]> git.ipfire.org Git - thirdparty/freeradius-server.git/commitdiff
add assertions to check for bad dictionaries
authorAlan T. DeKok <aland@freeradius.org>
Wed, 26 Feb 2025 15:09:43 +0000 (10:09 -0500)
committerAlan T. DeKok <aland@freeradius.org>
Wed, 26 Feb 2025 19:40:41 +0000 (14:40 -0500)
src/protocols/der/decode.c

index 1577e70be290d906ec96ef5bfa345990fe44cf7d..146edb3f9990c65763536dd8e2e4a46907bab0ea 100644 (file)
@@ -795,6 +795,8 @@ static ssize_t fr_der_decode_sequence(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_d
                bool restriction_types[FR_DER_TAG_MAX] = { };
 
                if (flags->sequence_of != FR_DER_TAG_CHOICE) {
+                       fr_assert(flags->sequence_of < FR_DER_TAG_MAX);
+
                        restriction_types[flags->sequence_of] = true;
                        child = fr_dict_attr_iterate_children(parent, &child);
                        if (!child) {
@@ -817,6 +819,7 @@ static ssize_t fr_der_decode_sequence(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_d
                        }
 
                        while ((choices = fr_dict_attr_iterate_children(ref, &choices))) {
+                               fr_assert(choices->attr < FR_DER_TAG_MAX);
                                restriction_types[choices->attr] = true;
                        }
                }
@@ -832,7 +835,7 @@ static ssize_t fr_der_decode_sequence(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_d
 
                        FR_DBUFF_OUT_RETURN(&tag_byte, &our_in);
 
-                       current_tag = (tag_byte & DER_TAG_CONTINUATION);
+                       current_tag = (tag_byte & DER_TAG_CONTINUATION); /* always <= FR_DER_TAG_MAX */
 
                        if (unlikely(!restriction_types[current_tag])) {
                                fr_strerror_printf("Attribute %s is a sequence-of which does not allow DER type '%s'", parent->name,