1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
|
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
// See the LICENSE file in the project root for more information.
//
// File: DataBuffer.inl
//
//
// Class code:DataBuffer provides secure access to a block of memory.
//
// ======================================================================================
#pragma once
#include "databuffer.h"
// --------------------------------------------------------------------------------------
//
// Creates empty memory block.
//
inline
DataBuffer::DataBuffer()
{
Clear();
} // DataBuffer::DataBuffer
// --------------------------------------------------------------------------------------
//
// Creates memory block (pbData, of size cbSize).
//
inline
DataBuffer::DataBuffer(
__in_bcount(cbSize) BYTE *pbData,
UINT32 cbSize)
{
m_pbData = pbData;
m_cbSize = cbSize;
} // DataBuffer::DataBuffer
// --------------------------------------------------------------------------------------
//
// Creates memory block copy.
//
inline
DataBuffer::DataBuffer(
const DataBuffer &source)
{
m_pbData = source.m_pbData;
m_cbSize = source.m_cbSize;
} // DataBuffer::DataBuffer
#ifdef _WIN64
#define const_pbBadFood (((BYTE *)NULL) + 0xbaadf00dbaadf00d)
#else //!_WIN64
#define const_pbBadFood (((BYTE *)NULL) + 0xbaadf00d)
#endif //!_WIN64
// --------------------------------------------------------------------------------------
//
// Initializes memory block to empty data. The object could be already initialzied.
//
inline
void
DataBuffer::Clear()
{
m_cbSize = 0;
// For debugging purposes let's put invalid non-NULL pointer here
INDEBUG_MD(m_pbData = const_pbBadFood);
} // DataBuffer::Clear
#undef const_pbBadFood
// --------------------------------------------------------------------------------------
//
// Initializes memory block to data (pbData, of size cbSize). The object should be empty before.
//
inline
void
DataBuffer::Init(
__in_bcount(cbSize) BYTE *pbData,
UINT32 cbSize)
{
_ASSERTE(IsEmpty());
m_pbData = pbData;
m_cbSize = cbSize;
} // DataBuffer::Init
// --------------------------------------------------------------------------------------
//
// Reads data of type T without skipping the read data (returns pointer to the type in *ppTypeData).
// Returns FALSE if there's not enough data (of size T) in the blob, doesn't initialize the pointer
// *ppTypeData then.
// Returns TRUE otherwise, fills *ppTypeData with the "read" type start, but doesn't move the memory
// block (doesn't skip the "read" data).
//
template<class T>
__checkReturn
inline
BOOL
DataBuffer::PeekData(
__deref_out T **ppTypeData)
{
if (m_cbSize < sizeof(T))
{ // There's not enough data in the memory block
return FALSE;
}
// Fill the start of the "read" type
*ppTypeData = reinterpret_cast<T *>(m_pbData);
return TRUE;
} // DataBuffer::PeekData
// --------------------------------------------------------------------------------------
//
// Reads data of type T at offset nOffset without skipping the read data (returns pointer to the type in
// *ppTypeData).
// Returns FALSE if there's not enough data (of size T) at offset nOffset in the buffer, doesn't
// initialize the pointer *ppTypeData then.
// Returns TRUE otherwise, fills *ppTypeData with the type start, but doesn't move the memory block
// (doesn't skip any "read" data).
template<class T>
__checkReturn
inline
BOOL
DataBuffer::PeekDataAt(
UINT32 nOffset,
__deref_out T **ppTypeData)
{
if (m_cbSize < nOffset)
{ // The offset is not in the memory block
return FALSE;
}
if ((m_cbSize - nOffset) < sizeof(T))
{ // The type is not fully in the memory block
return FALSE;
}
// Fill the start of the "read" type
*ppTypeData = reinterpret_cast<T *>(m_pbData + nOffset);
return TRUE;
} // DataBuffer::PeekDataAt
// --------------------------------------------------------------------------------------
//
// Reads data of type T and skips the data (instead of reading the bytes, returns pointer to the type in
// *ppTypeData).
// Returns FALSE if there's not enough data (of size T) in the blob, doesn't initialize the pointer
// *ppTypeData then.
// Returns TRUE otherwise, fills *ppTypeData with the "read" type start and moves the memory block
// behind the "read" type.
//
template<class T>
__checkReturn
inline
BOOL
DataBuffer::GetData(
__deref_out T **ppTypeData)
{
if (m_cbSize < sizeof(T))
{ // There's not enough data in the memory block
return FALSE;
}
// Fill the start of the "read" type
*ppTypeData = reinterpret_cast<T *>(m_pbData);
SkipBytes_InternalInsecure(sizeof(T));
return TRUE;
} // DataBuffer::GetData
// --------------------------------------------------------------------------------------
//
// Reads data of size cbDataSize and skips the data (instead of reading the bytes, returns pointer to
// the bytes in *ppbDataPointer).
// Returns FALSE if there's not enough data in the blob, doesn't initialize the pointer *ppbDataPointer
// then.
// Returns TRUE otherwise, fills *ppbDataPointer with the "read" data start and moves the memory block
// behind the "read" data.
//
__checkReturn
inline
BOOL
DataBuffer::GetDataOfSize(
UINT32 cbDataSize,
__out_bcount(cbDataSize) BYTE **ppbDataPointer)
{
if (m_cbSize < cbDataSize)
{ // There's not enough data in the memory block
return FALSE;
}
// Fill the start of the "read" data
*ppbDataPointer = m_pbData;
SkipBytes_InternalInsecure(cbDataSize);
return TRUE;
} // DataBuffer::GetDataOfSize
// --------------------------------------------------------------------------------------
//
// Truncates the buffer to exact size (cbSize).
// Returns FALSE if there's less than cbSize data represented.
// Returns TRUE otherwise and truncates the represented data size to cbSize.
//
__checkReturn
inline
BOOL
DataBuffer::TruncateToExactSize(UINT32 cbSize)
{
// Check if there's at least cbSize data present
if (m_cbSize < cbSize)
{ // There's less than cbSize data present
// Fail the operation
return FALSE;
}
// Truncate represented data to size cbSize
m_cbSize = cbSize;
return TRUE;
} // DataBuffer::TruncateToExactSize
// --------------------------------------------------------------------------------------
//
// Truncates the buffer by size (cbSize).
// Returns FALSE if there's less than cbSize data represented.
// Returns TRUE otherwise and truncates the represented data size by cbSize.
//
__checkReturn
inline
BOOL
DataBuffer::TruncateBySize(UINT32 cbSize)
{
// Check if there's at least cbSize data present
if (m_cbSize < cbSize)
{ // There's less than cbSize data present
// Fail the operation
return FALSE;
}
// Truncate represented data by size cbSize
m_cbSize -= cbSize;
return TRUE;
} // DataBuffer::TruncateBySize
// --------------------------------------------------------------------------------------
//
// Skips the buffer to size (cbSize).
// Returns FALSE if there's less than cbSize data represented.
// Returns TRUE otherwise and skips data at the beggining, so that the result has size cbSize.
//
__checkReturn
inline
BOOL
DataBuffer::SkipToExactSize(UINT32 cbSize)
{
// Check if there's at least cbSize data present
if (m_cbSize < cbSize)
{ // There's less than cbSize data present
// Fail the operation
return FALSE;
}
SkipBytes_InternalInsecure(m_cbSize - cbSize);
return TRUE;
} // DataBuffer::SkipToExactSize
// --------------------------------------------------------------------------------------
//
// Skips 'cbSize' bytes in the represented memory block. The caller is responsible for making sure that the
// represented memory block contains at least 'cbSize' bytes, otherwise there will be a security issue.
// Should be used only internally, never call it from outside of this class.
//
inline
void
DataBuffer::SkipBytes_InternalInsecure(UINT32 cbSize)
{
// The caller is responsible for this check, just double check here
_ASSERTE(m_cbSize >= cbSize);
// Move the memory block by 'cbSize' bytes
m_pbData += cbSize;
m_cbSize -= cbSize;
} // DataBuffer::SkipBytes_InternalInsecure
|