]>
Commit | Line | Data |
---|---|---|
502932a2 KK |
1 | Index: libexslt/crypto.c |
2 | =================================================================== | |
3 | --- libexslt/crypto.c (revision 1479) | |
4 | +++ libexslt/crypto.c (working copy) | |
5 | @@ -595,11 +595,13 @@ exsltCryptoRc4EncryptFunction (xmlXPathP | |
6 | int str_len = 0, bin_len = 0, hex_len = 0; | |
7 | xmlChar *key = NULL, *str = NULL, *padkey = NULL; | |
8 | xmlChar *bin = NULL, *hex = NULL; | |
9 | + xsltTransformContextPtr tctxt = NULL; | |
10 | ||
11 | - if ((nargs < 1) || (nargs > 3)) { | |
12 | + if (nargs != 2) { | |
13 | xmlXPathSetArityError (ctxt); | |
14 | return; | |
15 | } | |
16 | + tctxt = xsltXPathGetTransformContext(ctxt); | |
17 | ||
18 | str = xmlXPathPopString (ctxt); | |
19 | str_len = xmlUTF8Strlen (str); | |
20 | @@ -611,7 +613,7 @@ exsltCryptoRc4EncryptFunction (xmlXPathP | |
21 | } | |
22 | ||
23 | key = xmlXPathPopString (ctxt); | |
24 | - key_len = xmlUTF8Strlen (str); | |
25 | + key_len = xmlUTF8Strlen (key); | |
26 | ||
27 | if (key_len == 0) { | |
28 | xmlXPathReturnEmptyString (ctxt); | |
29 | @@ -620,15 +622,33 @@ exsltCryptoRc4EncryptFunction (xmlXPathP | |
30 | return; | |
31 | } | |
32 | ||
33 | - padkey = xmlMallocAtomic (RC4_KEY_LENGTH); | |
34 | + padkey = xmlMallocAtomic (RC4_KEY_LENGTH + 1); | |
35 | + if (padkey == NULL) { | |
36 | + xsltTransformError(tctxt, NULL, tctxt->inst, | |
37 | + "exsltCryptoRc4EncryptFunction: Failed to allocate padkey\n"); | |
38 | + tctxt->state = XSLT_STATE_STOPPED; | |
39 | + xmlXPathReturnEmptyString (ctxt); | |
40 | + goto done; | |
41 | + } | |
42 | + memset(padkey, 0, RC4_KEY_LENGTH + 1); | |
43 | + | |
44 | key_size = xmlUTF8Strsize (key, key_len); | |
45 | + if ((key_size > RC4_KEY_LENGTH) || (key_size < 0)) { | |
46 | + xsltTransformError(tctxt, NULL, tctxt->inst, | |
47 | + "exsltCryptoRc4EncryptFunction: key size too long or key broken\n"); | |
48 | + tctxt->state = XSLT_STATE_STOPPED; | |
49 | + xmlXPathReturnEmptyString (ctxt); | |
50 | + goto done; | |
51 | + } | |
52 | memcpy (padkey, key, key_size); | |
53 | - memset (padkey + key_size, '\0', sizeof (padkey)); | |
54 | ||
55 | /* encrypt it */ | |
56 | bin_len = str_len; | |
57 | bin = xmlStrdup (str); | |
58 | if (bin == NULL) { | |
59 | + xsltTransformError(tctxt, NULL, tctxt->inst, | |
60 | + "exsltCryptoRc4EncryptFunction: Failed to allocate string\n"); | |
61 | + tctxt->state = XSLT_STATE_STOPPED; | |
62 | xmlXPathReturnEmptyString (ctxt); | |
63 | goto done; | |
64 | } | |
65 | @@ -638,6 +658,9 @@ exsltCryptoRc4EncryptFunction (xmlXPathP | |
66 | hex_len = str_len * 2 + 1; | |
67 | hex = xmlMallocAtomic (hex_len); | |
68 | if (hex == NULL) { | |
69 | + xsltTransformError(tctxt, NULL, tctxt->inst, | |
70 | + "exsltCryptoRc4EncryptFunction: Failed to allocate result\n"); | |
71 | + tctxt->state = XSLT_STATE_STOPPED; | |
72 | xmlXPathReturnEmptyString (ctxt); | |
73 | goto done; | |
74 | } | |
75 | @@ -670,11 +693,13 @@ exsltCryptoRc4DecryptFunction (xmlXPathP | |
76 | int str_len = 0, bin_len = 0, ret_len = 0; | |
77 | xmlChar *key = NULL, *str = NULL, *padkey = NULL, *bin = | |
78 | NULL, *ret = NULL; | |
79 | + xsltTransformContextPtr tctxt = NULL; | |
80 | ||
81 | - if ((nargs < 1) || (nargs > 3)) { | |
82 | + if (nargs != 2) { | |
83 | xmlXPathSetArityError (ctxt); | |
84 | return; | |
85 | } | |
86 | + tctxt = xsltXPathGetTransformContext(ctxt); | |
87 | ||
88 | str = xmlXPathPopString (ctxt); | |
89 | str_len = xmlUTF8Strlen (str); | |
90 | @@ -686,7 +711,7 @@ exsltCryptoRc4DecryptFunction (xmlXPathP | |
91 | } | |
92 | ||
93 | key = xmlXPathPopString (ctxt); | |
94 | - key_len = xmlUTF8Strlen (str); | |
95 | + key_len = xmlUTF8Strlen (key); | |
96 | ||
97 | if (key_len == 0) { | |
98 | xmlXPathReturnEmptyString (ctxt); | |
99 | @@ -695,22 +720,51 @@ exsltCryptoRc4DecryptFunction (xmlXPathP | |
100 | return; | |
101 | } | |
102 | ||
103 | - padkey = xmlMallocAtomic (RC4_KEY_LENGTH); | |
104 | + padkey = xmlMallocAtomic (RC4_KEY_LENGTH + 1); | |
105 | + if (padkey == NULL) { | |
106 | + xsltTransformError(tctxt, NULL, tctxt->inst, | |
107 | + "exsltCryptoRc4EncryptFunction: Failed to allocate padkey\n"); | |
108 | + tctxt->state = XSLT_STATE_STOPPED; | |
109 | + xmlXPathReturnEmptyString (ctxt); | |
110 | + goto done; | |
111 | + } | |
112 | + memset(padkey, 0, RC4_KEY_LENGTH + 1); | |
113 | key_size = xmlUTF8Strsize (key, key_len); | |
114 | + if ((key_size > RC4_KEY_LENGTH) || (key_size < 0)) { | |
115 | + xsltTransformError(tctxt, NULL, tctxt->inst, | |
116 | + "exsltCryptoRc4EncryptFunction: key size too long or key broken\n"); | |
117 | + tctxt->state = XSLT_STATE_STOPPED; | |
118 | + xmlXPathReturnEmptyString (ctxt); | |
119 | + goto done; | |
120 | + } | |
121 | memcpy (padkey, key, key_size); | |
122 | - memset (padkey + key_size, '\0', sizeof (padkey)); | |
123 | ||
124 | /* decode hex to binary */ | |
125 | bin_len = str_len; | |
126 | bin = xmlMallocAtomic (bin_len); | |
127 | + if (bin == NULL) { | |
128 | + xsltTransformError(tctxt, NULL, tctxt->inst, | |
129 | + "exsltCryptoRc4EncryptFunction: Failed to allocate string\n"); | |
130 | + tctxt->state = XSLT_STATE_STOPPED; | |
131 | + xmlXPathReturnEmptyString (ctxt); | |
132 | + goto done; | |
133 | + } | |
134 | ret_len = exsltCryptoHex2Bin (str, str_len, bin, bin_len); | |
135 | ||
136 | /* decrypt the binary blob */ | |
137 | ret = xmlMallocAtomic (ret_len); | |
138 | + if (ret == NULL) { | |
139 | + xsltTransformError(tctxt, NULL, tctxt->inst, | |
140 | + "exsltCryptoRc4EncryptFunction: Failed to allocate result\n"); | |
141 | + tctxt->state = XSLT_STATE_STOPPED; | |
142 | + xmlXPathReturnEmptyString (ctxt); | |
143 | + goto done; | |
144 | + } | |
145 | PLATFORM_RC4_DECRYPT (ctxt, padkey, bin, ret_len, ret, ret_len); | |
146 | ||
147 | xmlXPathReturnString (ctxt, ret); | |
148 | ||
149 | +done: | |
150 | if (key != NULL) | |
151 | xmlFree (key); | |
152 | if (str != NULL) |