Guard against bogus data.

noseglid · noseglid · commit d44a8cbd4653 · 2014-02-20T20:47:27.000+01:00
* When decoding, make sure the resulting number
    is smaller than a 32 bit unsigned int, otherwise
    the data is not valid

  * When encoding, fixes bug where numbers where interpreted
    as signed numbers.
diff --git a/lib/base85.js b/lib/base85.js
@@ -3,6 +3,8 @@ var stream = require('stream');
 var ENC_START = '<~';
 var ENC_END   = '~>';
 
+var NUM_MAXVALUE = Math.pow(2, 32) - 1;
+
 function encode_buffer(buffer)
 {
   var padding = (buffer.length % 4 === 0) ? 0 : 4 - buffer.length % 4;
@@ -11,10 +13,11 @@ function encode_buffer(buffer)
   for (var i = 0; i < buffer.length; i += 4) {
 
     /* 32 bit number of the current 4 bytes (padded with 0 as necessary) */
-    var num = (buffer[i] << 24) +
-        ((i + 1 > buffer.length ? 0 : buffer[i + 1]) << 16) +
-        ((i + 2 > buffer.length ? 0 : buffer[i + 2]) <<  8) +
-        ((i + 3 > buffer.length ? 0 : buffer[i + 3]) <<  0);
+    var num = ((buffer[i] << 24) >>> 0) + // Shift right to force unsigned number
+        (((i + 1 > buffer.length ? 0 : buffer[i + 1]) << 16) >>> 0) +
+        (((i + 2 > buffer.length ? 0 : buffer[i + 2]) <<  8) >>> 0) +
+        (((i + 3 > buffer.length ? 0 : buffer[i + 3]) <<  0) >>> 0);
+
 
     /* Create 5 characters from '!' to 'u' alphabet */
     var block = [];
@@ -48,10 +51,15 @@ function decode_buffer(buffer)
 
   for (var i = bufferStart; i < bufferEnd; i += 5) {
     var num = ((buffer[i] - 33) * 85 * 85 * 85 * 85) +
-      ((i + 1 > bufferEnd ? 84 : (buffer[i + 1] - 33)) * 85 * 85 * 85) +
-      ((i + 2 > bufferEnd ? 84 : (buffer[i + 2] - 33)) * 85 * 85) +
-      ((i + 3 > bufferEnd ? 84 : (buffer[i + 3] - 33)) * 85) +
-      ((i + 4 > bufferEnd ? 84 : (buffer[i + 4] - 33)));
+      ((i + 1 >= bufferEnd ? 84 : (buffer[i + 1] - 33)) * 85 * 85 * 85) +
+      ((i + 2 >= bufferEnd ? 84 : (buffer[i + 2] - 33)) * 85 * 85) +
+      ((i + 3 >= bufferEnd ? 84 : (buffer[i + 3] - 33)) * 85) +
+      ((i + 4 >= bufferEnd ? 84 : (buffer[i + 4] - 33)));
+
+    if (num > NUM_MAXVALUE) {
+      /* Bogus data, no encoding can have a value larger than NUM_MAXVALUE */
+      return false;
+    }
 
     result.writeUInt32BE(num, 4 * Math.ceil((i - bufferStart) / 5));
   }
diff --git a/tests/data.js b/tests/data.js
@@ -34,5 +34,13 @@ exports.data = [
   {
     'raw' : new Buffer('Man is distinguished, not only by his reason, but by this singular passion from other animals, which is a lust of the mind, that by a perseverance of delight in the continued and indefatigable generation of knowledge, exceeds the short vehemence of any carnal pleasure.', 'ascii'),
     'enc'  : '<~9jqo^BlbD-BleB1DJ+*+F(f,q/0JhKF<GL>Cj@.4Gp$d7F!,L7@<6@)/0JDEF<G%<+EV:2F!,O<DJ+*.@<*K0@<6L(Df-\\0Ec5e;DffZ(EZee.Bl.9pF"AGXBPCsi+DGm>@3BB/F*&OCAfu2/AKYi(DIb:@FD,*)+C]U=@3BN#EcYf8ATD3s@q?d$AftVqCh[NqF<G:8+EV:.+Cf>-FD5W8ARlolDIal(DId<j@<?3r@:F%a+D58\'ATD4$Bl@l3De:,-DJs`8ARoFb/0JMK@qB4^F!,R<AKZ&-DfTqBG%G>uD.RTpAKYo\'+CT/5+Cei#DII?(E,9)oF*2M7/c~>'
+  },
+  {
+    'raw' : new Buffer([0xff]),
+    'enc' : '<~rr~>'
+  },
+  {
+    'raw' : new Buffer([0xff, 0xff, 0xff, 0xff]),
+    'enc' : '<~s8W-!~>'
   }
 ];
diff --git a/tests/decode.js b/tests/decode.js
@@ -5,6 +5,8 @@ var data   = require('./data').data;
 exports.testErrors = function(test)
 {
   test.equal(base85.decode(1234), false)
+  test.equal(base85.decode('<~u~>'), false);
+  test.equal(base85.decode('<~uuuuu~>'), false);
   test.done();
 }
 

Original file line number	Diff line number	Diff line change
`@@ -34,5 +34,13 @@ exports.data = [`
`34`	`34`	`{`
`35`	`35`	`'raw' : new Buffer('Man is distinguished, not only by his reason, but by this singular passion from other animals, which is a lust of the mind, that by a perseverance of delight in the continued and indefatigable generation of knowledge, exceeds the short vehemence of any carnal pleasure.', 'ascii'),`
`36`	`36`	'enc' : '<~9jqo^BlbD-BleB1DJ++F(f,q/0JhKF<GL>[email protected]$d7F!,L7@<6@)/0JDEF<G%<+EV:2F!,O<DJ+.@<K0@<6L(Df-\\0Ec5e;DffZ(EZee.Bl.9pF"AGXBPCsi+DGm>@3BB/F&OCAfu2/AKYi(DIb:@FD,)+C]U=@3BN#EcYf8ATD3s@q?d$AftVqCh[NqF<G:8+EV:.+Cf>-FD5W8ARlolDIal(DId<j@<?3r@:F%a+D58\'ATD4$Bl@l3De:,-DJs`8ARoFb/0JMK@qB4^F!,R<AKZ&-DfTqBG%G>uD.RTpAKYo\'+CT/5+Cei#DII?(E,9)oF2M7/c~>'
	`37`	`+ },`
	`38`	`+ {`
	`39`	`+ 'raw' : new Buffer([0xff]),`
	`40`	`+ 'enc' : '<~rr~>'`
	`41`	`+ },`
	`42`	`+ {`
	`43`	`+ 'raw' : new Buffer([0xff, 0xff, 0xff, 0xff]),`
	`44`	`+ 'enc' : '<~s8W-!~>'`
`37`	`45`	`}`
`38`	`46`	`];`
Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,8 @@ var data = require('./data').data;`
`5`	`5`	`exports.testErrors = function(test)`
`6`	`6`	`{`
`7`	`7`	`test.equal(base85.decode(1234), false)`
	`8`	`+ test.equal(base85.decode('<~u~>'), false);`
	`9`	`+ test.equal(base85.decode('<~uuuuu~>'), false);`
`8`	`10`	`test.done();`
`9`	`11`	`}`
`10`	`12`