Skip to content

Commit 63d143b

Browse files
thiagomacieirathiagomacieira
committed
Validation: implement validation of overlong numbers
This implements: - CborValidateShortestIntegrals which completes support for CborValidateShortestNumbers. Signed-off-by: Thiago Macieira <[email protected]>
1 parent 17d42a1 commit 63d143b

File tree

2 files changed

+147
-5
lines changed

2 files changed

+147
-5
lines changed

src/cborvalidation.c

Lines changed: 46 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -251,6 +251,36 @@ static inline CborError validate_simple_type(uint8_t simple_type, int flags)
251251
CborErrorUnknownSimpleType : CborNoError;
252252
}
253253

254+
static inline CborError validate_number(const CborValue *it, CborType type, int flags)
255+
{
256+
CborError err = CborNoError;
257+
const uint8_t *ptr = it->ptr;
258+
uint64_t value;
259+
260+
if ((flags & CborValidateShortestIntegrals) == 0)
261+
return err;
262+
if (type >= CborHalfFloatType && type <= CborDoubleType)
263+
return err; /* checked elsewhere */
264+
265+
err = _cbor_value_extract_number(&ptr, it->parser->end, &value);
266+
if (err)
267+
return err;
268+
269+
size_t bytesUsed = (size_t)(ptr - it->ptr - 1);
270+
size_t bytesNeeded = 0;
271+
if (value >= Value8Bit)
272+
++bytesNeeded;
273+
if (value > 0xffU)
274+
++bytesNeeded;
275+
if (value > 0xffffU)
276+
bytesNeeded += 2;
277+
if (value > 0xffffffffU)
278+
bytesNeeded += 4;
279+
if (bytesNeeded < bytesUsed)
280+
return CborErrorOverlongEncoding;
281+
return CborNoError;
282+
}
283+
254284
static inline CborError validate_tag(CborValue *it, CborTag tag, int flags, int recursionLeft)
255285
{
256286
CborType type = cbor_value_get_type(it);
@@ -391,12 +421,17 @@ static CborError validate_container(CborValue *it, int containerType, int flags,
391421
static CborError validate_value(CborValue *it, int flags, int recursionLeft)
392422
{
393423
CborError err;
394-
if (flags & CborValidateNoIndeterminateLength) {
395-
if (!cbor_value_is_length_known(it))
424+
CborType type = cbor_value_get_type(it);
425+
426+
if (cbor_value_is_length_known(it)) {
427+
err = validate_number(it, type, flags);
428+
if (err)
429+
return err;
430+
} else {
431+
if (flags & CborValidateNoIndeterminateLength)
396432
return CborErrorUnknownLength;
397433
}
398434

399-
CborType type = cbor_value_get_type(it);
400435
switch (type) {
401436
case CborArrayType:
402437
case CborMapType: {
@@ -428,7 +463,15 @@ static CborError validate_value(CborValue *it, int flags, int recursionLeft)
428463
size_t n = 0;
429464
const void *ptr;
430465

466+
err = _cbor_value_prepare_string_iteration(it);
467+
if (err)
468+
return err;
469+
431470
while (1) {
471+
err = validate_number(it, type, flags);
472+
if (err)
473+
return err;
474+
432475
err = _cbor_value_get_string_chunk(it, &ptr, &n, it);
433476
if (err)
434477
return err;

0 commit comments

Comments
 (0)