--- parser3/src/classes/math.C 2015/10/06 22:20:50 1.78 +++ parser3/src/classes/math.C 2025/09/01 00:21:37 1.111 @@ -1,8 +1,8 @@ /** @file Parser: @b math parser class. - Copyright (c) 2001-2012 Art. Lebedev Studio (http://www.artlebedev.com) - Author: Alexandr Petrosian (http://paf.design.ru) + Copyright (c) 2001-2024 Art. Lebedev Studio (http://www.artlebedev.com) + Authors: Konstantin Morshnev , Alexandr Petrosian portions from gen_uuid.c, Copyright (C) 1996, 1997, 1998, 1999 Theodore Ts'o. @@ -10,6 +10,7 @@ #include "pa_vmethod_frame.h" #include "pa_common.h" +#include "pa_base64.h" #include "pa_vint.h" #include "pa_vmath.h" #include "pa_vfile.h" @@ -22,7 +23,7 @@ extern "C" char *crypt(const char* , const char* ); #endif -volatile const char * IDENT_MATH_C="$Id: math.C,v 1.78 2015/10/06 22:20:50 moko Exp $"; +volatile const char * IDENT_MATH_C="$Id: math.C,v 1.111 2025/09/01 00:21:37 moko Exp $"; // defines @@ -31,27 +32,24 @@ volatile const char * IDENT_MATH_C="$Id: // class class MMath: public Methoded { -public: - MMath(); - public: // Methoded bool used_directly() { return false; } + +public: + MMath(); }; // global variables -DECLARE_CLASS_VAR(math, 0 /*fictive*/, new MMath); +DECLARE_CLASS_VAR(math, new MMath); // methods static void _random(Request& r, MethodParams& params) { double top=params.as_double(0, "range must be expression", r); - if(top<=0 || top>MAX_UINT) - throw Exception(PARSER_RUNTIME, - 0, - "top(%g) must be [1..%u]", top, MAX_UINT); - - r.write_no_lang(*new VInt(_random(uint(top)))); + if(top<1 || top>INT_MAX) + throw Exception(PARSER_RUNTIME, 0, "top(%.15g) must be [1..%u]", top, INT_MAX); + r.write(*new VInt(_random(uint(top)))); } @@ -63,7 +61,7 @@ static double radians(double param) { re static void math1(Request& r, MethodParams& params, math1_func_ptr func) { double param=params.as_double(0, "parameter must be expression", r); double result=func(param); - r.write_no_lang(*new VDouble(result)); + r.write(*new VDouble(result)); } #define MATH1(name) \ @@ -102,7 +100,7 @@ static void math2(Request& r, MethodPara double a=params.as_double(0, "parameter must be expression", r); double b=params.as_double(1, "parameter must be expression", r); double result=func(a, b); - r.write_no_lang(*new VDouble(result)); + r.write(*new VDouble(result)); } #define MATH2(name) \ @@ -111,6 +109,28 @@ static void math2(Request& r, MethodPara } MATH2(pow) +MATH2(atan2) + +static inline uint64_t ulp_key_double(double x) { + union { double d; uint64_t u; } v; v.d = x; + return (v.u & (1ull << 63)) ? (~v.u + 1ull) : (v.u | (1ull << 63)); +} + +static inline uint64_t ulp_distance_double(double a, double b) { + if (a == b) return 0; + uint64_t ka = ulp_key_double(a); + uint64_t kb = ulp_key_double(b); + return (ka > kb) ? (ka - kb) : (kb - ka); +} + +static void _eq(Request& r, MethodParams& params) { + double a=params.as_double(0, "parameter must be expression", r); + double b=params.as_double(1, "parameter must be expression", r); + uint64_t max_ulp=3; + if(params.count() == 3) + max_ulp=params.as_int(2, "max distance must be integer", r); + r.write(VBool::get(ulp_distance_double(a,b)<=max_ulp)); +} inline bool is_salt_body_char(unsigned char c) { return pa_isalnum(c) || c == '.' || c=='/'; @@ -136,7 +156,7 @@ static void _crypt(Request& r, MethodPar const char* normal_salt; char normalize_buf[MAX_STRING]; if(prefix_size==strlen(maybe_bodyless_salt)) { // bodyless? - strncpy(normalize_buf, maybe_bodyless_salt, MAX_STRING-MAX_SALT-1); + pa_strncpy(normalize_buf, maybe_bodyless_salt, MAX_STRING-MAX_SALT); char *cur=normalize_buf+strlen(normalize_buf); // sould add up MAX_SALT random chars static unsigned char itoa64[] = /* 0 ... 63 => ASCII - 64 */ @@ -156,7 +176,7 @@ static void _crypt(Request& r, MethodPar pa_MD5Encode((const unsigned char *)password, (const unsigned char *)normal_salt, sample_buf, sample_size); String sample(sample_buf); - r.write_pass_lang(sample); + r.write(sample); } else { #ifdef HAVE_CRYPT const char* static_sample_buf=crypt(password, normal_salt); @@ -167,7 +187,7 @@ static void _crypt(Request& r, MethodPar 0, "crypt on this platform does not support '%.*s' salt prefix", prefix_size, normal_salt); - r.write_pass_lang(String(pa_strdup(static_sample_buf))); + r.write(String(pa_strdup(static_sample_buf))); #else throw Exception(PARSER_RUNTIME, 0, @@ -185,7 +205,7 @@ static void _md5(Request& r, MethodParam pa_MD5Update(&context, (const unsigned char*)string, strlen(string)); pa_MD5Final(digest, &context); - r.write_pass_lang(*new String(hex_string(digest, sizeof(digest), false))); + r.write(*new String(hex_string(digest, sizeof(digest), false))); } @@ -319,7 +339,7 @@ void SHA1PadMessage(SHA1Context *context void SHA1ReadDigest(void *buf, SHA1Context *c) { if(!SHA1Result(c)) - throw Exception (PARSER_RUNTIME, 0, "Can not compute SHA1"); + throw Exception (PARSER_RUNTIME, 0, "Cannot compute SHA1"); ((uint32_t *)buf)[0] = SWAP(c->Message_Digest[0]); ((uint32_t *)buf)[1] = SWAP(c->Message_Digest[1]); @@ -337,7 +357,17 @@ static void _sha1(Request& r, MethodPara SHA1Input (&c, (const unsigned char*)string, strlen(string)); SHA1ReadDigest(digest, &c); - r.write_pass_lang(*new String(hex_string(digest, sizeof(digest), false))); + r.write(*new String(hex_string(digest, sizeof(digest), false))); +} + +String::C getData(Value& vdata, Request& r){ + if(const String* sdata=vdata.get_string()){ + String::Body body=sdata->cstr_to_string_body_untaint(String::L_AS_IS, r.connection(false), &r.charsets); // explode content, honor tainting changes + return String::C(body.cstr(), body.length()); + } else { + VFile *file=vdata.as_vfile(); + return String::C(file->value_ptr(),file->value_size()); + } } void memxor(char *dest, const char *src, size_t n){ @@ -347,13 +377,12 @@ void memxor(char *dest, const char *src, #define IPAD 0x36 #define OPAD 0x5c -#define HMAC(key,init,update,final,blocklen,digestlen){ \ +#define HMAC(key,keylen,init,update,final,blocklen,digestlen){ \ unsigned char tempdigest[digestlen], keydigest[digestlen]; \ - size_t keylen=strlen(key); \ /* Reduce the key's size, so that it becomes <= blocklen bytes. */ \ if (keylen > blocklen){ \ init(&c); \ - update(&c,(const unsigned char*)hmac, keylen); \ + update(&c,(const unsigned char*)key, keylen); \ final(keydigest, &c); \ key = (char *)keydigest; \ keylen = digestlen; \ @@ -377,16 +406,7 @@ void memxor(char *dest, const char *src, static void _digest(Request& r, MethodParams& params) { const String &smethod = params.as_string(0, PARAMETER_MUST_BE_STRING); - Value& vdata=params.as_no_junction(1, "parameter must be string or file"); - - String::C data; - if(const String* sdata=vdata.get_string()){ - String::Body body=sdata->cstr_to_string_body_untaint(String::L_AS_IS, r.connection(false), &r.charsets); // explode content, honor tainting changes - data=String::C(body.cstr(), body.length()); - } else { - VFile *file=vdata.as_vfile(String::L_AS_IS); - data=String::C(file->value_ptr(),file->value_size()); - } + String::C data=getData(params.as_no_junction(1, "parameter must be string or file"), r); enum Method { M_MD5, M_SHA1, M_SHA256, M_SHA512 } method; @@ -394,22 +414,31 @@ static void _digest(Request& r, MethodPa else if (smethod == "sha1" ) method = M_SHA1; else if (smethod == "sha256" ) method = M_SHA256; else if (smethod == "sha512" ) method = M_SHA512; - else throw Exception(PARSER_RUNTIME, &smethod, "must be 'md5' or 'sha1'"); + else throw Exception(PARSER_RUNTIME, &smethod, "must be 'md5' or 'sha1' or 'sha256' or 'sha512'"); const char *hmac=0; - enum Format { F_HEX, F_BASE64 } format = F_HEX; + size_t hmac_len=0; + + enum Format { F_HEX, F_BASE64, F_FILE } format = F_HEX; if(params.count() == 3) if(HashStringValue* options=params.as_hash(2)) { int valid_options=0; if(Value* value=options->get("hmac")) { - hmac=value->as_string().cstr(); + if(VFile* vfile=dynamic_cast(value)){ + hmac=(const char* )vfile->value_ptr(); + hmac_len=vfile->value_size(); + } else { + hmac=value->as_string().cstr(); + hmac_len=strlen(hmac); + } valid_options++; } if(Value* value=options->get("format")) { const String& sformat=value->as_string(); if (sformat == "hex") format = F_HEX; else if (sformat == "base64" ) format = F_BASE64; + else if (sformat == "file" ) format = F_FILE; else throw Exception(PARSER_RUNTIME, &sformat, "must be 'hex' or 'base64'"); valid_options++; } @@ -422,7 +451,7 @@ static void _digest(Request& r, MethodPa if(method == M_MD5){ PA_MD5_CTX c; if(hmac){ - HMAC(hmac, pa_MD5Init, pa_MD5Update, pa_MD5Final, 64, 16); + HMAC(hmac, hmac_len, pa_MD5Init, pa_MD5Update, pa_MD5Final, 64, 16); } else { pa_MD5Init(&c); pa_MD5Update(&c, (const unsigned char*)data.str, data.length); @@ -435,7 +464,7 @@ static void _digest(Request& r, MethodPa if(method == M_SHA1){ SHA1Context c; if(hmac){ - HMAC(hmac, SHA1Reset, SHA1Input, SHA1ReadDigest, 64, 20); + HMAC(hmac, hmac_len, SHA1Reset, SHA1Input, SHA1ReadDigest, 64, 20); } else { SHA1Reset(&c); SHA1Input(&c, (const unsigned char*)data.str, data.length); @@ -448,7 +477,7 @@ static void _digest(Request& r, MethodPa if(method == M_SHA256){ SHA256_CTX c; if(hmac){ - HMAC(hmac, pa_SHA256_Init, pa_SHA256_Update, pa_SHA256_Final, 64, SHA256_DIGEST_LENGTH); + HMAC(hmac, hmac_len, pa_SHA256_Init, pa_SHA256_Update, pa_SHA256_Final, 64, SHA256_DIGEST_LENGTH); } else { pa_SHA256_Init(&c); pa_SHA256_Update(&c, (const unsigned char*)data.str, data.length); @@ -461,7 +490,7 @@ static void _digest(Request& r, MethodPa if(method == M_SHA512){ SHA512_CTX c; if(hmac){ - HMAC(hmac, pa_SHA512_Init, pa_SHA512_Update, pa_SHA512_Final, 128, SHA512_DIGEST_LENGTH); + HMAC(hmac, hmac_len, pa_SHA512_Init, pa_SHA512_Update, pa_SHA512_Final, 128, SHA512_DIGEST_LENGTH); } else { pa_SHA512_Init(&c); pa_SHA512_Update(&c, (const unsigned char*)data.str, data.length); @@ -472,114 +501,299 @@ static void _digest(Request& r, MethodPa } if(format == F_HEX){ - r.write_pass_lang(*new String(hex_string((unsigned char *)digest.str, digest.length, false))); + r.write(*new String(hex_string((unsigned char *)digest.str, digest.length, false))); } if(format == F_BASE64){ - r.write_pass_lang(*new String(pa_base64_encode(digest.str, digest.length))); + r.write(*new String(pa_base64_encode(digest.str, digest.length, Base64Options(false /*no wrap*/)))); + } + if(format == F_FILE){ + VFile& result=*new VFile; + result.set_binary(true, digest.str, digest.length); + r.write(result); } } -static void _uuid(Request& r, MethodParams& /*params*/) { - uuid uuid=get_uuid(); +static void _uuid(Request& r, MethodParams& params) { + bool lower=false; + bool solid=false; - const size_t bufsize=36+1/*zero-teminator*/+1/*for faulty snprintfs*/; - char* cstr=new(PointerFreeGC) char[bufsize]; + if (params.count() == 1) + if (HashStringValue* options = params.as_hash(0)) { + int valid_options = 0; + if (Value* vlower = options->get("lower")) { + lower = r.process(*vlower).as_bool(); + valid_options++; + } + if (Value* vsolid = options->get("solid")) { + solid = r.process(*vsolid).as_bool(); + valid_options++; + } + if (valid_options != options->count()) + throw Exception(PARSER_RUNTIME, 0, CALLED_WITH_INVALID_OPTION); + } + + r.write(*new String(get_uuid_cstr(lower, solid))); +} - snprintf(cstr, bufsize, - "%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X", - uuid.time_low, uuid.time_mid, uuid.time_hi_and_version, - uuid.clock_seq >> 8, uuid.clock_seq & 0xFF, - uuid.node[0], uuid.node[1], uuid.node[2], - uuid.node[3], uuid.node[4], uuid.node[5]); +static void _uuid7(Request& r, MethodParams& params) { + bool lower=false; + bool solid=false; + + if (params.count() == 1) + if (HashStringValue* options = params.as_hash(0)) { + int valid_options = 0; + if (Value* vlower = options->get("lower")) { + lower = r.process(*vlower).as_bool(); + valid_options++; + } + if (Value* vsolid = options->get("solid")) { + solid = r.process(*vsolid).as_bool(); + valid_options++; + } + if (valid_options != options->count()) + throw Exception(PARSER_RUNTIME, 0, CALLED_WITH_INVALID_OPTION); + } - r.write_pass_lang(*new String(cstr)); + r.write(*new String(get_uuid7_cstr(lower, solid))); } -static void _uid64(Request& r, MethodParams& /*params*/) { +static void _uid64(Request& r, MethodParams& params) { + bool lower = false; + + if (params.count() == 1) + if (HashStringValue* options = params.as_hash(0)) { + int valid_options = 0; + if (Value* vlower = options->get("lower")) { + lower = r.process(*vlower).as_bool(); + valid_options++; + } + if (valid_options != options->count()) + throw Exception(PARSER_RUNTIME, 0, CALLED_WITH_INVALID_OPTION); + } unsigned char id[64/8]; random(&id, sizeof(id)); - r.write_pass_lang(*new String(hex_string(id, sizeof(id), true))); + r.write(*new String(hex_string(id, sizeof(id), !lower))); } static void _crc32(Request& r, MethodParams& params) { const char *string=params.as_string(0, PARAMETER_MUST_BE_STRING).cstr(); - r.write_no_lang(*new VInt(pa_crc32(string, strlen(string)))); + r.write(*new VDouble((uint)pa_crc32(string, strlen(string)))); } -static void toBase(unsigned long long int value, unsigned int base, char*& ptr){ - static const char* hex="0123456789ABCDEF"; - int rest = value % base; - if(value >= base) - toBase( (value-rest)/base, base, ptr); - *ptr++=(char)hex[rest]; +static const char* abc_hex = "0123456789ABCDEF"; + +static unsigned char hex_lookup[256] = { + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 0, 0, 0, 0, 0, + 0,10,11,12,13,14,15, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0,10,11,12,13,14,15, 0, 0, 0, 0, 0, 0, 0, 0, 0 +}; + +static unsigned char abc_lookup[256] = {}; +static unsigned char abc_256_lookup[256] = {}; + +inline unsigned char *init_abc_256() { + if(!abc_256_lookup[255]) + for(int i=0; i<256; i++) abc_256_lookup[i] = (unsigned char)i; + return abc_256_lookup; } static void _convert(Request& r, MethodParams& params) { - const char *str=params.as_string(0, PARAMETER_MUST_BE_STRING).cstr(); + String::C data=getData(params.as_no_junction(0, "parameter must be string or file"), r); - int base_from=params.as_int(1, "base from must be integer", r); - if(base_from < 2 || base_from > 16) - throw Exception(PARSER_RUNTIME, 0, "base from must be an integer from 2 to 16"); + bool abc_mode = true; + unsigned char *lookup; + const char *abc_from; + int base_from; + + if(params[1].is_string()) { + abc_from = params[1].get_string()->cstr(); + base_from = strlen(abc_from); + if(base_from < 2) + throw Exception(PARSER_RUNTIME, 0, "alphabet 'from' must contain at least 2 characters"); + lookup = abc_lookup; + memset(abc_lookup,0,sizeof(abc_lookup)); + for(int i=0; i 16 && base_from != 256) + throw Exception(PARSER_RUNTIME, 0, "base 'from' must be an integer from 2 to 16 or 256"); + if (base_from == 256) { + abc_from = ""; + lookup = init_abc_256(); + } else { + abc_mode = false; + abc_from = abc_hex; + lookup = hex_lookup; + } + } - int base_to=params.as_int(2, "base to must be integer", r); - if(base_to < 2 || base_to > 16) - throw Exception(PARSER_RUNTIME, 0, "base to must be an integer from 2 to 16"); + const char *abc_to; + int base_to; - while(isspace(*str)) - str++; + if(params[2].is_string()) { + abc_to=params[2].get_string()->cstr(); + base_to=strlen(abc_to); + if(base_to < 2) + throw Exception(PARSER_RUNTIME, 0, "alphabet 'to' must contain at least 2 characters"); + } else { + base_to=params.as_int(2, "base 'to' must be integer or string", r); + if(base_to < 2 || base_to > 16 && base_to != 256) + throw Exception(PARSER_RUNTIME, 0, "base 'to' must be an integer from 2 to 16 or 256"); + if (base_to == 256) { + abc_to = (char *)init_abc_256(); + } else { + abc_to = abc_hex; + } + } - if(!*str) - return; + VFile* result_file = 0; + + if(params.count() == 4) + if(HashStringValue* options=params.as_hash(3)) { + int valid_options=0; + if(Value* value=options->get("format")) { + const String& sformat=value->as_string(); + if (sformat == "file" ) result_file = new VFile; + else if (sformat != "string") throw Exception(PARSER_RUNTIME, &sformat, "must be 'string' or 'file'"); + valid_options++; + } + if(valid_options!=options->count()) + throw Exception(PARSER_RUNTIME, 0, CALLED_WITH_INVALID_OPTION); + } bool negative=false; - if(str[0]=='-') { - negative=true; - str++; - } else if(str[0]=='+') { - str++; + + // converting digits to their numeric values + + unsigned char *src=(unsigned char *)pa_strdup(data.str, data.length); + const unsigned char *src_end = src + data.length; + + unsigned char *c; + + if(abc_mode){ + + for(c=src;c=base_from) { + for(unsigned char *s=c;s remainders((size_t)round(data.length * log((double)base_from) / log((double)base_to)) + 1); + + do { + int carry = 0; + unsigned char *dst = src; + for (c=src; c= base_to) { + *(dst++) = (unsigned char)(carry / base_to); + carry %= base_to; + } else if (dst > src) { + *(dst++) = 0; + } + } + src_end = dst; + remainders += abc_to[carry]; + } while (src_end > src); - char result_cstr[sizeof(unsigned long long int)*8+1/*minus for negative number*/+1/*terminator*/]; - char* ptr=result_cstr; + // result processing + + size_t result_length = negative + remainders.count(); + char *result_str = (char *)pa_malloc_atomic(result_length+1); if(negative) - *ptr++='-'; + result_str[0] = '-'; + for(size_t i=0; iset(true /*tainted*/, 0 /*binary*/, result_str, result_length, 0, 0, &r); + r.write(*result_file); + } else { + if(memchr(result_str, 0, result_length)) + throw Exception(PARSER_RUNTIME, 0, "Invalid \\x00 character found while converting to string. Convert to file instead."); + + fix_line_breaks(result_str, result_length); - toBase(value, base_to, ptr); - *ptr=0; - r.write_pass_lang(*new String(pa_strdup(result_cstr))); + if(result_length) + r.write(*new String(result_str, String::L_TAINTED)); + } } // constructor MMath::MMath(): Methoded("math") { // ^FUNC(expr) -#define ADDX(name, X) \ - add_native_method(#name, Method::CT_STATIC, _##name, X, X) -#define ADD0(name) ADDX(name, 0) -#define ADD1(name) ADDX(name, 1) -#define ADD2(name) ADDX(name, 2) +#define ADDN(name, N) \ + add_native_method(#name, Method::CT_STATIC, _##name, N, N) +#define ADD1(name) ADDN(name, 1) ADD1(round); ADD1(floor); ADD1(ceiling); ADD1(trunc); ADD1(frac); ADD1(abs); ADD1(sign); ADD1(exp); ADD1(log); ADD1(log10); - ADD1(sin); ADD1(asin); - ADD1(cos); ADD1(acos); - ADD1(tan); ADD1(atan); + ADD1(sin); ADD1(asin); + ADD1(cos); ADD1(acos); + ADD1(tan); ADD1(atan); ADDN(atan2, 2); ADD1(degrees); ADD1(radians); ADD1(sqrt); ADD1(random); // ^math:pow(x;y) - ADD2(pow); + ADDN(pow, 2); + + // ^math:eq(a;b[;precision]) + add_native_method("eq", Method::CT_STATIC, _eq, 2, 3); // ^math:crypt[password;salt] - ADD2(crypt); + ADDN(crypt, 2); // ^math:md5[string] ADD1(md5); @@ -594,11 +808,17 @@ MMath::MMath(): Methoded("math") { ADD1(crc32); // ^math:uuid[] - ADD0(uuid); + // ^math:uuid[options hash] + add_native_method("uuid", Method::CT_STATIC, _uuid, 0, 1); + + // ^math:uuid7[] + // ^math:uuid7[options hash] + add_native_method("uuid7", Method::CT_STATIC, _uuid7, 0, 1); // ^math:uid64[] - ADD0(uid64); + // ^math:uid64[options hash] + add_native_method("uid64", Method::CT_STATIC, _uid64, 0, 1); - // ^math:convert[number](base-from;base-to) - add_native_method("convert", Method::CT_STATIC, _convert, 3, 3); + // ^math:convert[number|file](base-from)|[abc_from](base-to)|[abc_to][options] + add_native_method("convert", Method::CT_STATIC, _convert, 3, 4); }