Skip to content

Commit b854e19

Browse files
spigwitmerspigwitmer
committed
pro1_data_zip changes
* remove sig as it's not part of the local data zips * add some basic bounds checking in lseek() wrapper
1 parent be17b5a commit b854e19

File tree

1 file changed

+26
-28
lines changed

1 file changed

+26
-28
lines changed

src/plugins/pro1_data_zip/pro1_data_zip.c

Lines changed: 26 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -46,10 +46,6 @@ typedef struct zip_enc_context {
4646
struct AES_ctx aes_ctx;
4747
enc_zip_file_header *header;
4848
struct zip_enc_context *next;
49-
// each data zip has a signature file that is signed by the private
50-
// key linked to /Data/public.rsa (the validation of which is
51-
// exptected to be thwarted in another plugin)
52-
uint8_t sig[128];
5349
} zip_enc_context;
5450

5551
static zip_enc_context *head = NULL, *tail = NULL;
@@ -148,7 +144,6 @@ zip_enc_context *create_new_context(const char *path, int fd) {
148144
for (int i = 0; i < 16; i++) {
149145
ctx->header->verify_block[i] = verify_block_plaintext[i] ^ salted[i];
150146
}
151-
generate_random_bytes(ctx->sig, sizeof(ctx->sig));
152147

153148
ctx->next = NULL;
154149
if (head == NULL) {
@@ -253,20 +248,18 @@ ssize_t pro1_data_zip_read(int fd, void *buf, size_t count) {
253248

254249
size_t remaining = count; // how much of the buffer is remaining
255250
// position in our fake file where the encrypted data starts
256-
off_t data_start = sizeof(enc_zip_file_header),
257-
// position in our fake file where the signature starts
258-
sig_start, sig_end;
251+
off_t data_start = sizeof(enc_zip_file_header);
259252
ssize_t got = 0;
260253
zip_enc_context *zip_ctx = find_context_by_fd(fd);
261254
if (remaining == 0 || zip_ctx == NULL) {
262255
return next_read(fd, buf, count);
263256
}
264-
sig_start = data_start + zip_ctx->header->file_size;
265-
// the encrypted data contents have to be a multiple of 16
266-
if (zip_ctx->header->file_size % 16 > 0) {
267-
sig_start += 16 - (zip_ctx->header->file_size % 16);
268-
}
269-
sig_end = sig_start + sizeof(zip_ctx->sig);
257+
258+
off_t data_end = data_start + zip_ctx->header->file_size;
259+
// the encrypted data contents have to be a multiple of 16
260+
if (zip_ctx->header->file_size % 16 > 0) {
261+
data_end += 16 - (zip_ctx->header->file_size % 16);
262+
}
270263

271264
if (zip_ctx->pos < data_start) {
272265
DBG_printf("(pos:%d) reading out header\n", zip_ctx->pos);
@@ -277,17 +270,18 @@ ssize_t pro1_data_zip_read(int fd, void *buf, size_t count) {
277270
zip_ctx->pos += header_count;
278271
got += header_count;
279272
}
280-
if (zip_ctx->pos < sig_start && remaining > 0) {
273+
if (remaining > 0) {
281274
DBG_printf("(pos:%d) reading out data\n", zip_ctx->pos);
282275
// how much data we're going to process, clamped to how much data
283276
// is actually available
284-
size_t encrypted_data_remaining = min(remaining, sig_start-zip_ctx->pos);
277+
size_t encrypted_data_remaining = min(remaining, data_end-zip_ctx->pos);
285278
size_t plaintext_remaining = (data_start + zip_ctx->header->file_size) - zip_ctx->pos;
286279
// the position in the data section of our "container" file
287280
off_t encrypted_data_pos = zip_ctx->pos - data_start;
288281
uint8_t salt_copy[16], decbuf[16], dsalted[16];
289282
int skip_bytes_in_first_block = encrypted_data_pos % 16;
290283
unsigned int block_start = encrypted_data_pos / 16;
284+
291285
// prepare salt
292286
memcpy(salt_copy, zip_ctx->header->salt, sizeof salt_copy);
293287
uint128_le_add(salt_copy, block_start);
@@ -324,15 +318,6 @@ ssize_t pro1_data_zip_read(int fd, void *buf, size_t count) {
324318
}
325319
DBG_printf("%s: done reading out encrypted data for %d (%s)\n", __FUNCTION__, fd, zip_ctx->pathname);
326320
}
327-
if (zip_ctx->pos >= sig_start && remaining > 0) {
328-
// read signature
329-
size_t sig_available = sig_end - zip_ctx->pos;
330-
size_t read_from_sig = min(sig_available, min(remaining, sizeof(zip_ctx->sig)));
331-
DBG_printf("(pos:%d) reading out sig (read_from_sig:%d)\n", zip_ctx->pos, read_from_sig);
332-
memcpy(buf+got, (void *)zip_ctx->sig, read_from_sig);
333-
zip_ctx->pos += read_from_sig;
334-
got += read_from_sig;
335-
}
336321
return got;
337322
}
338323

@@ -342,17 +327,30 @@ int pro1_data_zip_lseek(int fd, off_t offset, int whence) {
342327
return next_lseek(fd, offset, whence);
343328
}
344329

330+
off_t new_offset = 0;
331+
size_t zip_size = sizeof(enc_zip_file_header) + zip_ctx->header->file_size;
332+
if (zip_ctx->header->file_size % 16 > 0) {
333+
zip_size += (16 - (zip_ctx->header->file_size % 16));
334+
}
335+
345336
switch (whence) {
346337
case SEEK_SET:
347-
zip_ctx->pos = offset;
338+
new_offset = offset;
348339
break;
349340
case SEEK_CUR:
350-
zip_ctx->pos += offset;
341+
new_offset = zip_ctx->pos + offset;
351342
break;
352343
case SEEK_END:
353-
zip_ctx->pos = sizeof(enc_zip_file_header) + zip_ctx->header->file_size + sizeof(zip_ctx->sig) + offset;
344+
new_offset = zip_size + offset;
354345
break;
355346
}
347+
348+
if (new_offset > zip_size) {
349+
errno = EOVERFLOW;
350+
return -1;
351+
}
352+
353+
zip_ctx->pos = new_offset;
356354
return zip_ctx->pos;
357355
}
358356

0 commit comments

Comments
 (0)