From: Todd C. Miller Date: Wed, 17 Apr 2013 13:32:27 +0000 (-0400) Subject: Move base64_decode into its own source file. X-Git-Tag: SUDO_1_8_7~1^2~61 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=9c1ee1fe73cee895ba53849206b36752a29a23b5;p=sudo Move base64_decode into its own source file. --- diff --git a/MANIFEST b/MANIFEST index e07c6e294..12d4c7d36 100644 --- a/MANIFEST +++ b/MANIFEST @@ -181,6 +181,7 @@ plugins/sudoers/auth/securid5.c plugins/sudoers/auth/sia.c plugins/sudoers/auth/sudo_auth.c plugins/sudoers/auth/sudo_auth.h +plugins/sudoers/base64.c plugins/sudoers/boottime.c plugins/sudoers/bsm_audit.c plugins/sudoers/bsm_audit.h diff --git a/plugins/sudoers/Makefile.in b/plugins/sudoers/Makefile.in index 49c3500e9..eb363eb6a 100644 --- a/plugins/sudoers/Makefile.in +++ b/plugins/sudoers/Makefile.in @@ -128,8 +128,8 @@ TEST_PROGS = check_iolog_path check_fill check_wrap check_addr check_symbols \ AUTH_OBJS = sudo_auth.lo @AUTH_OBJS@ -LIBPARSESUDOERS_OBJS = alias.lo audit.lo defaults.lo hexchar.lo gram.lo \ - match.lo match_addr.lo pwutil.lo pwutil_impl.lo \ +LIBPARSESUDOERS_OBJS = alias.lo audit.lo base64.lo defaults.lo hexchar.lo \ + gram.lo match.lo match_addr.lo pwutil.lo pwutil_impl.lo \ timestr.lo toke.lo toke_util.lo redblack.lo sha2.lo SUDOERS_OBJS = $(AUTH_OBJS) boottime.lo check.lo env.lo find_path.lo \ @@ -451,6 +451,9 @@ audit.lo: $(srcdir)/audit.c $(top_builddir)/config.h \ $(srcdir)/logging.h $(incdir)/sudo_debug.h $(srcdir)/bsm_audit.h \ $(srcdir)/linux_audit.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/audit.c +base64.lo: $(srcdir)/base64.c $(top_builddir)/config.h $(incdir)/missing.h \ + $(incdir)/sudo_debug.h + $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/base64.c boottime.lo: $(srcdir)/boottime.c $(top_builddir)/config.h $(incdir)/missing.h \ $(incdir)/sudo_debug.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/boottime.c @@ -855,7 +858,8 @@ toke.lo: $(devdir)/toke.c $(top_builddir)/config.h $(top_builddir)/config.h \ $(srcdir)/defaults.h $(devdir)/def_data.h $(srcdir)/logging.h \ $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h \ $(incdir)/gettext.h $(srcdir)/parse.h $(srcdir)/toke.h \ - $(devdir)/gram.h $(incdir)/lbuf.h $(incdir)/secure_path.h + $(devdir)/gram.h $(incdir)/lbuf.h $(srcdir)/sha2.h \ + $(incdir)/secure_path.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(devdir)/toke.c toke_util.lo: $(srcdir)/toke_util.c $(top_builddir)/config.h \ $(srcdir)/sudoers.h $(top_srcdir)/compat/stdbool.h \ diff --git a/plugins/sudoers/base64.c b/plugins/sudoers/base64.c new file mode 100644 index 000000000..2870ea0b6 --- /dev/null +++ b/plugins/sudoers/base64.c @@ -0,0 +1,89 @@ +/* + * Copyright (c) 2013 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include + +#include +#include +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif /* STDC_HEADERS */ +#ifdef HAVE_STRING_H +# include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_STRINGS_H +# include +#endif /* HAVE_STRINGS_H */ + +#include "missing.h" +#include "sudo_debug.h" + +/* + * Decode a NUL-terminated string in base64 format and store the + * result in dst. + */ +size_t +base64_decode(const char *str, unsigned char *dst, size_t dsize) +{ + static const char b64[] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + const unsigned char *dst0 = dst; + const unsigned char *dend = dst + dsize; + unsigned char ch[4]; + char *pos; + int i; + debug_decl(base64_decode, SUDO_DEBUG_MATCH) + + /* + * Convert from base64 to binary. Each base64 char holds 6 bits of data + * so 4 base64 chars equals 3 chars of data. + * Padding (with the '=' char) may or may not be present. + */ + while (*str != '\0') { + for (i = 0; i < 4; i++) { + switch (*str) { + case '=': + str++; + /* FALLTHROUGH */ + case '\0': + ch[i] = '='; + break; + default: + if ((pos = strchr(b64, *str++)) == NULL) + debug_return_size_t((size_t)-1); + ch[i] = (unsigned char)(pos - b64); + break; + } + } + if (ch[0] == '=' || ch[1] == '=' || dst == dend) + break; + *dst++ = (ch[0] << 2) | ((ch[1] & 0x30) >> 4); + if (ch[2] == '=' || dst == dend) + break; + *dst++ = ((ch[1] & 0x0f) << 4) | ((ch[2] & 0x3c) >> 2); + if (ch[3] == '=' || dst == dend) + break; + *dst++ = ((ch[2] & 0x03) << 6) | ch[3]; + } + debug_return_size_t((size_t)(dst - dst0)); +} diff --git a/plugins/sudoers/match.c b/plugins/sudoers/match.c index 0534129ad..142c609d2 100644 --- a/plugins/sudoers/match.c +++ b/plugins/sudoers/match.c @@ -608,51 +608,6 @@ static struct digest_function { } }; -static size_t -base64_decode(const char *src, unsigned char *dst) -{ - static const char b64[] = - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; - const unsigned char *dst0 = dst; - unsigned char ch[4]; - char *pos; - int i; - debug_decl(base64_decode, SUDO_DEBUG_MATCH) - - /* - * Convert from base64 to binary. Each base64 char holds 6 bits of data - * so 4 base64 chars equals 3 chars of data. - * Padding (with the '=' char) may or may not be present. - */ - while (*src != '\0') { - for (i = 0; i < 4; i++) { - switch (*src) { - case '=': - src++; - /* FALLTHROUGH */ - case '\0': - ch[i] = '='; - break; - default: - if ((pos = strchr(b64, *src++)) == NULL) - debug_return_size_t((size_t)-1); - ch[i] = (unsigned char)(pos - b64); - break; - } - } - if (ch[0] == '=' || ch[1] == '=') - break; - *dst++ = (ch[0] << 2) | ((ch[1] & 0x30) >> 4); - if (ch[2] == '=') - break; - *dst++ = ((ch[1] & 0x0f) << 4) | ((ch[2] & 0x3c) >> 2); - if (ch[3] == '=') - break; - *dst++ = ((ch[2] & 0x03) << 6) | ch[3]; - } - debug_return_size_t((size_t)(dst - dst0)); -} - static bool digest_matches(char *file, struct sudo_digest *sd) { @@ -686,7 +641,9 @@ digest_matches(char *file, struct sudo_digest *sd) sudoers_digest[i] = hexchar(&sd->digest_str[i + i]); } } else { - if (base64_decode(sd->digest_str, sudoers_digest) != func->digest_len) + size_t len = base64_decode(sd->digest_str, sudoers_digest, + sizeof(sudoers_digest)); + if (len != func->digest_len) goto bad_format; } diff --git a/plugins/sudoers/parse.h b/plugins/sudoers/parse.h index c3b60cf16..4a1db80a7 100644 --- a/plugins/sudoers/parse.h +++ b/plugins/sudoers/parse.h @@ -215,5 +215,6 @@ void init_lexer(void); void init_parser(const char *, bool); int alias_compare(const void *, const void *); int hexchar(const char *s); +size_t base64_decode(const char *str, unsigned char *dst, size_t dsize); #endif /* _SUDOERS_PARSE_H */