From: pcarana Date: Wed, 29 May 2019 20:11:05 +0000 (-0500) Subject: Log decoding errors only when requested X-Git-Tag: v0.0.2~15 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b69eef5497e4270b697aaad68b75e6d6bc956505;p=thirdparty%2FFORT-validator.git Log decoding errors only when requested --- diff --git a/src/asn1/content_info.c b/src/asn1/content_info.c index 8489b869..31e659b3 100644 --- a/src/asn1/content_info.c +++ b/src/asn1/content_info.c @@ -33,7 +33,8 @@ decode(struct file_contents *fc, struct ContentInfo **result) struct ContentInfo *cinfo; int error; - error = asn1_decode_fc(fc, &asn_DEF_ContentInfo, (void **) &cinfo); + error = asn1_decode_fc(fc, &asn_DEF_ContentInfo, (void **) &cinfo, + true); if (error) return error; diff --git a/src/asn1/decode.c b/src/asn1/decode.c index e7adb5eb..a3ed7172 100644 --- a/src/asn1/decode.c +++ b/src/asn1/decode.c @@ -5,7 +5,7 @@ #include "log.h" static int -validate(asn_TYPE_descriptor_t const *descriptor, void *result) +validate(asn_TYPE_descriptor_t const *descriptor, void *result, bool log) { char error_msg[256]; size_t error_msg_size; @@ -16,14 +16,16 @@ validate(asn_TYPE_descriptor_t const *descriptor, void *result) error = asn_check_constraints(descriptor, result, error_msg, &error_msg_size); if (error == -1) - return pr_err("Error validating ASN.1 object: %s", error_msg); + return log ? + pr_err("Error validating ASN.1 object: %s", error_msg) : + -EINVAL; return 0; } int asn1_decode(const void *buffer, size_t buffer_size, - asn_TYPE_descriptor_t const *descriptor, void **result) + asn_TYPE_descriptor_t const *descriptor, void **result, bool log) { asn_dec_rval_t rval; int error; @@ -36,11 +38,13 @@ asn1_decode(const void *buffer, size_t buffer_size, /* Must free partial object according to API contracts. */ ASN_STRUCT_FREE(*descriptor, *result); /* We expect the data to be complete; RC_WMORE is an error. */ - return pr_err("Error '%u' decoding ASN.1 object around byte %zu", - rval.code, rval.consumed); + return log ? + pr_err("Error '%u' decoding ASN.1 object around byte %zu", + rval.code, rval.consumed) : + -EINVAL; } - error = validate(descriptor, *result); + error = validate(descriptor, *result, log); if (error) { ASN_STRUCT_FREE(*descriptor, *result); return error; @@ -51,16 +55,16 @@ asn1_decode(const void *buffer, size_t buffer_size, int asn1_decode_any(ANY_t *any, asn_TYPE_descriptor_t const *descriptor, - void **result) + void **result, bool log) { - return asn1_decode(any->buf, any->size, descriptor, result); + return asn1_decode(any->buf, any->size, descriptor, result, log); } int asn1_decode_octet_string(OCTET_STRING_t *string, - asn_TYPE_descriptor_t const *descriptor, void **result) + asn_TYPE_descriptor_t const *descriptor, void **result, bool log) { - return asn1_decode(string->buf, string->size, descriptor, result); + return asn1_decode(string->buf, string->size, descriptor, result, log); } /* @@ -70,7 +74,8 @@ asn1_decode_octet_string(OCTET_STRING_t *string, */ int asn1_decode_fc(struct file_contents *fc, - asn_TYPE_descriptor_t const *descriptor, void **result) + asn_TYPE_descriptor_t const *descriptor, void **result, bool log) { - return asn1_decode(fc->buffer, fc->buffer_size, descriptor, result); + return asn1_decode(fc->buffer, fc->buffer_size, descriptor, result, + log); } diff --git a/src/asn1/decode.h b/src/asn1/decode.h index e20f878d..fd1754ce 100644 --- a/src/asn1/decode.h +++ b/src/asn1/decode.h @@ -3,13 +3,15 @@ #include #include +#include #include "file.h" -int asn1_decode(const void *, size_t, asn_TYPE_descriptor_t const *, void **); -int asn1_decode_any(ANY_t *, asn_TYPE_descriptor_t const *, void **); +int asn1_decode(const void *, size_t, asn_TYPE_descriptor_t const *, void **, + bool); +int asn1_decode_any(ANY_t *, asn_TYPE_descriptor_t const *, void **, bool); int asn1_decode_octet_string(OCTET_STRING_t *, asn_TYPE_descriptor_t const *, - void **); + void **, bool); int asn1_decode_fc(struct file_contents *, asn_TYPE_descriptor_t const *, - void **); + void **, bool); #endif /* SRC_ASN1_DECODE_H_ */ diff --git a/src/asn1/signed_data.c b/src/asn1/signed_data.c index aa549da4..b346814c 100644 --- a/src/asn1/signed_data.c +++ b/src/asn1/signed_data.c @@ -128,7 +128,7 @@ validate_content_type_attribute(CMSAttributeValue_t *value, int error; error = asn1_decode_any(value, &asn_DEF_OBJECT_IDENTIFIER, - (void **) &attrValues); + (void **) &attrValues, true); if (error) return error; eContentType = &eci->eContentType; @@ -151,7 +151,7 @@ validate_message_digest_attribute(CMSAttributeValue_t *value, return pr_err("There's no content being signed."); error = asn1_decode_any(value, &asn_DEF_MessageDigest, - (void **) &digest); + (void **) &digest, true); if (error) return error; @@ -404,7 +404,7 @@ signed_data_decode_pkcs7(ANY_t *coded, struct SignedData **result) int error; error = asn1_decode_any(coded, &asn_DEF_SignedDataPKCS7, - (void **) &sdata_pkcs7); + (void **) &sdata_pkcs7, true); if (error) return error; @@ -417,7 +417,7 @@ signed_data_decode_pkcs7(ANY_t *coded, struct SignedData **result) /* Parse content as OCTET STRING */ error = asn1_decode_any(sdata_pkcs7->encapContentInfo.eContent, &asn_DEF_ContentTypePKCS7, - (void **) &sdata->encapContentInfo.eContent); + (void **) &sdata->encapContentInfo.eContent, true); if (error) goto release_sdata; @@ -453,7 +453,8 @@ signed_data_decode(ANY_t *coded, struct signed_object_args *args, /* rfc6488#section-3.1.l */ /* TODO (next iteration) this is BER, not guaranteed to be DER. */ - error = asn1_decode_any(coded, &asn_DEF_SignedData, (void **) &sdata); + error = asn1_decode_any(coded, &asn_DEF_SignedData, (void **) &sdata, + false); if (error) { /* Try to decode as PKCS content (RFC 5652 section 5.2.1) */ error = signed_data_decode_pkcs7(coded, &sdata); @@ -515,7 +516,7 @@ get_content_type_attr(struct SignedData *sdata, OBJECT_IDENTIFIER_t **result) return -EINVAL; return asn1_decode_any(attr->attrValues.list.array[0], &asn_DEF_OBJECT_IDENTIFIER, - (void **) result); + (void **) result, true); } } diff --git a/src/object/certificate.c b/src/object/certificate.c index 7f6b53c2..91b86ffb 100644 --- a/src/object/certificate.c +++ b/src/object/certificate.c @@ -694,7 +694,7 @@ handle_ip_extension(X509_EXTENSION *ext, struct resources *resources) string = X509_EXTENSION_get_data(ext); error = asn1_decode(string->data, string->length, &asn_DEF_IPAddrBlocks, - (void **) &blocks); + (void **) &blocks, true); if (error) return error; @@ -741,7 +741,7 @@ handle_asn_extension(X509_EXTENSION *ext, struct resources *resources) string = X509_EXTENSION_get_data(ext); error = asn1_decode(string->data, string->length, - &asn_DEF_ASIdentifiers, (void **) &ids); + &asn_DEF_ASIdentifiers, (void **) &ids, true); if (error) return error; diff --git a/src/object/manifest.c b/src/object/manifest.c index 7d2d7753..39f80858 100644 --- a/src/object/manifest.c +++ b/src/object/manifest.c @@ -23,7 +23,7 @@ struct manifest { static int manifest_decode(OCTET_STRING_t *string, void *arg) { - return asn1_decode_octet_string(string, &asn_DEF_Manifest, arg); + return asn1_decode_octet_string(string, &asn_DEF_Manifest, arg, true); } static int diff --git a/src/object/roa.c b/src/object/roa.c index 8e04fad7..42e7de6f 100644 --- a/src/object/roa.c +++ b/src/object/roa.c @@ -16,7 +16,7 @@ static int roa_decode(OCTET_STRING_t *string, void *arg) { return asn1_decode_octet_string(string, &asn_DEF_RouteOriginAttestation, - arg); + arg, true); } static int