Add tests for too long input; remove an unnecessary length check; code clean up
diff --git a/inc/qcbor/qcbor_decode.h b/inc/qcbor/qcbor_decode.h
index db7a005..ca294f1 100644
--- a/inc/qcbor/qcbor_decode.h
+++ b/inc/qcbor/qcbor_decode.h
@@ -149,7 +149,6 @@
The maximum size of input to the decoder. Slightly less than UINT32_MAX
to make room for some special indicator values.
*/
-// TODO: test all the cases were this limit is checked
#define QCBOR_MAX_DECODE_INPUT_SIZE (UINT32_MAX - 2)
/**
diff --git a/src/qcbor_decode.c b/src/qcbor_decode.c
index 75da839..64a86f7 100644
--- a/src/qcbor_decode.c
+++ b/src/qcbor_decode.c
@@ -3056,7 +3056,7 @@
goto Done;
}
- CopyTags(pMe, &Item);
+ CopyTags(pMe, &Item);
const bool bIsEmpty = (Item.uNextNestLevel <= Item.uNestingLevel);
@@ -3207,9 +3207,9 @@
}
if(DecodeNesting_IsCurrentDefiniteLength(&(pMe->nesting))) {
- /* Reverse the decrement done by GetNext() for the bstr as
- so the increment in NestLevelAscender called by ExitBoundedLevel()
- will work right. */
+ // Reverse the decrement done by GetNext() for the bstr so the
+ // increment in NestLevelAscender() called by ExitBoundedLevel()
+ // will work right.
DecodeNesting_ReverseDecrement(&(pMe->nesting));
}
@@ -3217,23 +3217,33 @@
*pBstr = pItem->val.string;
}
- const size_t uPreviousLength = UsefulInputBuf_GetBufferLength(&(pMe->InBuf));
-
- // Need to move UIB input cursor to the right place.
+ // This saves the current length of the UsefulInputBuf and then
+ // narrows the UsefulInputBuf to start and length of the wrapped
+ // CBOR that is being entered.
+ //
+ // This makes sure the length is less than
+ // QCBOR_MAX_DECODE_INPUT_SIZE which is slighly less than
+ // UINT32_MAX. The value UINT32_MAX is used as a special indicator
+ // value. The checks against QCBOR_MAX_DECODE_INPUT_SIZE also make
+ // the casts safe. uEndOfBstr will always be less than
+ // uPreviousLength because of the way UsefulInputBuf works so there
+ // is no need to check it. There is also a range check in the
+ // seek.
+ //
// Most of these calls are simple inline accessors so this doesn't
- // amount to much code. There is a range check in the seek.
- const size_t uEndOfBstr = UsefulInputBuf_Tell(&(pMe->InBuf));
- if(uEndOfBstr >= QCBOR_MAX_DECODE_INPUT_SIZE || uPreviousLength >= QCBOR_MAX_DECODE_INPUT_SIZE) {
+ // amount to much code.
+ const size_t uPreviousLength = UsefulInputBuf_GetBufferLength(&(pMe->InBuf));
+ if(uPreviousLength >= QCBOR_MAX_DECODE_INPUT_SIZE) {
uError = QCBOR_ERR_INPUT_TOO_LARGE;
goto Done;
}
+ const size_t uEndOfBstr = UsefulInputBuf_Tell(&(pMe->InBuf));
UsefulInputBuf_Seek(&(pMe->InBuf), uEndOfBstr - pItem->val.string.len);
UsefulInputBuf_SetBufferLength(&(pMe->InBuf), uEndOfBstr);
- // Casts are OK because of checks against QCBOR_MAX_DECODE_INPUT_SIZE above.
uError = DecodeNesting_DescendIntoBstrWrapped(&(pMe->nesting),
- (uint32_t)uPreviousLength,
- (uint32_t)uEndOfBstr);
+ (uint32_t)uPreviousLength,
+ (uint32_t)uEndOfBstr);
Done:
return uError;
}
diff --git a/test/qcbor_decode_tests.c b/test/qcbor_decode_tests.c
index 49cf76a..9649b22 100644
--- a/test/qcbor_decode_tests.c
+++ b/test/qcbor_decode_tests.c
@@ -6384,3 +6384,105 @@
return 0;
}
+
+
+
+
+/*
+ [
+ "aaaaaaaaaa",
+ {}
+ ]
+ */
+static const uint8_t spTooLarge1[] = {
+ 0x9f,
+ 0x6a, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61,
+ 0xa0,
+ 0xff
+};
+
+/*
+ [
+ {
+ 0: "aaaaaaaaaa"
+ }
+ ]
+ */
+static const uint8_t spTooLarge2[] = {
+ 0x9f,
+ 0xa1,
+ 0x00,
+ 0x6a, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61,
+ 0xff
+};
+
+/*
+ h'A1006A61616161616161616161'
+
+ {
+ 0: "aaaaaaaaaa"
+ }
+ */
+static const uint8_t spTooLarge3[] = {
+ 0x4d,
+ 0xa1,
+ 0x00,
+ 0x6a, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61,
+};
+
+int32_t TooLargeInputTest(void)
+{
+ QCBORDecodeContext DC;
+ QCBORError uErr;
+ UsefulBufC String;
+
+ // These tests require a build with QCBOR_MAX_DECODE_INPUT_SIZE set
+ // to 10 There's not really any way to test this error
+ // condition. The error condition is not complex, so setting
+ // QCBOR_MAX_DECODE_INPUT_SIZE gives an OK test.
+
+ // The input CBOR is only too large because the
+ // QCBOR_MAX_DECODE_INPUT_SIZE is 10.
+ //
+ // This test is disabled for the normal test runs because of the
+ // special build requirement.
+
+
+ // Tests the start of a map being too large
+ QCBORDecode_Init(&DC, UsefulBuf_FROM_BYTE_ARRAY_LITERAL(spTooLarge1), QCBOR_DECODE_MODE_NORMAL);
+ QCBORDecode_EnterArray(&DC);
+ QCBORDecode_GetTextString(&DC, &String);
+ uErr = QCBORDecode_GetError(&DC);
+ if(uErr != QCBOR_SUCCESS) {
+ return 1;
+ }
+ QCBORDecode_EnterMap(&DC);
+ uErr = QCBORDecode_GetError(&DC);
+ if(uErr != QCBOR_ERR_INPUT_TOO_LARGE) {
+ return 2;
+ }
+
+ // Tests the end of a map being too large
+ QCBORDecode_Init(&DC, UsefulBuf_FROM_BYTE_ARRAY_LITERAL(spTooLarge2), QCBOR_DECODE_MODE_NORMAL);
+ QCBORDecode_EnterArray(&DC);
+ QCBORDecode_EnterMap(&DC);
+ uErr = QCBORDecode_GetError(&DC);
+ if(uErr != QCBOR_SUCCESS) {
+ return 3;
+ }
+ QCBORDecode_ExitMap(&DC);
+ uErr = QCBORDecode_GetError(&DC);
+ if(uErr != QCBOR_ERR_INPUT_TOO_LARGE) {
+ return 4;
+ }
+
+ // Tests the entire input CBOR being too large when processing bstr wrapping
+ QCBORDecode_Init(&DC, UsefulBuf_FROM_BYTE_ARRAY_LITERAL(spTooLarge3), QCBOR_DECODE_MODE_NORMAL);
+ QCBORDecode_EnterBstrWrapped(&DC, QCBOR_TAG_REQUIREMENT_NOT_A_TAG, NULL);
+ uErr = QCBORDecode_GetError(&DC);
+ if(uErr != QCBOR_ERR_INPUT_TOO_LARGE) {
+ return 5;
+ }
+
+ return 0;
+}
diff --git a/test/qcbor_decode_tests.h b/test/qcbor_decode_tests.h
index 4bf6b39..1c01ee4 100644
--- a/test/qcbor_decode_tests.h
+++ b/test/qcbor_decode_tests.h
@@ -284,4 +284,11 @@
*/
int32_t DecodeTaggedTypeTests(void);
+
+/*
+ Test the detection of input that is too large. Requires
+ a special build that makes QCBOR_MAX_DECODE_INPUT_SIZE small.
+ */
+int32_t TooLargeInputTest(void);
+
#endif /* defined(__QCBOR__qcbort_decode_tests__) */
diff --git a/test/run_tests.c b/test/run_tests.c
index be180a7..a6b402e 100644
--- a/test/run_tests.c
+++ b/test/run_tests.c
@@ -108,6 +108,7 @@
TEST_ENTRY(CoseSign1TBSTest),
TEST_ENTRY(StringDecoderModeFailTest),
TEST_ENTRY_DISABLED(BigComprehensiveInputTest),
+ TEST_ENTRY_DISABLED(TooLargeInputTest),
TEST_ENTRY(EncodeErrorTests),
TEST_ENTRY(SetUpAllocatorTest),
TEST_ENTRY(SimpleValuesIndefiniteLengthTest1),