From e565fe9e3b53b76a232a365e233239945eeb94fa Mon Sep 17 00:00:00 2001 From: "Alan T. DeKok" Date: Sun, 16 Feb 2025 15:54:53 -0500 Subject: [PATCH] lower FR_DER_TAG_MAX there's no reason to make it UINT8_MAX, as we only support a small number of tags. Also update the arrays to use array[FR_DER_TAG_MAX] = { ... } instead of array[] = { ..., [TAG_MAX] = false } --- src/protocols/der/base.c | 124 +++++++++++++++++++++---------------- src/protocols/der/decode.c | 8 +-- src/protocols/der/der.h | 2 +- 3 files changed, 73 insertions(+), 61 deletions(-) diff --git a/src/protocols/der/base.c b/src/protocols/der/base.c index bdc67a4fbd..138a46c0d3 100644 --- a/src/protocols/der/base.c +++ b/src/protocols/der/base.c @@ -71,61 +71,75 @@ static size_t tag_name_to_number_len = NUM_ELEMENTS(tag_name_to_number); /* * Create a mapping between FR_TYPE_* and valid FR_DER_TAG_*'s */ -static const bool *fr_type_to_der_tags[] = { - [FR_TYPE_MAX] = NULL, - [FR_TYPE_BOOL] = (bool []){[FR_DER_TAG_BOOLEAN] = true, - [FR_DER_TAG_INTEGER] = true, - [FR_DER_TAG_NULL] = true, - [FR_DER_TAG_MAX] = false}, - [FR_TYPE_UINT8] = (bool []){[FR_DER_TAG_INTEGER] = true, - [FR_DER_TAG_ENUMERATED] = true, - [FR_DER_TAG_MAX] = false}, - [FR_TYPE_UINT16] = (bool []){[FR_DER_TAG_INTEGER] = true, - [FR_DER_TAG_ENUMERATED] = true, - [FR_DER_TAG_MAX] = false}, - [FR_TYPE_UINT32] = (bool []){[FR_DER_TAG_INTEGER] = true, - [FR_DER_TAG_ENUMERATED] = true, - [FR_DER_TAG_MAX] = false}, - [FR_TYPE_UINT64] = (bool []){[FR_DER_TAG_INTEGER] = true, - [FR_DER_TAG_ENUMERATED] = true, - [FR_DER_TAG_MAX] = false}, - [FR_TYPE_INT8] = (bool []){[FR_DER_TAG_INTEGER] = true, - [FR_DER_TAG_ENUMERATED] = true, - [FR_DER_TAG_MAX] = false}, - [FR_TYPE_INT16] = (bool []){[FR_DER_TAG_INTEGER] = true, - [FR_DER_TAG_ENUMERATED] = true, - [FR_DER_TAG_MAX] = false}, - [FR_TYPE_INT32] = (bool []){[FR_DER_TAG_INTEGER] = true, - [FR_DER_TAG_ENUMERATED] = true, - [FR_DER_TAG_MAX] = false}, - [FR_TYPE_INT64] = (bool []){[FR_DER_TAG_INTEGER] = true, - [FR_DER_TAG_ENUMERATED] = true, - [FR_DER_TAG_MAX] = false}, - [FR_TYPE_OCTETS] = (bool []){[FR_DER_TAG_BITSTRING] = true, - [FR_DER_TAG_OCTETSTRING] = true, - [FR_DER_TAG_MAX] = false}, - [FR_TYPE_STRING] = (bool []){[FR_DER_TAG_OID] = true, - [FR_DER_TAG_UTF8_STRING] = true, - [FR_DER_TAG_PRINTABLE_STRING] = true, - [FR_DER_TAG_T61_STRING] = true, - [FR_DER_TAG_IA5_STRING] = true, - [FR_DER_TAG_VISIBLE_STRING] = true, - [FR_DER_TAG_GENERAL_STRING] = true, - [FR_DER_TAG_UNIVERSAL_STRING] = true, - [FR_DER_TAG_MAX] = false}, - [FR_TYPE_DATE] = (bool []){[FR_DER_TAG_UTC_TIME] = true, - [FR_DER_TAG_GENERALIZED_TIME] = true, - [FR_DER_TAG_MAX] = false}, - [FR_TYPE_TLV] = (bool []){[FR_DER_TAG_SEQUENCE] = true, - [FR_DER_TAG_SET] = true, - [FR_DER_TAG_MAX] = false}, - [FR_TYPE_STRUCT] = (bool []){[FR_DER_TAG_BITSTRING] = true, - [FR_DER_TAG_SEQUENCE] = true, - [FR_DER_TAG_SET] = true, - [FR_DER_TAG_MAX] = false}, - [FR_TYPE_GROUP] = (bool []){[FR_DER_TAG_SEQUENCE] = true, - [FR_DER_TAG_SET] = true, - [FR_DER_TAG_MAX] = false} +static const bool *fr_type_to_der_tags[FR_DER_TAG_MAX] = { + [FR_TYPE_BOOL] = (bool [FR_DER_TAG_MAX]) { + [FR_DER_TAG_BOOLEAN] = true, + [FR_DER_TAG_INTEGER] = true, + [FR_DER_TAG_NULL] = true, + }, + [FR_TYPE_UINT8] = (bool [FR_DER_TAG_MAX]) { + [FR_DER_TAG_INTEGER] = true, + [FR_DER_TAG_ENUMERATED] = true, + }, + [FR_TYPE_UINT16] = (bool [FR_DER_TAG_MAX]) { + [FR_DER_TAG_INTEGER] = true, + [FR_DER_TAG_ENUMERATED] = true, + }, + [FR_TYPE_UINT32] = (bool [FR_DER_TAG_MAX]) { + [FR_DER_TAG_INTEGER] = true, + [FR_DER_TAG_ENUMERATED] = true, + }, + [FR_TYPE_UINT64] = (bool [FR_DER_TAG_MAX]) { + [FR_DER_TAG_INTEGER] = true, + [FR_DER_TAG_ENUMERATED] = true, + }, + [FR_TYPE_INT8] = (bool [FR_DER_TAG_MAX]) { + [FR_DER_TAG_INTEGER] = true, + [FR_DER_TAG_ENUMERATED] = true, + }, + [FR_TYPE_INT16] = (bool [FR_DER_TAG_MAX]) { + [FR_DER_TAG_INTEGER] = true, + [FR_DER_TAG_ENUMERATED] = true, + }, + [FR_TYPE_INT32] = (bool [FR_DER_TAG_MAX]) { + [FR_DER_TAG_INTEGER] = true, + [FR_DER_TAG_ENUMERATED] = true, + }, + [FR_TYPE_INT64] = (bool [FR_DER_TAG_MAX]) { + [FR_DER_TAG_INTEGER] = true, + [FR_DER_TAG_ENUMERATED] = true, + }, + [FR_TYPE_OCTETS] = (bool [FR_DER_TAG_MAX]) { + [FR_DER_TAG_BITSTRING] = true, + [FR_DER_TAG_OCTETSTRING] = true, + }, + [FR_TYPE_STRING] = (bool [FR_DER_TAG_MAX]) { + [FR_DER_TAG_OID] = true, + [FR_DER_TAG_UTF8_STRING] = true, + [FR_DER_TAG_PRINTABLE_STRING] = true, + [FR_DER_TAG_T61_STRING] = true, + [FR_DER_TAG_IA5_STRING] = true, + [FR_DER_TAG_VISIBLE_STRING] = true, + [FR_DER_TAG_GENERAL_STRING] = true, + [FR_DER_TAG_UNIVERSAL_STRING] = true, + }, + [FR_TYPE_DATE] = (bool [FR_DER_TAG_MAX]) { + [FR_DER_TAG_UTC_TIME] = true, + [FR_DER_TAG_GENERALIZED_TIME] = true, + }, + [FR_TYPE_TLV] = (bool [FR_DER_TAG_MAX]) { + [FR_DER_TAG_SEQUENCE] = true, + [FR_DER_TAG_SET] = true, + }, + [FR_TYPE_STRUCT] = (bool [FR_DER_TAG_MAX]) { + [FR_DER_TAG_BITSTRING] = true, + [FR_DER_TAG_SEQUENCE] = true, + [FR_DER_TAG_SET] = true, + }, + [FR_TYPE_GROUP] = (bool [FR_DER_TAG_MAX]) { + [FR_DER_TAG_SEQUENCE] = true, + [FR_DER_TAG_SET] = true, + }, }; /* diff --git a/src/protocols/der/decode.c b/src/protocols/der/decode.c index 20211b2c8e..bd2e2996d0 100644 --- a/src/protocols/der/decode.c +++ b/src/protocols/der/decode.c @@ -137,7 +137,7 @@ static ssize_t fr_der_decode_universal_string(TALLOC_CTX *ctx, fr_pair_list_t *o */ #define fr_der_decode_enumerated fr_der_decode_integer -static fr_der_tag_decode_t tag_funcs[] = { +static fr_der_tag_decode_t tag_funcs[FR_DER_TAG_MAX] = { [FR_DER_TAG_BOOLEAN] = { .constructed = FR_DER_TAG_PRIMITIVE, .decode = fr_der_decode_boolean }, [FR_DER_TAG_INTEGER] = { .constructed = FR_DER_TAG_PRIMITIVE, .decode = fr_der_decode_integer }, [FR_DER_TAG_BITSTRING] = { .constructed = FR_DER_TAG_PRIMITIVE, .decode = fr_der_decode_bitstring }, @@ -158,8 +158,6 @@ static fr_der_tag_decode_t tag_funcs[] = { [FR_DER_TAG_GENERAL_STRING] = { .constructed = FR_DER_TAG_PRIMITIVE, .decode = fr_der_decode_general_string }, [FR_DER_TAG_UNIVERSAL_STRING] = { .constructed = FR_DER_TAG_PRIMITIVE, .decode = fr_der_decode_universal_string }, - - [UINT8_MAX] = { .constructed = FR_DER_TAG_PRIMITIVE, .decode = NULL }, }; static ssize_t fr_der_decode_string(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, fr_dbuff_t *in, @@ -1573,7 +1571,7 @@ static ssize_t fr_der_decode_hdr(fr_dict_attr_t const *parent, fr_dbuff_t *in, u * * Note: Multi-byte tags would mean having a tag number that is greater than 30 (0x1E) (since tag * 31 would indicate a multi-byte tag). For most use-cases, this should not be needed, since all - * of the basic ASN.1 types are tagged under 30, and if a CHOICE type were to have over 30 options + * of the basic ASN.1 types have values under 30, and if a CHOICE type were to have over 30 options * (meaning a multi-byte tag would be needed), that would be a very complex CHOICE type that * should probably be simplified. */ @@ -1608,7 +1606,7 @@ static ssize_t fr_der_decode_hdr(fr_dict_attr_t const *parent, fr_dbuff_t *in, u *tag = fr_der_flag_der_type(parent); } - if ((*tag > NUM_ELEMENTS(tag_funcs)) || (*tag == FR_DER_TAG_INVALID)) { + if ((*tag >= NUM_ELEMENTS(tag_funcs)) || (*tag == FR_DER_TAG_INVALID)) { fr_strerror_printf("Unknown tag %" PRIu64, *tag); return -1; } diff --git a/src/protocols/der/der.h b/src/protocols/der/der.h index 2d43850db1..e7a87ed181 100644 --- a/src/protocols/der/der.h +++ b/src/protocols/der/der.h @@ -30,7 +30,7 @@ typedef enum { FR_DER_TAG_CHOICE = 0x23, //!< A choice of types. Techically not a DER tag, but used to represent a choice. - FR_DER_TAG_MAX = UINT8_MAX + FR_DER_TAG_MAX = 0x24 } fr_der_tag_t; typedef enum { -- 2.47.3