Line | Count | Source (jump to first uncovered line) |
1 | | /*************************************************************************** |
2 | | * _ _ ____ _ |
3 | | * Project ___| | | | _ \| | |
4 | | * / __| | | | |_) | | |
5 | | * | (__| |_| | _ <| |___ |
6 | | * \___|\___/|_| \_\_____| |
7 | | * |
8 | | * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. |
9 | | * |
10 | | * This software is licensed as described in the file COPYING, which |
11 | | * you should have received as part of this distribution. The terms |
12 | | * are also available at https://curl.se/docs/copyright.html. |
13 | | * |
14 | | * You may opt to use, copy, modify, merge, publish, distribute and/or sell |
15 | | * copies of the Software, and permit persons to whom the Software is |
16 | | * furnished to do so, under the terms of the COPYING file. |
17 | | * |
18 | | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY |
19 | | * KIND, either express or implied. |
20 | | * |
21 | | * SPDX-License-Identifier: curl |
22 | | * |
23 | | ***************************************************************************/ |
24 | | |
25 | | /* Base64 encoding/decoding */ |
26 | | |
27 | | #include "curl_setup.h" |
28 | | |
29 | | #if !defined(CURL_DISABLE_HTTP_AUTH) || defined(USE_SSH) || \ |
30 | | !defined(CURL_DISABLE_LDAP) || \ |
31 | | !defined(CURL_DISABLE_SMTP) || \ |
32 | | !defined(CURL_DISABLE_POP3) || \ |
33 | | !defined(CURL_DISABLE_IMAP) || \ |
34 | | !defined(CURL_DISABLE_DOH) || defined(USE_SSL) |
35 | | |
36 | | #include "urldata.h" /* for the Curl_easy definition */ |
37 | | #include "warnless.h" |
38 | | #include "curl_base64.h" |
39 | | |
40 | | /* The last 2 #include files should be in this order */ |
41 | | #include "curl_memory.h" |
42 | | #include "memdebug.h" |
43 | | |
44 | | /* ---- Base64 Encoding/Decoding Table --- */ |
45 | | /* Padding character string starts at offset 64. */ |
46 | | static const char base64[]= |
47 | | "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="; |
48 | | |
49 | | /* The Base 64 encoding with a URL and filename safe alphabet, RFC 4648 |
50 | | section 5 */ |
51 | | static const char base64url[]= |
52 | | "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"; |
53 | | |
54 | | static const unsigned char decodetable[] = |
55 | | { 62, 255, 255, 255, 63, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 255, 255, 255, |
56 | | 255, 255, 255, 255, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, |
57 | | 17, 18, 19, 20, 21, 22, 23, 24, 25, 255, 255, 255, 255, 255, 255, 26, 27, 28, |
58 | | 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, |
59 | | 48, 49, 50, 51 }; |
60 | | /* |
61 | | * Curl_base64_decode() |
62 | | * |
63 | | * Given a base64 NUL-terminated string at src, decode it and return a |
64 | | * pointer in *outptr to a newly allocated memory area holding decoded |
65 | | * data. Size of decoded data is returned in variable pointed by outlen. |
66 | | * |
67 | | * Returns CURLE_OK on success, otherwise specific error code. Function |
68 | | * output shall not be considered valid unless CURLE_OK is returned. |
69 | | * |
70 | | * When decoded data length is 0, returns NULL in *outptr. |
71 | | * |
72 | | * @unittest: 1302 |
73 | | */ |
74 | | CURLcode Curl_base64_decode(const char *src, |
75 | | unsigned char **outptr, size_t *outlen) |
76 | 0 | { |
77 | 0 | size_t srclen = 0; |
78 | 0 | size_t padding = 0; |
79 | 0 | size_t i; |
80 | 0 | size_t numQuantums; |
81 | 0 | size_t fullQuantums; |
82 | 0 | size_t rawlen = 0; |
83 | 0 | unsigned char *pos; |
84 | 0 | unsigned char *newstr; |
85 | 0 | unsigned char lookup[256]; |
86 | |
|
87 | 0 | *outptr = NULL; |
88 | 0 | *outlen = 0; |
89 | 0 | srclen = strlen(src); |
90 | | |
91 | | /* Check the length of the input string is valid */ |
92 | 0 | if(!srclen || srclen % 4) |
93 | 0 | return CURLE_BAD_CONTENT_ENCODING; |
94 | | |
95 | | /* srclen is at least 4 here */ |
96 | 0 | while(src[srclen - 1 - padding] == '=') { |
97 | | /* count padding characters */ |
98 | 0 | padding++; |
99 | | /* A maximum of two = padding characters is allowed */ |
100 | 0 | if(padding > 2) |
101 | 0 | return CURLE_BAD_CONTENT_ENCODING; |
102 | 0 | } |
103 | | |
104 | | /* Calculate the number of quantums */ |
105 | 0 | numQuantums = srclen / 4; |
106 | 0 | fullQuantums = numQuantums - (padding ? 1 : 0); |
107 | | |
108 | | /* Calculate the size of the decoded string */ |
109 | 0 | rawlen = (numQuantums * 3) - padding; |
110 | | |
111 | | /* Allocate our buffer including room for a null-terminator */ |
112 | 0 | newstr = malloc(rawlen + 1); |
113 | 0 | if(!newstr) |
114 | 0 | return CURLE_OUT_OF_MEMORY; |
115 | | |
116 | 0 | pos = newstr; |
117 | |
|
118 | 0 | memset(lookup, 0xff, sizeof(lookup)); |
119 | 0 | memcpy(&lookup['+'], decodetable, sizeof(decodetable)); |
120 | | /* replaces |
121 | | { |
122 | | unsigned char c; |
123 | | const unsigned char *p = (const unsigned char *)base64; |
124 | | for(c = 0; *p; c++, p++) |
125 | | lookup[*p] = c; |
126 | | } |
127 | | */ |
128 | | |
129 | | /* Decode the complete quantums first */ |
130 | 0 | for(i = 0; i < fullQuantums; i++) { |
131 | 0 | unsigned char val; |
132 | 0 | unsigned int x = 0; |
133 | 0 | int j; |
134 | |
|
135 | 0 | for(j = 0; j < 4; j++) { |
136 | 0 | val = lookup[(unsigned char)*src++]; |
137 | 0 | if(val == 0xff) /* bad symbol */ |
138 | 0 | goto bad; |
139 | 0 | x = (x << 6) | val; |
140 | 0 | } |
141 | 0 | pos[2] = x & 0xff; |
142 | 0 | pos[1] = (x >> 8) & 0xff; |
143 | 0 | pos[0] = (x >> 16) & 0xff; |
144 | 0 | pos += 3; |
145 | 0 | } |
146 | 0 | if(padding) { |
147 | | /* this means either 8 or 16 bits output */ |
148 | 0 | unsigned char val; |
149 | 0 | unsigned int x = 0; |
150 | 0 | int j; |
151 | 0 | size_t padc = 0; |
152 | 0 | for(j = 0; j < 4; j++) { |
153 | 0 | if(*src == '=') { |
154 | 0 | x <<= 6; |
155 | 0 | src++; |
156 | 0 | if(++padc > padding) |
157 | | /* this is a badly placed '=' symbol! */ |
158 | 0 | goto bad; |
159 | 0 | } |
160 | 0 | else { |
161 | 0 | val = lookup[(unsigned char)*src++]; |
162 | 0 | if(val == 0xff) /* bad symbol */ |
163 | 0 | goto bad; |
164 | 0 | x = (x << 6) | val; |
165 | 0 | } |
166 | 0 | } |
167 | 0 | if(padding == 1) |
168 | 0 | pos[1] = (x >> 8) & 0xff; |
169 | 0 | pos[0] = (x >> 16) & 0xff; |
170 | 0 | pos += 3 - padding; |
171 | 0 | } |
172 | | |
173 | | /* Zero terminate */ |
174 | 0 | *pos = '\0'; |
175 | | |
176 | | /* Return the decoded data */ |
177 | 0 | *outptr = newstr; |
178 | 0 | *outlen = rawlen; |
179 | |
|
180 | 0 | return CURLE_OK; |
181 | 0 | bad: |
182 | 0 | free(newstr); |
183 | 0 | return CURLE_BAD_CONTENT_ENCODING; |
184 | 0 | } |
185 | | |
186 | | static CURLcode base64_encode(const char *table64, |
187 | | const char *inputbuff, size_t insize, |
188 | | char **outptr, size_t *outlen) |
189 | 0 | { |
190 | 0 | char *output; |
191 | 0 | char *base64data; |
192 | 0 | const unsigned char *in = (unsigned char *)inputbuff; |
193 | 0 | const char *padstr = &table64[64]; /* Point to padding string. */ |
194 | |
|
195 | 0 | *outptr = NULL; |
196 | 0 | *outlen = 0; |
197 | |
|
198 | 0 | if(!insize) |
199 | 0 | insize = strlen(inputbuff); |
200 | |
|
201 | | #if SIZEOF_SIZE_T == 4 |
202 | | if(insize > UINT_MAX/4) |
203 | | return CURLE_OUT_OF_MEMORY; |
204 | | #endif |
205 | |
|
206 | 0 | base64data = output = malloc((insize + 2) / 3 * 4 + 1); |
207 | 0 | if(!output) |
208 | 0 | return CURLE_OUT_OF_MEMORY; |
209 | | |
210 | 0 | while(insize >= 3) { |
211 | 0 | *output++ = table64[ in[0] >> 2 ]; |
212 | 0 | *output++ = table64[ ((in[0] & 0x03) << 4) | (in[1] >> 4) ]; |
213 | 0 | *output++ = table64[ ((in[1] & 0x0F) << 2) | ((in[2] & 0xC0) >> 6) ]; |
214 | 0 | *output++ = table64[ in[2] & 0x3F ]; |
215 | 0 | insize -= 3; |
216 | 0 | in += 3; |
217 | 0 | } |
218 | 0 | if(insize) { |
219 | | /* this is only one or two bytes now */ |
220 | 0 | *output++ = table64[ in[0] >> 2 ]; |
221 | 0 | if(insize == 1) { |
222 | 0 | *output++ = table64[ ((in[0] & 0x03) << 4) ]; |
223 | 0 | if(*padstr) { |
224 | 0 | *output++ = *padstr; |
225 | 0 | *output++ = *padstr; |
226 | 0 | } |
227 | 0 | } |
228 | 0 | else { |
229 | | /* insize == 2 */ |
230 | 0 | *output++ = table64[ ((in[0] & 0x03) << 4) | ((in[1] & 0xF0) >> 4) ]; |
231 | 0 | *output++ = table64[ ((in[1] & 0x0F) << 2) ]; |
232 | 0 | if(*padstr) |
233 | 0 | *output++ = *padstr; |
234 | 0 | } |
235 | 0 | } |
236 | | |
237 | | /* Zero terminate */ |
238 | 0 | *output = '\0'; |
239 | | |
240 | | /* Return the pointer to the new data (allocated memory) */ |
241 | 0 | *outptr = base64data; |
242 | | |
243 | | /* Return the length of the new data */ |
244 | 0 | *outlen = output - base64data; |
245 | |
|
246 | 0 | return CURLE_OK; |
247 | 0 | } |
248 | | |
249 | | /* |
250 | | * Curl_base64_encode() |
251 | | * |
252 | | * Given a pointer to an input buffer and an input size, encode it and |
253 | | * return a pointer in *outptr to a newly allocated memory area holding |
254 | | * encoded data. Size of encoded data is returned in variable pointed by |
255 | | * outlen. |
256 | | * |
257 | | * Input length of 0 indicates input buffer holds a NUL-terminated string. |
258 | | * |
259 | | * Returns CURLE_OK on success, otherwise specific error code. Function |
260 | | * output shall not be considered valid unless CURLE_OK is returned. |
261 | | * |
262 | | * @unittest: 1302 |
263 | | */ |
264 | | CURLcode Curl_base64_encode(const char *inputbuff, size_t insize, |
265 | | char **outptr, size_t *outlen) |
266 | 0 | { |
267 | 0 | return base64_encode(base64, inputbuff, insize, outptr, outlen); |
268 | 0 | } |
269 | | |
270 | | /* |
271 | | * Curl_base64url_encode() |
272 | | * |
273 | | * Given a pointer to an input buffer and an input size, encode it and |
274 | | * return a pointer in *outptr to a newly allocated memory area holding |
275 | | * encoded data. Size of encoded data is returned in variable pointed by |
276 | | * outlen. |
277 | | * |
278 | | * Input length of 0 indicates input buffer holds a NUL-terminated string. |
279 | | * |
280 | | * Returns CURLE_OK on success, otherwise specific error code. Function |
281 | | * output shall not be considered valid unless CURLE_OK is returned. |
282 | | * |
283 | | * @unittest: 1302 |
284 | | */ |
285 | | CURLcode Curl_base64url_encode(const char *inputbuff, size_t insize, |
286 | | char **outptr, size_t *outlen) |
287 | 0 | { |
288 | 0 | return base64_encode(base64url, inputbuff, insize, outptr, outlen); |
289 | 0 | } |
290 | | |
291 | | #endif /* no users so disabled */ |