Push preg_parser and registry_dict changes upstream

components/policy/core/common/preg_parser.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "components/policy/core/common/preg_parser_win.h"
+#include "components/policy/core/common/preg_parser.h"
 
-#include <windows.h>
 #include <stddef.h>
 #include <stdint.h>
 
 #include <algorithm>
 #include <functional>
 #include <iterator>
+#include <memory>
+#include <string>
 #include <utility>
 #include <vector>
 
 #include "base/files/file_path.h"
 #include "base/files/memory_mapped_file.h"
-#include "base/i18n/case_conversion.h"
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/memory/ptr_util.h"
 #include "base/strings/string16.h"
 #include "base/strings/string_split.h"
 #include "base/strings/string_util.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/sys_byteorder.h"
 #include "base/values.h"
 #include "components/policy/core/common/policy_load_status.h"
-#include "components/policy/core/common/registry_dict_win.h"
+#include "components/policy/core/common/registry_dict.h"
 
-namespace policy {
-namespace preg_parser {
+#if defined(OS_WIN)
+#include "windows.h"
+#else
+// Registry data type constants.
+#define REG_NONE 0
+#define REG_SZ 1
+#define REG_EXPAND_SZ 2
+#define REG_BINARY 3
+#define REG_DWORD_LITTLE_ENDIAN 4
+#define REG_DWORD_BIG_ENDIAN 5
+#define REG_LINK 6
+#define REG_MULTI_SZ 7
+#define REG_RESOURCE_LIST 8
+#define REG_FULL_RESOURCE_DESCRIPTOR 9
+#define REG_RESOURCE_REQUIREMENTS_LIST 10
+#define REG_QWORD_LITTLE_ENDIAN 11
+#endif
 
-const char kPRegFileHeader[8] =
-    { 'P', 'R', 'e', 'g', '\x01', '\x00', '\x00', '\x00' };
+using RegistryDict = policy::RegistryDict;
+
+namespace {
 
 // Maximum PReg file size we're willing to accept.
 const int64_t kMaxPRegFileSize = 1024 * 1024 * 16;
 
 // Constants for PReg file delimiters.
 const base::char16 kDelimBracketOpen = L'[';
 const base::char16 kDelimBracketClose = L']';
 const base::char16 kDelimSemicolon = L';';
 
 // Registry path separator.
-const base::char16 kRegistryPathSeparator[] = L"\\";
+const base::string16 kRegistryPathSeparator = base::ASCIIToUTF16("\\");
 
 // Magic strings for the PReg value field to trigger special actions.
 const char kActionTriggerPrefix[] = "**";
 const char kActionTriggerDeleteValues[] = "deletevalues";
 const char kActionTriggerDel[] = "del.";
 const char kActionTriggerDelVals[] = "delvals";
 const char kActionTriggerDeleteKeys[] = "deletekeys";
 const char kActionTriggerSecureKey[] = "securekey";
 const char kActionTriggerSoft[] = "soft";
 
 // Returns the character at |cursor| and increments it, unless the end is here
 // in which case -1 is returned.
 int NextChar(const uint8_t** cursor, const uint8_t* end) {
   // Only read the character if a full base::char16 is available.
-  if (*cursor + sizeof(base::char16) > end)
+  // This comparison makes sure no overflow can happen.
+  if (*cursor >= end ||
+      static_cast<size_t>(end - *cursor) < sizeof(base::char16))
     return -1;
 
   int result = **cursor | (*(*cursor + 1) << 8);
   *cursor += sizeof(base::char16);
   return result;
 }
 
 // Reads a fixed-size field from a PReg file.
 bool ReadFieldBinary(const uint8_t** cursor,
                      const uint8_t* end,
                      uint32_t size,
                      uint8_t* data) {
   if (size == 0)
     return true;
 
+  // Be careful to prevent possible overflows here (don't do *cursor + size).
+  if (*cursor >= end || static_cast<size_t>(end - *cursor) < size)
+    return false;
   const uint8_t* field_end = *cursor + size;
-  if (field_end <= *cursor || field_end > end)
-    return false;
   std::copy(*cursor, field_end, data);
   *cursor = field_end;
   return true;
 }
 
 bool ReadField32(const uint8_t** cursor, const uint8_t* end, uint32_t* data) {
   uint32_t value = 0;
   if (!ReadFieldBinary(cursor, end, sizeof(uint32_t),
                        reinterpret_cast<uint8_t*>(&value))) {
     return false;
@@ skipping 56 matching lines @@
     case REG_FULL_RESOURCE_DESCRIPTOR:
     case REG_RESOURCE_REQUIREMENTS_LIST:
     case REG_QWORD_LITTLE_ENDIAN:
     default:
       LOG(ERROR) << "Unsupported registry data type " << type;
   }
 
   return false;
 }
 
-// Adds the record data passed via parameters to |dict| in case the data is
-// relevant policy for Chromium.
+// Adds |value| and |data| to |dict| or an appropriate sub-dictionary indicated
+// by |key_name|. Creates sub-dictionaries if necessary. Also handles special
+// action triggers, see |kActionTrigger*|, that can, for instance, remove an
+// existing value.
 void HandleRecord(const base::string16& key_name,
                   const base::string16& value,
                   uint32_t type,
                   const std::vector<uint8_t>& data,
                   RegistryDict* dict) {
   // Locate/create the dictionary to place the value in.
   std::vector<base::string16> path;
 
   for (const base::string16& entry :
        base::SplitString(key_name, kRegistryPathSeparator,
@@ skipping 16 matching lines @@
   if (!base::StartsWith(value_name, kActionTriggerPrefix,
                         base::CompareCase::SENSITIVE)) {
     std::unique_ptr<base::Value> value;
     if (DecodePRegValue(type, data, &value))
       dict->SetValue(value_name, std::move(value));
     return;
   }
 
   std::string action_trigger(base::ToLowerASCII(value_name.substr(
       arraysize(kActionTriggerPrefix) - 1)));
-  if (action_trigger == kActionTriggerDeleteValues) {
+ if (action_trigger == kActionTriggerDeleteValues) {

[pastarmovj, 2016/11/09 12:26:06]

please revert.

[ljusten (tachyonic), 2016/11/09 15:09:56]

Done.

     for (const std::string& value :
          base::SplitString(DecodePRegStringValue(data), ";",
                            base::KEEP_WHITESPACE, base::SPLIT_WANT_NONEMPTY))
       dict->RemoveValue(value);
   } else if (base::StartsWith(action_trigger, kActionTriggerDeleteKeys,
                               base::CompareCase::SENSITIVE)) {
     for (const std::string& key :
          base::SplitString(DecodePRegStringValue(data), ";",
                            base::KEEP_WHITESPACE, base::SPLIT_WANT_NONEMPTY))
       dict->RemoveKey(key);
   } else if (base::StartsWith(action_trigger, kActionTriggerDel,
                               base::CompareCase::SENSITIVE)) {
-    dict->RemoveValue(
+   dict->RemoveValue(

[pastarmovj, 2016/11/09 12:26:06]

ditto.

[ljusten (tachyonic), 2016/11/09 15:09:56]

Done.

         value_name.substr(arraysize(kActionTriggerPrefix) - 1 +
                           arraysize(kActionTriggerDel) - 1));
   } else if (base::StartsWith(action_trigger, kActionTriggerDelVals,
                               base::CompareCase::SENSITIVE)) {
     // Delete all values.
     dict->ClearValues();
   } else if (base::StartsWith(action_trigger, kActionTriggerSecureKey,
                               base::CompareCase::SENSITIVE) ||
              base::StartsWith(action_trigger, kActionTriggerSoft,
                               base::CompareCase::SENSITIVE)) {
     // Doesn't affect values.
   } else {
     LOG(ERROR) << "Bad action trigger " << value_name;
   }
 }
 
+}  // namespace
+
+namespace policy {
+namespace preg_parser {
+
+const char kPRegFileHeader[8] =
+    { 'P', 'R', 'e', 'g', '\x01', '\x00', '\x00', '\x00' };
+
 bool ReadFile(const base::FilePath& file_path,
               const base::string16& root,
               RegistryDict* dict,
               PolicyLoadStatusSample* status) {
   base::MemoryMappedFile mapped_file;
   if (!mapped_file.Initialize(file_path) || !mapped_file.IsValid()) {
     PLOG(ERROR) << "Failed to map " << file_path.value();
     status->Add(POLICY_LOAD_STATUS_READ_ERROR);
     return false;
   }
@@ skipping 61 matching lines @@
       data.resize(size);
       if (!ReadFieldBinary(&cursor, end, size, data.data()))
         break;
       current = NextChar(&cursor, end);
     }
 
     if (current != kDelimBracketClose)
       break;
 
     // Process the record if it is within the |root| subtree.
-    if (base::StartsWith(base::i18n::ToLower(key_name),
-                         base::i18n::ToLower(root),
-                         base::CompareCase::SENSITIVE))
+    if (base::StartsWith(key_name, root, base::CompareCase::INSENSITIVE_ASCII))

[pastarmovj, 2016/11/09 12:26:06]

I just wonder if this can be used as a way to trick this code to read something
else if by using unicode chars you can make it look like the ascii names of our
keys?

[ljusten (tachyonic), 2016/11/09 15:09:56]

This is not possible. Here's the proof:

Theorem
-------
Let key_name and root be two String16s and let root be ASCII.
If
  base::StartsWith(key_name, root, base::CompareCase::INSENSITIVE_ASCII)
returns true, then the first N := root.size() characters of key_name are ASCII.

Proof
-----
By the nature of base::StartsWith(), the first N Char16s of key_name and root
compare true using CaseInsensitiveCompareASCII. That means, for each of the
first N Char16s, c1 of key_name and c2 of root,
  (c1 >= 'A' && c1 <= 'Z') ? (c1 + ('a' - 'A')) : c1
is equal to
  (c2 >= 'A' && c2 <= 'Z') ? (c2 + ('a' - 'A')) : c2;
If c1 were not ASCII, it would be outside of ['A', 'Z'] and hence c2 would not
be ASCII - a contradiction, since root is ASCII. Therefore, the first N Char16s
of key_name are ASCII.

q.e.d.

       HandleRecord(key_name.substr(root.size()), value, type, data, dict);
   }
 
   LOG(ERROR) << "Error parsing " << file_path.value() << " at offset "
              << reinterpret_cast<const uint8_t*>(cursor - 1) -
                     mapped_file.data();
   status->Add(POLICY_LOAD_STATUS_PARSE_ERROR);
   return false;
 }
 
 }  // namespace preg_parser
 }  // namespace policy