From 83a4d0bb8841b656b62001b5c5976a6f47956afb Mon Sep 17 00:00:00 2001
From: TLINDEN <git@daemon.de>
Date: Sun, 9 Feb 2014 13:50:48 +0100
Subject: [PATCH] rewrote z85 decoder, uses Buffer* class now

---
 ChangeLog     | 14 +++++++++
 TODO          |  8 -----
 include/pcp.h |  1 -
 libpcp/z85.c  | 87 +++++++++++++++++++++++++++++++++------------------
 src/pcp.c     |  3 +-
 5 files changed, 71 insertions(+), 42 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index a0d61b9..48c0e11 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,20 @@
 	the cleartext content (both hashed together) and
 	encrypted afterwards.
 
+	Re-implemented pcp_readz85string() function, it's
+	now much more fault tolerant and flexible and
+	save against overflows. It is able to catch a
+	multitude of z85 encoded inputs, such as multiline
+	z85 data, oneline z85 data, including or without
+	headers/footers and it considers any single line
+	of content which ends with [\r]\n and contains
+	a whitespace as comment.
+
+	Added Buffer 'class' internal api to make it easier
+	to work with binary data in various, flexible and
+	error prone ways. Cribbed from the code in
+	openssh/buffer.c.
+	
 0.2.0	ED25519 and Curve25519 keys are now generated
 	separately (previously they were generated from
 	one random seed, the curve had been derived from
diff --git a/TODO b/TODO
index 1e7436f..11cc0c6 100644
--- a/TODO
+++ b/TODO
@@ -1,9 +1,3 @@
-libpcp/z85.c:148 free(z85) leads to coredump on aix sometimes
-
-Bug: pcp_z85_decode() segfaults at z85.c:83 if input consists of "-----" only.
-
-Bug: pcp_z85_decode() fails if after end marker follows something, even whitespaces
-
 key++: normalize id and lc()
 
 allow signing using an alternate secret key, like in pcpdecrypt()
@@ -23,5 +17,3 @@ cipher output. include recipient list also in the signature.
 Implement pbp fix https://github.com/stef/pbp/commit/7d7b7c9ecb7604ad22938f5b68a624093a417bfa
 
 Implement z85 for pbp stuff: https://github.com/stef/pbp/commit/9fa45f6a108ba910f41e863405c5527af8d70e84 :) !!!!
-
-Change Z85 encoder: leave the leading count octet and just zero pad the input, remove any zeroes when decoding
\ No newline at end of file
diff --git a/include/pcp.h b/include/pcp.h
index 79325d7..a685285 100644
--- a/include/pcp.h
+++ b/include/pcp.h
@@ -7,7 +7,6 @@ extern "C" {
 
 #include "pcp/base85.h"
 #include "pcp/buffer.h"
-#include "pcp/config.h"
 #include "pcp/crypto.h"
 #include "pcp/defines.h"
 #include "pcp/digital_crc32.h"
diff --git a/libpcp/z85.c b/libpcp/z85.c
index a270218..250436b 100644
--- a/libpcp/z85.c
+++ b/libpcp/z85.c
@@ -41,7 +41,6 @@ unsigned char *pcp_padfour(unsigned char *src, size_t srclen, size_t *dstlen) {
 
 unsigned char *pcp_unpadfour(unsigned char *src, size_t srclen, size_t *dstlen) {
   size_t outlen;
-  size_t numzeroes;
   size_t i;
 
   outlen = srclen;
@@ -178,51 +177,77 @@ char *pcp_readz85file(FILE *infile) {
 }
 
 char *pcp_readz85string(unsigned char *input, size_t bufsize) {
-  char *ret;
-  int i, outsize, lpos, x;
-  lpos = outsize = 0;
+  int i;
   size_t MAXLINE = 1024;
 
-  unsigned char *out = ucmalloc(bufsize);
-  char *line = ucmalloc(MAXLINE);
+  Buffer *z = buffer_new(MAXLINE, "z");
+  Buffer *line = buffer_new(MAXLINE, "line");
+  char *oneline;
+  int begin, end;
+  begin = end = 0;
+  char *out = NULL;
 
   for(i=0; i<bufsize; ++i) {
-    if(lpos > MAXLINE) {
-      /*  huh, now that's suspicious */
-      fatal("Invalid input, line is too long (%d bytes so far)!\n", lpos);
-      goto rferr;
-    }
-    if(input[i] != '\n' && input[i] != '\r') {
-      line[lpos++] = input[i];
-    }
-    else {
-      if(line[0] != ' ' && strncmp(line, "-----", 5) != 0) {
-	if(lpos > 0) {
-	  for(x=0;x<lpos;++x) 
-	    out[outsize+x] = line[x];
-	  outsize += lpos;
-	  lpos = 0;
+    if(input[i] == '\r')
+      continue;
+    else if(input[i] == '\n') {
+      /* a line is complete */
+      oneline = buffer_get_str(line);
+      if(strncmp(oneline, "-----", 5) == 0 ) {
+	if(begin == 0) {
+	/* a begin header, reset whatever we've got so far in z buffer */
+	  begin = 1;
+	  buffer_clear(line);
+	  buffer_clear(z);
+	  continue;
+	}
+	else {
+	  /* an end header */
+	  end = 1;
+	  break;
 	}
       }
-      else {
-	lpos = 0;
+      else if(strchr(oneline, ' ') != NULL) {
+	/* a comment */
+	buffer_clear(line);
+	continue;
       }
+      else {
+	/* regular z85 encoded content */
+	buffer_add_buf(z, line);
+	buffer_clear(line);
+      }
+    }
+    else {
+      /* regular line content */
+      buffer_add8(line, input[i]);
     }
   }
 
-  out[outsize+1] = '\0';
+  if(buffer_size(line) > 0) {
+    /* something left in line buffer, probably
+       newline at eof missing or no multiline input */
+    buffer_add_buf(z, line);  
+  }
 
-  ret = ucmalloc(outsize+1);
-  memcpy(ret, out, outsize+1);
+  if(buffer_size(z) == 0) {
+    fatal("empty z85 encoded string");
+    goto rferr;
+  }
 
-  free(out);
-  free(line);
+  out = ucmalloc(buffer_size(z)+1);
+  strncpy(out, buffer_get_str(z), buffer_size(z)+1);
 
-  return ret;
+  fprintf(stderr, "got: \n<%s>\n", out);
+
+  buffer_free(z);
+  buffer_free(line);
+
+  return out;
 
  rferr:
-  free(out);
-  free(line);
+  buffer_free(z);
+  buffer_free(line);
 
   return NULL;
 }
diff --git a/src/pcp.c b/src/pcp.c
index b0eddbc..489190b 100644
--- a/src/pcp.c
+++ b/src/pcp.c
@@ -263,13 +263,13 @@ int main (int argc, char **argv)  {
 
 
   sodium_init(); /*  FIXME: better called from the lib? */
+  errno = 0; /* FIXME: workaround for https://github.com/jedisct1/libsodium/issues/114 */
 
   if(mode == PCP_MODE_ENCRYPT && useid == 0 && userec == 0) {
     usevault = 0;
     mode = PCP_MODE_ENCRYPT_ME;
   }
 
-
   if(argc >= 1) {
     /* ok, there are arguments left on the commandline.
        treat it as filename or recipient, depending on
@@ -333,7 +333,6 @@ int main (int argc, char **argv)  {
     }
   }
 
-
   /* check if there's some enviroment we could use */
   if(usevault == 1) {
     char *_vaultfile = getenv("PCP_VAULT");