summaryrefslogtreecommitdiff
path: root/librpc/ndr/ndr_compression.c
diff options
context:
space:
mode:
Diffstat (limited to 'librpc/ndr/ndr_compression.c')
-rw-r--r--librpc/ndr/ndr_compression.c266
1 files changed, 266 insertions, 0 deletions
diff --git a/librpc/ndr/ndr_compression.c b/librpc/ndr/ndr_compression.c
index f6185b2ac86..bdce4317a92 100644
--- a/librpc/ndr/ndr_compression.c
+++ b/librpc/ndr/ndr_compression.c
@@ -47,6 +47,261 @@ static void ndr_zlib_free(voidpf opaque, voidpf address)
talloc_free(address);
}
+static enum ndr_err_code ndr_pull_compression_mszip_cab_chunk(struct ndr_pull *ndrpull,
+ struct ndr_push *ndrpush,
+ struct ndr_compression_state *state,
+ ssize_t decompressed_len,
+ ssize_t compressed_len)
+{
+ DATA_BLOB comp_chunk;
+ uint32_t comp_chunk_offset;
+ uint32_t comp_chunk_size;
+ DATA_BLOB plain_chunk;
+ uint32_t plain_chunk_offset;
+ uint32_t plain_chunk_size;
+ z_stream *z = state->mszip.z;
+ int z_ret;
+
+ plain_chunk_size = decompressed_len;
+
+ if (plain_chunk_size > 0x00008000) {
+ return ndr_pull_error(ndrpull, NDR_ERR_COMPRESSION,
+ "Bad MSZIP CAB plain chunk size %08X > 0x00008000 (PULL)",
+ plain_chunk_size);
+ }
+
+
+ comp_chunk_size = compressed_len;
+
+ DEBUG(9,("MSZIP CAB plain_chunk_size: %08X (%u) comp_chunk_size: %08X (%u)\n",
+ plain_chunk_size, plain_chunk_size, comp_chunk_size, comp_chunk_size));
+
+ comp_chunk_offset = ndrpull->offset;
+ NDR_CHECK(ndr_pull_advance(ndrpull, comp_chunk_size));
+ comp_chunk.length = comp_chunk_size;
+ comp_chunk.data = ndrpull->data + comp_chunk_offset;
+
+ plain_chunk_offset = ndrpush->offset;
+ NDR_CHECK(ndr_push_zero(ndrpush, plain_chunk_size));
+ plain_chunk.length = plain_chunk_size;
+ plain_chunk.data = ndrpush->data + plain_chunk_offset;
+
+ if (comp_chunk.length < 2) {
+ return ndr_pull_error(ndrpull, NDR_ERR_COMPRESSION,
+ "Bad MSZIP CAB comp chunk size %u < 2 (PULL)",
+ (unsigned int)comp_chunk.length);
+ }
+ /* CK = Chris Kirmse, official Microsoft purloiner */
+ if (comp_chunk.data[0] != 'C' ||
+ comp_chunk.data[1] != 'K') {
+ return ndr_pull_error(ndrpull, NDR_ERR_COMPRESSION,
+ "Bad MSZIP CAB invalid prefix [%c%c] != [CK]",
+ comp_chunk.data[0], comp_chunk.data[1]);
+ }
+
+ /*
+ * This is a MSZIP block. It is actually using the deflate
+ * algorithm which can be decompressed by zlib. zlib will try
+ * to decompress as much as it can in each run. If we provide
+ * all the input and enough room for the uncompressed output,
+ * one call is enough. It will loop over all the sub-blocks
+ * that make up a deflate block.
+ *
+ * See corresponding push function for more info.
+ */
+
+ z->next_in = comp_chunk.data + 2;
+ z->avail_in = comp_chunk.length - 2;
+ z->next_out = plain_chunk.data;
+ z->avail_out = plain_chunk.length;
+
+ /*
+ * Each MSZIP CDATA contains a complete deflate stream
+ * i.e. the stream starts and ends in the CFDATA but the
+ * _dictionnary_ is shared between all CFDATA of a CFFOLDER.
+ *
+ * When decompressing, the initial dictionnary of the first
+ * CDATA is empty. All other CFDATA use the previous CFDATA
+ * uncompressed output as dictionnary.
+ */
+
+ if (state->mszip.dict_size) {
+ z_ret = inflateSetDictionary(z, state->mszip.dict, state->mszip.dict_size);
+ if (z_ret != Z_OK) {
+ return ndr_pull_error(ndrpull, NDR_ERR_COMPRESSION,
+ "zlib inflateSetDictionary error %s (%d) %s (PULL)",
+ zError(z_ret), z_ret, z->msg);
+ }
+ }
+
+ z_ret = inflate(z, Z_FINISH);
+ if (z_ret == Z_OK) {
+ /*
+ * Z_OK here means there was no error but the stream
+ * hasn't been fully decompressed because there was
+ * not enough room for the output, which should not
+ * happen
+ */
+ return ndr_pull_error(ndrpull, NDR_ERR_COMPRESSION,
+ "zlib inflate error not enough space for ouput (PULL)");
+ }
+ if (z_ret != Z_STREAM_END) {
+ return ndr_pull_error(ndrpull, NDR_ERR_COMPRESSION,
+ "zlib inflate error %s (%d) %s (PULL)", zError(z_ret), z_ret, z->msg);
+ }
+
+ if (z->total_out < plain_chunk.length) {
+ return ndr_pull_error(ndrpull, NDR_ERR_COMPRESSION,
+ "zlib uncompressed output is smaller than expected (%lu < %zu) (PULL)",
+ z->total_out, plain_chunk.length);
+ }
+
+ /*
+ * Keep a copy of the output to set as dictionnary for the
+ * next decompression call.
+ *
+ * The input pointer seems to be still valid between calls, so
+ * we can just store that instead of copying the memory over
+ * the dict temp buffer.
+ */
+ state->mszip.dict = plain_chunk.data;
+ state->mszip.dict_size = plain_chunk.length;
+
+ z_ret = inflateReset(z);
+ if (z_ret != Z_OK) {
+ return ndr_pull_error(ndrpull, NDR_ERR_COMPRESSION,
+ "zlib inflateReset error %s (%d) %s (PULL)",
+ zError(z_ret), z_ret, z->msg);
+ }
+
+ return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_push_compression_mszip_cab_chunk(struct ndr_push *ndrpush,
+ struct ndr_pull *ndrpull,
+ struct ndr_compression_state *state)
+{
+ DATA_BLOB comp_chunk;
+ uint32_t comp_chunk_size;
+ DATA_BLOB plain_chunk;
+ uint32_t plain_chunk_size;
+ uint32_t plain_chunk_offset;
+ uint32_t max_plain_size = 0x00008000;
+ /*
+ * The maximum compressed size of each MSZIP block is 32k + 12 bytes
+ * header size.
+ */
+ uint32_t max_comp_size = 0x00008000 + 12;
+ int z_ret;
+ z_stream *z;
+
+ if (ndrpull->data_size <= ndrpull->offset) {
+ return ndr_push_error(ndrpush, NDR_ERR_COMPRESSION,
+ "strange NDR pull size and offset (integer overflow?)");
+
+ }
+
+ plain_chunk_size = MIN(max_plain_size, ndrpull->data_size - ndrpull->offset);
+ plain_chunk_offset = ndrpull->offset;
+ NDR_CHECK(ndr_pull_advance(ndrpull, plain_chunk_size));
+
+ plain_chunk.data = ndrpull->data + plain_chunk_offset;
+ plain_chunk.length = plain_chunk_size;
+
+ NDR_CHECK(ndr_push_expand(ndrpush, max_comp_size));
+
+ comp_chunk.data = ndrpush->data + ndrpush->offset;
+ comp_chunk.length = max_comp_size;
+
+ /* CK = Chris Kirmse, official Microsoft purloiner */
+ comp_chunk.data[0] = 'C';
+ comp_chunk.data[1] = 'K';
+
+ z = state->mszip.z;
+ z->next_in = plain_chunk.data;
+ z->avail_in = plain_chunk.length;
+ z->total_in = 0;
+
+ z->next_out = comp_chunk.data + 2;
+ z->avail_out = comp_chunk.length;
+ z->total_out = 0;
+
+ /*
+ * See pull function for explanations of the MSZIP format.
+ *
+ * The CFDATA block contains a full deflate stream. Each stream
+ * uses the uncompressed input of the previous CFDATA in the
+ * same CFFOLDER as a dictionnary for the compression.
+ */
+
+ if (state->mszip.dict_size) {
+ z_ret = deflateSetDictionary(z, state->mszip.dict, state->mszip.dict_size);
+ if (z_ret != Z_OK) {
+ return ndr_pull_error(ndrpull, NDR_ERR_COMPRESSION,
+ "zlib deflateSetDictionary error %s (%d) %s (PUSH)",
+ zError(z_ret), z_ret, z->msg);
+ }
+ }
+
+ /*
+ * Z_FINISH should make deflate process all of the input in
+ * one call. If the stream is not finished there was an error
+ * e.g. not enough room to store the compressed output.
+ */
+ z_ret = deflate(z, Z_FINISH);
+ if (z_ret != Z_STREAM_END) {
+ return ndr_push_error(ndrpush, NDR_ERR_COMPRESSION,
+ "zlib deflate error %s (%d) %s (PUSH)",
+ zError(z_ret), z_ret, z->msg);
+ }
+
+ if (z->avail_in) {
+ return ndr_push_error(ndrpush, NDR_ERR_COMPRESSION,
+ "MSZIP not all avail_in[%u] bytes consumed (PUSH)",
+ z->avail_in);
+ }
+
+ comp_chunk_size = 2 + z->total_out;
+ if (comp_chunk_size < z->total_out) {
+ return ndr_push_error(ndrpush, NDR_ERR_COMPRESSION,
+ "strange NDR push compressed size (integer overflow?)");
+ }
+
+ z_ret = deflateReset(z);
+ if (z_ret != Z_OK) {
+ return ndr_pull_error(ndrpull, NDR_ERR_COMPRESSION,
+ "zlib deflateReset error %s (%d) %s (PUSH)",
+ zError(z_ret), z_ret, z->msg);
+ }
+
+ if (plain_chunk.length > talloc_array_length(state->mszip.dict)) {
+ return ndr_pull_error(ndrpull, NDR_ERR_COMPRESSION,
+ "zlib dict buffer is too big (PUSH)");
+ }
+
+ /*
+ * Keep a copy of the input to set as dictionnary for the next
+ * compression call.
+ *
+ * Ideally we would just store the input pointer and length
+ * without copying but the memory gets invalidated between the
+ * calls, so we just copy to a dedicated buffer we now is
+ * still going to been valid for the lifetime of the
+ * compressions state object.
+ */
+ memcpy(state->mszip.dict, plain_chunk.data, plain_chunk.length);
+ state->mszip.dict_size = plain_chunk.length;
+
+ DEBUG(9,("MSZIP comp plain_chunk_size: %08X (%u) comp_chunk_size: %08X (%u)\n",
+ (unsigned int)plain_chunk.length,
+ (unsigned int)plain_chunk.length,
+ comp_chunk_size, comp_chunk_size));
+
+ ndrpush->offset += comp_chunk_size;
+ return NDR_ERR_SUCCESS;
+}
+
+
static enum ndr_err_code ndr_pull_compression_mszip_chunk(struct ndr_pull *ndrpull,
struct ndr_push *ndrpush,
z_stream *z,
@@ -411,6 +666,12 @@ enum ndr_err_code ndr_pull_compression_start(struct ndr_pull *subndr,
NDR_ERR_HAVE_NO_MEMORY(ndrpush);
switch (compression_alg) {
+ case NDR_COMPRESSION_MSZIP_CAB:
+ NDR_CHECK(ndr_pull_compression_mszip_cab_chunk(subndr, ndrpush,
+ subndr->cstate,
+ decompressed_len,
+ compressed_len));
+ break;
case NDR_COMPRESSION_MSZIP:
ZERO_STRUCT(z);
while (!last) {
@@ -470,6 +731,7 @@ enum ndr_err_code ndr_push_compression_start(struct ndr_push *subndr,
struct ndr_push *uncomndr;
switch (compression_alg) {
+ case NDR_COMPRESSION_MSZIP_CAB:
case NDR_COMPRESSION_MSZIP:
case NDR_COMPRESSION_XPRESS:
break;
@@ -507,6 +769,10 @@ enum ndr_err_code ndr_push_compression_end(struct ndr_push *subndr,
ndrpull->offset = 0;
switch (compression_alg) {
+ case NDR_COMPRESSION_MSZIP_CAB:
+ NDR_CHECK(ndr_push_compression_mszip_cab_chunk(subndr, ndrpull, subndr->cstate));
+ break;
+
case NDR_COMPRESSION_MSZIP:
ZERO_STRUCT(z);
while (!last) {
View Lorry Controller Status