From 88327bde59edd3aadd9381d591a32f26dbf04d24 Mon Sep 17 00:00:00 2001
From: Jonathan Dieter <jdieter@gmail.com>
Date: Thu, 1 Nov 2018 11:28:26 +0000
Subject: [PATCH] Handle non-hex characters passed to zck_set_soption()

Also, add tests to check that non-hex characters are handled correctly

Signed-off-by: Jonathan Dieter <jdieter@gmail.com>
---
 src/lib/zck.c                 | 17 +++++++--
 test/invalid_input_checksum.c | 66 +++++++++++++++++++++++++++++++++++
 test/meson.build              | 20 +++++++++--
 3 files changed, 99 insertions(+), 4 deletions(-)
 create mode 100644 test/invalid_input_checksum.c

diff --git a/src/lib/zck.c b/src/lib/zck.c
index 37fa5c0..624416d 100644
--- a/src/lib/zck.c
+++ b/src/lib/zck.c
@@ -88,6 +88,8 @@ static int hex_to_int (char c) {
     int result = (c / 16 - 3) * 10 + (c % 16);
     if (result > 9)
         result--;
+    if (result < 0 || result > 15)
+        return -1;
     return result;
 }
 
@@ -97,10 +99,17 @@ static char *ascii_checksum_to_bin (zckCtx *zck, char *checksum) {
     char *rp = raw_checksum;
     int buf = 0;
     for (int i=0; i<cl; i++) {
+        // Get integer value of hex checksum character.  If -1 is returned, then
+        // the character wasn't actually hex, so return NULL
+        int cksum = hex_to_int(checksum[i]);
+        if (cksum < 0) {
+            free(raw_checksum);
+            return NULL;
+        }
         if (i % 2 == 0)
-            buf = hex_to_int(checksum[i]);
+            buf = cksum;
         else {
-            rp[0] = buf*16 + hex_to_int(checksum[i]);
+            rp[0] = buf*16 + cksum;
             rp++;
         }
     }
@@ -223,6 +232,10 @@ bool PUBLIC zck_set_soption(zckCtx *zck, zck_soption option, const char *value,
                 zck_hash_name_from_type(zck->prep_hash_type), data);
         zck->prep_digest = ascii_checksum_to_bin(zck, data);
         free(data);
+        if(zck->prep_digest == NULL) {
+            set_fatal_error(zck, "Non-hex character found in supplied digest");
+            return false;
+        }
 
     /* Compression options */
     } else if(option < 2000) {
diff --git a/test/invalid_input_checksum.c b/test/invalid_input_checksum.c
new file mode 100644
index 0000000..4def6a4
--- /dev/null
+++ b/test/invalid_input_checksum.c
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2018 Jonathan Dieter <jdieter@gmail.com>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *  1. Redistributions of source code must retain the above copyright notice,
+ *     this list of conditions and the following disclaimer.
+ *
+ *  2. Redistributions in binary form must reproduce the above copyright notice,
+ *     this list of conditions and the following disclaimer in the documentation
+ *     and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdbool.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <zck.h>
+#include "zck_private.h"
+#include "util.h"
+
+int main (int argc, char *argv[]) {
+    /* Open zchunk file and verify that an invalid checksum will fail */
+    int in = open(argv[1], O_RDONLY);
+    if(in < 0) {
+        perror("Unable to open empty.zck for reading");
+        exit(1);
+    }
+
+    zckCtx *zck = zck_create();
+    if(zck == NULL)
+        exit(1);
+    if(!zck_init_read(zck, in)) {
+        printf("%s", zck_get_error(zck));
+        exit(1);
+    }
+    if(!zck_set_ioption(zck, ZCK_VAL_HEADER_HASH_TYPE, ZCK_HASH_SHA256)) {
+        printf("%s", zck_get_error(zck));
+        exit(1);
+    }
+    if(zck_set_soption(zck, ZCK_VAL_HEADER_DIGEST,
+            "gbcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789",
+            64)) {
+        printf("ERROR: setting invalid checksum *worked*\n");
+        exit(1);
+    }
+    printf("%s", zck_get_error(zck));
+}
diff --git a/test/meson.build b/test/meson.build
index 714ae3d..407ab35 100644
--- a/test/meson.build
+++ b/test/meson.build
@@ -1,8 +1,16 @@
 util_sources = []
 subdir('lib')
 incdir = include_directories(['lib', '../src/lib', '../include'])
-empty = executable('empty', ['empty.c'] + util_sources, include_directories: incdir, dependencies: [zstd_dep, openssl_dep])
-optflag = executable('optflag', ['optflag.c'] + util_sources, include_directories: incdir, dependencies: [zstd_dep, openssl_dep])
+empty = executable('empty', ['empty.c'] + util_sources,
+                   include_directories: incdir,
+                   dependencies: [zstd_dep, openssl_dep])
+optflag = executable('optflag', ['optflag.c'] + util_sources,
+                     include_directories: incdir,
+                     dependencies: [zstd_dep, openssl_dep])
+invalid_input_checksum = executable('invalid_input_checksum',
+                                    ['invalid_input_checksum.c'] + util_sources,
+                                    include_directories: incdir,
+                                    dependencies: [zstd_dep, openssl_dep])
 shacheck = executable('shacheck', ['shacheck.c'] + util_sources, include_directories: incdir, dependencies: [zstd_dep, openssl_dep])
 file_path = join_paths(meson.source_root(), 'test/files')
 
@@ -55,6 +63,14 @@ test(
     ]
 )
 
+test(
+    'checksum with non-hex character',
+    invalid_input_checksum,
+    args: [
+        join_paths(file_path, 'empty.optflags.zck')
+    ]
+)
+
 test(
     'check verbosity in unzck',
     unzck,
-- 
2.30.2