Mercurial > libpst
annotate src/lzfu.c @ 123:ab2a11e72250
more cleanup of #include files.
common.h is the only file allowed to include system .h files
unprotected by autoconf HAVE_ symbols. define.h is the only other file
allowed to include system .h files. define.h is never installed;
common.h is installed if we are building the shared library.
| author | Carl Byington <carl@five-ten-sg.com> |
|---|---|
| date | Tue, 03 Feb 2009 10:59:10 -0800 |
| parents | bdb38b434c0a |
| children | fc11b1d1ad34 |
| rev | line source |
|---|---|
| 16 | 1 /* |
| 36 | 2 This program is free software; you can redistribute it and/or modify |
| 3 it under the terms of the GNU General Public License as published by | |
| 4 the Free Software Foundation; either version 2 of the License, or | |
| 5 (at your option) any later version. | |
| 16 | 6 |
| 36 | 7 You should have received a copy of the GNU General Public License |
| 8 along with this program; if not, write to the Free Software Foundation, | |
| 9 Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA | |
| 16 | 10 */ |
| 11 | |
|
120
6395ced2b8b2
disable building pst2dii on cygwin
Carl Byington <carl@five-ten-sg.com>
parents:
85
diff
changeset
|
12 #include "common.h" |
| 16 | 13 #include "libpst.h" |
|
122
bdb38b434c0a
more changes from Fridrich Strba to avoid installing our config.h
Carl Byington <carl@five-ten-sg.com>
parents:
120
diff
changeset
|
14 |
|
bdb38b434c0a
more changes from Fridrich Strba to avoid installing our config.h
Carl Byington <carl@five-ten-sg.com>
parents:
120
diff
changeset
|
15 #include "define.h" |
|
120
6395ced2b8b2
disable building pst2dii on cygwin
Carl Byington <carl@five-ten-sg.com>
parents:
85
diff
changeset
|
16 #include "lzfu.h" |
| 48 | 17 |
| 16 | 18 |
| 36 | 19 #define LZFU_COMPRESSED 0x75465a4c |
| 20 #define LZFU_UNCOMPRESSED 0x414c454d | |
| 16 | 21 |
| 22 // initital dictionary | |
| 36 | 23 #define LZFU_INITDICT "{\\rtf1\\ansi\\mac\\deff0\\deftab720{\\fonttbl;}" \ |
|
41
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
37
diff
changeset
|
24 "{\\f0\\fnil \\froman \\fswiss \\fmodern \\fscrip" \ |
|
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
37
diff
changeset
|
25 "t \\fdecor MS Sans SerifSymbolArialTimes Ne" \ |
|
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
37
diff
changeset
|
26 "w RomanCourier{\\colortbl\\red0\\green0\\blue0" \ |
|
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
37
diff
changeset
|
27 "\r\n\\par \\pard\\plain\\f0\\fs20\\b\\i\\u\\tab" \ |
|
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
37
diff
changeset
|
28 "\\tx" |
| 16 | 29 // initial length of dictionary |
| 30 #define LZFU_INITLENGTH 207 | |
| 31 | |
| 32 // header for compressed rtf | |
| 33 typedef struct _lzfuheader { | |
| 43 | 34 uint32_t cbSize; |
| 35 uint32_t cbRawSize; | |
| 36 uint32_t dwMagic; | |
| 37 uint32_t dwCRC; | |
| 16 | 38 } lzfuheader; |
| 39 | |
| 40 | |
|
79
56fa05fd5271
Patch from Robert Simpson for encryption type 2.
Carl Byington <carl@five-ten-sg.com>
parents:
78
diff
changeset
|
41 char* lzfu_decompress(char* rtfcomp, uint32_t compsize, size_t *size) { |
|
56fa05fd5271
Patch from Robert Simpson for encryption type 2.
Carl Byington <carl@five-ten-sg.com>
parents:
78
diff
changeset
|
42 unsigned char dict[4096]; // the dictionary buffer |
|
56fa05fd5271
Patch from Robert Simpson for encryption type 2.
Carl Byington <carl@five-ten-sg.com>
parents:
78
diff
changeset
|
43 unsigned int dict_length = 0; // the dictionary pointer |
|
56fa05fd5271
Patch from Robert Simpson for encryption type 2.
Carl Byington <carl@five-ten-sg.com>
parents:
78
diff
changeset
|
44 lzfuheader lzfuhdr; // the header of the lzfu block |
|
56fa05fd5271
Patch from Robert Simpson for encryption type 2.
Carl Byington <carl@five-ten-sg.com>
parents:
78
diff
changeset
|
45 unsigned char flags; // 8 bits of flags (1=2byte block pointer into the dict, 0=1 byte literal) |
|
56fa05fd5271
Patch from Robert Simpson for encryption type 2.
Carl Byington <carl@five-ten-sg.com>
parents:
78
diff
changeset
|
46 unsigned char flag_mask; // look at one flag bit each time thru the loop |
| 43 | 47 uint32_t i; |
|
79
56fa05fd5271
Patch from Robert Simpson for encryption type 2.
Carl Byington <carl@five-ten-sg.com>
parents:
78
diff
changeset
|
48 char *out_buf; |
| 43 | 49 uint32_t out_ptr = 0; |
| 50 uint32_t out_size; | |
| 51 uint32_t in_ptr; | |
| 52 uint32_t in_size; | |
| 16 | 53 |
| 36 | 54 memcpy(dict, LZFU_INITDICT, LZFU_INITLENGTH); |
|
79
56fa05fd5271
Patch from Robert Simpson for encryption type 2.
Carl Byington <carl@five-ten-sg.com>
parents:
78
diff
changeset
|
55 memset(dict + LZFU_INITLENGTH, 0, sizeof(dict) - LZFU_INITLENGTH); |
| 36 | 56 dict_length = LZFU_INITLENGTH; |
|
79
56fa05fd5271
Patch from Robert Simpson for encryption type 2.
Carl Byington <carl@five-ten-sg.com>
parents:
78
diff
changeset
|
57 |
| 36 | 58 memcpy(&lzfuhdr, rtfcomp, sizeof(lzfuhdr)); |
| 37 | 59 LE32_CPU(lzfuhdr.cbSize); |
| 60 LE32_CPU(lzfuhdr.cbRawSize); | |
| 61 LE32_CPU(lzfuhdr.dwMagic); | |
| 62 LE32_CPU(lzfuhdr.dwCRC); | |
|
41
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
37
diff
changeset
|
63 //printf("total size: %d\n", lzfuhdr.cbSize+4); |
|
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
37
diff
changeset
|
64 //printf("raw size : %d\n", lzfuhdr.cbRawSize); |
|
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
37
diff
changeset
|
65 //printf("compressed: %s\n", (lzfuhdr.dwMagic == LZFU_COMPRESSED ? "yes" : "no")); |
|
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
37
diff
changeset
|
66 //printf("CRC : %#x\n", lzfuhdr.dwCRC); |
|
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
37
diff
changeset
|
67 //printf("\n"); |
|
78
535075b4d261
Patch from Joachim Metz for debian packaging, and fix for incorrect length on lz decompression.
Carl Byington <carl@five-ten-sg.com>
parents:
73
diff
changeset
|
68 out_size = lzfuhdr.cbRawSize; |
|
73
3cb02cb1e6cd
Patch from Robert Simpson to fix doubly-linked list in the cache_ptr code, and allow arrays of unicode strings (without converting them).
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
69 out_buf = (char*)xmalloc(out_size); |
|
41
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
37
diff
changeset
|
70 in_ptr = sizeof(lzfuhdr); |
|
78
535075b4d261
Patch from Joachim Metz for debian packaging, and fix for incorrect length on lz decompression.
Carl Byington <carl@five-ten-sg.com>
parents:
73
diff
changeset
|
71 // Make sure to correct lzfuhdr.cbSize with 4 bytes before comparing |
|
535075b4d261
Patch from Joachim Metz for debian packaging, and fix for incorrect length on lz decompression.
Carl Byington <carl@five-ten-sg.com>
parents:
73
diff
changeset
|
72 // to compsize |
|
535075b4d261
Patch from Joachim Metz for debian packaging, and fix for incorrect length on lz decompression.
Carl Byington <carl@five-ten-sg.com>
parents:
73
diff
changeset
|
73 in_size = (lzfuhdr.cbSize + 4 < compsize) ? lzfuhdr.cbSize + 4 : compsize; |
|
41
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
37
diff
changeset
|
74 while (in_ptr < in_size) { |
|
73
3cb02cb1e6cd
Patch from Robert Simpson to fix doubly-linked list in the cache_ptr code, and allow arrays of unicode strings (without converting them).
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
75 flags = (unsigned char)(rtfcomp[in_ptr++]); |
| 36 | 76 flag_mask = 1; |
|
41
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
37
diff
changeset
|
77 while (flag_mask) { |
| 36 | 78 if (flag_mask & flags) { |
|
41
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
37
diff
changeset
|
79 // two bytes available? |
|
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
37
diff
changeset
|
80 if (in_ptr+1 < in_size) { |
|
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
37
diff
changeset
|
81 // read 2 bytes from input |
|
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
37
diff
changeset
|
82 unsigned short int blkhdr, offset, length; |
|
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
37
diff
changeset
|
83 memcpy(&blkhdr, rtfcomp+in_ptr, 2); |
|
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
37
diff
changeset
|
84 LE16_CPU(blkhdr); |
|
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
37
diff
changeset
|
85 in_ptr += 2; |
|
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
37
diff
changeset
|
86 /* swap the upper and lower bytes of blkhdr */ |
|
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
37
diff
changeset
|
87 blkhdr = (((blkhdr&0xFF00)>>8)+ |
|
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
37
diff
changeset
|
88 ((blkhdr&0x00FF)<<8)); |
|
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
37
diff
changeset
|
89 /* the offset is the first 12 bits of the 16 bit value */ |
|
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
37
diff
changeset
|
90 offset = (blkhdr&0xFFF0)>>4; |
|
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
37
diff
changeset
|
91 /* the length of the dict entry are the last 4 bits */ |
|
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
37
diff
changeset
|
92 length = (blkhdr&0x000F)+2; |
|
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
37
diff
changeset
|
93 // add the value we are about to print to the dictionary |
|
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
37
diff
changeset
|
94 for (i=0; i < length; i++) { |
|
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
37
diff
changeset
|
95 unsigned char c1; |
|
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
37
diff
changeset
|
96 c1 = dict[(offset+i)%4096]; |
|
79
56fa05fd5271
Patch from Robert Simpson for encryption type 2.
Carl Byington <carl@five-ten-sg.com>
parents:
78
diff
changeset
|
97 dict[dict_length] = c1; |
|
41
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
37
diff
changeset
|
98 dict_length = (dict_length+1) % 4096; |
|
73
3cb02cb1e6cd
Patch from Robert Simpson to fix doubly-linked list in the cache_ptr code, and allow arrays of unicode strings (without converting them).
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
99 if (out_ptr < out_size) out_buf[out_ptr++] = (char)c1; |
|
78
535075b4d261
Patch from Joachim Metz for debian packaging, and fix for incorrect length on lz decompression.
Carl Byington <carl@five-ten-sg.com>
parents:
73
diff
changeset
|
100 // required for dictionary wrap around |
|
535075b4d261
Patch from Joachim Metz for debian packaging, and fix for incorrect length on lz decompression.
Carl Byington <carl@five-ten-sg.com>
parents:
73
diff
changeset
|
101 // otherwise 0 byte values are referenced incorrectly |
|
535075b4d261
Patch from Joachim Metz for debian packaging, and fix for incorrect length on lz decompression.
Carl Byington <carl@five-ten-sg.com>
parents:
73
diff
changeset
|
102 dict[dict_length] = 0; |
|
41
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
37
diff
changeset
|
103 } |
| 36 | 104 } |
| 105 } else { | |
|
41
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
37
diff
changeset
|
106 // one byte available? |
|
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
37
diff
changeset
|
107 if (in_ptr < in_size) { |
|
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
37
diff
changeset
|
108 // uncompressed chunk (single byte) |
|
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
37
diff
changeset
|
109 char c1 = rtfcomp[in_ptr++]; |
|
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
37
diff
changeset
|
110 dict[dict_length] = c1; |
|
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
37
diff
changeset
|
111 dict_length = (dict_length+1)%4096; |
|
73
3cb02cb1e6cd
Patch from Robert Simpson to fix doubly-linked list in the cache_ptr code, and allow arrays of unicode strings (without converting them).
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
112 if (out_ptr < out_size) out_buf[out_ptr++] = (char)c1; |
|
78
535075b4d261
Patch from Joachim Metz for debian packaging, and fix for incorrect length on lz decompression.
Carl Byington <carl@five-ten-sg.com>
parents:
73
diff
changeset
|
113 // required for dictionary wrap around |
|
535075b4d261
Patch from Joachim Metz for debian packaging, and fix for incorrect length on lz decompression.
Carl Byington <carl@five-ten-sg.com>
parents:
73
diff
changeset
|
114 // otherwise 0 byte values are referenced incorrect |
|
535075b4d261
Patch from Joachim Metz for debian packaging, and fix for incorrect length on lz decompression.
Carl Byington <carl@five-ten-sg.com>
parents:
73
diff
changeset
|
115 dict[dict_length] = 0; |
|
41
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
37
diff
changeset
|
116 } |
| 36 | 117 } |
| 118 flag_mask <<= 1; | |
| 119 } | |
| 16 | 120 } |
|
85
582e927756d3
Patch from Robert Simpson for file handle leak in error case.
Carl Byington <carl@five-ten-sg.com>
parents:
79
diff
changeset
|
121 *size = out_ptr; |
| 36 | 122 return out_buf; |
| 16 | 123 } |