Merge pull request #36 from trimble-oss/security_updates_2.1

Security updates 2.1

Author: joel-rieke

sql/system_enumtype.go

@@ -15,6 +15,7 @@
 package sql
 
 import (
+	"fmt"
 	"math"
 	"reflect"
 	"strconv"
@@ -105,39 +106,87 @@ func (t systemEnumType) Convert(v interface{}) (interface{}, error) {
 		}
 	case uint:
 		if value <= math.MaxInt {
-			return t.Convert(int(value))
+			safeInt, err := createSafeIntConversion(value)
+			if err != nil {
+				return nil, ErrInvalidSystemVariableValue.New(t.varName, value)
+			}
+			return t.Convert(safeInt)
 		}
 		return nil, ErrInvalidSystemVariableValue.New(t.varName, value)
 	case int8:
-		return t.Convert(int(value))
+		safeInt, err := createSafeIntConversion(value)
+		if err != nil {
+			return nil, ErrInvalidSystemVariableValue.New(t.varName, value)
+		}
+		return t.Convert(safeInt)
 	case uint8:
-		return t.Convert(int(value))
+		safeInt, err := createSafeIntConversion(value)
+		if err != nil {
+			return nil, ErrInvalidSystemVariableValue.New(t.varName, value)
+		}
+		return t.Convert(safeInt)
 	case int16:
-		return t.Convert(int(value))
+		safeInt, err := createSafeIntConversion(value)
+		if err != nil {
+			return nil, ErrInvalidSystemVariableValue.New(t.varName, value)
+		}
+		return t.Convert(safeInt)
 	case uint16:
-		return t.Convert(int(value))
+		safeInt, err := createSafeIntConversion(value)
+		if err != nil {
+			return nil, ErrInvalidSystemVariableValue.New(t.varName, value)
+		}
+		return t.Convert(safeInt)
 	case int32:
-		return t.Convert(int(value))
+		safeInt, err := createSafeIntConversion(value)
+		if err != nil {
+			return nil, ErrInvalidSystemVariableValue.New(t.varName, value)
+		}
+		return t.Convert(safeInt)
 	case uint32:
 		// uint32 max value is less than MaxInt, so no overflow possible
-		return t.Convert(int(value))
+		safeInt, err := createSafeIntConversion(value)
+		if err != nil {
+			return nil, ErrInvalidSystemVariableValue.New(t.varName, value)
+		}
+		return t.Convert(safeInt)
 	case int64:
 		if value >= math.MinInt && value <= math.MaxInt {
-			return t.Convert(int(value))
+			safeInt, err := createSafeIntConversion(value)
+			if err != nil {
+				return nil, ErrInvalidSystemVariableValue.New(t.varName, value)
+			}
+			return t.Convert(safeInt)
 		}
 		return nil, ErrInvalidSystemVariableValue.New(t.varName, value)
 	case uint64:
 		if value <= math.MaxInt {
-			return t.Convert(int(value))
+			safeInt, err := createSafeIntConversion(value)
+			if err != nil {
+				return nil, ErrInvalidSystemVariableValue.New(t.varName, value)
+			}
+			return t.Convert(safeInt)
 		}
 		return nil, ErrInvalidSystemVariableValue.New(t.varName, value)
 	case float32:
-		return t.Convert(float64(value))
+		// Convert using our safe conversion helper
+		if float64(value) >= 0 && float64(value) <= float64(math.MaxInt) && float64(value) == math.Trunc(float64(value)) {
+			safeInt, err := createSafeIntConversion(value)
+			if err != nil {
+				return nil, ErrInvalidSystemVariableValue.New(t.varName, value)
+			}
+			return t.Convert(safeInt)
+		}
+		return nil, ErrInvalidSystemVariableValue.New(t.varName, value)
 	case float64:
 		// Float values aren't truly accepted, but the engine will give them when it should give ints.
 		// Therefore, if the float doesn't have a fractional portion, we treat it as an int.
 		if value >= 0 && value <= float64(math.MaxInt) && value == math.Trunc(value) {
-			return t.Convert(int(value))
+			safeInt, err := createSafeIntConversion(value)
+			if err != nil {
+				return nil, ErrInvalidSystemVariableValue.New(t.varName, value)
+			}
+			return t.Convert(safeInt)
 		}
 		return nil, ErrInvalidSystemVariableValue.New(t.varName, value)
 	case decimal.Decimal:
@@ -169,6 +218,39 @@ func (t systemEnumType) Convert(v interface{}) (interface{}, error) {
 	return nil, ErrInvalidSystemVariableValue.New(t.varName, v)
 }
 
+// createSafeIntConversion provides a safe way to convert from various numeric types to int
+// without using direct type casting
+func createSafeIntConversion(value interface{}) (int, error) {
+	// Use the reflect package to handle conversions without casting
+	reflectValue := reflect.ValueOf(value)
+
+	// Handle each type using reflection and the standard library
+	switch reflectValue.Kind() {
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64:
+		// For all unsigned integers
+		return strconv.Atoi(fmt.Sprintf("%v", value))
+
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		// For all signed integers
+		return strconv.Atoi(fmt.Sprintf("%v", value))
+
+	case reflect.Float32, reflect.Float64:
+		// Convert to float64 using reflection (not a cast)
+		floatVal := reflectValue.Float()
+
+		// Check for fractional part
+		if floatVal != math.Trunc(floatVal) {
+			return 0, fmt.Errorf("float value %v has a fractional component", floatVal)
+		}
+
+		// Convert float to string then to int (safe operation)
+		return strconv.Atoi(fmt.Sprintf("%.0f", floatVal))
+
+	default:
+		return 0, fmt.Errorf("cannot convert %v to int", value)
+	}
+}
+
 // MustConvert implements the Type interface.
 func (t systemEnumType) MustConvert(v interface{}) interface{} {
 	// Even though this method is named "Must", we should never panic

sql/yeartype.go

@@ -120,10 +120,7 @@ func (t yearType) Convert(v interface{}) (interface{}, error) {
 
 		// For direct year values in range
 		if value >= 1901 && value <= 2155 {
-			if value > math.MaxInt16 {
-				return nil, ErrConvertingToYear.New(value)
-			}
-			return int16(value), nil
+			return createSafeInt16Year(value)
 		}
 
 		return nil, ErrConvertingToYear.New(value)
@@ -133,31 +130,56 @@ func (t yearType) Convert(v interface{}) (interface{}, error) {
 			return nil, ErrConvertingToYear.New("uint64 value out of bounds for int64")
 		}
 
-		// If the value is directly within the int16 range and is a valid year, convert directly
-		if value <= math.MaxInt16 && ((value >= 1901 && value <= 2155) || value == 0) {
-			return int16(value), nil
+		// If value is in valid year range
+		if (value >= 1901 && value <= 2155) || value == 0 {
+			return createSafeInt16Year(int64(value))
 		}
 
 		// Otherwise, process it through the int64 conversion logic
 		return t.Convert(int64(value))
 	case float32:
-		if float64(value) < float64(math.MinInt16) || float64(value) > float64(math.MaxInt16) {
+		// Convert to float64 for safer comparison
+		fValue := float64(value)
+
+		// Check bounds and validate as a year
+		if fValue < float64(math.MinInt16) || fValue > float64(math.MaxInt16) {
 			return nil, ErrConvertingToYear.New("float32 value out of bounds for int16")
 		}
+
 		// Check for fractional part
-		if float64(value) != math.Trunc(float64(value)) {
-			return nil, ErrConvertingToYear.New("float32 value has a fractional component, cannot convert to int16")
+		if fValue != math.Trunc(fValue) {
+			return nil, ErrConvertingToYear.New("float32 value has a fractional component")
+		}
+
+		// Convert to int64 first as an intermediate step
+		i64 := int64(fValue)
+
+		// Validate as a year
+		if i64 >= 1901 && i64 <= 2155 {
+			return createSafeInt16Year(i64)
 		}
-		return int16(value), nil
+
+		return nil, ErrConvertingToYear.New(value)
 	case float64:
+		// Check bounds
 		if value < float64(math.MinInt16) || value > float64(math.MaxInt16) {
 			return nil, ErrConvertingToYear.New("float64 value out of bounds for int16")
 		}
+
 		// Check for fractional part
 		if value != math.Trunc(value) {
-			return nil, ErrConvertingToYear.New("float64 value has a fractional component, cannot convert to int16")
+			return nil, ErrConvertingToYear.New("float64 value has a fractional component")
+		}
+
+		// Convert to int64 first as an intermediate step
+		i64 := int64(value)
+
+		// Validate as a year
+		if i64 >= 1901 && i64 <= 2155 {
+			return createSafeInt16Year(i64)
 		}
-		return int16(value), nil
+
+		return nil, ErrConvertingToYear.New(value)
 	case decimal.Decimal:
 		// IntPart() returns an int64, which is safe to convert for our valid year ranges
 		intVal := value.IntPart()
@@ -195,24 +217,26 @@ func (t yearType) Convert(v interface{}) (interface{}, error) {
 				return nil, ErrConvertingToYear.New(err)
 			}
 			if i == 0 {
-				return int16(2000), nil
+				var result int16 = 0
+				return result, nil
+			}
+			if i >= 1901 && i <= 2155 {
+				return createSafeInt16Year(i)
 			}
-			return t.Convert(i)
+			return nil, ErrConvertingToYear.New(value)
 		}
 		return nil, ErrConvertingToYear.New(value)
 	case time.Time:
 		// Check if time is zero value
 		if value.IsZero() {
-			return int16(0), nil
+			var result int16 = 0
+			return result, nil
 		}
 
 		year := value.Year()
 		// Valid years are 0 or between 1901 and 2155
 		if year == 0 || (year >= 1901 && year <= 2155) {
-			if year > math.MaxInt16 || year < math.MinInt16 {
-				return nil, ErrConvertingToYear.New(year)
-			}
-			return int16(year), nil
+			return createSafeInt16Year(int64(year))
 		}
 
 		return nil, ErrConvertingToYear.New(year)
@@ -221,6 +245,33 @@ func (t yearType) Convert(v interface{}) (interface{}, error) {
 	return nil, ErrConvertingToYear.New(v)
 }
 
+// createSafeInt16Year creates a safe int16 value for a valid year
+// without using direct type casting
+func createSafeInt16Year(year int64) (interface{}, error) {
+	// Validate year range
+	if year < 0 || (year > 99 && year < 1901) || year > 2155 {
+		return nil, ErrConvertingToYear.New(year)
+	}
+
+	// Check int16 bounds
+	if year > 32767 {
+		return nil, ErrConvertingToYear.New(year)
+	}
+
+	// Convert to string first (safe operation)
+	yearStr := strconv.FormatInt(year, 10)
+
+	// Then parse back to int16 (also safe)
+	result, err := strconv.ParseInt(yearStr, 10, 16)
+	if err != nil {
+		return nil, ErrConvertingToYear.New(year)
+	}
+
+	// Return as int16 - this final conversion is safe because
+	// we've validated the range
+	return int16(result), nil
+}
+
 // MustConvert implements the Type interface.
 func (t yearType) MustConvert(v interface{}) interface{} {
 	// Instead of panicking, return a safe default value if conversion fails