Mercurial > pidgin
view libpurple/protocols/oscar/tlv.c @ 31807:b24babbae157
Bounds-check stringref copies (which are safe anyway)
author | Ethan Blanton <elb@pidgin.im> |
---|---|
date | Wed, 17 Aug 2011 23:54:59 +0000 |
parents | 9b55bc3e2640 |
children |
line wrap: on
line source
/* * Purple's oscar protocol plugin * This file is the legal property of its developers. * Please see the AUTHORS file distributed alongside this file. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA */ #include "oscar.h" static aim_tlv_t * createtlv(guint16 type, guint16 length, guint8 *value) { aim_tlv_t *ret; ret = g_new(aim_tlv_t, 1); ret->type = type; ret->length = length; ret->value = value; return ret; } static void freetlv(aim_tlv_t *oldtlv) { g_free(oldtlv->value); g_free(oldtlv); } static GSList * aim_tlv_read(GSList *list, ByteStream *bs) { guint16 type, length; aim_tlv_t *tlv; type = byte_stream_get16(bs); length = byte_stream_get16(bs); if (length > byte_stream_bytes_left(bs)) { aim_tlvlist_free(list); return NULL; } tlv = createtlv(type, length, NULL); if (tlv->length > 0) { tlv->value = byte_stream_getraw(bs, length); if (!tlv->value) { freetlv(tlv); aim_tlvlist_free(list); return NULL; } } return g_slist_prepend(list, tlv); } /** * Read a TLV chain from a buffer. * * Reads and parses a series of TLV patterns from a data buffer; the * returned structure is manipulatable with the rest of the TLV * routines. When done with a TLV chain, aim_tlvlist_free() should * be called to free the dynamic substructures. * * TODO: There should be a flag setable here to have the tlvlist contain * bstream references, so that at least the ->value portion of each * element doesn't need to be malloc/memcpy'd. This could prove to be * just as efficient as the in-place TLV parsing used in a couple places * in libfaim. * * @param bs Input bstream * @return Return the TLV chain read */ GSList *aim_tlvlist_read(ByteStream *bs) { GSList *list = NULL; while (byte_stream_bytes_left(bs) > 0) { list = aim_tlv_read(list, bs); if (list == NULL) return NULL; } return g_slist_reverse(list); } /** * Read a TLV chain from a buffer. * * Reads and parses a series of TLV patterns from a data buffer; the * returned structure is manipulatable with the rest of the TLV * routines. When done with a TLV chain, aim_tlvlist_free() should * be called to free the dynamic substructures. * * TODO: There should be a flag setable here to have the tlvlist contain * bstream references, so that at least the ->value portion of each * element doesn't need to be malloc/memcpy'd. This could prove to be * just as efficient as the in-place TLV parsing used in a couple places * in libfaim. * * @param bs Input bstream * @param num The max number of TLVs that will be read, or -1 if unlimited. * There are a number of places where you want to read in a tlvchain, * but the chain is not at the end of the SNAC, and the chain is * preceded by the number of TLVs. So you can limit that with this. * @return Return the TLV chain read */ GSList *aim_tlvlist_readnum(ByteStream *bs, guint16 num) { GSList *list = NULL; while ((byte_stream_bytes_left(bs) > 0) && (num != 0)) { list = aim_tlv_read(list, bs); if (list == NULL) return NULL; num--; } return g_slist_reverse(list); } /** * Read a TLV chain from a buffer. * * Reads and parses a series of TLV patterns from a data buffer; the * returned structure is manipulatable with the rest of the TLV * routines. When done with a TLV chain, aim_tlvlist_free() should * be called to free the dynamic substructures. * * TODO: There should be a flag setable here to have the tlvlist contain * bstream references, so that at least the ->value portion of each * element doesn't need to be malloc/memcpy'd. This could prove to be * just as efficient as the in-place TLV parsing used in a couple places * in libfaim. * * @param bs Input bstream * @param len The max length in bytes that will be read. * There are a number of places where you want to read in a tlvchain, * but the chain is not at the end of the SNAC, and the chain is * preceded by the length of the TLVs. So you can limit that with this. * @return Return the TLV chain read */ GSList *aim_tlvlist_readlen(ByteStream *bs, guint16 len) { GSList *list = NULL; while ((byte_stream_bytes_left(bs) > 0) && (len > 0)) { list = aim_tlv_read(list, bs); if (list == NULL) return NULL; len -= 2 + 2 + ((aim_tlv_t *)list->data)->length; } return g_slist_reverse(list); } /** * Duplicate a TLV chain. * This is pretty self explanatory. * * @param orig The TLV chain you want to make a copy of. * @return A newly allocated TLV chain. */ GSList *aim_tlvlist_copy(GSList *orig) { GSList *new = NULL; aim_tlv_t *tlv; while (orig != NULL) { tlv = orig->data; aim_tlvlist_add_raw(&new, tlv->type, tlv->length, tlv->value); orig = orig->next; } return new; } /* * Compare two TLV lists for equality. This probably is not the most * efficient way to do this. * * @param one One of the TLV chains to compare. * @param two The other TLV chain to compare. * @return Return 0 if the lists are the same, return 1 if they are different. */ int aim_tlvlist_cmp(GSList *one, GSList *two) { ByteStream bs1, bs2; if (aim_tlvlist_size(one) != aim_tlvlist_size(two)) return 1; byte_stream_new(&bs1, aim_tlvlist_size(one)); byte_stream_new(&bs2, aim_tlvlist_size(two)); aim_tlvlist_write(&bs1, &one); aim_tlvlist_write(&bs2, &two); if (memcmp(bs1.data, bs2.data, bs1.len)) { byte_stream_destroy(&bs1); byte_stream_destroy(&bs2); return 1; } byte_stream_destroy(&bs1); byte_stream_destroy(&bs2); return 0; } /** * Free a TLV chain structure * * Walks the list of TLVs in the passed TLV chain and * frees each one. Note that any references to this data * should be removed before calling this. * * @param list Chain to be freed */ void aim_tlvlist_free(GSList *list) { while (list != NULL) { freetlv(list->data); list = g_slist_delete_link(list, list); } } /** * Count the number of TLVs in a chain. * * @param list Chain to be counted. * @return The number of TLVs stored in the passed chain. */ int aim_tlvlist_count(GSList *list) { GSList *cur; int count; if (list == NULL) return 0; for (cur = list, count = 0; cur; cur = cur->next) count++; return count; } /** * Count the number of bytes in a TLV chain. * * @param list Chain to be sized * @return The number of bytes that would be needed to * write the passed TLV chain to a data buffer. */ int aim_tlvlist_size(GSList *list) { GSList *cur; int size; if (list == NULL) return 0; for (cur = list, size = 0; cur; cur = cur->next) size += (4 + ((aim_tlv_t *)cur->data)->length); return size; } /** * Adds the passed string as a TLV element of the passed type * to the TLV chain. * * @param list Desination chain (%NULL pointer if empty). * @param type TLV type. * @param length Length of string to add (not including %NULL). * @param value String to add. * @return The size of the value added. */ int aim_tlvlist_add_raw(GSList **list, const guint16 type, const guint16 length, const guint8 *value) { aim_tlv_t *tlv; if (list == NULL) return 0; tlv = createtlv(type, length, NULL); if (tlv->length > 0) tlv->value = g_memdup(value, length); *list = g_slist_append(*list, tlv); return tlv->length; } /** * Add a one byte integer to a TLV chain. * * @param list Destination chain. * @param type TLV type to add. * @param value Value to add. * @return The size of the value added. */ int aim_tlvlist_add_8(GSList **list, const guint16 type, const guint8 value) { guint8 v8[1]; aimutil_put8(v8, value); return aim_tlvlist_add_raw(list, type, 1, v8); } /** * Add a two byte integer to a TLV chain. * * @param list Destination chain. * @param type TLV type to add. * @param value Value to add. * @return The size of the value added. */ int aim_tlvlist_add_16(GSList **list, const guint16 type, const guint16 value) { guint8 v16[2]; aimutil_put16(v16, value); return aim_tlvlist_add_raw(list, type, 2, v16); } /** * Add a four byte integer to a TLV chain. * * @param list Destination chain. * @param type TLV type to add. * @param value Value to add. * @return The size of the value added. */ int aim_tlvlist_add_32(GSList **list, const guint16 type, const guint32 value) { guint8 v32[4]; aimutil_put32(v32, value); return aim_tlvlist_add_raw(list, type, 4, v32); } /** * Add a string to a TLV chain. * * @param list Destination chain. * @param type TLV type to add. * @param value Value to add. * @return The size of the value added. */ int aim_tlvlist_add_str(GSList **list, const guint16 type, const char *value) { return aim_tlvlist_add_raw(list, type, strlen(value), (guint8 *)value); } static int count_caps(guint64 caps) { int set_bits = 0; while (caps) { set_bits += caps & 1; caps >>= 1; } return set_bits; } /** * Adds a block of capability blocks to a TLV chain. The bitfield * passed in should be a bitwise %OR of any of the %AIM_CAPS constants: * * %OSCAR_CAPABILITY_BUDDYICON Supports Buddy Icons * %OSCAR_CAPABILITY_TALK Supports Voice Chat * %OSCAR_CAPABILITY_IMIMAGE Supports DirectIM/IMImage * %OSCAR_CAPABILITY_CHAT Supports Chat * %OSCAR_CAPABILITY_GETFILE Supports Get File functions * %OSCAR_CAPABILITY_SENDFILE Supports Send File functions * * @param list Destination chain * @param type TLV type to add * @param caps Bitfield of capability flags to send * @return The size of the value added. */ int aim_tlvlist_add_caps(GSList **list, const guint16 type, const guint64 caps, const char *mood) { int len; ByteStream bs; guint32 bs_size; guint8 *data; if (caps == 0) return 0; /* nothing there anyway */ data = icq_get_custom_icon_data(mood); bs_size = 16*(count_caps(caps) + (data != NULL ? 1 : 0)); byte_stream_new(&bs, bs_size); byte_stream_putcaps(&bs, caps); /* adding of custom icon GUID */ if (data != NULL) byte_stream_putraw(&bs, data, 16); len = aim_tlvlist_add_raw(list, type, byte_stream_curpos(&bs), bs.data); byte_stream_destroy(&bs); return len; } /** * Adds the given chatroom info to a TLV chain. * * @param list Destination chain. * @param type TLV type to add. * @param roomname The name of the chat. * @param instance The instance. * @return The size of the value added. */ int aim_tlvlist_add_chatroom(GSList **list, guint16 type, guint16 exchange, const char *roomname, guint16 instance) { int len; ByteStream bs; byte_stream_new(&bs, 2 + 1 + strlen(roomname) + 2); byte_stream_put16(&bs, exchange); byte_stream_put8(&bs, strlen(roomname)); byte_stream_putstr(&bs, roomname); byte_stream_put16(&bs, instance); len = aim_tlvlist_add_raw(list, type, byte_stream_curpos(&bs), bs.data); byte_stream_destroy(&bs); return len; } /** * Adds a TLV with a zero length to a TLV chain. * * @param list Destination chain. * @param type TLV type to add. * @return The size of the value added. */ int aim_tlvlist_add_noval(GSList **list, const guint16 type) { return aim_tlvlist_add_raw(list, type, 0, NULL); } /* * Note that the inner TLV chain will not be modifiable as a tlvchain once * it is written using this. Or rather, it can be, but updates won't be * made to this. * * TODO: Should probably support sublists for real. * * This is so neat. * * @param list Destination chain. * @param type TLV type to add. * @param t1 The TLV chain you want to write. * @return The number of bytes written to the destination TLV chain. * 0 is returned if there was an error or if the destination * TLV chain has length 0. */ int aim_tlvlist_add_frozentlvlist(GSList **list, guint16 type, GSList **tlvlist) { int buflen; ByteStream bs; buflen = aim_tlvlist_size(*tlvlist); if (buflen <= 0) return 0; byte_stream_new(&bs, buflen); aim_tlvlist_write(&bs, tlvlist); aim_tlvlist_add_raw(list, type, byte_stream_curpos(&bs), bs.data); byte_stream_destroy(&bs); return buflen; } /** * Substitute a TLV of a given type with a new TLV of the same type. If * you attempt to replace a TLV that does not exist, this function will * just add a new TLV as if you called aim_tlvlist_add_raw(). * * @param list Desination chain (%NULL pointer if empty). * @param type TLV type. * @param length Length of string to add (not including %NULL). * @param value String to add. * @return The length of the TLV. */ int aim_tlvlist_replace_raw(GSList **list, const guint16 type, const guint16 length, const guint8 *value) { GSList *cur; aim_tlv_t *tlv; if (list == NULL) return 0; for (cur = *list; cur != NULL; cur = cur->next) { tlv = cur->data; if (tlv->type == type) break; } if (cur == NULL) /* TLV does not exist, so add a new one */ return aim_tlvlist_add_raw(list, type, length, value); g_free(tlv->value); tlv->length = length; if (tlv->length > 0) { tlv->value = g_memdup(value, length); } else tlv->value = NULL; return tlv->length; } /** * Substitute a TLV of a given type with a new TLV of the same type. If * you attempt to replace a TLV that does not exist, this function will * just add a new TLV as if you called aim_tlvlist_add_str(). * * @param list Desination chain (%NULL pointer if empty). * @param type TLV type. * @param str String to add. * @return The length of the TLV. */ int aim_tlvlist_replace_str(GSList **list, const guint16 type, const char *str) { return aim_tlvlist_replace_raw(list, type, strlen(str), (const guchar *)str); } /** * Substitute a TLV of a given type with a new TLV of the same type. If * you attempt to replace a TLV that does not exist, this function will * just add a new TLV as if you called aim_tlvlist_add_raw(). * * @param list Desination chain (%NULL pointer if empty). * @param type TLV type. * @return The length of the TLV. */ int aim_tlvlist_replace_noval(GSList **list, const guint16 type) { return aim_tlvlist_replace_raw(list, type, 0, NULL); } /** * Substitute a TLV of a given type with a new TLV of the same type. If * you attempt to replace a TLV that does not exist, this function will * just add a new TLV as if you called aim_tlvlist_add_raw(). * * @param list Desination chain (%NULL pointer if empty). * @param type TLV type. * @param value 8 bit value to add. * @return The length of the TLV. */ int aim_tlvlist_replace_8(GSList **list, const guint16 type, const guint8 value) { guint8 v8[1]; aimutil_put8(v8, value); return aim_tlvlist_replace_raw(list, type, 1, v8); } /** * Substitute a TLV of a given type with a new TLV of the same type. If * you attempt to replace a TLV that does not exist, this function will * just add a new TLV as if you called aim_tlvlist_add_raw(). * * @param list Desination chain (%NULL pointer if empty). * @param type TLV type. * @param value 32 bit value to add. * @return The length of the TLV. */ int aim_tlvlist_replace_32(GSList **list, const guint16 type, const guint32 value) { guint8 v32[4]; aimutil_put32(v32, value); return aim_tlvlist_replace_raw(list, type, 4, v32); } /** * Remove all TLVs of a given type. If you attempt to remove a TLV * that does not exist, nothing happens. * * @param list Desination chain (%NULL pointer if empty). * @param type TLV type. */ void aim_tlvlist_remove(GSList **list, const guint16 type) { GSList *cur, *next; aim_tlv_t *tlv; if (list == NULL || *list == NULL) return; cur = *list; while (cur != NULL) { tlv = cur->data; next = cur->next; if (tlv->type == type) { /* Delete this TLV */ *list = g_slist_delete_link(*list, cur); g_free(tlv->value); g_free(tlv); } cur = next; } } /** * Write a TLV chain into a data buffer. * * Copies a TLV chain into a raw data buffer, writing only the number * of bytes specified. This operation does not free the chain; * aim_tlvlist_free() must still be called to free up the memory used * by the chain structures. * * TODO: Clean this up, make better use of bstreams * * @param bs Input bstream * @param list Source TLV chain * @return Return 0 if the destination bstream is too small. */ int aim_tlvlist_write(ByteStream *bs, GSList **list) { int goodbuflen; GSList *cur; aim_tlv_t *tlv; /* do an initial run to test total length */ goodbuflen = aim_tlvlist_size(*list); if (goodbuflen > byte_stream_bytes_left(bs)) return 0; /* not enough buffer */ /* do the real write-out */ for (cur = *list; cur; cur = cur->next) { tlv = cur->data; byte_stream_put16(bs, tlv->type); byte_stream_put16(bs, tlv->length); if (tlv->length > 0) byte_stream_putraw(bs, tlv->value, tlv->length); } return 1; /* TODO: This is a nonsensical return */ } /** * Grab the Nth TLV of type type in the TLV list list. * * Returns a pointer to an aim_tlv_t of the specified type; * %NULL on error. The @nth parameter is specified starting at %1. * In most cases, there will be no more than one TLV of any type * in a chain. * * @param list Source chain. * @param type Requested TLV type. * @param nth Index of TLV of type to get. * @return The TLV you were looking for, or NULL if one could not be found. */ aim_tlv_t *aim_tlv_gettlv(GSList *list, const guint16 type, const int nth) { GSList *cur; aim_tlv_t *tlv; int i; for (cur = list, i = 0; cur != NULL; cur = cur->next) { tlv = cur->data; if (tlv->type == type) i++; if (i >= nth) return tlv; } return NULL; } /** * Get the length of the data of the nth TLV in the given TLV chain. * * @param list Source chain. * @param type Requested TLV type. * @param nth Index of TLV of type to get. * @return The length of the data in this TLV, or -1 if the TLV could not be * found. Unless -1 is returned, this value will be 2 bytes. */ int aim_tlv_getlength(GSList *list, const guint16 type, const int nth) { aim_tlv_t *tlv; tlv = aim_tlv_gettlv(list, type, nth); if (tlv == NULL) return -1; return tlv->length; } char * aim_tlv_getvalue_as_string(aim_tlv_t *tlv) { char *ret; ret = g_malloc(tlv->length + 1); memcpy(ret, tlv->value, tlv->length); ret[tlv->length] = '\0'; return ret; } /** * Retrieve the data from the nth TLV in the given TLV chain as a string. * * @param list Source TLV chain. * @param type TLV type to search for. * @param nth Index of TLV to return. * @return The value of the TLV you were looking for, or NULL if one could * not be found. This is a dynamic buffer and must be freed by the * caller. */ char *aim_tlv_getstr(GSList *list, const guint16 type, const int nth) { aim_tlv_t *tlv; tlv = aim_tlv_gettlv(list, type, nth); if (tlv == NULL) return NULL; return aim_tlv_getvalue_as_string(tlv); } /** * Retrieve the data from the nth TLV in the given TLV chain as an 8bit * integer. * * @param list Source TLV chain. * @param type TLV type to search for. * @param nth Index of TLV to return. * @return The value the TLV you were looking for, or 0 if one could * not be found. */ guint8 aim_tlv_get8(GSList *list, const guint16 type, const int nth) { aim_tlv_t *tlv; tlv = aim_tlv_gettlv(list, type, nth); if (tlv == NULL) return 0; /* erm */ return aimutil_get8(tlv->value); } /** * Retrieve the data from the nth TLV in the given TLV chain as a 16bit * integer. * * @param list Source TLV chain. * @param type TLV type to search for. * @param nth Index of TLV to return. * @return The value the TLV you were looking for, or 0 if one could * not be found. */ guint16 aim_tlv_get16(GSList *list, const guint16 type, const int nth) { aim_tlv_t *tlv; tlv = aim_tlv_gettlv(list, type, nth); if (tlv == NULL) return 0; /* erm */ return aimutil_get16(tlv->value); } /** * Retrieve the data from the nth TLV in the given TLV chain as a 32bit * integer. * * @param list Source TLV chain. * @param type TLV type to search for. * @param nth Index of TLV to return. * @return The value the TLV you were looking for, or 0 if one could * not be found. */ guint32 aim_tlv_get32(GSList *list, const guint16 type, const int nth) { aim_tlv_t *tlv; tlv = aim_tlv_gettlv(list, type, nth); if (tlv == NULL) return 0; /* erm */ return aimutil_get32(tlv->value); }