--- parser3/src/classes/math.C 2012/09/25 11:31:03 1.64 +++ parser3/src/classes/math.C 2016/07/21 17:05:37 1.82 @@ -1,7 +1,7 @@ /** @file Parser: @b math parser class. - Copyright (c) 2001-2012 Art. Lebedev Studio (http://www.artlebedev.com) + Copyright (c) 2001-2015 Art. Lebedev Studio (http://www.artlebedev.com) Author: Alexandr Petrosian (http://paf.design.ru) portions from gen_uuid.c, @@ -12,25 +12,17 @@ #include "pa_common.h" #include "pa_vint.h" #include "pa_vmath.h" +#include "pa_vfile.h" #include "pa_request.h" #include "pa_md5.h" +#include "pa_sha2.h" #include "pa_random.h" -#ifdef WIN32 -# define _WIN32_WINNT 0x400 -# include -# include -#endif - #ifdef HAVE_CRYPT -# ifdef HAVE_CRYPT_H -# include -# endif -#else - extern char *crypt(const char* , const char* ); +extern "C" char *crypt(const char* , const char* ); #endif -volatile const char * IDENT_MATH_C="$Id: math.C,v 1.64 2012/09/25 11:31:03 moko Exp $"; +volatile const char * IDENT_MATH_C="$Id: math.C,v 1.82 2016/07/21 17:05:37 moko Exp $"; // defines @@ -39,16 +31,16 @@ volatile const char * IDENT_MATH_C="$Id: // class class MMath: public Methoded { -public: - MMath(); - public: // Methoded bool used_directly() { return false; } + +public: + MMath(); }; // global variables -DECLARE_CLASS_VAR(math, 0 /*fictive*/, new MMath); +DECLARE_CLASS_VAR(math, new MMath); // methods @@ -78,20 +70,31 @@ static void math1(Request& r, MethodPara static void _##name(Request& r, MethodParams& params) {\ math1(r, params, &name);\ } + #define MATH1P(name_parser, name_c) \ static void _##name_parser(Request& r, MethodParams& params) {\ math1(r, params, &name_c);\ } -MATH1(round); MATH1(floor); MATH1P(ceiling, ceil); -MATH1(trunc); MATH1(frac); -MATH1P(abs, fabs); MATH1(sign); -MATH1(exp); -MATH1(log); MATH1(log10); -MATH1(sin); MATH1(asin); -MATH1(cos); MATH1(acos); -MATH1(tan); MATH1(atan); -MATH1(degrees); MATH1(radians); -MATH1(sqrt); + +MATH1(round) +MATH1(floor) +MATH1P(ceiling, ceil) +MATH1(trunc) +MATH1(frac) +MATH1P(abs, fabs) +MATH1(sign) +MATH1(exp) +MATH1(log) +MATH1(log10) +MATH1(sin) +MATH1(asin) +MATH1(cos) +MATH1(acos) +MATH1(tan) +MATH1(atan) +MATH1(degrees) +MATH1(radians) +MATH1(sqrt) typedef double (*math2_func_ptr)(double, double); @@ -106,11 +109,13 @@ static void math2(Request& r, MethodPara static void _##name(Request& r, MethodParams& params) {\ math2(r, params, &name);\ } -MATH2(pow); -inline bool is_salt_body_char(int c) { - return isalnum(c) || c == '.' || c=='/'; +MATH2(pow) + +inline bool is_salt_body_char(unsigned char c) { + return pa_isalnum(c) || c == '.' || c=='/'; } + static size_t calc_prefix_size(const char* salt) { if(strlen(salt)) { if(!is_salt_body_char((unsigned char)salt[0])) { // $... {... @@ -172,7 +177,7 @@ static void _crypt(Request& r, MethodPar } static void _md5(Request& r, MethodParams& params) { - const char *string=params.as_string(0, PARAMETER_MUST_BE_STRING).cstr(); + const char *string=params.as_string(0, PARAMETER_MUST_BE_STRING).cstr_to_string_body_untaint(String::L_AS_IS, r.connection(false), &r.charsets).cstr(); PA_MD5_CTX context; unsigned char digest[16]; @@ -324,7 +329,7 @@ void SHA1ReadDigest(void *buf, SHA1Conte } static void _sha1(Request& r, MethodParams& params) { - const char *string = params.as_string(0, PARAMETER_MUST_BE_STRING).cstr(); + const char *string = params.as_string(0, PARAMETER_MUST_BE_STRING).cstr_to_string_body_untaint(String::L_AS_IS, r.connection(false), &r.charsets).cstr(); SHA1Context c; unsigned char digest[20]; @@ -342,11 +347,11 @@ void memxor(char *dest, const char *src, #define IPAD 0x36 #define OPAD 0x5c -#define HMAC(key,init,update,final,digestlen){ \ +#define HMAC(key,init,update,final,blocklen,digestlen){ \ unsigned char tempdigest[digestlen], keydigest[digestlen]; \ size_t keylen=strlen(key); \ - /* Reduce the key's size, so that it becomes <= 64 bytes. */ \ - if (keylen > 64){ \ + /* Reduce the key's size, so that it becomes <= blocklen bytes. */ \ + if (keylen > blocklen){ \ init(&c); \ update(&c,(const unsigned char*)hmac, keylen); \ final(keydigest, &c); \ @@ -354,29 +359,41 @@ void memxor(char *dest, const char *src, keylen = digestlen; \ } \ /* Compute TEMP from KEY and STRING. */ \ - char block[64]; \ - memset (block, IPAD, sizeof (block)); \ + char block[blocklen]; \ + memset (block, IPAD, blocklen); \ memxor (block, key, keylen); \ init(&c); \ - update(&c, (const unsigned char*)block, 64); \ - update(&c, (const unsigned char*)string, strlen(string)); \ + update(&c, (const unsigned char*)block, blocklen); \ + update(&c, (const unsigned char*)data.str, data.length); \ final(tempdigest, &c); \ /* Compute result from KEY and TEMP. */ \ - memset (block, OPAD, sizeof (block)); \ + memset (block, OPAD, blocklen); \ memxor (block, key, keylen); \ init(&c); \ - update(&c, (const unsigned char*)block, 64); \ + update(&c, (const unsigned char*)block, blocklen); \ update(&c, (const unsigned char*)tempdigest, digestlen); \ } static void _digest(Request& r, MethodParams& params) { const String &smethod = params.as_string(0, PARAMETER_MUST_BE_STRING); - const char *string = params.as_string(1, PARAMETER_MUST_BE_STRING).cstr(); - enum Method { M_MD5, M_SHA1 } method; + Value& vdata=params.as_no_junction(1, "parameter must be string or file"); + + String::C data; + if(const String* sdata=vdata.get_string()){ + String::Body body=sdata->cstr_to_string_body_untaint(String::L_AS_IS, r.connection(false), &r.charsets); // explode content, honor tainting changes + data=String::C(body.cstr(), body.length()); + } else { + VFile *file=vdata.as_vfile(String::L_AS_IS); + data=String::C(file->value_ptr(),file->value_size()); + } + + enum Method { M_MD5, M_SHA1, M_SHA256, M_SHA512 } method; if (smethod == "md5") method = M_MD5; else if (smethod == "sha1" ) method = M_SHA1; + else if (smethod == "sha256" ) method = M_SHA256; + else if (smethod == "sha512" ) method = M_SHA512; else throw Exception(PARSER_RUNTIME, &smethod, "must be 'md5' or 'sha1'"); const char *hmac=0; @@ -405,10 +422,10 @@ static void _digest(Request& r, MethodPa if(method == M_MD5){ PA_MD5_CTX c; if(hmac){ - HMAC(hmac, pa_MD5Init, pa_MD5Update, pa_MD5Final, 16); + HMAC(hmac, pa_MD5Init, pa_MD5Update, pa_MD5Final, 64, 16); } else { pa_MD5Init(&c); - pa_MD5Update(&c, (const unsigned char*)string, strlen(string)); + pa_MD5Update(&c, (const unsigned char*)data.str, data.length); } char *str=(char *)pa_malloc(16); pa_MD5Final((unsigned char *)str, &c); @@ -418,16 +435,42 @@ static void _digest(Request& r, MethodPa if(method == M_SHA1){ SHA1Context c; if(hmac){ - HMAC(hmac, SHA1Reset, SHA1Input, SHA1ReadDigest, 20); + HMAC(hmac, SHA1Reset, SHA1Input, SHA1ReadDigest, 64, 20); } else { SHA1Reset(&c); - SHA1Input(&c, (const unsigned char*)string, strlen(string)); + SHA1Input(&c, (const unsigned char*)data.str, data.length); } char *str=(char *)pa_malloc(20); SHA1ReadDigest(str, &c); digest = String::C(str, 20); } + if(method == M_SHA256){ + SHA256_CTX c; + if(hmac){ + HMAC(hmac, pa_SHA256_Init, pa_SHA256_Update, pa_SHA256_Final, 64, SHA256_DIGEST_LENGTH); + } else { + pa_SHA256_Init(&c); + pa_SHA256_Update(&c, (const unsigned char*)data.str, data.length); + } + char *str=(char *)pa_malloc(SHA256_DIGEST_LENGTH); + pa_SHA256_Final((unsigned char *)str, &c); + digest = String::C(str, SHA256_DIGEST_LENGTH); + } + + if(method == M_SHA512){ + SHA512_CTX c; + if(hmac){ + HMAC(hmac, pa_SHA512_Init, pa_SHA512_Update, pa_SHA512_Final, 128, SHA512_DIGEST_LENGTH); + } else { + pa_SHA512_Init(&c); + pa_SHA512_Update(&c, (const unsigned char*)data.str, data.length); + } + char *str=(char *)pa_malloc(SHA512_DIGEST_LENGTH); + pa_SHA512_Final((unsigned char *)str, &c); + digest = String::C(str, SHA512_DIGEST_LENGTH); + } + if(format == F_HEX){ r.write_pass_lang(*new String(hex_string((unsigned char *)digest.str, digest.length, false))); } @@ -437,23 +480,10 @@ static void _digest(Request& r, MethodPa } static void _uuid(Request& r, MethodParams& /*params*/) { - uuid uuid=get_uuid(); - - const size_t bufsize=36+1/*zero-teminator*/+1/*for faulty snprintfs*/; - char* cstr=new(PointerFreeGC) char[bufsize]; - - snprintf(cstr, bufsize, - "%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X", - uuid.time_low, uuid.time_mid, uuid.time_hi_and_version, - uuid.clock_seq >> 8, uuid.clock_seq & 0xFF, - uuid.node[0], uuid.node[1], uuid.node[2], - uuid.node[3], uuid.node[4], uuid.node[5]); - - r.write_pass_lang(*new String(cstr)); + r.write_pass_lang(*new String(get_uuid_cstr())); } static void _uid64(Request& r, MethodParams& /*params*/) { - unsigned char id[64/8]; random(&id, sizeof(id)); @@ -465,9 +495,9 @@ static void _crc32(Request& r, MethodPar r.write_no_lang(*new VInt(pa_crc32(string, strlen(string)))); } -static void toBase(unsigned int value, unsigned int base, char*& ptr){ +static void toBase(unsigned long long int value, unsigned int base, char*& ptr){ static const char* hex="0123456789ABCDEF"; - int rest = value % base; + unsigned int rest = (unsigned int)(value % base); if(value >= base) toBase( (value-rest)/base, base, ptr); *ptr++=(char)hex[rest]; @@ -498,9 +528,9 @@ static void _convert(Request& r, MethodP str++; } - unsigned int value=pa_atoui(str, base_from); + unsigned long long int value=pa_atoul(str, base_from); - char result_cstr[sizeof(unsigned int)*8+1/*minus for negative number*/+1/*terminator*/]; + char result_cstr[sizeof(unsigned long long int)*8+1/*minus for negative number*/+1/*terminator*/]; char* ptr=result_cstr; if(negative) *ptr++='-'; @@ -544,7 +574,7 @@ MMath::MMath(): Methoded("math") { // ^math:sha1[string] ADD1(sha1); - // ^math:digest[method;string;options] + // ^math:digest[method;string|file;options] add_native_method("digest", Method::CT_STATIC, _digest, 2, 3); // ^math:crc32[string]