X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=blobdiff_plain;f=lightning%2Fsrc%2Futil%2Fzbase32.rs;h=b9b204e5ed5be8a01322991ffa13f6659d80ed8c;hb=7c9302f6a788e9676d4804e84e5d7af5e3696997;hp=19a10cca3ea9d6ae09a42fb878d9f81e0da141ed;hpb=6f7a2bcdd1d057592fac25c11a1aa5ce46bf3b42;p=rust-lightning diff --git a/lightning/src/util/zbase32.rs b/lightning/src/util/zbase32.rs index 19a10cca..b9b204e5 100644 --- a/lightning/src/util/zbase32.rs +++ b/lightning/src/util/zbase32.rs @@ -25,8 +25,9 @@ SOFTWARE. const ALPHABET: &'static [u8] = b"ybndrfg8ejkmcpqxot1uwisza345h769"; +/// Encodes some bytes as a zbase32 string pub fn encode(data: &[u8]) -> String { - let mut ret = Vec::with_capacity((data.len() + 3) / 4 * 5); + let mut ret = Vec::with_capacity((data.len() + 4) / 5 * 8); for chunk in data.chunks(5) { let buf = { @@ -47,11 +48,11 @@ pub fn encode(data: &[u8]) -> String { ret.push(ALPHABET[(buf[4] & 0x1F) as usize]); } - if data.len() % 5 != 0 { - let len = ret.len(); - let num_extra = 8 - (data.len() % 5 * 8 + 4) / 5; - ret.truncate(len - num_extra); - } + ret.truncate((data.len() * 8 + 4) / 5); + + // Check that our capacity calculation doesn't under-shoot in fuzzing + #[cfg(fuzzing)] + assert_eq!(ret.capacity(), (data.len() + 4) / 5 * 8); String::from_utf8(ret).unwrap() } @@ -62,21 +63,29 @@ const INV_ALPHABET: [i8; 43] = [ 21, 9, 10, -1, 11, 2, 16, 13, 14, 4, 22, 17, 19, -1, 20, 15, 0, 23, ]; -pub fn decode(data: &str) -> Result, &'static str> { +/// Decodes a zbase32 string to the original bytes, failing if the string was not encoded by a +/// proper zbase32 encoder. +pub fn decode(data: &str) -> Result, ()> { if !data.is_ascii() { - return Err("Data is not zbase32 encoded"); + return Err(()); } let data = data.as_bytes(); let output_length = data.len() * 5 / 8; - let mut ret = Vec::with_capacity((output_length + 4) / 5 * 5); + if data.len() > (output_length * 8 + 4) / 5 { + // If the string has more charachters than are required to encode the number of bytes + // decodable, treat the string as invalid. + return Err(()); + } + + let mut ret = Vec::with_capacity((data.len() + 7) / 8 * 5); for chunk in data.chunks(8) { let buf = { let mut buf = [0u8; 8]; for (i, &c) in chunk.iter().enumerate() { match INV_ALPHABET.get(c.to_ascii_uppercase().wrapping_sub(b'0') as usize) { - Some(&-1) | None => return Err("Data is not zbase32 encoded"), + Some(&-1) | None => return Err(()), Some(&value) => buf[i] = value as u8, }; } @@ -88,10 +97,22 @@ pub fn decode(data: &str) -> Result, &'static str> { ret.push((buf[4] << 7) | (buf[5] << 2) | (buf[6] >> 3)); ret.push((buf[6] << 5) | buf[7]); } - ret.truncate(output_length); + for c in ret.drain(output_length..) { + if c != 0 { + // If the original string had any bits set at positions outside of the encoded data, + // treat the string as invalid. + return Err(()); + } + } + + // Check that our capacity calculation doesn't under-shoot in fuzzing + #[cfg(fuzzing)] + assert_eq!(ret.capacity(), (data.len() + 7) / 8 * 5); + Ok(ret) } +#[cfg(test)] mod tests { use super::*; @@ -125,7 +146,7 @@ mod tests { #[test] fn test_decode_wrong() { - let WRONG_DATA = &["00", "l1", "?", "="]; + const WRONG_DATA: &[&str] = &["00", "l1", "?", "="]; for &data in WRONG_DATA { match decode(data) { @@ -134,4 +155,4 @@ mod tests { } } } -} \ No newline at end of file +}