commit bb1062e1732195317508694f6c25fb3056615b82
author Laurence Lundblade <laurencelundblade@users.noreply.github.com> Mon Aug 12 23:28:54 2019 -0700
committer GitHub <noreply@github.com> Mon Aug 12 23:28:54 2019 -0700
tree e321f4c83ac421bc6ae13c92c9de0d9da8283342
parent cd721590af28bd80d99fadf0179ece3cd5a5bda0

Improve error handling for not well-formed CBOR

src/qcbor_decode.c

diff --git a/src/qcbor_decode.c b/src/qcbor_decode.c
index 0c1eda9..9599b07 100644
--- a/src/qcbor_decode.c
+++ b/src/qcbor_decode.c
@@ -42,6 +42,8 @@
 
  when               who             what, where, why
  --------           ----            ---------------------------------------------------
+ 07/31/19           llundblade      Decode error fixes for some not-well-formed CBOR
+ 07/31/19           llundblade      New error code for better end of data handling
  02/17/19           llundblade      Fixed: QCBORItem.u{Data|Label}Alloc when bAllStrings set
  02/16/19           llundblade      Redesign MemPool to fix memory access alignment bug
  01/10/19           llundblade      Clever type and argument decoder is 250 bytes smaller
@@ -536,11 +538,7 @@
    pDecodedItem->uDataType = uAdditionalInfo;
 
    switch(uAdditionalInfo) {
-      case ADDINFO_RESERVED1:  // 28
-      case ADDINFO_RESERVED2:  // 29
-      case ADDINFO_RESERVED3:  // 30
-         nReturn = QCBOR_ERR_UNSUPPORTED;
-         break;
+      // No check for ADDINFO_RESERVED1 - ADDINFO_RESERVED3 as it is caught before this is called.
 
       case HALF_PREC_FLOAT:
          pDecodedItem->val.dfnum = IEEE754_HalfToDouble((uint16_t)uNumber);
@@ -783,8 +781,12 @@
          break;
 
       case CBOR_MAJOR_TYPE_OPTIONAL: // Major type 6, optional prepended tags
-         pDecodedItem->val.uTagV = uNumber;
-         pDecodedItem->uDataType = QCBOR_TYPE_OPTTAG;
+         if(uAdditionalInfo == LEN_IS_INDEFINITE) {
+            nReturn = QCBOR_ERR_BAD_INT;
+         } else {
+            pDecodedItem->val.uTagV = uNumber;
+            pDecodedItem->uDataType = QCBOR_TYPE_OPTTAG;
+         }
          break;
 
       case CBOR_MAJOR_TYPE_SIMPLE: // Major type 7, float, double, true, false, null...
@@ -869,7 +871,8 @@
 
       // Match data type of chunk to type at beginning.
       // Also catches error of other non-string types that don't belong.
-      if(StringChunkItem.uDataType != uStringType) {
+      // Also catches indefinite length strings inside indefinite length strings
+      if(StringChunkItem.uDataType != uStringType || StringChunkItem.val.string.len == SIZE_MAX) {
          nReturn = QCBOR_ERR_INDEFINITE_STRING_CHUNK;
          break;
       }
@@ -1065,6 +1068,12 @@
    // All the CBOR parsing work is here and in subordinate calls.
    QCBORError nReturn;
 
+   // Check if there are an
+   if(UsefulInputBuf_BytesUnconsumed(&(me->InBuf)) == 0 && !DecodeNesting_IsNested(&(me->nesting))) {
+      nReturn = QCBOR_ERR_NO_MORE_ITEMS;
+      goto Done;
+   }
+
    nReturn = GetNext_MapEntry(me, pDecodedItem, pTags);
    if(nReturn) {
       goto Done;

src/qcbor_encode.c

diff --git a/src/qcbor_encode.c b/src/qcbor_encode.c
index 20c6a47..28fb225 100644
--- a/src/qcbor_encode.c
+++ b/src/qcbor_encode.c
@@ -42,6 +42,7 @@
 
  when               who             what, where, why
  --------           ----            ---------------------------------------------------
+ 8/7/19             llundblade      Prevent encoding simple type reserved values 24..31
  7/25/19            janjongboom     Add indefinite length encoding for maps and arrays
  4/6/19             llundblade      Wrapped bstr returned now includes the wrapping bstr
  12/30/18           llundblade      Small efficient clever encode of type & argument.
@@ -189,7 +190,7 @@
  structures like array/map nesting resulting in some stack memory
  savings.
 
- Errors returned here fall into two categories:
+ Errors returned here fall into three categories:
 
  Sizes
    QCBOR_ERR_BUFFER_TOO_LARGE -- Encoded output exceeded UINT32_MAX
@@ -202,6 +203,9 @@
    QCBOR_ERR_TOO_MANY_CLOSES -- more close calls than opens
    QCBOR_ERR_CLOSE_MISMATCH -- Type of close does not match open
    QCBOR_ERR_ARRAY_OR_MAP_STILL_OPEN -- Finish called without enough closes
+
+ Would generate not-well-formed CBOR
+   QCBOR_ERR_UNSUPPORTED -- Simple type between 24 and 31
  */
 
 
@@ -463,18 +467,22 @@
 void QCBOREncode_AddType7(QCBOREncodeContext *me, size_t uSize, uint64_t uNum)
 {
    if(me->uError == QCBOR_SUCCESS) {
-      // This function call takes care of endian swapping for the float / double
-      InsertEncodedTypeAndNumber(me,
-                                 // The major type for floats and doubles
-                                 CBOR_MAJOR_TYPE_SIMPLE,
-                                 // size makes sure floats with zeros encode correctly
-                                 (int)uSize,
-                                 // Bytes of the floating point number as a uint
-                                 uNum,
-                                 // end position because this is append
-                                 UsefulOutBuf_GetEndPosition(&(me->OutBuf)));
+      if(uNum >= CBOR_SIMPLEV_RESERVED_START && uNum <= CBOR_SIMPLEV_RESERVED_END) {
+         me->uError = QCBOR_ERR_UNSUPPORTED;
+      } else {
+         // This function call takes care of endian swapping for the float / double
+         InsertEncodedTypeAndNumber(me,
+                                    // The major type for floats and doubles
+                                    CBOR_MAJOR_TYPE_SIMPLE,
+                                    // size makes sure floats with zeros encode correctly
+                                    (int)uSize,
+                                    // Bytes of the floating point number as a uint
+                                    uNum,
+                                    // end position because this is append
+                                    UsefulOutBuf_GetEndPosition(&(me->OutBuf)));
 
-      me->uError = Nesting_Increment(&(me->nesting));
+         me->uError = Nesting_Increment(&(me->nesting));
+      }
    }
 }