From d1d4462f5661e0d15176375ec297b3c59d0896c3 Mon Sep 17 00:00:00 2001
From: Louis Burda <quent.burda@gmail.com>
Date: Thu, 24 Jun 2021 19:34:08 +0200
Subject: add more havocs to test stl parsing

---
 service/docker-compose.yml |  2 +-
 service/src/main.c         | 38 +++++++++++++++++++-------------------
 service/src/stlfile.c      | 30 +++++++++++++++++++-----------
 3 files changed, 39 insertions(+), 31 deletions(-)

(limited to 'service')

diff --git a/service/docker-compose.yml b/service/docker-compose.yml
index 27ea820..f320612 100644
--- a/service/docker-compose.yml
+++ b/service/docker-compose.yml
@@ -1,7 +1,7 @@
 version: '2.1'
 
 services:
-  printdoc:
+  stldoctor:
     ulimits:
       core:
         hard: 0
diff --git a/service/src/main.c b/service/src/main.c
index 498f33f..7ff0f11 100644
--- a/service/src/main.c
+++ b/service/src/main.c
@@ -108,12 +108,12 @@ handle_download(const char *scandir)
 
 	infopath = aprintf("%s/%s", scandir, "info");
 	if (!(f = fopen(infopath, "r"))) {
-		printf("Selected result is missing!\n");
+		printf("ERR: Selected result is missing!\n");
 		goto cleanup;
 	}
 	free_info(&cached);
 	if (load_info(&cached, f) != OK) {
-		printf("Failed to parse info file!\n");
+		printf("ERR: Failed to parse info file!\n");
 		goto cleanup;
 	}
 	fclose(f);
@@ -124,14 +124,14 @@ handle_download(const char *scandir)
 	if (strchr(ask("Download the model? "), 'y')) {
 		modelpath = aprintf("%s/%s", scandir, "model");
 		if (!(f = fopen(modelpath, "r"))) {
-			printf("Failed to access file!\n");
+			printf("ERR: Failed to access file!\n");
 			goto cleanup;
 		}
 		fseek(f, 0, SEEK_END);
 		size = ftell(f);
 		fseek(f, 0, SEEK_SET);
 		if (size > MAXFILESIZE) {
-			printf("File is too large to send!\n");
+			printf("ERR: File is too large!\n");
 			goto cleanup;
 		}
 		printf("Here you go.. (%liB)\n", size);
@@ -194,28 +194,28 @@ echo_cmd(const char *arg)
 void
 upload_cmd(const char *arg)
 {
-	const char *bufp;
+	const char *resp;
 	char *end, *contents;
 	size_t len;
 
-	bufp = ask("How large is your file? ");
-	len = strtoul(bufp, &end, 10);
+	resp = ask("How large is your file? ");
+	len = strtoul(resp, &end, 10);
 	if (len <= 0 || len >= MAXFILESIZE || *end) {
-		printf("Invalid file length!\n");
+		printf("ERR: Invalid file length!\n");
 		return;
 	}
 
 	printf("Ok! Im listening..\n");
 	contents = checkp(malloc(len + 1));
 	if (fread(contents, 1, len, stdin) != len) {
-		printf("Hm, I'm missing some bytes.. try again!\n");
+		printf("ERR: Not enough data received!\n");
 		goto cleanup;
 	}
 	contents[len] = '\0';
 
 	if ((cached.valid = parse_file(&cached, contents, len))) {
 		if (save_submission(&cached, contents, len) != OK)
-			printf("Failed to save your submission!\n");
+			printf("ERR: Failed to save your submission!\n");
 		else
 			printf("Your file was saved with ID %s!\n", cached.hash);
 	}
@@ -235,7 +235,7 @@ search_cmd(const char *arg)
 
 	if (arg && !strcmp(arg, "last")) {
 		if (!cached.valid) {
-			printf("No cached info report available\n");
+			printf("ERR: No cached info report available\n");
 			return;
 		}
 		hash = cached.hash;
@@ -244,7 +244,7 @@ search_cmd(const char *arg)
 	}
 
 	if (!(d = opendir(resultdir))) {
-		printf("Unable to access upload directory!\n");
+		printf("ERR: Unable to access upload directory!\n");
 		return;
 	}
 
@@ -263,7 +263,7 @@ search_cmd(const char *arg)
 	closedir(d);
 
 	if (pathc == 0) {
-		printf("Sorry, couldnt find a matching scan result!\n");
+		printf("ERR: Couldn't find a matching scan result!\n");
 		goto cleanup;
 	}
 
@@ -272,7 +272,7 @@ search_cmd(const char *arg)
 		if (strchr(resp, 'q')) break;
 		which = strtoul(resp, &end, 10);
 		if (which >= pathc || which < 0 || *end) {
-			printf("Invalid index!\n");
+			printf("ERR: Invalid index!\n");
 			goto cleanup;
 		}
 
@@ -301,7 +301,7 @@ list_cmd(const char *arg)
 	DIR *d;
 
 	if (!loggedin) {
-		printf("Not logged in!\n");
+		printf("ERR: Not logged in!\n");
 		return;
 	}
 
@@ -315,7 +315,7 @@ list_cmd(const char *arg)
 				if (load_info(&info, f) == OK)
 					print_info(&info);
 				else
-					printf("Failed to read saved file info!\n");
+					printf("ERR: Failed to read saved file info!\n");
 				fclose(f);
 			}
 			free(path);
@@ -331,7 +331,7 @@ auth_cmd(const char *arg)
 	int ret;
 
 	if (loggedin) {
-		printf("Already logged in!\n");
+		printf("ERR: Already logged in!\n");
 		return;
 	}
 
@@ -343,7 +343,7 @@ auth_cmd(const char *arg)
 	} else if (ret && errno == EEXIST) {
 		printf("Success!\nWelcome back!\n");
 	} else {
-		printf("Auth failed!\n");
+		printf("ERR: Auth failed!\n");
 		return;
 	}
 
@@ -369,7 +369,7 @@ main()
 	int exit, i, cmdlen;
 
 	if (!(envstr = getenv("RESULTDIR"))) {
-		printf("RESULTDIR not defined\n");
+		printf("ERR: RESULTDIR not defined\n");
 		return 1;
 	}
 
diff --git a/service/src/stlfile.c b/service/src/stlfile.c
index 7b37df4..7c21849 100644
--- a/service/src/stlfile.c
+++ b/service/src/stlfile.c
@@ -203,6 +203,9 @@ parse_file_ascii(struct parseinfo *info, char *buf, size_t len)
 	if (states.count)
 		PARSE_FAIL("Expected keyword, got:\n%.*s...\n", 30, bp);
 
+	bp = skipws(bp);
+	if (*bp) PARSE_FAIL("Extraneous data at end of file\n");
+
 	stack_free(&states);
 	return OK;
 
@@ -215,7 +218,7 @@ int
 parse_file_bin(struct parseinfo *info, char *buf, size_t len)
 {
 	char *bp, *end = buf + len;
-	int i, k, m;
+	int i, k;
 	float v;
 
 	info->type = TYPE_BIN;
@@ -225,11 +228,13 @@ parse_file_bin(struct parseinfo *info, char *buf, size_t len)
 
 	memcpy(info->header, buf, 80);
 
-	if (strlen(buf + 1))
+	if (*buf == '#' && strlen(buf + 1))
 		info->solidname = checkp(strdup(buf + 1));
 
 	bp = buf + 80;
+
 	info->loopcount = le32toh(*(uint32_t*)bp);
+	bp += 4;
 
 	if (!info->loopcount) {
 		memset(info->bbmax, 0, sizeof(float) * 3);
@@ -245,17 +250,20 @@ parse_file_bin(struct parseinfo *info, char *buf, size_t len)
 	for (i = 0; i < info->loopcount; i++) {
 		if (bp + 50 > end)
 			PARSE_FAIL("Truncated data! (loops missing)\n");
-		bp += 12;
-		for (k = 0; k < 3; k++, bp += 12) {
-			for (m = 0; m < 3; m++) {
-				v = fle32toh(*(float*)(bp + 4 * m));
-				info->bbmin[m] = MIN(info->bbmin[m], v);
-				info->bbmax[m] = MAX(info->bbmax[m], v);
+		for (k = 0; k < 12; k++, bp += 4) {
+			v = fle32toh(*(float*)bp);
+			if (v == INFINITY || v == NAN)
+				PARSE_FAIL("Encountered invalid float\n");
+			if (k >= 3) {
+				info->bbmin[k % 3] = MIN(info->bbmin[k % 3], v);
+				info->bbmax[k % 3] = MAX(info->bbmax[k % 3], v);
 			}
 		}
 		bp += 2;
 	}
 
+	if (bp != end) PARSE_FAIL("Extraneous data at end of file\n");
+
 	return OK;
 
 fail:
@@ -271,8 +279,8 @@ parse_file(struct parseinfo *info, char *buf, size_t len)
 
 	if (info->valid) free_info(info);
 
-	if (len < 7) {
-		printf("File too small!\n");
+	if (len < 10) {
+		printf("ERR: File too small!\n");
 		return FAIL;
 	}
 
@@ -289,7 +297,7 @@ parse_file(struct parseinfo *info, char *buf, size_t len)
 	if (!info->modelname) {
 		resp = ask("Please enter your model name: ");
 		if (strlen(resp) < 4) {
-			printf("Model name is too short!\n");
+			printf("ERR: Model name is too short!\n");
 			return FAIL;
 		}
 		info->modelname = checkp(strdup(resp));
-- 
cgit v1.2.3-71-gd317