[packages/libxslt.git] / libxslt-exslt_crypt.patch

Index: libexslt/crypto.c
===================================================================
--- libexslt/crypto.c	(revision 1479)
+++ libexslt/crypto.c	(working copy)
@@ -595,11 +595,13 @@ exsltCryptoRc4EncryptFunction (xmlXPathP
     int str_len = 0, bin_len = 0, hex_len = 0;
     xmlChar *key = NULL, *str = NULL, *padkey = NULL;
     xmlChar *bin = NULL, *hex = NULL;
+    xsltTransformContextPtr tctxt = NULL;
 
-    if ((nargs < 1) || (nargs > 3)) {
+    if (nargs != 2) {
 	xmlXPathSetArityError (ctxt);
 	return;
     }
+    tctxt = xsltXPathGetTransformContext(ctxt);
 
     str = xmlXPathPopString (ctxt);
     str_len = xmlUTF8Strlen (str);
@@ -611,7 +613,7 @@ exsltCryptoRc4EncryptFunction (xmlXPathP
     }
 
     key = xmlXPathPopString (ctxt);
-    key_len = xmlUTF8Strlen (str);
+    key_len = xmlUTF8Strlen (key);
 
     if (key_len == 0) {
 	xmlXPathReturnEmptyString (ctxt);
@@ -620,15 +622,33 @@ exsltCryptoRc4EncryptFunction (xmlXPathP
 	return;
     }
 
-    padkey = xmlMallocAtomic (RC4_KEY_LENGTH);
+    padkey = xmlMallocAtomic (RC4_KEY_LENGTH + 1);
+    if (padkey == NULL) {
+	xsltTransformError(tctxt, NULL, tctxt->inst,
+	    "exsltCryptoRc4EncryptFunction: Failed to allocate padkey\n");
+	tctxt->state = XSLT_STATE_STOPPED;
+	xmlXPathReturnEmptyString (ctxt);
+	goto done;
+    }
+    memset(padkey, 0, RC4_KEY_LENGTH + 1);
+
     key_size = xmlUTF8Strsize (key, key_len);
+    if ((key_size > RC4_KEY_LENGTH) || (key_size < 0)) {
+	xsltTransformError(tctxt, NULL, tctxt->inst,
+	    "exsltCryptoRc4EncryptFunction: key size too long or key broken\n");
+	tctxt->state = XSLT_STATE_STOPPED;
+	xmlXPathReturnEmptyString (ctxt);
+	goto done;
+    }
     memcpy (padkey, key, key_size);
-    memset (padkey + key_size, '\0', sizeof (padkey));
 
 /* encrypt it */
     bin_len = str_len;
     bin = xmlStrdup (str);
     if (bin == NULL) {
+	xsltTransformError(tctxt, NULL, tctxt->inst,
+	    "exsltCryptoRc4EncryptFunction: Failed to allocate string\n");
+	tctxt->state = XSLT_STATE_STOPPED;
 	xmlXPathReturnEmptyString (ctxt);
 	goto done;
     }
@@ -638,6 +658,9 @@ exsltCryptoRc4EncryptFunction (xmlXPathP
     hex_len = str_len * 2 + 1;
     hex = xmlMallocAtomic (hex_len);
     if (hex == NULL) {
+	xsltTransformError(tctxt, NULL, tctxt->inst,
+	    "exsltCryptoRc4EncryptFunction: Failed to allocate result\n");
+	tctxt->state = XSLT_STATE_STOPPED;
 	xmlXPathReturnEmptyString (ctxt);
 	goto done;
     }
@@ -670,11 +693,13 @@ exsltCryptoRc4DecryptFunction (xmlXPathP
     int str_len = 0, bin_len = 0, ret_len = 0;
     xmlChar *key = NULL, *str = NULL, *padkey = NULL, *bin =
 	NULL, *ret = NULL;
+    xsltTransformContextPtr tctxt = NULL;
 
-    if ((nargs < 1) || (nargs > 3)) {
+    if (nargs != 2) {
 	xmlXPathSetArityError (ctxt);
 	return;
     }
+    tctxt = xsltXPathGetTransformContext(ctxt);
 
     str = xmlXPathPopString (ctxt);
     str_len = xmlUTF8Strlen (str);
@@ -686,7 +711,7 @@ exsltCryptoRc4DecryptFunction (xmlXPathP
     }
 
     key = xmlXPathPopString (ctxt);
-    key_len = xmlUTF8Strlen (str);
+    key_len = xmlUTF8Strlen (key);
 
     if (key_len == 0) {
 	xmlXPathReturnEmptyString (ctxt);
@@ -695,22 +720,51 @@ exsltCryptoRc4DecryptFunction (xmlXPathP
 	return;
     }
 
-    padkey = xmlMallocAtomic (RC4_KEY_LENGTH);
+    padkey = xmlMallocAtomic (RC4_KEY_LENGTH + 1);
+    if (padkey == NULL) {
+	xsltTransformError(tctxt, NULL, tctxt->inst,
+	    "exsltCryptoRc4EncryptFunction: Failed to allocate padkey\n");
+	tctxt->state = XSLT_STATE_STOPPED;
+	xmlXPathReturnEmptyString (ctxt);
+	goto done;
+    }
+    memset(padkey, 0, RC4_KEY_LENGTH + 1);
     key_size = xmlUTF8Strsize (key, key_len);
+    if ((key_size > RC4_KEY_LENGTH) || (key_size < 0)) {
+	xsltTransformError(tctxt, NULL, tctxt->inst,
+	    "exsltCryptoRc4EncryptFunction: key size too long or key broken\n");
+	tctxt->state = XSLT_STATE_STOPPED;
+	xmlXPathReturnEmptyString (ctxt);
+	goto done;
+    }
     memcpy (padkey, key, key_size);
-    memset (padkey + key_size, '\0', sizeof (padkey));
 
 /* decode hex to binary */
     bin_len = str_len;
     bin = xmlMallocAtomic (bin_len);
+    if (bin == NULL) {
+	xsltTransformError(tctxt, NULL, tctxt->inst,
+	    "exsltCryptoRc4EncryptFunction: Failed to allocate string\n");
+	tctxt->state = XSLT_STATE_STOPPED;
+	xmlXPathReturnEmptyString (ctxt);
+	goto done;
+    }
     ret_len = exsltCryptoHex2Bin (str, str_len, bin, bin_len);
 
 /* decrypt the binary blob */
     ret = xmlMallocAtomic (ret_len);
+    if (ret == NULL) {
+	xsltTransformError(tctxt, NULL, tctxt->inst,
+	    "exsltCryptoRc4EncryptFunction: Failed to allocate result\n");
+	tctxt->state = XSLT_STATE_STOPPED;
+	xmlXPathReturnEmptyString (ctxt);
+	goto done;
+    }
     PLATFORM_RC4_DECRYPT (ctxt, padkey, bin, ret_len, ret, ret_len);
 
     xmlXPathReturnString (ctxt, ret);
 
+done:
     if (key != NULL)
 	xmlFree (key);
     if (str != NULL)
Commit	Line	Data
502932a2 KK	1	Index: libexslt/crypto.c
	2	===================================================================
	3	--- libexslt/crypto.c (revision 1479)
	4	+++ libexslt/crypto.c (working copy)
	5	@@ -595,11 +595,13 @@ exsltCryptoRc4EncryptFunction (xmlXPathP
	6	int str_len = 0, bin_len = 0, hex_len = 0;
	7	xmlChar key = NULL, str = NULL, *padkey = NULL;
	8	xmlChar bin = NULL, hex = NULL;
	9	+ xsltTransformContextPtr tctxt = NULL;
	10
	11	- if ((nargs < 1) \|\| (nargs > 3)) {
	12	+ if (nargs != 2) {
	13	xmlXPathSetArityError (ctxt);
	14	return;
	15	}
	16	+ tctxt = xsltXPathGetTransformContext(ctxt);
	17
	18	str = xmlXPathPopString (ctxt);
	19	str_len = xmlUTF8Strlen (str);
	20	@@ -611,7 +613,7 @@ exsltCryptoRc4EncryptFunction (xmlXPathP
	21	}
	22
	23	key = xmlXPathPopString (ctxt);
	24	- key_len = xmlUTF8Strlen (str);
	25	+ key_len = xmlUTF8Strlen (key);
	26
	27	if (key_len == 0) {
	28	xmlXPathReturnEmptyString (ctxt);
	29	@@ -620,15 +622,33 @@ exsltCryptoRc4EncryptFunction (xmlXPathP
	30	return;
	31	}
	32
	33	- padkey = xmlMallocAtomic (RC4_KEY_LENGTH);
	34	+ padkey = xmlMallocAtomic (RC4_KEY_LENGTH + 1);
	35	+ if (padkey == NULL) {
	36	+ xsltTransformError(tctxt, NULL, tctxt->inst,
	37	+ "exsltCryptoRc4EncryptFunction: Failed to allocate padkey\n");
	38	+ tctxt->state = XSLT_STATE_STOPPED;
	39	+ xmlXPathReturnEmptyString (ctxt);
	40	+ goto done;
	41	+ }
	42	+ memset(padkey, 0, RC4_KEY_LENGTH + 1);
	43	+
	44	key_size = xmlUTF8Strsize (key, key_len);
	45	+ if ((key_size > RC4_KEY_LENGTH) \|\| (key_size < 0)) {
	46	+ xsltTransformError(tctxt, NULL, tctxt->inst,
	47	+ "exsltCryptoRc4EncryptFunction: key size too long or key broken\n");
	48	+ tctxt->state = XSLT_STATE_STOPPED;
	49	+ xmlXPathReturnEmptyString (ctxt);
	50	+ goto done;
	51	+ }
	52	memcpy (padkey, key, key_size);
	53	- memset (padkey + key_size, '\0', sizeof (padkey));
	54
	55	/* encrypt it */
	56	bin_len = str_len;
	57	bin = xmlStrdup (str);
	58	if (bin == NULL) {
	59	+ xsltTransformError(tctxt, NULL, tctxt->inst,
	60	+ "exsltCryptoRc4EncryptFunction: Failed to allocate string\n");
	61	+ tctxt->state = XSLT_STATE_STOPPED;
	62	xmlXPathReturnEmptyString (ctxt);
	63	goto done;
	64	}
65	@@ -638,6 +658,9 @@ exsltCryptoRc4EncryptFunction (xmlXPathP
66	hex_len = str_len * 2 + 1;
67	hex = xmlMallocAtomic (hex_len);
68	if (hex == NULL) {
69	+ xsltTransformError(tctxt, NULL, tctxt->inst,
70	+ "exsltCryptoRc4EncryptFunction: Failed to allocate result\n");
71	+ tctxt->state = XSLT_STATE_STOPPED;
72	xmlXPathReturnEmptyString (ctxt);
73	goto done;
74	}
75	@@ -670,11 +693,13 @@ exsltCryptoRc4DecryptFunction (xmlXPathP
76	int str_len = 0, bin_len = 0, ret_len = 0;
77	xmlChar key = NULL, str = NULL, padkey = NULL, bin =
78	NULL, *ret = NULL;
79	+ xsltTransformContextPtr tctxt = NULL;
80
81	- if ((nargs < 1) \|\| (nargs > 3)) {
82	+ if (nargs != 2) {
83	xmlXPathSetArityError (ctxt);
84	return;
85	}
86	+ tctxt = xsltXPathGetTransformContext(ctxt);
87
88	str = xmlXPathPopString (ctxt);
89	str_len = xmlUTF8Strlen (str);
90	@@ -686,7 +711,7 @@ exsltCryptoRc4DecryptFunction (xmlXPathP
91	}
92
93	key = xmlXPathPopString (ctxt);
94	- key_len = xmlUTF8Strlen (str);
95	+ key_len = xmlUTF8Strlen (key);
96
97	if (key_len == 0) {
98	xmlXPathReturnEmptyString (ctxt);
99	@@ -695,22 +720,51 @@ exsltCryptoRc4DecryptFunction (xmlXPathP
100	return;
101	}
102
103	- padkey = xmlMallocAtomic (RC4_KEY_LENGTH);
104	+ padkey = xmlMallocAtomic (RC4_KEY_LENGTH + 1);
105	+ if (padkey == NULL) {
106	+ xsltTransformError(tctxt, NULL, tctxt->inst,
107	+ "exsltCryptoRc4EncryptFunction: Failed to allocate padkey\n");
108	+ tctxt->state = XSLT_STATE_STOPPED;
109	+ xmlXPathReturnEmptyString (ctxt);
110	+ goto done;
111	+ }
112	+ memset(padkey, 0, RC4_KEY_LENGTH + 1);
113	key_size = xmlUTF8Strsize (key, key_len);
114	+ if ((key_size > RC4_KEY_LENGTH) \|\| (key_size < 0)) {
115	+ xsltTransformError(tctxt, NULL, tctxt->inst,
116	+ "exsltCryptoRc4EncryptFunction: key size too long or key broken\n");
117	+ tctxt->state = XSLT_STATE_STOPPED;
118	+ xmlXPathReturnEmptyString (ctxt);
119	+ goto done;
120	+ }
121	memcpy (padkey, key, key_size);
122	- memset (padkey + key_size, '\0', sizeof (padkey));
123
124	/* decode hex to binary */
125	bin_len = str_len;
126	bin = xmlMallocAtomic (bin_len);
127	+ if (bin == NULL) {
128	+ xsltTransformError(tctxt, NULL, tctxt->inst,
129	+ "exsltCryptoRc4EncryptFunction: Failed to allocate string\n");
130	+ tctxt->state = XSLT_STATE_STOPPED;
131	+ xmlXPathReturnEmptyString (ctxt);
132	+ goto done;
133	+ }
134	ret_len = exsltCryptoHex2Bin (str, str_len, bin, bin_len);
135
136	/* decrypt the binary blob */
137	ret = xmlMallocAtomic (ret_len);
138	+ if (ret == NULL) {
139	+ xsltTransformError(tctxt, NULL, tctxt->inst,
140	+ "exsltCryptoRc4EncryptFunction: Failed to allocate result\n");
141	+ tctxt->state = XSLT_STATE_STOPPED;
142	+ xmlXPathReturnEmptyString (ctxt);
143	+ goto done;
144	+ }
145	PLATFORM_RC4_DECRYPT (ctxt, padkey, bin, ret_len, ret, ret_len);
146
147	xmlXPathReturnString (ctxt, ret);
148
149	+done:
150	if (key != NULL)
151	xmlFree (key);
152	if (str != NULL)