/* Copyright 2016-2018 David Anderson. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of version 2 of the GNU General Public License as published by the Free Software Foundation. This program is distributed in the hope that it would be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Further, this software is distributed without any warranty that it is free of the rightful claim of any third person regarding infringement or the like. Any license provided herein, whether implied or otherwise, applies only to this software file. Patent licenses, if any, provided herein do not apply to combinations of this program with other software, or any other product whatsoever. You should have received a copy of the GNU General Public License along with this program; if not, write the Free Software Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston MA 02110-1301, USA. */ #include #include /* FILE decl for dd_esb.h */ #include "dwarf.h" #include "libdwarf.h" #include "dd_defined_types.h" #include "dd_checkutil.h" #include "dd_glflags.h" #include "dd_globals.h" #include "dd_esb.h" #ifndef TESTING #include "dd_glflags.h" #endif #ifdef HAVE_UTF8 #include "dd_utf8.h" #endif /* HAVE_UTF8 */ #include "dd_sanitized.h" /* This does a uri-style conversion of control characters. So SOH prints as %01 for example. Which stops corrupted or crafted strings from doing things to the terminal the string is routed to. We do not translate an input % to %% (as in real uri) as that would be a bit confusing for most readers. The conversion makes it possble to print UTF-8 strings reproducibly, sort of (not showing the real glyph!). Only call this in a printf or sprintf, and only call it once in any single printf/sprintf. Otherwise you will get bogus results and confusion. */ /* ASCII control codes: We leave newline as is, NUL is end of string, the others are translated. NUL Null 0 00 Ctrl-@ ^@ SOH Start of heading 1 01 Alt-1 Ctrl-A ^A STX Start of text 2 02 Alt-2 Ctrl-B ^B ETX End of text 3 03 Alt-3 Ctrl-C ^C EOT End of transmission 4 04 Alt-4 Ctrl-D ^D ENQ Enquiry 5 05 Alt-5 Ctrl-E ^E ACK Acknowledge 6 06 Alt-6 Ctrl-F ^F BEL Bell 7 07 Alt-7 Ctrl-G ^G BS Backspace 8 08 Alt-8 Ctrl-H ^H HT Horizontal tab 9 09 Alt-9 Ctrl-I ^I LF Line feed 10 0A Alt-10 Ctrl-J ^J VT Vertical tab 11 0B Alt-11 Ctrl-K ^K FF Form feed 12 0C Alt-12 Ctrl-L ^L CR Carriage return 13 0D Alt-13 Ctrl-M ^M SO Shift out 14 0E Alt-14 Ctrl-N ^N SI Shift in 15 0F Alt-15 Ctrl-O ^O DLE Data line escape 16 10 Alt-16 Ctrl-P ^P DC1 Device control 1 17 11 Alt-17 Ctrl-Q ^Q DC2 Device control 2 18 12 Alt-18 Ctrl-R ^R DC3 Device control 3 19 13 Alt-19 Ctrl-S ^S DC4 Device control 4 20 14 Alt-20 Ctrl-T ^T NAK Negative acknowledge 21 15 Alt-21 Ctrl-U ^U SYN Synchronous idle 22 16 Alt-22 Ctrl-V ^V ETB End transmission block 23 17 Alt-23 Ctrl-W ^W CAN Cancel 24 18 Alt-24 Ctrl-X ^X EM End of medium 25 19 Alt-25 Ctrl-Y ^Y SU Substitute 26 1A Alt-26 Ctrl-Z ^Z ES Escape 27 1B Alt-27 Ctrl-[ ^[ FS File separator 28 1C Alt-28 Ctrl-\ ^\ GS Group separator 29 1D Alt-29 Ctrl-] ^] RS Record separator 30 1E Alt-30 Ctrl-^ ^^ US Unit separator 31 1F Alt-31 Ctrl-_ ^_ In addition, characters decimal 141, 157, 127,128, 129 143,144,157 appear to be questionable too. Not in iso-8859-1 nor in html character entities list. We translate all strings with a % to do sanitizing. we change a literal ASCII '%' char to %25 so readers know any % is a sanitized char. We could double up a % into %% on output, but switching to %25 is simpler and for readers and prevents ambiguity. If a % is found then utf8 is suppressed for the entire string and uri-style %25 is used and. If the dwarfdump runtime environment is UTF-8 and the necessary locale() and nl_langinfo() functions are available and the string has no unwanted bytes then utf8 names are printed using utf8 so they look as expected. */ #define SANBUF_SIZE 400 /* Allocates as esb_constructor_fixed() would, so for strings shorter than SANBUF_SIZE bytes no malloc needed. */ static char sanbufa[SANBUF_SIZE]; static char sanbufb[SANBUF_SIZE]; static int usebufa = TRUE; static struct esb_s localesba = {sanbufa, SANBUF_SIZE,0,1,0}; static struct esb_s localesbb = {sanbufb, SANBUF_SIZE,0,1,0}; /* dwarfdump-sanitize table 1 means printable ASCII character (byte) 3 means non-printable 5 means non-printable control character (byte) */ char dwarfdump_sanitize_table[256] = { 0 /*0*/ ,5 /*0x1*/,5 /*0x2*/,5 /*0x3*/, 5 /*0x4*/,5 /*0x5*/,5 /*0x6*/,5 /*0x7*/, 5 /*0x8*/,1 /*0x9*/,1 /*0xa*/,5 /*0xb*/, 5 /*0xc*/, #ifdef _WIN32 1 /*0x0d*/, #else 5 /*0x0d*/, #endif 5 /*0x0e*/,5 /*0xf*/, 5 /*0x10*/,5 /*0x11*/,5 /*0x12*/,5 /*0x13*/, 5 /*0x14*/,5 /*0x15*/,5 /*0x16*/,5 /*0x17*/, 5 /*0x18*/,5 /*0x19*/,5 /*0x1a*/,5 /*0x1b*/, 5 /*0x1c*/,5 /*0x1d*/,5 /*0x1e*/,5 /*0x1f*/, 1 /* */,1 /* ! */,1 /* " */,1 /* # */, 1 /* $ */,5 /* % */,1 /* & */,1 /* ' */, 1 /* ( */,1 /* ) */,1 /* * */,1 /* + */, 1 /* , */,1 /* - */,1 /* . */,1 /* / */, 1 /* 0 */,1 /* 1 */,1 /* 2 */,1 /* 3 */, 1 /* 4 */,1 /* 5 */,1 /* 6 */,1 /* 7 */, 1 /* 8 */,1 /* 9 */,1 /* : */,1 /* ; */, 1 /* < */,1 /* = */,1 /* > */,1 /* ? */, 1 /* @ */,1 /* A */,1 /* B */,1 /* C */, 1 /* D */,1 /* E */,1 /* F */,1 /* G */, 1 /* H */,1 /* I */,1 /* J */,1 /* K */, 1 /* L */,1 /* M */,1 /* N */,1 /* O */, 1 /* P */,1 /* Q */,1 /* R */,1 /* S */, 1 /* T */,1 /* U */,1 /* V */,1 /* W */, 1 /* X */,1 /* Y */,1 /* Z */,1 /* [ */, 1 /* \ */,1 /* ] */,1 /* ^ */,1 /* _ */, 1 /* ` */,1 /* a */,1 /* b */,1 /* c */, 1 /* d */,1 /* e */,1 /* f */,1 /* g */, 1 /* h */,1 /* i */,1 /* j */,1 /* k */, 1 /* l */,1 /* m */,1 /* n */,1 /* o */, 1 /* p */,1 /* q */,1 /* r */,1 /* s */, 1 /* t */,1 /* u */,1 /* v */,1 /* w */, 1 /* x */,1 /* y */,1 /* z */,1 /* { */, 1 /* | */,1 /* } */,1 /* ~ */,5 /*0x7f*/, 3 /*0x80*/,3 /*0x81*/,3 /*0x82*/,3 /*0x83*/, 3 /*0x84*/,3 /*0x85*/,3 /*0x86*/,3 /*0x87*/, 3 /*0x88*/,3 /*0x89*/,3 /*0x8a*/,3 /*0x8b*/, 3 /*0x8c*/,3 /*0x8d*/,3 /*0x8e*/,3 /*0x8f*/, 3 /*0x90*/,3 /*0x91*/,3 /*0x92*/,3 /*0x93*/, 3 /*0x94*/,3 /*0x95*/,3 /*0x96*/,3 /*0x97*/, 3 /*0x98*/,3 /*0x99*/,3 /*0x9a*/,3 /*0x9b*/, 3 /*0x9c*/,3 /*0x9d*/,3 /*0x9e*/,3 /*0x9f*/, 3 /*0xa0*/,3 /*0xa1*/,3 /*0xa2*/,3 /*0xa3*/, 3 /*0xa4*/,3 /*0xa5*/,3 /*0xa6*/,3 /*0xa7*/, 3 /*0xa8*/,3 /*0xa9*/,3 /*0xaa*/,3 /*0xab*/, 3 /*0xac*/,3 /*0xad*/,3 /*0xae*/,3 /*0xaf*/, 3 /*0xb0*/,3 /*0xb1*/,3 /*0xb2*/,3 /*0xb3*/, 3 /*0xb4*/,3 /*0xb5*/,3 /*0xb6*/,3 /*0xb7*/, 3 /*0xb8*/,3 /*0xb9*/,3 /*0xba*/,3 /*0xbb*/, 3 /*0xbc*/,3 /*0xbd*/,3 /*0xbe*/,3 /*0xbf*/, 3 /*0xc0*/,3 /*0xc1*/,3 /*0xc2*/,3 /*0xc3*/, 3 /*0xc4*/,3 /*0xc5*/,3 /*0xc6*/,3 /*0xc7*/, 3 /*0xc8*/,3 /*0xc9*/,3 /*0xca*/,3 /*0xcb*/, 3 /*0xcc*/,3 /*0xcd*/,3 /*0xce*/,3 /*0xcf*/, 3 /*0xd0*/,3 /*0xd1*/,3 /*0xd2*/,3 /*0xd3*/, 3 /*0xd4*/,3 /*0xd5*/,3 /*0xd6*/,3 /*0xd7*/, 3 /*0xd8*/,3 /*0xd9*/,3 /*0xda*/,3 /*0xdb*/, 3 /*0xdc*/,3 /*0xdd*/,3 /*0xde*/,3 /*0xdf*/, 3 /*0xe0*/,3 /*0xe1*/,3 /*0xe2*/,3 /*0xe3*/, 3 /*0xe4*/,3 /*0xe5*/,3 /*0xe6*/,3 /*0xe7*/, 3 /*0xe8*/,3 /*0xe9*/,3 /*0xea*/,3 /*0xeb*/, 3 /*0xec*/,3 /*0xed*/,3 /*0xee*/,3 /*0xef*/, 3 /*0xf0*/,3 /*0xf1*/,3 /*0xf2*/,3 /*0xf3*/, 3 /*0xf4*/,3 /*0xf5*/,3 /*0xf6*/,3 /*0xf7*/, 3 /*0xf8*/,3 /*0xf9*/,3 /*0xfa*/,3 /*0xfb*/, 3 /*0xfc*/,3 /*0xfd*/,3 /*0xfe*/,3 /*0xff*/,}; /* do_sanity_insert() and no_questionable_chars() absolutely must have the same idea of questionable characters. Be Careful. Until 0.5.0 the two did NOT agree on handling of newline or tab or carriage return which was... a bug. no_questionable_chars() said those three ok so do_sanity_insert was never called, making an inconsistency vs this code as it was before 0.5.0. */ static void do_sanity_insert( const char *s,struct esb_s *mesb) { const char *cp = s; for ( ; *cp; cp++) { unsigned c = *cp & 0xff ; int t = dwarfdump_sanitize_table[c]; if (t == 1) { esb_appendn(mesb,cp,1); continue; } esb_appendn(mesb, "%",1); esb_append_printf_u(mesb, "%02x",c & 0xff); } } /* This routine improves overall dwarfdump run times a lot by separating strings that might print badly from strings that will print fine. In one large test case it reduces run time from 140 seconds to 13 seconds. */ static int no_questionable_chars(const char *s) { const char *cp = s; for ( ; *cp; cp++) { unsigned c = *cp & 0xff ; int t = dwarfdump_sanitize_table[c]; if (t == 1) { continue; } return FALSE; } return TRUE; } void sanitized_string_destructor(void) { esb_destructor(&localesba); esb_destructor(&localesbb); } /* Because we reuse static esb's this MUST NOT be called a third time before printing out the initial returns. It is rarely a problem. But it is up to the caller to behave correctly to avoid getting incorect strings. */ const char * sanitized(const char *s) { const char *sout = 0; struct esb_s *lsp = 0; #ifndef TESTING if (glflags.gf_no_sanitize_strings) { return s; } #endif if (no_questionable_chars(s)) { /* The original string is safe ASCII as is. */ return s; } /* Using esb_destructor is quite expensive in cpu time when we build the next sanitized string so we just empty the localesb. One reason it's expensive is that we do the appends in such small batches in do_sanity-insert(). */ #ifndef TESTING #ifdef HAVE_UTF8 if (glflags.gf_print_utf8_flag) { if (DW_DLV_OK == dd_utf8_checkCodePoints( (unsigned char *)s)) { return s; } } #endif /* HAVE_UTF8 */ #endif /* TESTING */ lsp = usebufa? &localesba: &localesbb; usebufa = !usebufa; esb_empty_string(lsp); do_sanity_insert(s,lsp); sout = esb_get_string(lsp); return sout; }