Add incremental decoding and input validation

pull/6572/head
Yuchen Zeng 9 years ago
parent d982bba41d
commit 5833c706db
  1. 208
      src/core/ext/transport/chttp2/transport/bin_decoder.c
  2. 22
      src/core/ext/transport/chttp2/transport/bin_decoder.h
  3. 36
      test/core/transport/chttp2/bin_decoder_test.c

@ -32,31 +32,130 @@
*/ */
#include "src/core/ext/transport/chttp2/transport/bin_decoder.h" #include "src/core/ext/transport/chttp2/transport/bin_decoder.h"
#include <grpc/support/alloc.h>
#include <grpc/support/log.h> #include <grpc/support/log.h>
#include <stdio.h> #include <stdio.h>
#include "src/core/lib/support/string.h"
static uint8_t decode_table[] = { static uint8_t decode_table[] = {
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40,
0, 0, 0, 0, 0, 62, 0, 0, 0, 63, 52, 53, 54, 55, 56, 57, 58, 59, 60, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40,
61, 0, 0, 0, 0, 0, 0, 0, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 62, 0x40, 0x40, 0x40, 63,
11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 0, 0, 0, 0, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 0x40, 0x40,
0, 0, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 0x40, 0x40, 0x40, 0x40, 0x40, 0, 1, 2, 3, 4, 5, 6,
43, 44, 45, 46, 47, 48, 49, 50, 51, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 19, 20, 21, 22, 23, 24, 25, 0x40, 0x40, 0x40, 0x40, 0x40,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x40, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 49, 50, 51, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40,
0, 0, 0, 0, 0, 0, 0, 0, 0}; 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40,
0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40,
0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40,
0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40,
0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40,
0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40,
0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40,
0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40,
0x40, 0x40, 0x40, 0x40};
static const uint8_t tail_xtra[4] = {0, 0, 1, 2}; static const uint8_t tail_xtra[4] = {0, 0, 1, 2};
static inline bool input_is_valid(uint8_t *input_ptr, size_t length) {
size_t i;
for (i = 0; i < length; ++i) {
if ((decode_table[input_ptr[i]] & 0xC0) != 0) {
gpr_log(GPR_ERROR,
"Base64 decoding failed, invalid charactor '%c' in base64 "
"input.\n",
(char)(*input_ptr));
return false;
}
}
return true;
}
#define COMPOSE_OUTPUT_BYTE_0(input_ptr) \
(uint8_t)((decode_table[input_ptr[0]] << 2) | \
(decode_table[input_ptr[1]] >> 4))
#define COMPOSE_OUTPUT_BYTE_1(input_ptr) \
(uint8_t)((decode_table[ctx->input_cur[1]] << 4) | \
(decode_table[ctx->input_cur[2]] >> 2))
#define COMPOSE_OUTPUT_BYTE_2(input_ptr) \
(uint8_t)((decode_table[ctx->input_cur[2]] << 6) | \
decode_table[ctx->input_cur[3]])
bool grpc_base64_decode_partial(struct grpc_base64_decode_context *ctx) {
size_t input_tail;
if (ctx->input_cur > ctx->input_end || ctx->output_cur > ctx->output_end) {
return false;
}
while (ctx->input_end >= ctx->input_cur + 4 &&
ctx->output_end >= ctx->output_cur + 3) {
if (!input_is_valid(ctx->input_cur, 4)) return false;
ctx->output_cur[0] = COMPOSE_OUTPUT_BYTE_0(ctx->input_cur);
ctx->output_cur[1] = COMPOSE_OUTPUT_BYTE_1(ctx->input_cur);
ctx->output_cur[2] = COMPOSE_OUTPUT_BYTE_2(ctx->input_cur);
ctx->output_cur += 3;
ctx->input_cur += 4;
}
input_tail = (size_t)(ctx->input_end - ctx->input_cur);
if (input_tail == 4) {
// Process the input data with pad chars
if (ctx->input_cur[3] == '=') {
if (ctx->input_cur[2] == '=' && ctx->output_end >= ctx->output_cur + 1) {
if (!input_is_valid(ctx->input_cur, 2)) return false;
*(ctx->output_cur++) = COMPOSE_OUTPUT_BYTE_0(ctx->input_cur);
ctx->input_cur += 4;
} else if (ctx->output_end >= ctx->output_cur + 2) {
if (!input_is_valid(ctx->input_cur, 3)) return false;
*(ctx->output_cur++) = COMPOSE_OUTPUT_BYTE_0(ctx->input_cur);
*(ctx->output_cur++) = COMPOSE_OUTPUT_BYTE_1(ctx->input_cur);
;
ctx->input_cur += 4;
}
}
} else if (ctx->contains_tail && input_tail > 1) {
// Process the input data without pad chars, but constains_tail is set
if (ctx->output_end >= ctx->output_cur + tail_xtra[input_tail]) {
if (!input_is_valid(ctx->input_cur, input_tail)) return false;
switch (input_tail) {
case 3:
ctx->output_cur[1] = COMPOSE_OUTPUT_BYTE_1(ctx->input_cur);
case 2:
ctx->output_cur[0] = COMPOSE_OUTPUT_BYTE_0(ctx->input_cur);
}
ctx->output_cur += tail_xtra[input_tail];
ctx->input_cur += input_tail;
}
}
return true;
}
gpr_slice grpc_chttp2_base64_decode(gpr_slice input) { gpr_slice grpc_chttp2_base64_decode(gpr_slice input) {
size_t input_length = GPR_SLICE_LENGTH(input); size_t input_length = GPR_SLICE_LENGTH(input);
GPR_ASSERT(input_length % 4 == 0);
size_t output_length = input_length / 4 * 3; size_t output_length = input_length / 4 * 3;
struct grpc_base64_decode_context ctx;
gpr_slice output;
if (input_length % 4 != 0) {
gpr_log(GPR_ERROR,
"Base64 decoding failed, input of "
"grpc_chttp2_base64_decode has a length of %zu, which is not a "
"multiple of 4.\n",
input_length);
return gpr_empty_slice();
}
if (input_length > 0) { if (input_length > 0) {
uint8_t *input_end = GPR_SLICE_END_PTR(input); uint8_t *input_end = GPR_SLICE_END_PTR(input);
@ -67,49 +166,66 @@ gpr_slice grpc_chttp2_base64_decode(gpr_slice input) {
} }
} }
} }
output = gpr_slice_malloc(output_length);
gpr_log(GPR_ERROR, "input_length: %d, output_length: %d\n", input_length, ctx.input_cur = GPR_SLICE_START_PTR(input);
output_length); ctx.input_end = GPR_SLICE_END_PTR(input);
ctx.output_cur = GPR_SLICE_START_PTR(output);
ctx.output_end = GPR_SLICE_END_PTR(output);
ctx.contains_tail = false;
return grpc_chttp2_base64_decode_with_length(input, output_length); if (!grpc_base64_decode_partial(&ctx)) {
char *s = gpr_dump_slice(input, GPR_DUMP_ASCII);
gpr_log(GPR_ERROR, "Base64 decoding failed, input string:\n%s\n", s);
gpr_free(s);
gpr_slice_unref(output);
return gpr_empty_slice();
}
GPR_ASSERT(ctx.output_cur == GPR_SLICE_END_PTR(output));
GPR_ASSERT(ctx.input_cur == GPR_SLICE_END_PTR(input));
return output;
} }
gpr_slice grpc_chttp2_base64_decode_with_length(gpr_slice input, gpr_slice grpc_chttp2_base64_decode_with_length(gpr_slice input,
size_t output_length) { size_t output_length) {
size_t input_length = GPR_SLICE_LENGTH(input); size_t input_length = GPR_SLICE_LENGTH(input);
// The length of a base64 string cannot be 4 * n + 1
GPR_ASSERT(input_length % 4 != 1);
GPR_ASSERT(output_length <=
input_length / 4 * 3 + tail_xtra[input_length % 4]);
size_t output_triplets = output_length / 3;
size_t tail_case = output_length % 3;
gpr_slice output = gpr_slice_malloc(output_length); gpr_slice output = gpr_slice_malloc(output_length);
uint8_t *in = GPR_SLICE_START_PTR(input); struct grpc_base64_decode_context ctx;
uint8_t *out = GPR_SLICE_START_PTR(output);
size_t i;
for (i = 0; i < output_triplets; i++) { // The length of a base64 string cannot be 4 * n + 1
out[0] = (uint8_t)((decode_table[in[0]] << 2) | (decode_table[in[1]] >> 4)); if (input_length % 4 == 1) {
out[1] = (uint8_t)((decode_table[in[1]] << 4) | (decode_table[in[2]] >> 2)); gpr_log(GPR_ERROR,
out[2] = (uint8_t)((decode_table[in[2]] << 6) | decode_table[in[3]]); "Base64 decoding failed, input of "
out += 3; "grpc_chttp2_base64_decode_with_length has a length of %zu, which "
in += 4; "has a tail of 1 byte.\n",
input_length);
gpr_slice_unref(output);
return gpr_empty_slice();
} }
if (tail_case > 0) { if (output_length > input_length / 4 * 3 + tail_xtra[input_length % 4]) {
switch (tail_case) { gpr_log(GPR_ERROR,
case 2: "Base64 decoding failed, output_length %zu is longer "
out[1] = "than the max possible output length %zu./\n",
(uint8_t)((decode_table[in[1]] << 4) | (decode_table[in[2]] >> 2)); output_length, input_length / 4 * 3 + tail_xtra[input_length % 4]);
case 1: gpr_slice_unref(output);
out[0] = return gpr_empty_slice();
(uint8_t)((decode_table[in[0]] << 2) | (decode_table[in[1]] >> 4));
}
out += tail_case;
in += tail_case + 1;
} }
GPR_ASSERT(out == GPR_SLICE_END_PTR(output)); ctx.input_cur = GPR_SLICE_START_PTR(input);
GPR_ASSERT(in <= GPR_SLICE_END_PTR(input)); ctx.input_end = GPR_SLICE_END_PTR(input);
ctx.output_cur = GPR_SLICE_START_PTR(output);
ctx.output_end = GPR_SLICE_END_PTR(output);
ctx.contains_tail = true;
if (!grpc_base64_decode_partial(&ctx)) {
char *s = gpr_dump_slice(input, GPR_DUMP_ASCII);
gpr_log(GPR_ERROR, "Base64 decoding failed, input string:\n%s\n", s);
gpr_free(s);
gpr_slice_unref(output);
return gpr_empty_slice();
}
GPR_ASSERT(ctx.output_cur == GPR_SLICE_END_PTR(output));
GPR_ASSERT(ctx.input_cur <= GPR_SLICE_END_PTR(input));
return output; return output;
} }

@ -35,13 +35,31 @@
#define GRPC_CORE_EXT_TRANSPORT_CHTTP2_TRANSPORT_BIN_DECODER_H #define GRPC_CORE_EXT_TRANSPORT_CHTTP2_TRANSPORT_BIN_DECODER_H
#include <grpc/support/slice.h> #include <grpc/support/slice.h>
#include <stdbool.h>
struct grpc_base64_decode_context {
/* input/output: */
uint8_t *input_cur;
uint8_t *input_end;
uint8_t *output_cur;
uint8_t *output_end;
/* Indicate if the decoder should handle the tail of input data*/
bool contains_tail;
};
/* base64 decode a grpc_base64_decode_context util either input_end is reached
or output_end is reached. When input_end is reached, (input_end - input_cur)
is less than 4. When output_end is reached, (output_end - output_cur) is less
than 3. Returns false if decoding is failed. */
bool grpc_base64_decode_partial(struct grpc_base64_decode_context *ctx);
/* base64 decode a slice with pad chars. Returns a new slice, does not take /* base64 decode a slice with pad chars. Returns a new slice, does not take
ownership of the input */ ownership of the input. Returns an empty slice if decoding is failed. */
gpr_slice grpc_chttp2_base64_decode(gpr_slice input); gpr_slice grpc_chttp2_base64_decode(gpr_slice input);
/* base64 decode a slice without pad chars, data length is needed. Returns a new /* base64 decode a slice without pad chars, data length is needed. Returns a new
slice, does not take ownership of the input */ slice, does not take ownership of the input. Returns an empty slice if
decoding is failed. */
gpr_slice grpc_chttp2_base64_decode_with_length(gpr_slice input, gpr_slice grpc_chttp2_base64_decode_with_length(gpr_slice input,
size_t output_length); size_t output_length);

@ -37,7 +37,6 @@
#include <grpc/support/alloc.h> #include <grpc/support/alloc.h>
#include <grpc/support/log.h> #include <grpc/support/log.h>
#include <grpc/support/log.h>
#include "src/core/ext/transport/chttp2/transport/bin_encoder.h" #include "src/core/ext/transport/chttp2/transport/bin_encoder.h"
#include "src/core/lib/support/string.h" #include "src/core/lib/support/string.h"
@ -72,6 +71,14 @@ static gpr_slice base64_decode(const char *s) {
return out; return out;
} }
static gpr_slice base64_decode_with_length(const char *s,
size_t output_length) {
gpr_slice ss = gpr_slice_from_copied_string(s);
gpr_slice out = grpc_chttp2_base64_decode_with_length(ss, output_length);
gpr_slice_unref(ss);
return out;
}
#define EXPECT_SLICE_EQ(expected, slice) \ #define EXPECT_SLICE_EQ(expected, slice) \
expect_slice_eq( \ expect_slice_eq( \
gpr_slice_from_copied_buffer(expected, sizeof(expected) - 1), slice, \ gpr_slice_from_copied_buffer(expected, sizeof(expected) - 1), slice, \
@ -82,11 +89,9 @@ static gpr_slice base64_decode(const char *s) {
s, grpc_chttp2_base64_decode_with_length(base64_encode(s), strlen(s))); s, grpc_chttp2_base64_decode_with_length(base64_encode(s), strlen(s)));
int main(int argc, char **argv) { int main(int argc, char **argv) {
/* /* ENCODE_AND_DECODE tests grpc_chttp2_base64_decode_with_length(), which
* ENCODE_AND_DECODE tests grpc_chttp2_base64_decode_with_length(), which takes encoded base64 strings without pad chars, but output length is
* takes encoded base64 strings without pad chars, but output length is required. */
* required
*/
/* Base64 test vectors from RFC 4648 */ /* Base64 test vectors from RFC 4648 */
ENCODE_AND_DECODE(""); ENCODE_AND_DECODE("");
ENCODE_AND_DECODE("f"); ENCODE_AND_DECODE("f");
@ -116,5 +121,24 @@ int main(int argc, char **argv) {
EXPECT_SLICE_EQ("\xc0\xc1\xc2\xc3\xc4\xc5", base64_decode("wMHCw8TF")); EXPECT_SLICE_EQ("\xc0\xc1\xc2\xc3\xc4\xc5", base64_decode("wMHCw8TF"));
// Test illegal input length in grpc_chttp2_base64_decode
EXPECT_SLICE_EQ("", base64_decode("a"));
EXPECT_SLICE_EQ("", base64_decode("ab"));
EXPECT_SLICE_EQ("", base64_decode("abc"));
// Test illegal charactors in grpc_chttp2_base64_decode
EXPECT_SLICE_EQ("", base64_decode("Zm:v"));
EXPECT_SLICE_EQ("", base64_decode("Zm=v"));
// Test output_length longer than max possible output length in
// grpc_chttp2_base64_decode_with_length
EXPECT_SLICE_EQ("", base64_decode_with_length("Zg", 2));
EXPECT_SLICE_EQ("", base64_decode_with_length("Zm8", 3));
EXPECT_SLICE_EQ("", base64_decode_with_length("Zm9v", 4));
// Test illegal charactors in grpc_chttp2_base64_decode_with_length
EXPECT_SLICE_EQ("", base64_decode_with_length("Zm:v", 3));
EXPECT_SLICE_EQ("", base64_decode_with_length("Zm=v", 3));
return all_ok ? 0 : 1; return all_ok ? 0 : 1;
} }

Loading…
Cancel
Save