diff options
Diffstat (limited to 'wiretap/pem.c')
| -rw-r--r-- | wiretap/pem.c | 203 |
1 files changed, 203 insertions, 0 deletions
diff --git a/wiretap/pem.c b/wiretap/pem.c new file mode 100644 index 0000000000..dd1502795b --- /dev/null +++ b/wiretap/pem.c @@ -0,0 +1,203 @@ +/* pem.c + * + * Implements loading of files in the format specified by RFC 7468. + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#include "config.h" + +#include "pem.h" + +#include "file_wrappers.h" +#include "wtap-int.h" + +#include <wsutil/buffer.h> + +#include <glib.h> + +#include <string.h> + +/* 128 bytes should be enough to contain any line. Strictly speaking, 64 is + enough, but we provide some leeway to accomodate nonconformant producers and + trailing whitespace. The 2 extra bytes are for the trailing newline and NUL + terminator. */ +#define MAX_LINE_LENGTH (128 + 2) + +/* based on the `label` production in RFC 7468 */ +#define RE_LABEL "([!-,.-~]([-\\s]?[!-,.-~])*)?" + +struct pem_priv { + GRegex *re_blank_line; + GRegex *re_pre_eb; + GRegex *re_post_eb; +}; + +static char *read_complete_text_line(char line[MAX_LINE_LENGTH], FILE_T fh, int *err, gchar **err_info) +{ + char *line_end; + + if (!(line_end = file_getsp(line, MAX_LINE_LENGTH, fh))) { + *err = file_error(fh, err_info); + return NULL; + } + + if (strlen(line) != (size_t)(line_end - line)) { + *err = WTAP_ERR_BAD_FILE; + *err_info = g_strdup("unexpected NUL inside a line"); + return NULL; + } + + if (line_end[-1] != '\n' && !file_eof(fh)) { + *err = WTAP_ERR_BAD_FILE; + *err_info = g_strdup("overlong line"); + return NULL; + } + + return line_end; +} + +static gboolean pem_read_value(wtap *wth, FILE_T fh, wtap_rec *rec, + Buffer *buf, int *err, gchar **err_info) +{ + struct pem_priv *priv = (struct pem_priv *)wth->priv; + + char line[MAX_LINE_LENGTH]; + + // skip blank lines + do { + if (!read_complete_text_line(line, fh, err, err_info)) return FALSE; + } while (g_regex_match(priv->re_blank_line, line, (GRegexMatchFlags)0, NULL)); + + if (!g_regex_match(priv->re_pre_eb, line, (GRegexMatchFlags)0, NULL)) { + *err = WTAP_ERR_BAD_FILE; + *err_info = g_strdup("invalid pre-encapsulation boundary"); + return FALSE; + } + + gint base64_state = 0; + guint base64_save = 0; + + ws_buffer_clean(buf); + + for (; ; ) { + char *line_end = read_complete_text_line(line, fh, err, err_info); + if (!line_end) { + if (*err == 0) { + *err = WTAP_ERR_BAD_FILE; + *err_info = g_strdup("missing post-encapsulation boundary"); + } + return FALSE; + } + + if (g_regex_match(priv->re_post_eb, line, (GRegexMatchFlags)0, NULL)) + break; + + guchar decoded[(sizeof(line) / 4) * 3 + 3]; + guint32 decoded_size = (guint32) g_base64_decode_step( + line, line_end - line, decoded, &base64_state, &base64_save); + + if ((guint32)ws_buffer_length(buf) > G_MAXUINT32 - decoded_size) { + // we can't set the packet length if this happens + *err = WTAP_ERR_BAD_FILE; + *err_info = g_strdup("encoded value too large"); + return FALSE; + } + + ws_buffer_append(buf, decoded, decoded_size); + } + + rec->rec_type = REC_TYPE_PACKET; + rec->presence_flags = 0; + rec->rec_header.packet_header.len = + rec->rec_header.packet_header.caplen = + (guint32)ws_buffer_length(buf); + + return TRUE; +} + +static gboolean pem_read(wtap *wth, int *err, gchar **err_info, gint64 *data_offset) +{ + *data_offset = file_tell(wth->fh); + + return pem_read_value(wth, wth->fh, &wth->rec, wth->rec_data, err, err_info); +} + +static gboolean pem_seek_read(wtap *wth, gint64 seek_off, wtap_rec *rec, + Buffer *buf, int *err, gchar **err_info) +{ + if (file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1) + return FALSE; + + return pem_read_value(wth, wth->random_fh, rec, buf, err, err_info); +} + +static void pem_close(wtap *wth) +{ + struct pem_priv *priv = (struct pem_priv *)wth->priv; + + g_regex_unref(priv->re_pre_eb); + g_regex_unref(priv->re_post_eb); +} + +wtap_open_return_val pem_open(wtap *wth, int *err, gchar **err_info) +{ + static const char expected_magic[] = "-----BEGIN "; + char actual_magic[sizeof(expected_magic) - 1]; + + if (!wtap_read_bytes(wth->fh, &actual_magic, sizeof(actual_magic), err, err_info)) { + if (*err == WTAP_ERR_SHORT_READ) + return WTAP_OPEN_NOT_MINE; + return WTAP_OPEN_ERROR; + } + + if (memcmp(expected_magic, actual_magic, sizeof(actual_magic)) != 0) + return WTAP_OPEN_NOT_MINE; + + if (file_seek(wth->fh, 0, SEEK_SET, err) == -1) + return WTAP_OPEN_ERROR; + + wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_PEM; + wth->file_encap = WTAP_ENCAP_BER; + + wth->snapshot_length = 0; + wth->file_tsprec = WTAP_TSPREC_SEC; + + struct pem_priv *priv = g_new0(struct pem_priv, 1); + + priv->re_blank_line = g_regex_new("^\\s*$", G_REGEX_RAW, (GRegexMatchFlags)0, NULL); + + priv->re_pre_eb = g_regex_new("^-----BEGIN " RE_LABEL "-----\\s*$", + (GRegexCompileFlags)(G_REGEX_RAW | G_REGEX_NO_AUTO_CAPTURE), + (GRegexMatchFlags)0, NULL); + priv->re_post_eb = g_regex_new("^-----END " RE_LABEL "-----\\s*$", + (GRegexCompileFlags)(G_REGEX_RAW | G_REGEX_NO_AUTO_CAPTURE), + (GRegexMatchFlags)0, NULL); + + wth->priv = priv; + + wth->subtype_read = pem_read; + wth->subtype_seek_read = pem_seek_read; + wth->subtype_close = pem_close; + + if (!priv->re_blank_line || !priv->re_pre_eb || !priv->re_post_eb) { + *err = WTAP_ERR_INTERNAL; + *err_info = g_strdup("failed to initialize reader"); + return WTAP_OPEN_ERROR; + } + + return WTAP_OPEN_MINE; +} + +/* + * Editor modelines - http://www.wireshark.org/tools/modelines.html + * + * Local Variables: + * c-basic-offset: 4 + * tab-width: 8 + * indent-tabs-mode: nil + * End: + * + * vi: set shiftwidth=4 tabstop=8 expandtab: + * :indentSize=4:tabSize=8:noTabs=true: + */ |