1 Index: libexslt/crypto.c
2 ===================================================================
3 --- libexslt/crypto.c (revision 1479)
4 +++ libexslt/crypto.c (working copy)
5 @@ -595,11 +595,13 @@ exsltCryptoRc4EncryptFunction (xmlXPathP
6 int str_len = 0, bin_len = 0, hex_len = 0;
7 xmlChar *key = NULL, *str = NULL, *padkey = NULL;
8 xmlChar *bin = NULL, *hex = NULL;
9 + xsltTransformContextPtr tctxt = NULL;
11 - if ((nargs < 1) || (nargs > 3)) {
13 xmlXPathSetArityError (ctxt);
16 + tctxt = xsltXPathGetTransformContext(ctxt);
18 str = xmlXPathPopString (ctxt);
19 str_len = xmlUTF8Strlen (str);
20 @@ -611,7 +613,7 @@ exsltCryptoRc4EncryptFunction (xmlXPathP
23 key = xmlXPathPopString (ctxt);
24 - key_len = xmlUTF8Strlen (str);
25 + key_len = xmlUTF8Strlen (key);
28 xmlXPathReturnEmptyString (ctxt);
29 @@ -620,15 +622,33 @@ exsltCryptoRc4EncryptFunction (xmlXPathP
33 - padkey = xmlMallocAtomic (RC4_KEY_LENGTH);
34 + padkey = xmlMallocAtomic (RC4_KEY_LENGTH + 1);
35 + if (padkey == NULL) {
36 + xsltTransformError(tctxt, NULL, tctxt->inst,
37 + "exsltCryptoRc4EncryptFunction: Failed to allocate padkey\n");
38 + tctxt->state = XSLT_STATE_STOPPED;
39 + xmlXPathReturnEmptyString (ctxt);
42 + memset(padkey, 0, RC4_KEY_LENGTH + 1);
44 key_size = xmlUTF8Strsize (key, key_len);
45 + if ((key_size > RC4_KEY_LENGTH) || (key_size < 0)) {
46 + xsltTransformError(tctxt, NULL, tctxt->inst,
47 + "exsltCryptoRc4EncryptFunction: key size too long or key broken\n");
48 + tctxt->state = XSLT_STATE_STOPPED;
49 + xmlXPathReturnEmptyString (ctxt);
52 memcpy (padkey, key, key_size);
53 - memset (padkey + key_size, '\0', sizeof (padkey));
57 bin = xmlStrdup (str);
59 + xsltTransformError(tctxt, NULL, tctxt->inst,
60 + "exsltCryptoRc4EncryptFunction: Failed to allocate string\n");
61 + tctxt->state = XSLT_STATE_STOPPED;
62 xmlXPathReturnEmptyString (ctxt);
65 @@ -638,6 +658,9 @@ exsltCryptoRc4EncryptFunction (xmlXPathP
66 hex_len = str_len * 2 + 1;
67 hex = xmlMallocAtomic (hex_len);
69 + xsltTransformError(tctxt, NULL, tctxt->inst,
70 + "exsltCryptoRc4EncryptFunction: Failed to allocate result\n");
71 + tctxt->state = XSLT_STATE_STOPPED;
72 xmlXPathReturnEmptyString (ctxt);
75 @@ -670,11 +693,13 @@ exsltCryptoRc4DecryptFunction (xmlXPathP
76 int str_len = 0, bin_len = 0, ret_len = 0;
77 xmlChar *key = NULL, *str = NULL, *padkey = NULL, *bin =
79 + xsltTransformContextPtr tctxt = NULL;
81 - if ((nargs < 1) || (nargs > 3)) {
83 xmlXPathSetArityError (ctxt);
86 + tctxt = xsltXPathGetTransformContext(ctxt);
88 str = xmlXPathPopString (ctxt);
89 str_len = xmlUTF8Strlen (str);
90 @@ -686,7 +711,7 @@ exsltCryptoRc4DecryptFunction (xmlXPathP
93 key = xmlXPathPopString (ctxt);
94 - key_len = xmlUTF8Strlen (str);
95 + key_len = xmlUTF8Strlen (key);
98 xmlXPathReturnEmptyString (ctxt);
99 @@ -695,22 +720,51 @@ exsltCryptoRc4DecryptFunction (xmlXPathP
103 - padkey = xmlMallocAtomic (RC4_KEY_LENGTH);
104 + padkey = xmlMallocAtomic (RC4_KEY_LENGTH + 1);
105 + if (padkey == NULL) {
106 + xsltTransformError(tctxt, NULL, tctxt->inst,
107 + "exsltCryptoRc4EncryptFunction: Failed to allocate padkey\n");
108 + tctxt->state = XSLT_STATE_STOPPED;
109 + xmlXPathReturnEmptyString (ctxt);
112 + memset(padkey, 0, RC4_KEY_LENGTH + 1);
113 key_size = xmlUTF8Strsize (key, key_len);
114 + if ((key_size > RC4_KEY_LENGTH) || (key_size < 0)) {
115 + xsltTransformError(tctxt, NULL, tctxt->inst,
116 + "exsltCryptoRc4EncryptFunction: key size too long or key broken\n");
117 + tctxt->state = XSLT_STATE_STOPPED;
118 + xmlXPathReturnEmptyString (ctxt);
121 memcpy (padkey, key, key_size);
122 - memset (padkey + key_size, '\0', sizeof (padkey));
124 /* decode hex to binary */
126 bin = xmlMallocAtomic (bin_len);
128 + xsltTransformError(tctxt, NULL, tctxt->inst,
129 + "exsltCryptoRc4EncryptFunction: Failed to allocate string\n");
130 + tctxt->state = XSLT_STATE_STOPPED;
131 + xmlXPathReturnEmptyString (ctxt);
134 ret_len = exsltCryptoHex2Bin (str, str_len, bin, bin_len);
136 /* decrypt the binary blob */
137 ret = xmlMallocAtomic (ret_len);
139 + xsltTransformError(tctxt, NULL, tctxt->inst,
140 + "exsltCryptoRc4EncryptFunction: Failed to allocate result\n");
141 + tctxt->state = XSLT_STATE_STOPPED;
142 + xmlXPathReturnEmptyString (ctxt);
145 PLATFORM_RC4_DECRYPT (ctxt, padkey, bin, ret_len, ret, ret_len);
147 xmlXPathReturnString (ctxt, ret);