumpidx.c
+++ b/dumpidx.c
@@ -7,12 +7,12 @@ int main(int argc,char* argv[]) {
   int verbose=0;
   unsigned long filelen;
   char* fn=argc<2?"data":argv[1];
-  char* map=mmap_read(fn,&filelen);
+  const char* map=mmap_read(fn,&filelen);
   uint32 magic,attribute_count,record_count,indices_offset,size_of_string_table;
   if (!map) {
-    buffer_puts(buffer_2,"could not open `");
+    buffer_puts(buffer_2,"could not open \"");
     buffer_puts(buffer_2,fn);
-    buffer_puts(buffer_2,"´: ");
+    buffer_puts(buffer_2,"\": ");
     buffer_puterror(buffer_2);
     buffer_putnlflush(buffer_2);
     exit(1);
@@ -38,7 +38,7 @@ int main(int argc,char* argv[]) {
   /* now print some attributes */
   {
     unsigned int i;
-    char* x=map+5*4+size_of_string_table;
+    const char* x=map+5*4+size_of_string_table;
     for (i=0; i<attribute_count; ++i) {
       uint32 j;
       uint32_unpack(x,&j);
@@ -52,7 +52,7 @@ int main(int argc,char* argv[]) {
 
   if (verbose) {
     unsigned long i;
-    char* x=map+5*4+size_of_string_table+attribute_count*8;
+    const char* x=map+5*4+size_of_string_table+attribute_count*8;
     buffer_puts(buffer_1,"\nRecords:\n");
     for (i=0; i<record_count; ++i) {
       uint32 j,k;
diff --git a/idx2ldif.c b/idx2ldif.c
index c78f22f..73783ae 100644
--- a/idx2ldif.c
+++ b/idx2ldif.c
@@ -39,7 +39,7 @@ int main(int argc,char* argv[]) {
   int verbose=1;
   unsigned long filelen;
   char* fn=argc<2?"data":argv[1];
-  char* map=mmap_read(fn,&filelen);
+  const char* map=mmap_read(fn,&filelen);
   uint32 magic,attribute_count,record_count,indices_offset,size_of_string_table;
   if (!map) {
     buffer_puts(buffer_2,"could not open ");
@@ -57,7 +57,7 @@ int main(int argc,char* argv[]) {
 
   if (verbose) {
     unsigned long i;
-    char* x=map+5*4+size_of_string_table+attribute_count*8;
+    const char* x=map+5*4+size_of_string_table+attribute_count*8;
     for (i=0; i<record_count; ++i) {
       uint32 j,k;
       uint32_unpack(x,&j);
diff --git a/scan_asn1length.c b/scan_asn1length.c
index 944bd52..689ab78 100644
--- a/scan_asn1length.c
+++ b/scan_asn1length.c
@@ -1,25 +1,27 @@
 #include <inttypes.h>
 #include "asn1.h"
 
-size_t scan_asn1length(const char* src,const char* max,size_t* length) {
-  const char* orig=src;
-  if (src>=max) return 0;
-/* If the highest bit of the first byte is clear, the byte is the length.
- * Otherwise the next n bytes are the length (n being the lower 7 bits) */
-  if (*src&0x80) {
-    int chars=*src&0x7f;
-    size_t l=0;
-    while (chars>0) {
-      if (++src>=max) return 0;
-      if (l>(((unsigned long)-1)>>8)) return 0;	/* catch integer overflow */
-      l=l*256+(unsigned char)*src;
-      --chars;
-    }
-    *length=l;
-  } else
-    *length=*src&0x7f;
-  src++;
-  if (src+*length>max) return 0;	/* catch integer overflow */
-  if ((uintptr_t)src+*length<(uintptr_t)src) return 0;	/* gcc 4.1 removes this check without the cast to uintptr_t */
-  return src-orig;
+size_t scan_asn1length(const char* src,const char* max,size_t* value) {
+  size_t len=max-src;
+  if (len==0 || len>=-(uintptr_t)src) return 0;
+  unsigned int i,c=*src;
+  size_t l;
+  if ((c&0x80)==0) {
+    l=c&0x7f;
+    i=1;
+  } else {
+    /* Highest bit set: lower 7 bits is the length of the length value in bytes. */
+    c&=0x7f;
+    if (!c) return 0;		/* length 0x80 means indefinite length encoding, not supported here */
+    l=(unsigned char)src[1];
+    if (l==0) return 0;		/* not minimally encoded: 0x81 0x00 instead of 0x00 */
+    if (c>sizeof(l)) return 0;	/* too many bytes, does not fit into target integer type */
+    for (i=2; i<=c; ++i)
+      l=l*256+(unsigned char)src[i];
+    if (l<0x7f) return 0;	/* not minimally encoded: 0x81 0x70 instead of 0x70 */
+  }
+  if (l>len-i) return 0;	/* if the length would not fit into the buffer, return 0 */
+  *value=l;
+  return i;
 }
+
diff --git a/scan_asn1tagint.c b/scan_asn1tagint.c
index 49a9974..2c23fa2 100644
--- a/scan_asn1tagint.c
+++ b/scan_asn1tagint.c
@@ -3,9 +3,10 @@
 size_t scan_asn1tagint(const char* src,const char* max,unsigned long* val) {
   const char* orig=src;
   unsigned long l=0;
+  if (src==max || (unsigned char)src[0]==0x80) return 0;	/* catch non-minimal encoding */
   for (;; ++src) {
     if (src>=max) return 0;
-    if (l>(((unsigned long)-1)>>7)) return 0;	/* catch integer overflow */
+    if (l>>(sizeof(l)*8-7)) return 0;	/* catch integer overflow */
     l=l*128+(*src&0x7F);
     if (!(*src&0x80)) break;
   }
diff --git a/t2.c b/t2.c
index 62fa421..79062fd 100644
--- a/t2.c
+++ b/t2.c
@@ -84,7 +84,7 @@ int main(int argc,char* argv[]) {
 #if 1
   unsigned long size;
 //  char* ldapsequence=mmap_read("req",&size);
-  char* ldapsequence=mmap_read(argc>1?argv[1]:"/tmp/ldap/127.000.000.001.00389-127.000.000.001.38433",&size);
+  const char* ldapsequence=mmap_read(argc>1?argv[1]:"/tmp/ldap/127.000.000.001.00389-127.000.000.001.38433",&size);
   unsigned long messageid, op, len;
   int res;
   unsigned long done=0;
diff --git a/tinyldap.c b/tinyldap.c
index 7222766..ffc8b84 100644
--- a/tinyldap.c
+++ b/tinyldap.c
@@ -50,7 +50,7 @@
 #define HUGE_SIZE_FOR_SANITY_CHECKS 1024*1024
 
 /* basic operation: the whole data file is mmapped read-only at the beginning and stays there. */
-char* map;	/* where the file is mapped */
+const char* map;	/* where the file is mapped */
 size_t filelen;	/* how many bytes are mapped (the whole file) */
 uint32 magic,attribute_count,record_count,indices_offset,size_of_string_table;
 		/* these are the first values from the file, see the file "FORMAT"
@@ -113,7 +113,7 @@ static void fixup(struct Filter* f) {
   case PRESENT:
   case APPROX:
     {
-      char* x=map+5*4+size_of_string_table;
+      const char* x=map+5*4+size_of_string_table;
       size_t i;
       f->attrofs=f->attrflag=0;
       for (i=0; i<attribute_count; ++i) {
@@ -143,7 +143,7 @@ static void fixup(struct Filter* f) {
 
 static void fixupadl(struct AttributeDescriptionList* a) {
   while (a) {
-    char* x=map+5*4+size_of_string_table;
+    const char* x=map+5*4+size_of_string_table;
     size_t i;
     a->attrofs=0;
     for (i=0; i<attribute_count; ++i) {
@@ -317,7 +317,7 @@ void map_datafile(const char* filename) {
 
   /* look up "dn" and "objectClass" */
   {
-    char* x=map+5*4+size_of_string_table;
+    const char* x=map+5*4+size_of_string_table;
     size_t i;
     dn_ofs=objectClass_ofs=userPassword_ofs=any_ofs=0;
     for (i=0; i<attribute_count; ++i) {
@@ -844,7 +844,7 @@ static int useindex(struct Filter* f,struct bitfield* b) {
       /* now this is not exactly using an index, but a linear search
        * through the record table, but since each check is very cheap,
        * we pretend it's indexed */
-      char* x=map+5*4+size_of_string_table+attribute_count*8;
+      const char* x=map+5*4+size_of_string_table+attribute_count*8;
       size_t i;
       emptyset(b);
       for (i=0; i<record_count; ++i) {
@@ -999,7 +999,7 @@ static void answerwith(uint32 ofs,struct SearchRequest* sr,long messageid,int ou
 
 #if (debug != 0)
   if (debug) {
-    char* x=map+ofs;
+    const char* x=map+ofs;
     uint32 j;
     buffer_putulong(buffer_2,j=uint32_read(x));
     buffer_puts(buffer_2," attributes:\n");
@@ -1039,7 +1039,7 @@ static void answerwith(uint32 ofs,struct SearchRequest* sr,long messageid,int ou
       /* to do that, construct a list of all attributes */
 
       uint32 i;
-      char* x=map+5*4+size_of_string_table+4;
+      const char* x=map+5*4+size_of_string_table+4;
       if (attribute_count>HUGE_SIZE_FOR_SANITY_CHECKS/sizeof(struct AttributeDescriptionList))
 	return;
       adl=alloca((attribute_count)*sizeof(struct AttributeDescriptionList));
@@ -1528,7 +1528,7 @@ static int handle(int in,int out) {
 	      if (err!=success)
 		goto authfailure;
 	      else {
-		char* c=0;
+		const char* c=0;
 		uint32 authdn=0;
 		char* authdn_str=0;
 		if (idx==(size_t)-1) {	// found in journal
@@ -1544,7 +1544,7 @@ static int handle(int in,int out) {
 		  uint32 j;
 		  uint32_unpack(map+indices_offset+4*idx,&j);
 		  uint32_unpack(map+j+8,&authdn);
-		  authdn_str=map+authdn;
+		  authdn_str=(char*)map+authdn;
 		  authdn=j;
 		  if (!(j=ldap_find_attr_value(j,userPassword_ofs))) {
 		    buffer_putsflush(buffer_2,"no userPassword attribute found, bind failed!\n");
@@ -1634,7 +1634,7 @@ authfailure:
 	    if (indexable(sr.filter)) {
 	      reply_with_index(&sr,&messageid,out);
 	    } else {
-	      char* x=map+5*4+size_of_string_table+attribute_count*8;
+	      const char* x=map+5*4+size_of_string_table+attribute_count*8;
 	      size_t i;
 #if (debug != 0)
 	      if (debug) buffer_putsflush(buffer_2,"query can NOT be answered with index!\n");
@@ -1946,7 +1946,7 @@ static unsigned char* bstrdup(unsigned char* c) {
 }
 
 static unsigned char* bstrdup_attrib(unsigned char* c) {
-  char* x=map+5*4+size_of_string_table;
+  const char* x=map+5*4+size_of_string_table;
   size_t i,l;
   if (*c)
     l=str_len((char*)c)+1;