1 /*
2 * "streamable kanji code filter and converter"
3 * Copyright (c) 1998-2002 HappySize, Inc. All rights reserved.
4 *
5 * LICENSE NOTICES
6 *
7 * This file is part of "streamable kanji code filter and converter",
8 * which is distributed under the terms of GNU Lesser General Public
9 * License (version 2) as published by the Free Software Foundation.
10 *
11 * This software is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with "streamable kanji code filter and converter";
18 * if not, write to the Free Software Foundation, Inc., 59 Temple Place,
19 * Suite 330, Boston, MA 02111-1307 USA
20 *
21 * The author of this file:
22 *
23 */
24 /*
25 * The source code included in this file was separated from mbfilter.c
26 * by moriyoshi koizumi <moriyoshi@php.net> on 4 dec 2002.
27 *
28 */
29
30 #include "mbfilter.h"
31 #include "mbfilter_utf7.h"
32 #include "utf7_helper.h"
33
34 static int mbfl_filt_conv_utf7_wchar_flush(mbfl_convert_filter *filter);
35 static size_t mb_utf7_to_wchar(unsigned char **in, size_t *in_len, uint32_t *buf, size_t bufsize, unsigned int *state);
36 static void mb_wchar_to_utf7(uint32_t *in, size_t len, mb_convert_buf *buf, bool end);
37 static bool mb_check_utf7(unsigned char *in, size_t in_len);
38
39 static const unsigned char mbfl_base64_table[] = {
40 /* 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', */
41 0x41,0x42,0x43,0x44,0x45,0x46,0x47,0x48,0x49,0x4a,0x4b,0x4c,0x4d,
42 /* 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', */
43 0x4e,0x4f,0x50,0x51,0x52,0x53,0x54,0x55,0x56,0x57,0x58,0x59,0x5a,
44 /* 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', */
45 0x61,0x62,0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6a,0x6b,0x6c,0x6d,
46 /* 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', */
47 0x6e,0x6f,0x70,0x71,0x72,0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7a,
48 /* '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '+', '/', '\0' */
49 0x30,0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x2b,0x2f,0x00
50 };
51
52 static const char *mbfl_encoding_utf7_aliases[] = {"utf7", NULL};
53
54 const mbfl_encoding mbfl_encoding_utf7 = {
55 mbfl_no_encoding_utf7,
56 "UTF-7",
57 "UTF-7",
58 mbfl_encoding_utf7_aliases,
59 NULL,
60 MBFL_ENCTYPE_GL_UNSAFE,
61 &vtbl_utf7_wchar,
62 &vtbl_wchar_utf7,
63 mb_utf7_to_wchar,
64 mb_wchar_to_utf7,
65 mb_check_utf7,
66 NULL,
67 };
68
69 const struct mbfl_convert_vtbl vtbl_utf7_wchar = {
70 mbfl_no_encoding_utf7,
71 mbfl_no_encoding_wchar,
72 mbfl_filt_conv_common_ctor,
73 NULL,
74 mbfl_filt_conv_utf7_wchar,
75 mbfl_filt_conv_utf7_wchar_flush,
76 NULL,
77 };
78
79 const struct mbfl_convert_vtbl vtbl_wchar_utf7 = {
80 mbfl_no_encoding_wchar,
81 mbfl_no_encoding_utf7,
82 mbfl_filt_conv_common_ctor,
83 NULL,
84 mbfl_filt_conv_wchar_utf7,
85 mbfl_filt_conv_wchar_utf7_flush,
86 NULL,
87 };
88
89
90 #define CK(statement) do { if ((statement) < 0) return (-1); } while (0)
91
decode_base64_char(unsigned char c)92 static unsigned int decode_base64_char(unsigned char c)
93 {
94 if (c >= 'A' && c <= 'Z') {
95 return c - 65;
96 } else if (c >= 'a' && c <= 'z') {
97 return c - 71;
98 } else if (c >= '0' && c <= '9') {
99 return c + 4;
100 } else if (c == '+') {
101 return 62;
102 } else if (c == '/') {
103 return 63;
104 }
105 return -1;
106 }
107
mbfl_filt_conv_utf7_wchar(int c,mbfl_convert_filter * filter)108 int mbfl_filt_conv_utf7_wchar(int c, mbfl_convert_filter *filter)
109 {
110 int s, n = -1;
111
112 if (filter->status) { /* Modified Base64 */
113 n = decode_base64_char(c);
114 if (n < 0) {
115 if (filter->cache) {
116 /* Either we were expecting the 2nd half of a surrogate pair which
117 * never came, or else the last Base64 data was not padded with zeroes */
118 (*filter->output_function)(MBFL_BAD_INPUT, filter->data);
119 }
120 if (c == '-') {
121 if (filter->status == 1) { /* "+-" -> "+" */
122 CK((*filter->output_function)('+', filter->data));
123 }
124 } else if (c >= 0 && c < 0x80) { /* ASCII exclude '-' */
125 CK((*filter->output_function)(c, filter->data));
126 } else { /* illegal character */
127 CK((*filter->output_function)(MBFL_BAD_INPUT, filter->data));
128 }
129 filter->cache = filter->status = 0;
130 return 0;
131 }
132 }
133
134 switch (filter->status) {
135 /* directly encoded characters */
136 case 0:
137 if (c == '+') { /* '+' shift character */
138 filter->status = 1;
139 } else if (c >= 0 && c < 0x80) { /* ASCII */
140 CK((*filter->output_function)(c, filter->data));
141 } else { /* illegal character */
142 CK((*filter->output_function)(MBFL_BAD_INPUT, filter->data));
143 }
144 break;
145
146 /* decode Modified Base64 */
147 case 1:
148 case 2:
149 filter->cache |= n << 10;
150 filter->status = 3;
151 break;
152 case 3:
153 filter->cache |= n << 4;
154 filter->status = 4;
155 break;
156 case 4:
157 s = ((n >> 2) & 0xf) | (filter->cache & 0xffff);
158 n = (n & 0x3) << 14;
159 filter->status = 5;
160 if (s >= 0xd800 && s < 0xdc00) {
161 /* 1st part of surrogate pair */
162 if (filter->cache & 0xfff0000) {
163 /* We were waiting for the 2nd part of a surrogate pair */
164 (*filter->output_function)(MBFL_BAD_INPUT, filter->data);
165 }
166 s = (((s & 0x3ff) << 16) + 0x400000) | n;
167 filter->cache = s;
168 } else if (s >= 0xdc00 && s < 0xe000) {
169 /* 2nd part of surrogate pair */
170 if (filter->cache & 0xfff0000) {
171 s &= 0x3ff;
172 s |= (filter->cache & 0xfff0000) >> 6;
173 filter->cache = n;
174 CK((*filter->output_function)(s, filter->data));
175 } else {
176 CK((*filter->output_function)(MBFL_BAD_INPUT, filter->data));
177 filter->cache = n;
178 }
179 } else {
180 if (filter->cache & 0xfff0000) {
181 /* We were waiting for the 2nd part of a surrogate pair */
182 (*filter->output_function)(MBFL_BAD_INPUT, filter->data);
183 }
184 filter->cache = n;
185 CK((*filter->output_function)(s, filter->data));
186 }
187 break;
188
189 case 5:
190 filter->cache |= n << 8;
191 filter->status = 6;
192 break;
193 case 6:
194 filter->cache |= n << 2;
195 filter->status = 7;
196 break;
197 case 7:
198 s = ((n >> 4) & 0x3) | (filter->cache & 0xffff);
199 n = (n & 0xf) << 12;
200 filter->status = 8;
201 if (s >= 0xd800 && s < 0xdc00) {
202 if (filter->cache & 0xfff0000) {
203 /* We were waiting for the 2nd part of a surrogate pair */
204 (*filter->output_function)(MBFL_BAD_INPUT, filter->data);
205 }
206 s = (((s & 0x3ff) << 16) + 0x400000) | n;
207 filter->cache = s;
208 } else if (s >= 0xdc00 && s < 0xe000) {
209 /* 2nd part of surrogate pair */
210 if (filter->cache & 0xfff0000) {
211 s &= 0x3ff;
212 s |= (filter->cache & 0xfff0000) >> 6;
213 filter->cache = n;
214 CK((*filter->output_function)(s, filter->data));
215 } else {
216 CK((*filter->output_function)(MBFL_BAD_INPUT, filter->data));
217 filter->cache = n;
218 }
219 } else {
220 if (filter->cache & 0xfff0000) {
221 /* We were waiting for the 2nd part of a surrogate pair */
222 (*filter->output_function)(MBFL_BAD_INPUT, filter->data);
223 }
224 filter->cache = n;
225 CK((*filter->output_function)(s, filter->data));
226 }
227 break;
228
229 case 8:
230 filter->cache |= n << 6;
231 filter->status = 9;
232 break;
233 case 9:
234 s = n | (filter->cache & 0xffff);
235 filter->status = 2;
236 if (s >= 0xd800 && s < 0xdc00) {
237 if (filter->cache & 0xfff0000) {
238 /* We were waiting for the 2nd part of a surrogate pair */
239 (*filter->output_function)(MBFL_BAD_INPUT, filter->data);
240 }
241 s = (((s & 0x3ff) << 16) + 0x400000);
242 filter->cache = s;
243 } else if (s >= 0xdc00 && s < 0xe000) {
244 if (filter->cache & 0xfff0000) {
245 s &= 0x3ff;
246 s |= (filter->cache & 0xfff0000) >> 6;
247 filter->cache = 0;
248 CK((*filter->output_function)(s, filter->data));
249 } else {
250 CK((*filter->output_function)(MBFL_BAD_INPUT, filter->data));
251 filter->cache = 0;
252 }
253 } else {
254 if (filter->cache & 0xfff0000) {
255 /* We were waiting for the 2nd part of a surrogate pair */
256 (*filter->output_function)(MBFL_BAD_INPUT, filter->data);
257 }
258 filter->cache = 0;
259 CK((*filter->output_function)(s, filter->data));
260 }
261 break;
262
263 EMPTY_SWITCH_DEFAULT_CASE();
264 }
265
266 return 0;
267 }
268
mbfl_filt_conv_utf7_wchar_flush(mbfl_convert_filter * filter)269 static int mbfl_filt_conv_utf7_wchar_flush(mbfl_convert_filter *filter)
270 {
271 if (filter->cache) {
272 /* Either we were expecting the 2nd half of a surrogate pair which
273 * never came, or else the last Base64 data was not padded with zeroes */
274 filter->cache = 0;
275 (*filter->output_function)(MBFL_BAD_INPUT, filter->data);
276 }
277
278 if (filter->flush_function) {
279 (*filter->flush_function)(filter->data);
280 }
281
282 return 0;
283 }
284
mbfl_filt_conv_wchar_utf7(int c,mbfl_convert_filter * filter)285 int mbfl_filt_conv_wchar_utf7(int c, mbfl_convert_filter *filter)
286 {
287 int s;
288
289 int n = 0;
290 if (c >= 0 && c < 0x80) { /* ASCII */
291 if ((c >= 'A' && c <= 'Z') || (c >= 'a' && c <= 'z') || (c >= '0' && c <= '9') || c == '\0' || c == '/' || c == '-') {
292 n = 1;
293 } else if (c == ' ' || c == '\t' || c == '\r' || c == '\n' || c == '\'' || c == '(' || c == ')' || c == ',' || c == '.' || c == ':' || c == '?') {
294 n = 2;
295 }
296 } else if (c >= 0 && c < MBFL_WCSPLANE_UCS2MAX) {
297 ;
298 } else if (c >= MBFL_WCSPLANE_SUPMIN && c < MBFL_WCSPLANE_UTF32MAX) {
299 CK((*filter->filter_function)(((c >> 10) - 0x40) | 0xd800, filter));
300 CK((*filter->filter_function)((c & 0x3ff) | 0xdc00, filter));
301 return 0;
302 } else {
303 CK(mbfl_filt_conv_illegal_output(c, filter));
304 return 0;
305 }
306
307 switch (filter->status) {
308 case 0:
309 if (n != 0) { /* directly encode characters */
310 CK((*filter->output_function)(c, filter->data));
311 } else { /* Modified Base64 */
312 CK((*filter->output_function)('+', filter->data));
313 filter->status = 1;
314 filter->cache = c;
315 }
316 break;
317
318 /* encode Modified Base64 */
319 case 1:
320 s = filter->cache;
321 CK((*filter->output_function)(mbfl_base64_table[(s >> 10) & 0x3f], filter->data));
322 CK((*filter->output_function)(mbfl_base64_table[(s >> 4) & 0x3f], filter->data));
323 if (n != 0) {
324 CK((*filter->output_function)(mbfl_base64_table[(s << 2) & 0x3c], filter->data));
325 if (n == 1) {
326 CK((*filter->output_function)('-', filter->data));
327 }
328 CK((*filter->output_function)(c, filter->data));
329 filter->status = 0;
330 } else {
331 filter->status = 2;
332 filter->cache = ((s & 0xf) << 16) | c;
333 }
334 break;
335
336 case 2:
337 s = filter->cache;
338 CK((*filter->output_function)(mbfl_base64_table[(s >> 14) & 0x3f], filter->data));
339 CK((*filter->output_function)(mbfl_base64_table[(s >> 8) & 0x3f], filter->data));
340 CK((*filter->output_function)(mbfl_base64_table[(s >> 2) & 0x3f], filter->data));
341 if (n != 0) {
342 CK((*filter->output_function)(mbfl_base64_table[(s << 4) & 0x30], filter->data));
343 if (n == 1) {
344 CK((*filter->output_function)('-', filter->data));
345 }
346 CK((*filter->output_function)(c, filter->data));
347 filter->status = 0;
348 } else {
349 filter->status = 3;
350 filter->cache = ((s & 0x3) << 16) | c;
351 }
352 break;
353
354 case 3:
355 s = filter->cache;
356 CK((*filter->output_function)(mbfl_base64_table[(s >> 12) & 0x3f], filter->data));
357 CK((*filter->output_function)(mbfl_base64_table[(s >> 6) & 0x3f], filter->data));
358 CK((*filter->output_function)(mbfl_base64_table[s & 0x3f], filter->data));
359 if (n != 0) {
360 if (n == 1) {
361 CK((*filter->output_function)('-', filter->data));
362 }
363 CK((*filter->output_function)(c, filter->data));
364 filter->status = 0;
365 } else {
366 filter->status = 1;
367 filter->cache = c;
368 }
369 break;
370
371 EMPTY_SWITCH_DEFAULT_CASE();
372 }
373
374 return 0;
375 }
376
mbfl_filt_conv_wchar_utf7_flush(mbfl_convert_filter * filter)377 int mbfl_filt_conv_wchar_utf7_flush(mbfl_convert_filter *filter)
378 {
379 int status = filter->status;
380 int cache = filter->cache;
381 filter->status = filter->cache = 0;
382
383 /* flush fragments */
384 switch (status) {
385 case 1:
386 CK((*filter->output_function)(mbfl_base64_table[(cache >> 10) & 0x3f], filter->data));
387 CK((*filter->output_function)(mbfl_base64_table[(cache >> 4) & 0x3f], filter->data));
388 CK((*filter->output_function)(mbfl_base64_table[(cache << 2) & 0x3c], filter->data));
389 CK((*filter->output_function)('-', filter->data));
390 break;
391
392 case 2:
393 CK((*filter->output_function)(mbfl_base64_table[(cache >> 14) & 0x3f], filter->data));
394 CK((*filter->output_function)(mbfl_base64_table[(cache >> 8) & 0x3f], filter->data));
395 CK((*filter->output_function)(mbfl_base64_table[(cache >> 2) & 0x3f], filter->data));
396 CK((*filter->output_function)(mbfl_base64_table[(cache << 4) & 0x30], filter->data));
397 CK((*filter->output_function)('-', filter->data));
398 break;
399
400 case 3:
401 CK((*filter->output_function)(mbfl_base64_table[(cache >> 12) & 0x3f], filter->data));
402 CK((*filter->output_function)(mbfl_base64_table[(cache >> 6) & 0x3f], filter->data));
403 CK((*filter->output_function)(mbfl_base64_table[cache & 0x3f], filter->data));
404 CK((*filter->output_function)('-', filter->data));
405 break;
406 }
407
408 if (filter->flush_function) {
409 (*filter->flush_function)(filter->data);
410 }
411
412 return 0;
413 }
414
is_base64_end(unsigned char c)415 static inline bool is_base64_end(unsigned char c)
416 {
417 return c >= DASH;
418 }
419
is_optional_direct(unsigned char c)420 static bool is_optional_direct(unsigned char c)
421 {
422 /* Characters that are allowed to be encoded by Base64 or directly encoded */
423 return c == '!' || c == '"' || c == '#' || c == '$' || c == '%' || c == '&' || c == '*' || c == ';' || c == '<' ||
424 c == '=' || c == '>' || c == '@' || c == '[' || c == ']' || c == '^' || c == '_' || c == '`' || c == '{' ||
425 c == '|' || c == '}';
426 }
427
can_end_base64(uint32_t c)428 static bool can_end_base64(uint32_t c)
429 {
430 return c == ' ' || c == '\t' || c == '\r' || c == '\n' || c == '\'' || c == '(' || c == ')' || c == ',' || c == '.' || c == ':' || c == '?';
431 }
432
decode_base64(unsigned char c)433 static unsigned char decode_base64(unsigned char c)
434 {
435 if (c >= 'A' && c <= 'Z') {
436 return c - 65;
437 } else if (c >= 'a' && c <= 'z') {
438 return c - 71;
439 } else if (c >= '0' && c <= '9') {
440 return c + 4;
441 } else if (c == '+') {
442 return 62;
443 } else if (c == '/') {
444 return 63;
445 } else if (c == '-') {
446 return DASH;
447 } else if (can_end_base64(c) || is_optional_direct(c) || c == '\0') {
448 return DIRECT;
449 } else if (c <= 0x7F) {
450 return ASCII;
451 }
452 return ILLEGAL;
453 }
454
handle_utf16_cp(uint16_t cp,uint32_t * out,uint16_t * surrogate1)455 static uint32_t* handle_utf16_cp(uint16_t cp, uint32_t *out, uint16_t *surrogate1)
456 {
457 retry:
458 if (*surrogate1) {
459 if (cp >= 0xDC00 && cp <= 0xDFFF) {
460 *out++ = ((*surrogate1 & 0x3FF) << 10) + (cp & 0x3FF) + 0x10000;
461 *surrogate1 = 0;
462 } else {
463 *out++ = MBFL_BAD_INPUT;
464 *surrogate1 = 0;
465 goto retry;
466 }
467 } else if (cp >= 0xD800 && cp <= 0xDBFF) {
468 *surrogate1 = cp;
469 } else if (cp >= 0xDC00 && cp <= 0xDFFF) {
470 /* 2nd part of surrogate pair came unexpectedly */
471 *out++ = MBFL_BAD_INPUT;
472 } else {
473 *out++ = cp;
474 }
475 return out;
476 }
477
handle_base64_end(unsigned char n,unsigned char ** p,uint32_t * out,bool * base64,bool abrupt,uint16_t * surrogate1)478 static uint32_t* handle_base64_end(unsigned char n, unsigned char **p, uint32_t *out, bool *base64, bool abrupt, uint16_t *surrogate1)
479 {
480 if (abrupt || *surrogate1) {
481 *out++ = MBFL_BAD_INPUT;
482 *surrogate1 = 0;
483 }
484
485 if (n == ILLEGAL) {
486 *out++ = MBFL_BAD_INPUT;
487 } else if (n == DIRECT || n == ASCII) {
488 (*p)--; /* Unconsume byte */
489 }
490
491 *base64 = false;
492 return out;
493 }
494
mb_utf7_to_wchar(unsigned char ** in,size_t * in_len,uint32_t * buf,size_t bufsize,unsigned int * state)495 static size_t mb_utf7_to_wchar(unsigned char **in, size_t *in_len, uint32_t *buf, size_t bufsize, unsigned int *state)
496 {
497 ZEND_ASSERT(bufsize >= 5); /* This function will infinite-loop if called with a tiny output buffer */
498
499 /* Why does this require a minimum output buffer size of 5?
500 * There is one case where one iteration of the main 'while' loop below will emit 5 wchars:
501 * that is if the first half of a surrogate pair is followed by an otherwise valid codepoint which
502 * is not the 2nd half of a surrogate pair, then another valid codepoint, then the Base64-encoded
503 * section ends with a byte which is not a valid Base64 character, AND which also is not in a
504 * position where we would expect the Base64-encoded section to end */
505
506 unsigned char *p = *in, *e = p + *in_len;
507 uint32_t *out = buf, *limit = buf + bufsize;
508
509 bool base64 = *state & 1;
510 uint16_t surrogate1 = (*state >> 1); /* First half of a surrogate pair which still needs 2nd half */
511
512 while (p < e && out < limit) {
513 if (base64) {
514 /* Base64 section */
515 if ((limit - out) < 5) {
516 break;
517 }
518
519 unsigned char n1 = decode_base64(*p++);
520 if (is_base64_end(n1)) {
521 out = handle_base64_end(n1, &p, out, &base64, false, &surrogate1);
522 continue;
523 } else if (p == e) {
524 out = handle_base64_end(n1, &p, out, &base64, true, &surrogate1);
525 continue;
526 }
527 unsigned char n2 = decode_base64(*p++);
528 if (is_base64_end(n2) || p == e) {
529 out = handle_base64_end(n2, &p, out, &base64, true, &surrogate1);
530 continue;
531 }
532 unsigned char n3 = decode_base64(*p++);
533 if (is_base64_end(n3)) {
534 out = handle_base64_end(n3, &p, out, &base64, true, &surrogate1);
535 continue;
536 }
537 out = handle_utf16_cp((n1 << 10) | (n2 << 4) | ((n3 & 0x3C) >> 2), out, &surrogate1);
538 if (p == e) {
539 /* It is an error if trailing padding bits are not zeroes or if we were
540 * expecting the 2nd part of a surrogate pair when Base64 section ends */
541 if ((n3 & 0x3) || surrogate1) {
542 *out++ = MBFL_BAD_INPUT;
543 surrogate1 = 0;
544 }
545 break;
546 }
547
548 unsigned char n4 = decode_base64(*p++);
549 if (is_base64_end(n4)) {
550 out = handle_base64_end(n4, &p, out, &base64, n3 & 0x3, &surrogate1);
551 continue;
552 } else if (p == e) {
553 out = handle_base64_end(n4, &p, out, &base64, true, &surrogate1);
554 continue;
555 }
556 unsigned char n5 = decode_base64(*p++);
557 if (is_base64_end(n5) || p == e) {
558 out = handle_base64_end(n5, &p, out, &base64, true, &surrogate1);
559 continue;
560 }
561 unsigned char n6 = decode_base64(*p++);
562 if (is_base64_end(n6)) {
563 out = handle_base64_end(n6, &p, out, &base64, true, &surrogate1);
564 continue;
565 }
566 out = handle_utf16_cp((n3 << 14) | (n4 << 8) | (n5 << 2) | ((n6 & 0x30) >> 4), out, &surrogate1);
567 if (p == e) {
568 if ((n6 & 0xF) || surrogate1) {
569 *out++ = MBFL_BAD_INPUT;
570 surrogate1 = 0;
571 }
572 break;
573 }
574
575 unsigned char n7 = decode_base64(*p++);
576 if (is_base64_end(n7)) {
577 out = handle_base64_end(n7, &p, out, &base64, n6 & 0xF, &surrogate1);
578 continue;
579 } else if (p == e) {
580 out = handle_base64_end(n7, &p, out, &base64, true, &surrogate1);
581 continue;
582 }
583 unsigned char n8 = decode_base64(*p++);
584 if (is_base64_end(n8)) {
585 out = handle_base64_end(n8, &p, out, &base64, true, &surrogate1);
586 continue;
587 }
588 out = handle_utf16_cp((n6 << 12) | (n7 << 6) | n8, out, &surrogate1);
589 } else {
590 /* ASCII text section */
591 unsigned char c = *p++;
592
593 if (c == '+') {
594 if (p < e) {
595 if (*p == '-') {
596 *out++ = '+';
597 p++;
598 } else {
599 base64 = true;
600 }
601 }
602 /* If a + comes at the end of the input string... do nothing about it */
603 } else if (c <= 0x7F) {
604 *out++ = c;
605 } else {
606 *out++ = MBFL_BAD_INPUT;
607 }
608 }
609 }
610
611 if (p == e && surrogate1) {
612 ZEND_ASSERT(out < limit);
613 *out++ = MBFL_BAD_INPUT;
614 }
615
616 *state = (surrogate1 << 1) | base64;
617 *in_len = e - p;
618 *in = p;
619 return out - buf;
620 }
621
should_direct_encode(uint32_t c)622 static bool should_direct_encode(uint32_t c)
623 {
624 return (c >= 'A' && c <= 'Z') || (c >= 'a' && c <= 'z') || (c >= '0' && c <= '9') || c == '\0' || c == '/' || c == '-' || can_end_base64(c);
625 }
626
627 #define SAVE_CONVERSION_STATE() buf->state = (cache << 4) | (nbits << 1) | base64
628 #define RESTORE_CONVERSION_STATE() base64 = (buf->state & 1); nbits = (buf->state >> 1) & 0x7; cache = (buf->state >> 4)
629
mb_wchar_to_utf7(uint32_t * in,size_t len,mb_convert_buf * buf,bool end)630 static void mb_wchar_to_utf7(uint32_t *in, size_t len, mb_convert_buf *buf, bool end)
631 {
632 unsigned char *out, *limit;
633 MB_CONVERT_BUF_LOAD(buf, out, limit);
634
635 /* Make enough space such that if the input string is all ASCII (not including '+'),
636 * we can copy it to the output buffer without checking for available space.
637 * However, if we find anything which is not plain ASCII, additional checks for
638 * output buffer space will be needed. */
639 MB_CONVERT_BUF_ENSURE(buf, out, limit, len);
640
641 bool base64;
642 unsigned char nbits, cache; /* `nbits` is the number of cached bits; either 0, 2, or 4 */
643 RESTORE_CONVERSION_STATE();
644
645 while (len--) {
646 uint32_t w = *in++;
647 if (base64) {
648 if (should_direct_encode(w)) {
649 /* End of Base64 section. Drain buffered bits (if any), close Base64 section */
650 base64 = false;
651 in--; len++; /* Unconsume codepoint; it will be handled by 'ASCII section' code below */
652 MB_CONVERT_BUF_ENSURE(buf, out, limit, len + 2);
653 if (nbits) {
654 out = mb_convert_buf_add(out, mbfl_base64_table[(cache << (6 - nbits)) & 0x3F]);
655 }
656 nbits = cache = 0;
657 if (!can_end_base64(w)) {
658 out = mb_convert_buf_add(out, '-');
659 }
660 } else if (w >= MBFL_WCSPLANE_UTF32MAX) {
661 /* Make recursive call to add an error marker character */
662 SAVE_CONVERSION_STATE();
663 MB_CONVERT_ERROR(buf, out, limit, w, mb_wchar_to_utf7);
664 MB_CONVERT_BUF_ENSURE(buf, out, limit, len);
665 RESTORE_CONVERSION_STATE();
666 } else {
667 /* Encode codepoint, preceded by any cached bits, as Base64
668 * Make enough space in the output buffer to hold both any bytes that
669 * we emit right here, plus any finishing byte which might need to
670 * be emitted if the input string ends abruptly */
671 uint64_t bits;
672 if (w >= MBFL_WCSPLANE_SUPMIN) {
673 /* Must use surrogate pair */
674 MB_CONVERT_BUF_ENSURE(buf, out, limit, 7);
675 w -= 0x10000;
676 bits = ((uint64_t)cache << 32) | 0xD800DC00L | ((w & 0xFFC00) << 6) | (w & 0x3FF);
677 nbits += 32;
678 } else {
679 MB_CONVERT_BUF_ENSURE(buf, out, limit, 4);
680 bits = (cache << 16) | w;
681 nbits += 16;
682 }
683
684 while (nbits >= 6) {
685 out = mb_convert_buf_add(out, mbfl_base64_table[(bits >> (nbits - 6)) & 0x3F]);
686 nbits -= 6;
687 }
688 cache = bits;
689 }
690 } else {
691 /* ASCII section */
692 if (should_direct_encode(w)) {
693 out = mb_convert_buf_add(out, w);
694 } else if (w >= MBFL_WCSPLANE_UTF32MAX) {
695 buf->state = 0;
696 MB_CONVERT_ERROR(buf, out, limit, w, mb_wchar_to_utf7);
697 MB_CONVERT_BUF_ENSURE(buf, out, limit, len);
698 RESTORE_CONVERSION_STATE();
699 } else {
700 out = mb_convert_buf_add(out, '+');
701 base64 = true;
702 in--; len++; /* Unconsume codepoint; it will be handled by Base64 code above */
703 }
704 }
705 }
706
707 if (end) {
708 if (nbits) {
709 out = mb_convert_buf_add(out, mbfl_base64_table[(cache << (6 - nbits)) & 0x3F]);
710 }
711 if (base64) {
712 MB_CONVERT_BUF_ENSURE(buf, out, limit, 1);
713 out = mb_convert_buf_add(out, '-');
714 }
715 } else {
716 SAVE_CONVERSION_STATE();
717 }
718
719 MB_CONVERT_BUF_STORE(buf, out, limit);
720 }
721
is_utf16_cp_valid(uint16_t cp,bool is_surrogate)722 static bool is_utf16_cp_valid(uint16_t cp, bool is_surrogate)
723 {
724 if (is_surrogate) {
725 return cp >= 0xDC00 && cp <= 0xDFFF;
726 } else {
727 /* 2nd part of surrogate pair came unexpectedly */
728 return !(cp >= 0xDC00 && cp <= 0xDFFF);
729 }
730 }
731
can_encode_directly(unsigned char c)732 static bool can_encode_directly(unsigned char c)
733 {
734 return should_direct_encode(c) || is_optional_direct(c) || c == '\0';
735 }
736
mb_check_utf7(unsigned char * in,size_t in_len)737 static bool mb_check_utf7(unsigned char *in, size_t in_len)
738 {
739 unsigned char *p = in, *e = p + in_len;
740 bool base64 = false;
741 bool is_surrogate = false;
742
743 while (p < e) {
744 if (base64) {
745 unsigned char n1 = decode_base64(*p++);
746 if (is_base64_end(n1)) {
747 if (!is_base64_end_valid(n1, false, is_surrogate)) {
748 return false;
749 }
750 base64 = false;
751 continue;
752 } else if (p == e) {
753 return false;
754 }
755 unsigned char n2 = decode_base64(*p++);
756 if (is_base64_end(n2) || p == e) {
757 return false;
758 }
759 unsigned char n3 = decode_base64(*p++);
760 if (is_base64_end(n3)) {
761 return false;
762 }
763 uint16_t cp1 = (n1 << 10) | (n2 << 4) | ((n3 & 0x3C) >> 2);
764 if (!is_utf16_cp_valid(cp1, is_surrogate)) {
765 return false;
766 }
767 is_surrogate = has_surrogate(cp1, is_surrogate);
768 if (p == e) {
769 /* It is an error if trailing padding bits are not zeroes or if we were
770 * expecting the 2nd part of a surrogate pair when Base64 section ends */
771 return !((n3 & 0x3) || is_surrogate);
772 }
773
774 unsigned char n4 = decode_base64(*p++);
775 if (is_base64_end(n4)) {
776 if (!is_base64_end_valid(n4, n3 & 0x3, is_surrogate)) {
777 return false;
778 }
779 base64 = false;
780 continue;
781 } else if (p == e) {
782 return false;
783 }
784 unsigned char n5 = decode_base64(*p++);
785 if (is_base64_end(n5) || p == e) {
786 return false;
787 }
788 unsigned char n6 = decode_base64(*p++);
789 if (is_base64_end(n6)) {
790 return false;
791 }
792 uint16_t cp2 = (n3 << 14) | (n4 << 8) | (n5 << 2) | ((n6 & 0x30) >> 4);
793 if (!is_utf16_cp_valid(cp2, is_surrogate)) {
794 return false;
795 }
796 is_surrogate = has_surrogate(cp2, is_surrogate);
797 if (p == e) {
798 return !((n6 & 0xF) || is_surrogate);
799 }
800
801 unsigned char n7 = decode_base64(*p++);
802 if (is_base64_end(n7)) {
803 if (!is_base64_end_valid(n7, n6 & 0xF, is_surrogate)) {
804 return false;
805 }
806 base64 = false;
807 continue;
808 } else if (p == e) {
809 return false;
810 }
811 unsigned char n8 = decode_base64(*p++);
812 if (is_base64_end(n8)) {
813 return false;
814 }
815 uint16_t cp3 = (n6 << 12) | (n7 << 6) | n8;
816 if (!is_utf16_cp_valid(cp3, is_surrogate)) {
817 return false;
818 }
819 is_surrogate = has_surrogate(cp3, is_surrogate);
820 } else {
821 /* ASCII text section */
822 unsigned char c = *p++;
823
824 if (c == '+') {
825 if (p == e) {
826 base64 = true;
827 return !is_surrogate;
828 }
829 unsigned char n = decode_base64(*p);
830 if (n == DASH) {
831 p++;
832 } else if (n > DASH) {
833 /* If a "+" character followed immediately by any character other than base64 or "-" */
834 return false;
835 } else {
836 base64 = true;
837 }
838 } else if (can_encode_directly(c)) {
839 continue;
840 } else {
841 return false;
842 }
843 }
844 }
845 return !is_surrogate;
846 }
847