1 /* $NetBSD: cdf.c,v 1.21 2023/08/18 19:00:11 christos Exp $ */ 2 3 /*- 4 * Copyright (c) 2008 Christos Zoulas 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 17 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 18 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 19 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 20 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26 * POSSIBILITY OF SUCH DAMAGE. 27 */ 28 /* 29 * Parse Composite Document Files, the format used in Microsoft Office 30 * document files before they switched to zipped XML. 31 * Info from: http://sc.openoffice.org/compdocfileformat.pdf 32 * 33 * N.B. This is the "Composite Document File" format, and not the 34 * "Compound Document Format", nor the "Channel Definition Format". 35 */ 36 37 #include "file.h" 38 39 #ifndef lint 40 #if 0 41 FILE_RCSID("@(#)$File: cdf.c,v 1.123 2022/09/24 20:30:13 christos Exp $") 42 #else 43 __RCSID("$NetBSD: cdf.c,v 1.21 2023/08/18 19:00:11 christos Exp $"); 44 #endif 45 #endif 46 47 #include <assert.h> 48 #ifdef CDF_DEBUG 49 #include <err.h> 50 #endif 51 #include <stdlib.h> 52 #include <unistd.h> 53 #include <string.h> 54 #include <time.h> 55 #include <ctype.h> 56 #include <limits.h> 57 #ifdef HAVE_BYTESWAP_H 58 #include <byteswap.h> 59 #endif 60 #ifdef HAVE_SYS_BSWAP_H 61 #include <sys/bswap.h> 62 #endif 63 64 #ifndef EFTYPE 65 #define EFTYPE EINVAL 66 #endif 67 68 #ifndef SIZE_T_MAX 69 #define SIZE_T_MAX CAST(size_t, ~0ULL) 70 #endif 71 72 #include "cdf.h" 73 74 #ifdef CDF_DEBUG 75 #define DPRINTF(a) printf a, fflush(stdout) 76 #else 77 #define DPRINTF(a) 78 #endif 79 80 static union { 81 char s[4]; 82 uint32_t u; 83 } cdf_bo; 84 85 #define NEED_SWAP (cdf_bo.u == CAST(uint32_t, 0x01020304)) 86 87 #define CDF_TOLE8(x) \ 88 (CAST(uint64_t, NEED_SWAP ? _cdf_tole8(x) : CAST(uint64_t, x))) 89 #define CDF_TOLE4(x) \ 90 (CAST(uint32_t, NEED_SWAP ? _cdf_tole4(x) : CAST(uint32_t, x))) 91 #define CDF_TOLE2(x) \ 92 (CAST(uint16_t, NEED_SWAP ? _cdf_tole2(x) : CAST(uint16_t, x))) 93 #define CDF_TOLE(x) (/*CONSTCOND*/sizeof(x) == 2 ? \ 94 CDF_TOLE2(CAST(uint16_t, x)) : \ 95 (/*CONSTCOND*/sizeof(x) == 4 ? \ 96 CDF_TOLE4(CAST(uint32_t, x)) : \ 97 CDF_TOLE8(CAST(uint64_t, x)))) 98 #define CDF_GETUINT32(x, y) cdf_getuint32(x, y) 99 100 #define CDF_MALLOC(n) cdf_malloc(__FILE__, __LINE__, (n)) 101 #define CDF_REALLOC(p, n) cdf_realloc(__FILE__, __LINE__, (p), (n)) 102 #define CDF_CALLOC(n, u) cdf_calloc(__FILE__, __LINE__, (n), (u)) 103 104 105 /*ARGSUSED*/ 106 static void * 107 cdf_malloc(const char *file __attribute__((__unused__)), 108 size_t line __attribute__((__unused__)), size_t n) 109 { 110 DPRINTF(("%s,%" SIZE_T_FORMAT "u: %s %" SIZE_T_FORMAT "u\n", 111 file, line, __func__, n)); 112 if (n == 0) 113 n++; 114 return malloc(n); 115 } 116 117 /*ARGSUSED*/ 118 static void * 119 cdf_realloc(const char *file __attribute__((__unused__)), 120 size_t line __attribute__((__unused__)), void *p, size_t n) 121 { 122 DPRINTF(("%s,%" SIZE_T_FORMAT "u: %s %" SIZE_T_FORMAT "u\n", 123 file, line, __func__, n)); 124 return realloc(p, n); 125 } 126 127 /*ARGSUSED*/ 128 static void * 129 cdf_calloc(const char *file __attribute__((__unused__)), 130 size_t line __attribute__((__unused__)), size_t n, size_t u) 131 { 132 DPRINTF(("%s,%" SIZE_T_FORMAT "u: %s %" SIZE_T_FORMAT "u %" 133 SIZE_T_FORMAT "u\n", file, line, __func__, n, u)); 134 if (n == 0) 135 n++; 136 return calloc(n, u); 137 } 138 139 #if defined(HAVE_BYTESWAP_H) 140 # define _cdf_tole2(x) bswap_16(x) 141 # define _cdf_tole4(x) bswap_32(x) 142 # define _cdf_tole8(x) bswap_64(x) 143 #elif defined(HAVE_SYS_BSWAP_H) 144 # define _cdf_tole2(x) bswap16(x) 145 # define _cdf_tole4(x) bswap32(x) 146 # define _cdf_tole8(x) bswap64(x) 147 #else 148 /* 149 * swap a short 150 */ 151 static uint16_t 152 _cdf_tole2(uint16_t sv) 153 { 154 uint16_t rv; 155 uint8_t *s = RCAST(uint8_t *, RCAST(void *, &sv)); 156 uint8_t *d = RCAST(uint8_t *, RCAST(void *, &rv)); 157 d[0] = s[1]; 158 d[1] = s[0]; 159 return rv; 160 } 161 162 /* 163 * swap an int 164 */ 165 static uint32_t 166 _cdf_tole4(uint32_t sv) 167 { 168 uint32_t rv; 169 uint8_t *s = RCAST(uint8_t *, RCAST(void *, &sv)); 170 uint8_t *d = RCAST(uint8_t *, RCAST(void *, &rv)); 171 d[0] = s[3]; 172 d[1] = s[2]; 173 d[2] = s[1]; 174 d[3] = s[0]; 175 return rv; 176 } 177 178 /* 179 * swap a quad 180 */ 181 static uint64_t 182 _cdf_tole8(uint64_t sv) 183 { 184 uint64_t rv; 185 uint8_t *s = RCAST(uint8_t *, RCAST(void *, &sv)); 186 uint8_t *d = RCAST(uint8_t *, RCAST(void *, &rv)); 187 d[0] = s[7]; 188 d[1] = s[6]; 189 d[2] = s[5]; 190 d[3] = s[4]; 191 d[4] = s[3]; 192 d[5] = s[2]; 193 d[6] = s[1]; 194 d[7] = s[0]; 195 return rv; 196 } 197 #endif 198 199 /* 200 * grab a uint32_t from a possibly unaligned address, and return it in 201 * the native host order. 202 */ 203 static uint32_t 204 cdf_getuint32(const uint8_t *p, size_t offs) 205 { 206 uint32_t rv; 207 (void)memcpy(&rv, p + offs * sizeof(uint32_t), sizeof(rv)); 208 return CDF_TOLE4(rv); 209 } 210 211 #define CDF_UNPACK(a) \ 212 (void)memcpy(&(a), &buf[len], sizeof(a)), len += sizeof(a) 213 #define CDF_UNPACKA(a) \ 214 (void)memcpy((a), &buf[len], sizeof(a)), len += sizeof(a) 215 216 uint16_t 217 cdf_tole2(uint16_t sv) 218 { 219 return CDF_TOLE2(sv); 220 } 221 222 uint32_t 223 cdf_tole4(uint32_t sv) 224 { 225 return CDF_TOLE4(sv); 226 } 227 228 uint64_t 229 cdf_tole8(uint64_t sv) 230 { 231 return CDF_TOLE8(sv); 232 } 233 234 void 235 cdf_swap_header(cdf_header_t *h) 236 { 237 size_t i; 238 239 h->h_magic = CDF_TOLE8(h->h_magic); 240 h->h_uuid[0] = CDF_TOLE8(h->h_uuid[0]); 241 h->h_uuid[1] = CDF_TOLE8(h->h_uuid[1]); 242 h->h_revision = CDF_TOLE2(h->h_revision); 243 h->h_version = CDF_TOLE2(h->h_version); 244 h->h_byte_order = CDF_TOLE2(h->h_byte_order); 245 h->h_sec_size_p2 = CDF_TOLE2(h->h_sec_size_p2); 246 h->h_short_sec_size_p2 = CDF_TOLE2(h->h_short_sec_size_p2); 247 h->h_num_sectors_in_sat = CDF_TOLE4(h->h_num_sectors_in_sat); 248 h->h_secid_first_directory = CDF_TOLE4(h->h_secid_first_directory); 249 h->h_min_size_standard_stream = 250 CDF_TOLE4(h->h_min_size_standard_stream); 251 h->h_secid_first_sector_in_short_sat = 252 CDF_TOLE4(CAST(uint32_t, h->h_secid_first_sector_in_short_sat)); 253 h->h_num_sectors_in_short_sat = 254 CDF_TOLE4(h->h_num_sectors_in_short_sat); 255 h->h_secid_first_sector_in_master_sat = 256 CDF_TOLE4(CAST(uint32_t, h->h_secid_first_sector_in_master_sat)); 257 h->h_num_sectors_in_master_sat = 258 CDF_TOLE4(h->h_num_sectors_in_master_sat); 259 for (i = 0; i < __arraycount(h->h_master_sat); i++) { 260 h->h_master_sat[i] = 261 CDF_TOLE4(CAST(uint32_t, h->h_master_sat[i])); 262 } 263 } 264 265 void 266 cdf_unpack_header(cdf_header_t *h, char *buf) 267 { 268 size_t i; 269 size_t len = 0; 270 271 CDF_UNPACK(h->h_magic); 272 CDF_UNPACKA(h->h_uuid); 273 CDF_UNPACK(h->h_revision); 274 CDF_UNPACK(h->h_version); 275 CDF_UNPACK(h->h_byte_order); 276 CDF_UNPACK(h->h_sec_size_p2); 277 CDF_UNPACK(h->h_short_sec_size_p2); 278 CDF_UNPACKA(h->h_unused0); 279 CDF_UNPACK(h->h_num_sectors_in_sat); 280 CDF_UNPACK(h->h_secid_first_directory); 281 CDF_UNPACKA(h->h_unused1); 282 CDF_UNPACK(h->h_min_size_standard_stream); 283 CDF_UNPACK(h->h_secid_first_sector_in_short_sat); 284 CDF_UNPACK(h->h_num_sectors_in_short_sat); 285 CDF_UNPACK(h->h_secid_first_sector_in_master_sat); 286 CDF_UNPACK(h->h_num_sectors_in_master_sat); 287 for (i = 0; i < __arraycount(h->h_master_sat); i++) 288 CDF_UNPACK(h->h_master_sat[i]); 289 } 290 291 void 292 cdf_swap_dir(cdf_directory_t *d) 293 { 294 d->d_namelen = CDF_TOLE2(d->d_namelen); 295 d->d_left_child = CDF_TOLE4(CAST(uint32_t, d->d_left_child)); 296 d->d_right_child = CDF_TOLE4(CAST(uint32_t, d->d_right_child)); 297 d->d_storage = CDF_TOLE4(CAST(uint32_t, d->d_storage)); 298 d->d_storage_uuid[0] = CDF_TOLE8(d->d_storage_uuid[0]); 299 d->d_storage_uuid[1] = CDF_TOLE8(d->d_storage_uuid[1]); 300 d->d_flags = CDF_TOLE4(d->d_flags); 301 d->d_created = CDF_TOLE8(CAST(uint64_t, d->d_created)); 302 d->d_modified = CDF_TOLE8(CAST(uint64_t, d->d_modified)); 303 d->d_stream_first_sector = CDF_TOLE4( 304 CAST(uint32_t, d->d_stream_first_sector)); 305 d->d_size = CDF_TOLE4(d->d_size); 306 } 307 308 void 309 cdf_swap_class(cdf_classid_t *d) 310 { 311 d->cl_dword = CDF_TOLE4(d->cl_dword); 312 d->cl_word[0] = CDF_TOLE2(d->cl_word[0]); 313 d->cl_word[1] = CDF_TOLE2(d->cl_word[1]); 314 } 315 316 void 317 cdf_unpack_dir(cdf_directory_t *d, char *buf) 318 { 319 size_t len = 0; 320 321 CDF_UNPACKA(d->d_name); 322 CDF_UNPACK(d->d_namelen); 323 CDF_UNPACK(d->d_type); 324 CDF_UNPACK(d->d_color); 325 CDF_UNPACK(d->d_left_child); 326 CDF_UNPACK(d->d_right_child); 327 CDF_UNPACK(d->d_storage); 328 CDF_UNPACKA(d->d_storage_uuid); 329 CDF_UNPACK(d->d_flags); 330 CDF_UNPACK(d->d_created); 331 CDF_UNPACK(d->d_modified); 332 CDF_UNPACK(d->d_stream_first_sector); 333 CDF_UNPACK(d->d_size); 334 CDF_UNPACK(d->d_unused0); 335 } 336 337 int 338 cdf_zero_stream(cdf_stream_t *scn) 339 { 340 scn->sst_len = 0; 341 scn->sst_dirlen = 0; 342 scn->sst_ss = 0; 343 free(scn->sst_tab); 344 scn->sst_tab = NULL; 345 return -1; 346 } 347 348 static size_t 349 cdf_check_stream(const cdf_stream_t *sst, const cdf_header_t *h) 350 { 351 size_t ss = sst->sst_dirlen < h->h_min_size_standard_stream ? 352 CDF_SHORT_SEC_SIZE(h) : CDF_SEC_SIZE(h); 353 assert(ss == sst->sst_ss); 354 return sst->sst_ss; 355 } 356 357 static int 358 cdf_check_stream_offset(const cdf_stream_t *sst, const cdf_header_t *h, 359 const void *p, size_t tail, int line) 360 { 361 const char *b = RCAST(const char *, sst->sst_tab); 362 const char *e = RCAST(const char *, p) + tail; 363 size_t ss = cdf_check_stream(sst, h); 364 /*LINTED*/(void)&line; 365 if (e >= b && CAST(size_t, e - b) <= ss * sst->sst_len) 366 return 0; 367 DPRINTF(("%d: offset begin %p < end %p || %" SIZE_T_FORMAT "u" 368 " > %" SIZE_T_FORMAT "u [%" SIZE_T_FORMAT "u %" 369 SIZE_T_FORMAT "u]\n", line, b, e, (size_t)(e - b), 370 ss * sst->sst_len, ss, sst->sst_len)); 371 errno = EFTYPE; 372 return -1; 373 } 374 375 static ssize_t 376 cdf_read(const cdf_info_t *info, off_t off, void *buf, size_t len) 377 { 378 size_t siz = CAST(size_t, off + len); 379 380 if (CAST(off_t, off + len) != CAST(off_t, siz)) 381 goto out; 382 383 if (info->i_buf != NULL && info->i_len >= siz) { 384 (void)memcpy(buf, &info->i_buf[off], len); 385 return CAST(ssize_t, len); 386 } 387 388 if (info->i_fd == -1) 389 goto out; 390 391 if (pread(info->i_fd, buf, len, off) != CAST(ssize_t, len)) 392 return -1; 393 394 return CAST(ssize_t, len); 395 out: 396 errno = EINVAL; 397 return -1; 398 } 399 400 int 401 cdf_read_header(const cdf_info_t *info, cdf_header_t *h) 402 { 403 char buf[512]; 404 405 (void)memcpy(cdf_bo.s, "\01\02\03\04", 4); 406 if (cdf_read(info, CAST(off_t, 0), buf, sizeof(buf)) == -1) 407 return -1; 408 cdf_unpack_header(h, buf); 409 cdf_swap_header(h); 410 if (h->h_magic != CDF_MAGIC) { 411 DPRINTF(("Bad magic %#" INT64_T_FORMAT "x != %#" 412 INT64_T_FORMAT "x\n", 413 (unsigned long long)h->h_magic, 414 (unsigned long long)CDF_MAGIC)); 415 goto out; 416 } 417 if (h->h_sec_size_p2 > 20) { 418 DPRINTF(("Bad sector size %hu\n", h->h_sec_size_p2)); 419 goto out; 420 } 421 if (h->h_short_sec_size_p2 > 20) { 422 DPRINTF(("Bad short sector size %hu\n", 423 h->h_short_sec_size_p2)); 424 goto out; 425 } 426 return 0; 427 out: 428 errno = EFTYPE; 429 return -1; 430 } 431 432 433 ssize_t 434 cdf_read_sector(const cdf_info_t *info, void *buf, size_t offs, size_t len, 435 const cdf_header_t *h, cdf_secid_t id) 436 { 437 size_t ss = CDF_SEC_SIZE(h); 438 size_t pos; 439 440 if (SIZE_T_MAX / ss < CAST(size_t, id)) 441 return -1; 442 443 pos = CDF_SEC_POS(h, id); 444 assert(ss == len); 445 return cdf_read(info, CAST(off_t, pos), RCAST(char *, buf) + offs, len); 446 } 447 448 ssize_t 449 cdf_read_short_sector(const cdf_stream_t *sst, void *buf, size_t offs, 450 size_t len, const cdf_header_t *h, cdf_secid_t id) 451 { 452 size_t ss = CDF_SHORT_SEC_SIZE(h); 453 size_t pos; 454 455 if (SIZE_T_MAX / ss < CAST(size_t, id)) 456 return -1; 457 458 pos = CDF_SHORT_SEC_POS(h, id); 459 assert(ss == len); 460 if (pos + len > CDF_SEC_SIZE(h) * sst->sst_len) { 461 DPRINTF(("Out of bounds read %" SIZE_T_FORMAT "u > %" 462 SIZE_T_FORMAT "u\n", 463 pos + len, CDF_SEC_SIZE(h) * sst->sst_len)); 464 goto out; 465 } 466 (void)memcpy(RCAST(char *, buf) + offs, 467 RCAST(const char *, sst->sst_tab) + pos, len); 468 return len; 469 out: 470 errno = EFTYPE; 471 return -1; 472 } 473 474 /* 475 * Read the sector allocation table. 476 */ 477 int 478 cdf_read_sat(const cdf_info_t *info, cdf_header_t *h, cdf_sat_t *sat) 479 { 480 size_t i, j, k; 481 size_t ss = CDF_SEC_SIZE(h); 482 cdf_secid_t *msa, mid, sec; 483 size_t nsatpersec = (ss / sizeof(mid)) - 1; 484 485 for (i = 0; i < __arraycount(h->h_master_sat); i++) 486 if (h->h_master_sat[i] == CDF_SECID_FREE) 487 break; 488 489 #define CDF_SEC_LIMIT (UINT32_MAX / (64 * ss)) 490 if ((nsatpersec > 0 && 491 h->h_num_sectors_in_master_sat > CDF_SEC_LIMIT / nsatpersec) || 492 i > CDF_SEC_LIMIT) { 493 DPRINTF(("Number of sectors in master SAT too big %u %" 494 SIZE_T_FORMAT "u\n", h->h_num_sectors_in_master_sat, i)); 495 errno = EFTYPE; 496 return -1; 497 } 498 499 sat->sat_len = h->h_num_sectors_in_master_sat * nsatpersec + i; 500 DPRINTF(("sat_len = %" SIZE_T_FORMAT "u ss = %" SIZE_T_FORMAT "u\n", 501 sat->sat_len, ss)); 502 if ((sat->sat_tab = CAST(cdf_secid_t *, CDF_CALLOC(sat->sat_len, ss))) 503 == NULL) 504 return -1; 505 506 for (i = 0; i < __arraycount(h->h_master_sat); i++) { 507 if (h->h_master_sat[i] < 0) 508 break; 509 if (cdf_read_sector(info, sat->sat_tab, ss * i, ss, h, 510 h->h_master_sat[i]) != CAST(ssize_t, ss)) { 511 DPRINTF(("Reading sector %d", h->h_master_sat[i])); 512 goto out1; 513 } 514 } 515 516 if ((msa = CAST(cdf_secid_t *, CDF_CALLOC(1, ss))) == NULL) 517 goto out1; 518 519 mid = h->h_secid_first_sector_in_master_sat; 520 for (j = 0; j < h->h_num_sectors_in_master_sat; j++) { 521 if (mid < 0) 522 goto out; 523 if (j >= CDF_LOOP_LIMIT) { 524 DPRINTF(("Reading master sector loop limit")); 525 goto out3; 526 } 527 if (cdf_read_sector(info, msa, 0, ss, h, mid) != 528 CAST(ssize_t, ss)) { 529 DPRINTF(("Reading master sector %d", mid)); 530 goto out2; 531 } 532 for (k = 0; k < nsatpersec; k++, i++) { 533 sec = CDF_TOLE4(CAST(uint32_t, msa[k])); 534 if (sec < 0) 535 goto out; 536 if (i >= sat->sat_len) { 537 DPRINTF(("Out of bounds reading MSA %" 538 SIZE_T_FORMAT "u >= %" SIZE_T_FORMAT "u", 539 i, sat->sat_len)); 540 goto out3; 541 } 542 if (cdf_read_sector(info, sat->sat_tab, ss * i, ss, h, 543 sec) != CAST(ssize_t, ss)) { 544 DPRINTF(("Reading sector %d", 545 CDF_TOLE4(msa[k]))); 546 goto out2; 547 } 548 } 549 mid = CDF_TOLE4(CAST(uint32_t, msa[nsatpersec])); 550 } 551 out: 552 sat->sat_len = i; 553 free(msa); 554 return 0; 555 out3: 556 errno = EFTYPE; 557 out2: 558 free(msa); 559 out1: 560 free(sat->sat_tab); 561 return -1; 562 } 563 564 size_t 565 cdf_count_chain(const cdf_sat_t *sat, cdf_secid_t sid, size_t size) 566 { 567 size_t i, j; 568 cdf_secid_t maxsector = CAST(cdf_secid_t, (sat->sat_len * size) 569 / sizeof(maxsector)); 570 571 DPRINTF(("Chain:")); 572 if (sid == CDF_SECID_END_OF_CHAIN) { 573 /* 0-length chain. */ 574 DPRINTF((" empty\n")); 575 return 0; 576 } 577 578 for (j = i = 0; sid >= 0; i++, j++) { 579 DPRINTF((" %d", sid)); 580 if (j >= CDF_LOOP_LIMIT) { 581 DPRINTF(("Counting chain loop limit")); 582 goto out; 583 } 584 if (sid >= maxsector) { 585 DPRINTF(("Sector %d >= %d\n", sid, maxsector)); 586 goto out; 587 } 588 sid = CDF_TOLE4(CAST(uint32_t, sat->sat_tab[sid])); 589 } 590 if (i == 0) { 591 DPRINTF((" none, sid: %d\n", sid)); 592 goto out; 593 594 } 595 DPRINTF(("\n")); 596 return i; 597 out: 598 errno = EFTYPE; 599 return CAST(size_t, -1); 600 } 601 602 int 603 cdf_read_long_sector_chain(const cdf_info_t *info, const cdf_header_t *h, 604 const cdf_sat_t *sat, cdf_secid_t sid, size_t len, cdf_stream_t *scn) 605 { 606 size_t ss = CDF_SEC_SIZE(h), i, j; 607 ssize_t nr; 608 scn->sst_tab = NULL; 609 scn->sst_len = cdf_count_chain(sat, sid, ss); 610 scn->sst_dirlen = MAX(h->h_min_size_standard_stream, len); 611 scn->sst_ss = ss; 612 613 if (sid == CDF_SECID_END_OF_CHAIN || len == 0) 614 return cdf_zero_stream(scn); 615 616 if (scn->sst_len == CAST(size_t, -1)) 617 goto out; 618 619 scn->sst_tab = CDF_CALLOC(scn->sst_len, ss); 620 if (scn->sst_tab == NULL) 621 return cdf_zero_stream(scn); 622 623 for (j = i = 0; sid >= 0; i++, j++) { 624 if (j >= CDF_LOOP_LIMIT) { 625 DPRINTF(("Read long sector chain loop limit")); 626 goto out; 627 } 628 if (i >= scn->sst_len) { 629 DPRINTF(("Out of bounds reading long sector chain " 630 "%" SIZE_T_FORMAT "u > %" SIZE_T_FORMAT "u\n", i, 631 scn->sst_len)); 632 goto out; 633 } 634 if ((nr = cdf_read_sector(info, scn->sst_tab, i * ss, ss, h, 635 sid)) != CAST(ssize_t, ss)) { 636 if (i == scn->sst_len - 1 && nr > 0) { 637 /* Last sector might be truncated */ 638 return 0; 639 } 640 DPRINTF(("Reading long sector chain %d", sid)); 641 goto out; 642 } 643 sid = CDF_TOLE4(CAST(uint32_t, sat->sat_tab[sid])); 644 } 645 return 0; 646 out: 647 errno = EFTYPE; 648 return cdf_zero_stream(scn); 649 } 650 651 int 652 cdf_read_short_sector_chain(const cdf_header_t *h, 653 const cdf_sat_t *ssat, const cdf_stream_t *sst, 654 cdf_secid_t sid, size_t len, cdf_stream_t *scn) 655 { 656 size_t ss = CDF_SHORT_SEC_SIZE(h), i, j; 657 scn->sst_tab = NULL; 658 scn->sst_len = cdf_count_chain(ssat, sid, CDF_SEC_SIZE(h)); 659 scn->sst_dirlen = len; 660 scn->sst_ss = ss; 661 662 if (scn->sst_len == CAST(size_t, -1)) 663 goto out; 664 665 scn->sst_tab = CDF_CALLOC(scn->sst_len, ss); 666 if (scn->sst_tab == NULL) 667 return cdf_zero_stream(scn); 668 669 for (j = i = 0; sid >= 0; i++, j++) { 670 if (j >= CDF_LOOP_LIMIT) { 671 DPRINTF(("Read short sector chain loop limit")); 672 goto out; 673 } 674 if (i >= scn->sst_len) { 675 DPRINTF(("Out of bounds reading short sector chain " 676 "%" SIZE_T_FORMAT "u > %" SIZE_T_FORMAT "u\n", 677 i, scn->sst_len)); 678 goto out; 679 } 680 if (cdf_read_short_sector(sst, scn->sst_tab, i * ss, ss, h, 681 sid) != CAST(ssize_t, ss)) { 682 DPRINTF(("Reading short sector chain %d", sid)); 683 goto out; 684 } 685 sid = CDF_TOLE4(CAST(uint32_t, ssat->sat_tab[sid])); 686 } 687 return 0; 688 out: 689 errno = EFTYPE; 690 return cdf_zero_stream(scn); 691 } 692 693 int 694 cdf_read_sector_chain(const cdf_info_t *info, const cdf_header_t *h, 695 const cdf_sat_t *sat, const cdf_sat_t *ssat, const cdf_stream_t *sst, 696 cdf_secid_t sid, size_t len, cdf_stream_t *scn) 697 { 698 699 if (len < h->h_min_size_standard_stream && sst->sst_tab != NULL) 700 return cdf_read_short_sector_chain(h, ssat, sst, sid, len, 701 scn); 702 else 703 return cdf_read_long_sector_chain(info, h, sat, sid, len, scn); 704 } 705 706 int 707 cdf_read_dir(const cdf_info_t *info, const cdf_header_t *h, 708 const cdf_sat_t *sat, cdf_dir_t *dir) 709 { 710 size_t i, j; 711 size_t ss = CDF_SEC_SIZE(h), ns, nd; 712 char *buf; 713 cdf_secid_t sid = h->h_secid_first_directory; 714 715 ns = cdf_count_chain(sat, sid, ss); 716 if (ns == CAST(size_t, -1)) 717 return -1; 718 719 nd = ss / CDF_DIRECTORY_SIZE; 720 721 dir->dir_len = ns * nd; 722 dir->dir_tab = CAST(cdf_directory_t *, 723 CDF_CALLOC(dir->dir_len, sizeof(dir->dir_tab[0]))); 724 if (dir->dir_tab == NULL) 725 return -1; 726 727 if ((buf = CAST(char *, CDF_MALLOC(ss))) == NULL) { 728 free(dir->dir_tab); 729 return -1; 730 } 731 732 for (j = i = 0; i < ns; i++, j++) { 733 if (j >= CDF_LOOP_LIMIT) { 734 DPRINTF(("Read dir loop limit")); 735 goto out; 736 } 737 if (cdf_read_sector(info, buf, 0, ss, h, sid) != 738 CAST(ssize_t, ss)) { 739 DPRINTF(("Reading directory sector %d", sid)); 740 goto out; 741 } 742 for (j = 0; j < nd; j++) { 743 cdf_unpack_dir(&dir->dir_tab[i * nd + j], 744 &buf[j * CDF_DIRECTORY_SIZE]); 745 } 746 sid = CDF_TOLE4(CAST(uint32_t, sat->sat_tab[sid])); 747 } 748 if (NEED_SWAP) 749 for (i = 0; i < dir->dir_len; i++) 750 cdf_swap_dir(&dir->dir_tab[i]); 751 free(buf); 752 return 0; 753 out: 754 free(dir->dir_tab); 755 free(buf); 756 errno = EFTYPE; 757 return -1; 758 } 759 760 761 int 762 cdf_read_ssat(const cdf_info_t *info, const cdf_header_t *h, 763 const cdf_sat_t *sat, cdf_sat_t *ssat) 764 { 765 size_t i, j; 766 size_t ss = CDF_SEC_SIZE(h); 767 cdf_secid_t sid = h->h_secid_first_sector_in_short_sat; 768 769 ssat->sat_tab = NULL; 770 ssat->sat_len = cdf_count_chain(sat, sid, ss); 771 if (ssat->sat_len == CAST(size_t, -1)) 772 goto out; 773 774 ssat->sat_tab = CAST(cdf_secid_t *, CDF_CALLOC(ssat->sat_len, ss)); 775 if (ssat->sat_tab == NULL) 776 goto out1; 777 778 for (j = i = 0; sid >= 0; i++, j++) { 779 if (j >= CDF_LOOP_LIMIT) { 780 DPRINTF(("Read short sat sector loop limit")); 781 goto out; 782 } 783 if (i >= ssat->sat_len) { 784 DPRINTF(("Out of bounds reading short sector chain " 785 "%" SIZE_T_FORMAT "u > %" SIZE_T_FORMAT "u\n", i, 786 ssat->sat_len)); 787 goto out; 788 } 789 if (cdf_read_sector(info, ssat->sat_tab, i * ss, ss, h, sid) != 790 CAST(ssize_t, ss)) { 791 DPRINTF(("Reading short sat sector %d", sid)); 792 goto out1; 793 } 794 sid = CDF_TOLE4(CAST(uint32_t, sat->sat_tab[sid])); 795 } 796 return 0; 797 out: 798 errno = EFTYPE; 799 out1: 800 free(ssat->sat_tab); 801 return -1; 802 } 803 804 int 805 cdf_read_short_stream(const cdf_info_t *info, const cdf_header_t *h, 806 const cdf_sat_t *sat, const cdf_dir_t *dir, cdf_stream_t *scn, 807 const cdf_directory_t **root) 808 { 809 size_t i; 810 const cdf_directory_t *d; 811 812 *root = NULL; 813 for (i = 0; i < dir->dir_len; i++) 814 if (dir->dir_tab[i].d_type == CDF_DIR_TYPE_ROOT_STORAGE) 815 break; 816 817 /* If the it is not there, just fake it; some docs don't have it */ 818 if (i == dir->dir_len) { 819 DPRINTF(("Cannot find root storage dir\n")); 820 goto out; 821 } 822 d = &dir->dir_tab[i]; 823 *root = d; 824 825 /* If the it is not there, just fake it; some docs don't have it */ 826 if (d->d_stream_first_sector < 0) { 827 DPRINTF(("No first secror in dir\n")); 828 goto out; 829 } 830 831 return cdf_read_long_sector_chain(info, h, sat, 832 d->d_stream_first_sector, d->d_size, scn); 833 out: 834 scn->sst_tab = NULL; 835 (void)cdf_zero_stream(scn); 836 return 0; 837 } 838 839 static int 840 cdf_namecmp(const char *d, const uint16_t *s, size_t l) 841 { 842 for (; l--; d++, s++) 843 if (*d != CDF_TOLE2(*s)) 844 return CAST(unsigned char, *d) - CDF_TOLE2(*s); 845 return 0; 846 } 847 848 int 849 cdf_read_doc_summary_info(const cdf_info_t *info, const cdf_header_t *h, 850 const cdf_sat_t *sat, const cdf_sat_t *ssat, const cdf_stream_t *sst, 851 const cdf_dir_t *dir, cdf_stream_t *scn) 852 { 853 return cdf_read_user_stream(info, h, sat, ssat, sst, dir, 854 "\05DocumentSummaryInformation", scn); 855 } 856 857 int 858 cdf_read_summary_info(const cdf_info_t *info, const cdf_header_t *h, 859 const cdf_sat_t *sat, const cdf_sat_t *ssat, const cdf_stream_t *sst, 860 const cdf_dir_t *dir, cdf_stream_t *scn) 861 { 862 return cdf_read_user_stream(info, h, sat, ssat, sst, dir, 863 "\05SummaryInformation", scn); 864 } 865 866 int 867 cdf_read_user_stream(const cdf_info_t *info, const cdf_header_t *h, 868 const cdf_sat_t *sat, const cdf_sat_t *ssat, const cdf_stream_t *sst, 869 const cdf_dir_t *dir, const char *name, cdf_stream_t *scn) 870 { 871 const cdf_directory_t *d; 872 int i = cdf_find_stream(dir, name, CDF_DIR_TYPE_USER_STREAM); 873 874 if (i <= 0) { 875 memset(scn, 0, sizeof(*scn)); 876 return -1; 877 } 878 879 d = &dir->dir_tab[i - 1]; 880 return cdf_read_sector_chain(info, h, sat, ssat, sst, 881 d->d_stream_first_sector, d->d_size, scn); 882 } 883 884 int 885 cdf_find_stream(const cdf_dir_t *dir, const char *name, int type) 886 { 887 size_t i, name_len = strlen(name) + 1; 888 889 for (i = dir->dir_len; i > 0; i--) 890 if (dir->dir_tab[i - 1].d_type == type && 891 cdf_namecmp(name, dir->dir_tab[i - 1].d_name, name_len) 892 == 0) 893 break; 894 if (i > 0) 895 return CAST(int, i); 896 897 DPRINTF(("Cannot find type %d `%s'\n", type, name)); 898 errno = ESRCH; 899 return 0; 900 } 901 902 #define CDF_SHLEN_LIMIT (UINT32_MAX / 64) 903 #define CDF_PROP_LIMIT (UINT32_MAX / (64 * sizeof(cdf_property_info_t))) 904 905 static const void * 906 cdf_offset(const void *p, size_t l) 907 { 908 return CAST(const void *, CAST(const uint8_t *, p) + l); 909 } 910 911 static const uint8_t * 912 cdf_get_property_info_pos(const cdf_stream_t *sst, const cdf_header_t *h, 913 const uint8_t *p, const uint8_t *e, size_t i) 914 { 915 size_t tail = (i << 1) + 1; 916 size_t ofs; 917 918 if (p >= e) { 919 DPRINTF(("Past end %p < %p\n", e, p)); 920 return NULL; 921 } 922 923 if (cdf_check_stream_offset(sst, h, p, (tail + 1) * sizeof(uint32_t), 924 __LINE__) == -1) 925 return NULL; 926 927 ofs = CDF_GETUINT32(p, tail); 928 if (ofs < 2 * sizeof(uint32_t)) { 929 DPRINTF(("Offset too small %zu\n", ofs)); 930 return NULL; 931 } 932 933 ofs -= 2 * sizeof(uint32_t); 934 if (ofs > CAST(size_t, e - p)) { 935 DPRINTF(("Offset too big %zu %td\n", ofs, e - p)); 936 return NULL; 937 } 938 939 return CAST(const uint8_t *, cdf_offset(CAST(const void *, p), ofs)); 940 } 941 942 static cdf_property_info_t * 943 cdf_grow_info(cdf_property_info_t **info, size_t *maxcount, size_t incr) 944 { 945 cdf_property_info_t *inp; 946 size_t newcount = *maxcount + incr; 947 948 if (newcount > CDF_PROP_LIMIT) { 949 DPRINTF(("exceeded property limit %" SIZE_T_FORMAT "u > %" 950 SIZE_T_FORMAT "u\n", newcount, CDF_PROP_LIMIT)); 951 goto out; 952 } 953 inp = CAST(cdf_property_info_t *, 954 CDF_REALLOC(*info, newcount * sizeof(*inp))); 955 if (inp == NULL) 956 goto out; 957 958 *info = inp; 959 *maxcount = newcount; 960 return inp; 961 out: 962 free(*info); 963 *maxcount = 0; 964 *info = NULL; 965 return NULL; 966 } 967 968 static int 969 cdf_copy_info(cdf_property_info_t *inp, const void *p, const void *e, 970 size_t len) 971 { 972 if (inp->pi_type & CDF_VECTOR) 973 return 0; 974 975 if (CAST(size_t, CAST(const char *, e) - CAST(const char *, p)) < len) 976 return 0; 977 978 (void)memcpy(&inp->pi_val, p, len); 979 980 switch (len) { 981 case 2: 982 inp->pi_u16 = CDF_TOLE2(inp->pi_u16); 983 break; 984 case 4: 985 inp->pi_u32 = CDF_TOLE4(inp->pi_u32); 986 break; 987 case 8: 988 inp->pi_u64 = CDF_TOLE8(inp->pi_u64); 989 break; 990 default: 991 abort(); 992 } 993 return 1; 994 } 995 996 int 997 cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h, 998 uint32_t offs, cdf_property_info_t **info, size_t *count, size_t *maxcount) 999 { 1000 const cdf_section_header_t *shp; 1001 cdf_section_header_t sh; 1002 const uint8_t *p, *q, *e; 1003 size_t i, o4, nelements, j, slen, left; 1004 cdf_property_info_t *inp; 1005 1006 if (offs > UINT32_MAX / 4) { 1007 errno = EFTYPE; 1008 goto out; 1009 } 1010 shp = CAST(const cdf_section_header_t *, 1011 cdf_offset(sst->sst_tab, offs)); 1012 if (cdf_check_stream_offset(sst, h, shp, sizeof(*shp), __LINE__) == -1) 1013 goto out; 1014 sh.sh_len = CDF_TOLE4(shp->sh_len); 1015 if (sh.sh_len > CDF_SHLEN_LIMIT) { 1016 errno = EFTYPE; 1017 goto out; 1018 } 1019 1020 if (cdf_check_stream_offset(sst, h, shp, sh.sh_len, __LINE__) == -1) 1021 goto out; 1022 1023 sh.sh_properties = CDF_TOLE4(shp->sh_properties); 1024 DPRINTF(("section len: %u properties %u\n", sh.sh_len, 1025 sh.sh_properties)); 1026 if (sh.sh_properties > CDF_PROP_LIMIT) 1027 goto out; 1028 inp = cdf_grow_info(info, maxcount, sh.sh_properties); 1029 if (inp == NULL) 1030 goto out; 1031 inp += *count; 1032 *count += sh.sh_properties; 1033 p = CAST(const uint8_t *, cdf_offset(sst->sst_tab, offs + sizeof(sh))); 1034 e = CAST(const uint8_t *, cdf_offset(shp, sh.sh_len)); 1035 if (p >= e || cdf_check_stream_offset(sst, h, e, 0, __LINE__) == -1) 1036 goto out; 1037 1038 for (i = 0; i < sh.sh_properties; i++) { 1039 if ((q = cdf_get_property_info_pos(sst, h, p, e, i)) == NULL) 1040 goto out; 1041 inp[i].pi_id = CDF_GETUINT32(p, i << 1); 1042 left = CAST(size_t, e - q); 1043 if (left < sizeof(uint32_t)) { 1044 DPRINTF(("short info (no type)_\n")); 1045 goto out; 1046 } 1047 inp[i].pi_type = CDF_GETUINT32(q, 0); 1048 DPRINTF(("%" SIZE_T_FORMAT "u) id=%#x type=%#x offs=%#tx,%#x\n", 1049 i, inp[i].pi_id, inp[i].pi_type, q - p, offs)); 1050 if (inp[i].pi_type & CDF_VECTOR) { 1051 if (left < sizeof(uint32_t) * 2) { 1052 DPRINTF(("missing CDF_VECTOR length\n")); 1053 goto out; 1054 } 1055 nelements = CDF_GETUINT32(q, 1); 1056 if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) { 1057 DPRINTF(("CDF_VECTOR with nelements == %" 1058 SIZE_T_FORMAT "u\n", nelements)); 1059 goto out; 1060 } 1061 slen = 2; 1062 } else { 1063 nelements = 1; 1064 slen = 1; 1065 } 1066 o4 = slen * sizeof(uint32_t); 1067 if (inp[i].pi_type & (CDF_ARRAY|CDF_BYREF|CDF_RESERVED)) 1068 goto unknown; 1069 switch (inp[i].pi_type & CDF_TYPEMASK) { 1070 case CDF_NULL: 1071 case CDF_EMPTY: 1072 break; 1073 case CDF_SIGNED16: 1074 if (!cdf_copy_info(&inp[i], &q[o4], e, sizeof(int16_t))) 1075 goto unknown; 1076 break; 1077 case CDF_SIGNED32: 1078 case CDF_BOOL: 1079 case CDF_UNSIGNED32: 1080 case CDF_FLOAT: 1081 if (!cdf_copy_info(&inp[i], &q[o4], e, sizeof(int32_t))) 1082 goto unknown; 1083 break; 1084 case CDF_SIGNED64: 1085 case CDF_UNSIGNED64: 1086 case CDF_DOUBLE: 1087 case CDF_FILETIME: 1088 if (!cdf_copy_info(&inp[i], &q[o4], e, sizeof(int64_t))) 1089 goto unknown; 1090 break; 1091 case CDF_LENGTH32_STRING: 1092 case CDF_LENGTH32_WSTRING: 1093 if (nelements > 1) { 1094 size_t nelem = inp - *info; 1095 inp = cdf_grow_info(info, maxcount, nelements); 1096 if (inp == NULL) 1097 goto out; 1098 inp += nelem; 1099 } 1100 for (j = 0; j < nelements && i < sh.sh_properties; 1101 j++, i++) 1102 { 1103 uint32_t l; 1104 1105 if (o4 + sizeof(uint32_t) > left) 1106 goto out; 1107 1108 l = CDF_GETUINT32(q, slen); 1109 o4 += sizeof(uint32_t); 1110 if (o4 + l > left) 1111 goto out; 1112 1113 inp[i].pi_str.s_len = l; 1114 inp[i].pi_str.s_buf = CAST(const char *, 1115 CAST(const void *, &q[o4])); 1116 1117 DPRINTF(("o=%" SIZE_T_FORMAT "u l=%d(%" 1118 SIZE_T_FORMAT "u), t=%" SIZE_T_FORMAT 1119 "u s=%.*s\n", o4, l, 1120 CDF_ROUND(l, sizeof(l)), 1121 left, (int)l, inp[i].pi_str.s_buf)); 1122 1123 if (l & 1) 1124 l++; 1125 1126 slen += l >> 1; 1127 o4 = slen * sizeof(uint32_t); 1128 } 1129 i--; 1130 break; 1131 case CDF_CLIPBOARD: 1132 if (inp[i].pi_type & CDF_VECTOR) 1133 goto unknown; 1134 break; 1135 default: 1136 unknown: 1137 memset(&inp[i].pi_val, 0, sizeof(inp[i].pi_val)); 1138 DPRINTF(("Don't know how to deal with %#x\n", 1139 inp[i].pi_type)); 1140 break; 1141 } 1142 } 1143 return 0; 1144 out: 1145 free(*info); 1146 *info = NULL; 1147 *count = 0; 1148 *maxcount = 0; 1149 errno = EFTYPE; 1150 return -1; 1151 } 1152 1153 int 1154 cdf_unpack_summary_info(const cdf_stream_t *sst, const cdf_header_t *h, 1155 cdf_summary_info_header_t *ssi, cdf_property_info_t **info, size_t *count) 1156 { 1157 size_t maxcount; 1158 const cdf_summary_info_header_t *si = 1159 CAST(const cdf_summary_info_header_t *, sst->sst_tab); 1160 const cdf_section_declaration_t *sd = 1161 CAST(const cdf_section_declaration_t *, RCAST(const void *, 1162 RCAST(const char *, sst->sst_tab) 1163 + CDF_SECTION_DECLARATION_OFFSET)); 1164 1165 if (cdf_check_stream_offset(sst, h, si, sizeof(*si), __LINE__) == -1 || 1166 cdf_check_stream_offset(sst, h, sd, sizeof(*sd), __LINE__) == -1) 1167 return -1; 1168 ssi->si_byte_order = CDF_TOLE2(si->si_byte_order); 1169 ssi->si_os_version = CDF_TOLE2(si->si_os_version); 1170 ssi->si_os = CDF_TOLE2(si->si_os); 1171 ssi->si_class = si->si_class; 1172 cdf_swap_class(&ssi->si_class); 1173 ssi->si_count = CDF_TOLE4(si->si_count); 1174 *count = 0; 1175 maxcount = 0; 1176 *info = NULL; 1177 if (cdf_read_property_info(sst, h, CDF_TOLE4(sd->sd_offset), info, 1178 count, &maxcount) == -1) 1179 return -1; 1180 return 0; 1181 } 1182 1183 1184 #define extract_catalog_field(t, f, l) \ 1185 if (b + l + sizeof(cep->f) > eb) { \ 1186 cep->ce_namlen = 0; \ 1187 break; \ 1188 } \ 1189 memcpy(&cep->f, b + (l), sizeof(cep->f)); \ 1190 ce[i].f = CAST(t, CDF_TOLE(cep->f)) 1191 1192 int 1193 cdf_unpack_catalog(const cdf_header_t *h, const cdf_stream_t *sst, 1194 cdf_catalog_t **cat) 1195 { 1196 size_t ss = cdf_check_stream(sst, h); 1197 const char *b = CAST(const char *, sst->sst_tab); 1198 const char *nb, *eb = b + ss * sst->sst_len; 1199 size_t nr, i, j, k; 1200 cdf_catalog_entry_t *ce; 1201 uint16_t reclen; 1202 const uint16_t *np; 1203 1204 for (nr = 0;; nr++) { 1205 memcpy(&reclen, b, sizeof(reclen)); 1206 reclen = CDF_TOLE2(reclen); 1207 if (reclen == 0) 1208 break; 1209 b += reclen; 1210 if (b > eb) 1211 break; 1212 } 1213 if (nr == 0) 1214 return -1; 1215 nr--; 1216 *cat = CAST(cdf_catalog_t *, 1217 CDF_MALLOC(sizeof(cdf_catalog_t) + nr * sizeof(*ce))); 1218 if (*cat == NULL) 1219 return -1; 1220 ce = (*cat)->cat_e; 1221 memset(ce, 0, nr * sizeof(*ce)); 1222 b = CAST(const char *, sst->sst_tab); 1223 for (j = i = 0; i < nr; b += reclen) { 1224 cdf_catalog_entry_t *cep = &ce[j]; 1225 uint16_t rlen; 1226 1227 extract_catalog_field(uint16_t, ce_namlen, 0); 1228 extract_catalog_field(uint16_t, ce_num, 4); 1229 extract_catalog_field(uint64_t, ce_timestamp, 8); 1230 reclen = cep->ce_namlen; 1231 1232 if (reclen < 14) { 1233 cep->ce_namlen = 0; 1234 continue; 1235 } 1236 1237 cep->ce_namlen = __arraycount(cep->ce_name) - 1; 1238 rlen = reclen - 14; 1239 if (cep->ce_namlen > rlen) 1240 cep->ce_namlen = rlen; 1241 1242 np = CAST(const uint16_t *, CAST(const void *, (b + 16))); 1243 nb = CAST(const char *, CAST(const void *, 1244 (np + cep->ce_namlen))); 1245 if (nb > eb) { 1246 cep->ce_namlen = 0; 1247 break; 1248 } 1249 1250 for (k = 0; k < cep->ce_namlen; k++) 1251 cep->ce_name[k] = np[k]; /* XXX: CDF_TOLE2? */ 1252 cep->ce_name[cep->ce_namlen] = 0; 1253 j = i; 1254 i++; 1255 } 1256 (*cat)->cat_num = j; 1257 return 0; 1258 } 1259 1260 int 1261 cdf_print_classid(char *buf, size_t buflen, const cdf_classid_t *id) 1262 { 1263 return snprintf(buf, buflen, "%.8x-%.4x-%.4x-%.2x%.2x-" 1264 "%.2x%.2x%.2x%.2x%.2x%.2x", id->cl_dword, id->cl_word[0], 1265 id->cl_word[1], id->cl_two[0], id->cl_two[1], id->cl_six[0], 1266 id->cl_six[1], id->cl_six[2], id->cl_six[3], id->cl_six[4], 1267 id->cl_six[5]); 1268 } 1269 1270 static const struct { 1271 uint32_t v; 1272 const char *n; 1273 } vn[] = { 1274 { CDF_PROPERTY_CODE_PAGE, "Code page" }, 1275 { CDF_PROPERTY_TITLE, "Title" }, 1276 { CDF_PROPERTY_SUBJECT, "Subject" }, 1277 { CDF_PROPERTY_AUTHOR, "Author" }, 1278 { CDF_PROPERTY_KEYWORDS, "Keywords" }, 1279 { CDF_PROPERTY_COMMENTS, "Comments" }, 1280 { CDF_PROPERTY_TEMPLATE, "Template" }, 1281 { CDF_PROPERTY_LAST_SAVED_BY, "Last Saved By" }, 1282 { CDF_PROPERTY_REVISION_NUMBER, "Revision Number" }, 1283 { CDF_PROPERTY_TOTAL_EDITING_TIME, "Total Editing Time" }, 1284 { CDF_PROPERTY_LAST_PRINTED, "Last Printed" }, 1285 { CDF_PROPERTY_CREATE_TIME, "Create Time/Date" }, 1286 { CDF_PROPERTY_LAST_SAVED_TIME, "Last Saved Time/Date" }, 1287 { CDF_PROPERTY_NUMBER_OF_PAGES, "Number of Pages" }, 1288 { CDF_PROPERTY_NUMBER_OF_WORDS, "Number of Words" }, 1289 { CDF_PROPERTY_NUMBER_OF_CHARACTERS, "Number of Characters" }, 1290 { CDF_PROPERTY_THUMBNAIL, "Thumbnail" }, 1291 { CDF_PROPERTY_NAME_OF_APPLICATION, "Name of Creating Application" }, 1292 { CDF_PROPERTY_SECURITY, "Security" }, 1293 { CDF_PROPERTY_LOCALE_ID, "Locale ID" }, 1294 }; 1295 1296 int 1297 cdf_print_property_name(char *buf, size_t bufsiz, uint32_t p) 1298 { 1299 size_t i; 1300 1301 for (i = 0; i < __arraycount(vn); i++) 1302 if (vn[i].v == p) 1303 return snprintf(buf, bufsiz, "%s", vn[i].n); 1304 return snprintf(buf, bufsiz, "%#x", p); 1305 } 1306 1307 int 1308 cdf_print_elapsed_time(char *buf, size_t bufsiz, cdf_timestamp_t ts) 1309 { 1310 int len = 0; 1311 int days, hours, mins, secs; 1312 1313 ts /= CDF_TIME_PREC; 1314 secs = CAST(int, ts % 60); 1315 ts /= 60; 1316 mins = CAST(int, ts % 60); 1317 ts /= 60; 1318 hours = CAST(int, ts % 24); 1319 ts /= 24; 1320 days = CAST(int, ts); 1321 1322 if (days) { 1323 len += snprintf(buf + len, bufsiz - len, "%dd+", days); 1324 if (CAST(size_t, len) >= bufsiz) 1325 return len; 1326 } 1327 1328 if (days || hours) { 1329 len += snprintf(buf + len, bufsiz - len, "%.2d:", hours); 1330 if (CAST(size_t, len) >= bufsiz) 1331 return len; 1332 } 1333 1334 len += snprintf(buf + len, bufsiz - len, "%.2d:", mins); 1335 if (CAST(size_t, len) >= bufsiz) 1336 return len; 1337 1338 len += snprintf(buf + len, bufsiz - len, "%.2d", secs); 1339 return len; 1340 } 1341 1342 char * 1343 cdf_u16tos8(char *buf, size_t len, const uint16_t *p) 1344 { 1345 size_t i; 1346 for (i = 0; i < len && p[i]; i++) 1347 buf[i] = CAST(char, p[i]); 1348 buf[i] = '\0'; 1349 return buf; 1350 } 1351 1352 #ifdef CDF_DEBUG 1353 void 1354 cdf_dump_header(const cdf_header_t *h) 1355 { 1356 size_t i; 1357 1358 #define DUMP(a, b) (void)fprintf(stderr, "%40.40s = " a "\n", # b, h->h_ ## b) 1359 #define DUMP2(a, b) (void)fprintf(stderr, "%40.40s = " a " (" a ")\n", # b, \ 1360 h->h_ ## b, 1 << h->h_ ## b) 1361 DUMP("%d", revision); 1362 DUMP("%d", version); 1363 DUMP("%#x", byte_order); 1364 DUMP2("%d", sec_size_p2); 1365 DUMP2("%d", short_sec_size_p2); 1366 DUMP("%d", num_sectors_in_sat); 1367 DUMP("%d", secid_first_directory); 1368 DUMP("%d", min_size_standard_stream); 1369 DUMP("%d", secid_first_sector_in_short_sat); 1370 DUMP("%d", num_sectors_in_short_sat); 1371 DUMP("%d", secid_first_sector_in_master_sat); 1372 DUMP("%d", num_sectors_in_master_sat); 1373 for (i = 0; i < __arraycount(h->h_master_sat); i++) { 1374 if (h->h_master_sat[i] == CDF_SECID_FREE) 1375 break; 1376 (void)fprintf(stderr, "%35.35s[%.3" SIZE_T_FORMAT "u] = %d\n", 1377 "master_sat", i, h->h_master_sat[i]); 1378 } 1379 } 1380 1381 void 1382 cdf_dump_sat(const char *prefix, const cdf_sat_t *sat, size_t size) 1383 { 1384 size_t i, j, s = size / sizeof(cdf_secid_t); 1385 1386 for (i = 0; i < sat->sat_len; i++) { 1387 (void)fprintf(stderr, "%s[%" SIZE_T_FORMAT "u]:\n%.6" 1388 SIZE_T_FORMAT "u: ", prefix, i, i * s); 1389 for (j = 0; j < s; j++) { 1390 (void)fprintf(stderr, "%5d, ", 1391 CDF_TOLE4(sat->sat_tab[s * i + j])); 1392 if ((j + 1) % 10 == 0) 1393 (void)fprintf(stderr, "\n%.6" SIZE_T_FORMAT 1394 "u: ", i * s + j + 1); 1395 } 1396 (void)fprintf(stderr, "\n"); 1397 } 1398 } 1399 1400 void 1401 cdf_dump(const void *v, size_t len) 1402 { 1403 size_t i, j; 1404 const unsigned char *p = v; 1405 char abuf[16]; 1406 1407 (void)fprintf(stderr, "%.4x: ", 0); 1408 for (i = 0, j = 0; i < len; i++, p++) { 1409 (void)fprintf(stderr, "%.2x ", *p); 1410 abuf[j++] = isprint(*p) ? *p : '.'; 1411 if (j == 16) { 1412 j = 0; 1413 abuf[15] = '\0'; 1414 (void)fprintf(stderr, "%s\n%.4" SIZE_T_FORMAT "x: ", 1415 abuf, i + 1); 1416 } 1417 } 1418 (void)fprintf(stderr, "\n"); 1419 } 1420 1421 void 1422 cdf_dump_stream(const cdf_stream_t *sst) 1423 { 1424 size_t ss = sst->sst_ss; 1425 cdf_dump(sst->sst_tab, ss * sst->sst_len); 1426 } 1427 1428 void 1429 cdf_dump_dir(const cdf_info_t *info, const cdf_header_t *h, 1430 const cdf_sat_t *sat, const cdf_sat_t *ssat, const cdf_stream_t *sst, 1431 const cdf_dir_t *dir) 1432 { 1433 size_t i, j; 1434 cdf_directory_t *d; 1435 char name[__arraycount(d->d_name)]; 1436 cdf_stream_t scn; 1437 struct timespec ts; 1438 1439 static const char *types[] = { "empty", "user storage", 1440 "user stream", "lockbytes", "property", "root storage" }; 1441 1442 for (i = 0; i < dir->dir_len; i++) { 1443 char buf[26]; 1444 d = &dir->dir_tab[i]; 1445 for (j = 0; j < sizeof(name); j++) 1446 name[j] = (char)CDF_TOLE2(d->d_name[j]); 1447 (void)fprintf(stderr, "Directory %" SIZE_T_FORMAT "u: %s\n", 1448 i, name); 1449 if (d->d_type < __arraycount(types)) 1450 (void)fprintf(stderr, "Type: %s\n", types[d->d_type]); 1451 else 1452 (void)fprintf(stderr, "Type: %d\n", d->d_type); 1453 (void)fprintf(stderr, "Color: %s\n", 1454 d->d_color ? "black" : "red"); 1455 (void)fprintf(stderr, "Left child: %d\n", d->d_left_child); 1456 (void)fprintf(stderr, "Right child: %d\n", d->d_right_child); 1457 (void)fprintf(stderr, "Flags: %#x\n", d->d_flags); 1458 cdf_timestamp_to_timespec(&ts, d->d_created); 1459 (void)fprintf(stderr, "Created %s", cdf_ctime(&ts.tv_sec, buf)); 1460 cdf_timestamp_to_timespec(&ts, d->d_modified); 1461 (void)fprintf(stderr, "Modified %s", 1462 cdf_ctime(&ts.tv_sec, buf)); 1463 (void)fprintf(stderr, "Stream %d\n", d->d_stream_first_sector); 1464 (void)fprintf(stderr, "Size %d\n", d->d_size); 1465 switch (d->d_type) { 1466 case CDF_DIR_TYPE_USER_STORAGE: 1467 (void)fprintf(stderr, "Storage: %d\n", d->d_storage); 1468 break; 1469 case CDF_DIR_TYPE_USER_STREAM: 1470 if (sst == NULL) 1471 break; 1472 if (cdf_read_sector_chain(info, h, sat, ssat, sst, 1473 d->d_stream_first_sector, d->d_size, &scn) == -1) { 1474 warn("Can't read stream for %s at %d len %d", 1475 name, d->d_stream_first_sector, d->d_size); 1476 break; 1477 } 1478 cdf_dump_stream(&scn); 1479 free(scn.sst_tab); 1480 break; 1481 default: 1482 break; 1483 } 1484 1485 } 1486 } 1487 1488 void 1489 cdf_dump_property_info(const cdf_property_info_t *info, size_t count) 1490 { 1491 cdf_timestamp_t tp; 1492 struct timespec ts; 1493 char buf[64]; 1494 size_t i, j; 1495 1496 for (i = 0; i < count; i++) { 1497 cdf_print_property_name(buf, sizeof(buf), info[i].pi_id); 1498 (void)fprintf(stderr, "%" SIZE_T_FORMAT "u) %s: ", i, buf); 1499 switch (info[i].pi_type) { 1500 case CDF_NULL: 1501 break; 1502 case CDF_SIGNED16: 1503 (void)fprintf(stderr, "signed 16 [%hd]\n", 1504 info[i].pi_s16); 1505 break; 1506 case CDF_SIGNED32: 1507 (void)fprintf(stderr, "signed 32 [%d]\n", 1508 info[i].pi_s32); 1509 break; 1510 case CDF_UNSIGNED32: 1511 (void)fprintf(stderr, "unsigned 32 [%u]\n", 1512 info[i].pi_u32); 1513 break; 1514 case CDF_FLOAT: 1515 (void)fprintf(stderr, "float [%g]\n", 1516 info[i].pi_f); 1517 break; 1518 case CDF_DOUBLE: 1519 (void)fprintf(stderr, "double [%g]\n", 1520 info[i].pi_d); 1521 break; 1522 case CDF_LENGTH32_STRING: 1523 (void)fprintf(stderr, "string %u [%.*s]\n", 1524 info[i].pi_str.s_len, 1525 info[i].pi_str.s_len, info[i].pi_str.s_buf); 1526 break; 1527 case CDF_LENGTH32_WSTRING: 1528 (void)fprintf(stderr, "string %u [", 1529 info[i].pi_str.s_len); 1530 for (j = 0; j < info[i].pi_str.s_len - 1; j++) 1531 (void)fputc(info[i].pi_str.s_buf[j << 1], stderr); 1532 (void)fprintf(stderr, "]\n"); 1533 break; 1534 case CDF_FILETIME: 1535 tp = info[i].pi_tp; 1536 if (tp < 1000000000000000LL) { 1537 cdf_print_elapsed_time(buf, sizeof(buf), tp); 1538 (void)fprintf(stderr, "timestamp %s\n", buf); 1539 } else { 1540 char tbuf[26]; 1541 cdf_timestamp_to_timespec(&ts, tp); 1542 (void)fprintf(stderr, "timestamp %s", 1543 cdf_ctime(&ts.tv_sec, tbuf)); 1544 } 1545 break; 1546 case CDF_CLIPBOARD: 1547 (void)fprintf(stderr, "CLIPBOARD %u\n", info[i].pi_u32); 1548 break; 1549 default: 1550 DPRINTF(("Don't know how to deal with %#x\n", 1551 info[i].pi_type)); 1552 break; 1553 } 1554 } 1555 } 1556 1557 1558 void 1559 cdf_dump_summary_info(const cdf_header_t *h, const cdf_stream_t *sst) 1560 { 1561 char buf[128]; 1562 cdf_summary_info_header_t ssi; 1563 cdf_property_info_t *info; 1564 size_t count; 1565 1566 (void)&h; 1567 if (cdf_unpack_summary_info(sst, h, &ssi, &info, &count) == -1) 1568 return; 1569 (void)fprintf(stderr, "Endian: %#x\n", ssi.si_byte_order); 1570 (void)fprintf(stderr, "Os Version %d.%d\n", ssi.si_os_version & 0xff, 1571 ssi.si_os_version >> 8); 1572 (void)fprintf(stderr, "Os %d\n", ssi.si_os); 1573 cdf_print_classid(buf, sizeof(buf), &ssi.si_class); 1574 (void)fprintf(stderr, "Class %s\n", buf); 1575 (void)fprintf(stderr, "Count %d\n", ssi.si_count); 1576 cdf_dump_property_info(info, count); 1577 free(info); 1578 } 1579 1580 1581 void 1582 cdf_dump_catalog(const cdf_header_t *h, const cdf_stream_t *sst) 1583 { 1584 cdf_catalog_t *cat; 1585 cdf_unpack_catalog(h, sst, &cat); 1586 const cdf_catalog_entry_t *ce = cat->cat_e; 1587 struct timespec ts; 1588 char tbuf[64], sbuf[256]; 1589 size_t i; 1590 1591 printf("Catalog:\n"); 1592 for (i = 0; i < cat->cat_num; i++) { 1593 cdf_timestamp_to_timespec(&ts, ce[i].ce_timestamp); 1594 printf("\t%d %s %s", ce[i].ce_num, 1595 cdf_u16tos8(sbuf, ce[i].ce_namlen, ce[i].ce_name), 1596 cdf_ctime(&ts.tv_sec, tbuf)); 1597 } 1598 free(cat); 1599 } 1600 1601 #endif 1602 1603 #ifdef TEST 1604 int 1605 main(int argc, char *argv[]) 1606 { 1607 int i; 1608 cdf_header_t h; 1609 cdf_sat_t sat, ssat; 1610 cdf_stream_t sst, scn; 1611 cdf_dir_t dir; 1612 cdf_info_t info; 1613 const cdf_directory_t *root; 1614 #ifdef __linux__ 1615 #define getprogname() __progname 1616 extern char *__progname; 1617 #endif 1618 if (argc < 2) { 1619 (void)fprintf(stderr, "Usage: %s <filename>\n", getprogname()); 1620 return -1; 1621 } 1622 1623 info.i_buf = NULL; 1624 info.i_len = 0; 1625 for (i = 1; i < argc; i++) { 1626 if ((info.i_fd = open(argv[1], O_RDONLY)) == -1) 1627 err(EXIT_FAILURE, "Cannot open `%s'", argv[1]); 1628 1629 if (cdf_read_header(&info, &h) == -1) 1630 err(EXIT_FAILURE, "Cannot read header"); 1631 #ifdef CDF_DEBUG 1632 cdf_dump_header(&h); 1633 #endif 1634 1635 if (cdf_read_sat(&info, &h, &sat) == -1) 1636 err(EXIT_FAILURE, "Cannot read sat"); 1637 #ifdef CDF_DEBUG 1638 cdf_dump_sat("SAT", &sat, CDF_SEC_SIZE(&h)); 1639 #endif 1640 1641 if (cdf_read_ssat(&info, &h, &sat, &ssat) == -1) 1642 err(EXIT_FAILURE, "Cannot read ssat"); 1643 #ifdef CDF_DEBUG 1644 cdf_dump_sat("SSAT", &ssat, CDF_SHORT_SEC_SIZE(&h)); 1645 #endif 1646 1647 if (cdf_read_dir(&info, &h, &sat, &dir) == -1) 1648 err(EXIT_FAILURE, "Cannot read dir"); 1649 1650 if (cdf_read_short_stream(&info, &h, &sat, &dir, &sst, &root) 1651 == -1) 1652 err(EXIT_FAILURE, "Cannot read short stream"); 1653 #ifdef CDF_DEBUG 1654 cdf_dump_stream(&sst); 1655 #endif 1656 1657 #ifdef CDF_DEBUG 1658 cdf_dump_dir(&info, &h, &sat, &ssat, &sst, &dir); 1659 #endif 1660 1661 1662 if (cdf_read_summary_info(&info, &h, &sat, &ssat, &sst, &dir, 1663 &scn) == -1) 1664 warn("Cannot read summary info"); 1665 #ifdef CDF_DEBUG 1666 else 1667 cdf_dump_summary_info(&h, &scn); 1668 #endif 1669 if (cdf_read_user_stream(&info, &h, &sat, &ssat, &sst, 1670 &dir, "Catalog", &scn) == -1) 1671 warn("Cannot read catalog"); 1672 #ifdef CDF_DEBUG 1673 else 1674 cdf_dump_catalog(&h, &scn); 1675 #endif 1676 1677 (void)close(info.i_fd); 1678 } 1679 1680 return 0; 1681 } 1682 #endif 1683